diff --git a/.drone-manifest.yml b/.drone-manifest.yml
deleted file mode 100644
index 28e620c..0000000
--- a/.drone-manifest.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-image: happydomain/checker-zonemaster:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
-{{#if build.tags}}
-tags:
-{{#each build.tags}}
-  - {{this}}
-{{/each}}
-{{/if}}
-manifests:
-  - image: happydomain/checker-zonemaster:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
-    platform:
-      architecture: amd64
-      os: linux
-  - image: happydomain/checker-zonemaster:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
-    platform:
-      architecture: arm64
-      os: linux
-      variant: v8
-  - image: happydomain/checker-zonemaster:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
-    platform:
-      architecture: arm
-      os: linux
-      variant: v7
diff --git a/.drone.yml b/.drone.yml
deleted file mode 100644
index 4077035..0000000
--- a/.drone.yml
+++ /dev/null
@@ -1,187 +0,0 @@
----
-kind: pipeline
-type: docker
-name: build-amd64
-
-platform:
-  os: linux
-  arch: amd64
-
-steps:
-  - name: checker build
-    image: golang:1-alpine
-    commands:
-      - apk add --no-cache git make
-      - make
-    environment:
-      CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}"
-      CGO_ENABLED: 0
-    when:
-      event:
-        exclude:
-          - tag
-
-  - name: checker build tag
-    image: golang:1-alpine
-    commands:
-      - apk add --no-cache git make
-      - make
-    environment:
-      CHECKER_VERSION: "${DRONE_SEMVER}"
-      CGO_ENABLED: 0
-    when:
-      event:
-        - tag
-
-  - name: publish on Docker Hub
-    image: plugins/docker
-    settings:
-      repo: happydomain/checker-zonemaster
-      auto_tag: true
-      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
-      dockerfile: Dockerfile
-      build_args:
-        - CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT}
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-    when:
-      event:
-        exclude:
-          - tag
-
-  - name: publish on Docker Hub (tag)
-    image: plugins/docker
-    settings:
-      repo: happydomain/checker-zonemaster
-      auto_tag: true
-      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
-      dockerfile: Dockerfile
-      build_args:
-        - CHECKER_VERSION=${DRONE_SEMVER}
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-    when:
-      event:
-        - tag
-
-trigger:
-  branch:
-    exclude:
-      - renovate/*
-  event:
-    - cron
-    - push
-    - tag
-
----
-kind: pipeline
-type: docker
-name: build-arm64
-
-platform:
-  os: linux
-  arch: arm64
-
-steps:
-  - name: checker build
-    image: golang:1-alpine
-    commands:
-      - apk add --no-cache git make
-      - make
-    environment:
-      CHECKER_VERSION: "${DRONE_BRANCH}-${DRONE_COMMIT}"
-      CGO_ENABLED: 0
-    when:
-      event:
-        exclude:
-          - tag
-
-  - name: checker build tag
-    image: golang:1-alpine
-    commands:
-      - apk add --no-cache git make
-      - make
-    environment:
-      CHECKER_VERSION: "${DRONE_SEMVER}"
-      CGO_ENABLED: 0
-    when:
-      event:
-        - tag
-
-  - name: publish on Docker Hub
-    image: plugins/docker
-    settings:
-      repo: happydomain/checker-zonemaster
-      auto_tag: true
-      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
-      dockerfile: Dockerfile
-      build_args:
-        - CHECKER_VERSION=${DRONE_BRANCH}-${DRONE_COMMIT}
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-    when:
-      event:
-        exclude:
-          - tag
-
-  - name: publish on Docker Hub (tag)
-    image: plugins/docker
-    settings:
-      repo: happydomain/checker-zonemaster
-      auto_tag: true
-      auto_tag_suffix: ${DRONE_STAGE_OS}-${DRONE_STAGE_ARCH}
-      dockerfile: Dockerfile
-      build_args:
-        - CHECKER_VERSION=${DRONE_SEMVER}
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-    when:
-      event:
-        - tag
-
-trigger:
-  event:
-    - cron
-    - push
-    - tag
-
----
-kind: pipeline
-name: docker-manifest
-
-platform:
-  os: linux
-  arch: arm64
-
-steps:
-  - name: publish on Docker Hub
-    image: plugins/manifest
-    settings:
-      auto_tag: true
-      ignore_missing: true
-      spec: .drone-manifest.yml
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-
-trigger:
-  branch:
-    exclude:
-      - renovate/*
-  event:
-    - cron
-    - push
-    - tag
-
-depends_on:
-  - build-amd64
-  - build-arm64
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index cd37116..0000000
--- a/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-checker-zonemaster
-checker-zonemaster.so
diff --git a/Dockerfile b/Dockerfile
index dc5ffda..ddefd02 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,8 +10,5 @@ RUN CGO_ENABLED=0 go build -ldflags "-X main.Version=${CHECKER_VERSION}" -o /che
 
