Include rules section

2026-04-30 08:47:20 +07:00 · 2026-04-30 08:47:20 +07:00 · 4b35851326
commit 4b35851326
parent 96854b566a
1 changed files with 13 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -67,6 +67,19 @@ make plugin
   `InsecureSkipVerify: true`, cert posture is the TLS checker's job).
 6. SIP `OPTIONS` request with status, headers and `Allow` parsed.

+## Rules
+
+| Code                         | Description                                                                                       | Severity            |
+|------------------------------|---------------------------------------------------------------------------------------------------|---------------------|
+| `sip.srv_present`            | Verifies that `_sip._udp` / `_sip._tcp` / `_sips._tcp` SRV records are published and resolvable.  | CRITICAL            |
+| `sip.transport_diversity`    | Verifies that modern SIP transports (TCP, and ideally TLS) are published alongside legacy UDP.    | WARNING             |
+| `sip.srv_targets_resolvable` | Verifies that every SRV target resolves to at least one A or AAAA address.                       | CRITICAL            |
+| `sip.endpoint_reachable`     | Verifies that every discovered SIP endpoint accepts a connection on its transport.                | CRITICAL            |
+| `sip.options_response`       | Verifies that every reachable SIP endpoint answers OPTIONS with a 2xx response.                   | CRITICAL            |
+| `sip.options_capabilities`   | Reviews the Allow header advertised in OPTIONS replies (INVITE support, Allow presence).          | WARNING             |
+| `sip.ipv6_coverage`          | Verifies at least one SIP endpoint is reachable over IPv6.                                        | INFO                |
+| `sip.tls_quality`            | Folds the downstream TLS checker findings (chain, hostname match, expiry) onto the SIP service.   | CRITICAL            |
+
 ## License

 Licensed under the **MIT License** (see `LICENSE`).