 FROM scratch
 COPY --from=builder /checker-zonemaster /checker-zonemaster
-USER 65534:65534
 EXPOSE 8080
-HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD ["/checker-zonemaster", "-healthcheck"]
 ENTRYPOINT ["/checker-zonemaster"]
diff --git a/Makefile b/Makefile
index ae3f98c..002307b 100644
--- a/Makefile
+++ b/Makefile
@@ -6,12 +6,12 @@ CHECKER_SOURCES := main.go $(wildcard checker/*.go)
 
 GO_LDFLAGS := -X main.Version=$(CHECKER_VERSION)
 
-.PHONY: all plugin docker test clean
+.PHONY: all plugin docker clean
 
 all: $(CHECKER_NAME)
 
 $(CHECKER_NAME): $(CHECKER_SOURCES)
-	go build -tags standalone -ldflags "$(GO_LDFLAGS)" -o $@ .
+	go build -ldflags "$(GO_LDFLAGS)" -o $@ .
 
 plugin: $(CHECKER_NAME).so
 
@@ -21,8 +21,5 @@ $(CHECKER_NAME).so: $(CHECKER_SOURCES) $(wildcard plugin/*.go)
 docker:
 	docker build --build-arg CHECKER_VERSION=$(CHECKER_VERSION) -t $(CHECKER_IMAGE) .
 
-test:
-	go test -tags standalone ./...
-
 clean:
 	rm -f $(CHECKER_NAME) $(CHECKER_NAME).so
diff --git a/README.md b/README.md
index 93353f5..9fc530c 100644
--- a/README.md
+++ b/README.md
@@ -55,20 +55,6 @@ the running checker-zonemaster server (e.g.,
 `http://checker-zonemaster:8080`). happyDomain will delegate observation
 collection to this endpoint.
 
-### Deployment
-
-The `/collect` endpoint has no built-in authentication and will issue
-JSON-RPC calls to whatever Zonemaster API URL is configured via the
-`zonemasterAPIURL` admin option (defaulting to the official public API
-at `https://zonemaster.net/api`). Operators should point this option
-only at trusted Zonemaster instances; pointing it at an untrusted host
-turns the checker into an SSRF vector, since responses are parsed and
-surfaced back to the caller. The checker itself is meant to run on a
-trusted network, reachable only by the happyDomain instance that drives
-it. Restrict access via a reverse proxy with authentication, a network
-ACL, or by binding the listener to a private interface; do not expose
-it directly to the public internet.
-
 ## Options
 
 | Scope     | Id                 | Description                                          |
@@ -78,21 +64,29 @@ it directly to the public internet.
 | User      | `language`         | Result language (`en`, `fr`, `de`, …)                |
 | Admin     | `zonemasterAPIURL` | Zonemaster JSON-RPC endpoint (default: official API) |
 
-## Rules
+## Protocol
 
-Each rule wraps one Zonemaster test module and emits a `<rule>.summary`
-state plus one `<rule>.<level>` state per WARNING-or-worse Zonemaster
-message, so downstream consumers can match on stable codes.
+### POST /collect
 
-| Code                      | Description                                                                       | Severity |
-|---------------------------|-----------------------------------------------------------------------------------|----------|
-| `zonemaster.dnssec`       | DNSSEC tests (signatures, NSEC/NSEC3, DS/DNSKEY coherence).                       | CRITICAL |
-| `zonemaster.delegation`   | Delegation tests (parent/child NS agreement, glue, referrals).                    | CRITICAL |
-| `zonemaster.consistency`  | Consistency tests (SOA serial, NS set, zone content across servers).              | CRITICAL |
-| `zonemaster.connectivity` | Connectivity tests (UDP/TCP reachability of authoritative servers, AS diversity). | CRITICAL |
-| `zonemaster.nameserver`   | Nameserver tests (server behaviour, EDNS, unknown RR handling).                   | CRITICAL |
-| `zonemaster.syntax`       | Syntax tests (domain name syntax, hostname legality).                             | CRITICAL |
+Request:
+```json
+{
+  "key": "zonemaster",
+  "options": {
+    "domainName": "example.com",
+    "zonemasterAPIURL": "https://zonemaster.net/api",
+    "language": "en",
+    "profile": "default"
+  }
+}
+```
+
+The collect call is long-running: it starts a Zonemaster test, polls until
+completion, and returns the full result tree as the observation payload.
 
 ## License
 
-MIT (see `LICENSE`). Third-party attributions in `NOTICE`.
+This project is licensed under the **MIT License** (see `LICENSE`). The
+third-party Apache-2.0 attributions for `checker-sdk-go` are recorded in
+`NOTICE` and must accompany any binary or source redistribution of this
+project.
diff --git a/checker/collect.go b/checker/collect.go
index 7ee02f1..1ec6009 100644
--- a/checker/collect.go
+++ b/checker/collect.go
@@ -6,7 +6,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"net"
 	"net/http"
 	"strings"
 	"time"
@@ -14,37 +13,6 @@ import (
 	sdk "git.happydns.org/checker-sdk-go/checker"
 )
 
-// maxResponseBytes caps the body size we'll read from the Zonemaster API.
-// Real result payloads are tens to a few hundred KB; 8 MiB is generous head-
-// room and still bounded so a misbehaving or hostile endpoint can't exhaust
-// memory.
-const maxResponseBytes = 8 << 20
-
-// maxCollectDuration caps the total time spent collecting (start + poll +
-// fetch). The caller's context still wins if it has a tighter deadline.
-const maxCollectDuration = 15 * time.Minute
-
-// pollInterval is how often we ask the Zonemaster API for test progress.
-const pollInterval = 2 * time.Second
-
-// zmHTTPClient is the HTTP client used for all Zonemaster API calls. It has
-// per-phase timeouts so a stalling endpoint can never hang us indefinitely
-// even if the caller passes a context without a deadline.
-var zmHTTPClient = &http.Client{
-	Timeout: 60 * time.Second,
-	Transport: &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   10 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).DialContext,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ResponseHeaderTimeout: 30 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
-		IdleConnTimeout:       90 * time.Second,
-	},
-}
-
 func (p *zonemasterProvider) Collect(ctx context.Context, opts sdk.CheckerOptions) (any, error) {
 	domainName, ok := opts["domainName"].(string)
 	if !ok || domainName == "" {
@@ -68,11 +36,6 @@ func (p *zonemasterProvider) Collect(ctx context.Context, opts sdk.CheckerOption
 		profile = prof
 	}
 
-	// Cap the total collection time even when the caller's context has no
-	// deadline. The caller's deadline still wins if it's tighter.
-	ctx, cancel := context.WithTimeout(ctx, maxCollectDuration)
-	defer cancel()
-
 	// Step 1: start the test.
 	startResult, err := zmCallJSONRPC(ctx, apiURL, "start_domain_test", zmStartTestParams{
 		Domain:  domainName,
@@ -93,10 +56,9 @@ func (p *zonemasterProvider) Collect(ctx context.Context, opts sdk.CheckerOption
 	}
 
 	// Step 2: poll for completion.
-	ticker := time.NewTicker(pollInterval)
+	ticker := time.NewTicker(2 * time.Second)
 	defer ticker.Stop()
 
-poll:
 	for {
 		select {
 		case <-ctx.Done():
@@ -113,11 +75,12 @@ poll:
 			}
 
 			if progress >= 100 {
-				break poll
+				goto testComplete
 			}
 		}
 	}
 
+testComplete:
 	// Step 3: fetch results.
 	rawResults, err := zmCallJSONRPC(ctx, apiURL, "get_test_results", zmGetResultsParams{
 		ID:       testID,
@@ -154,37 +117,19 @@ func zmCallJSONRPC(ctx context.Context, apiURL, method string, params any) (json
 	}
 	req.Header.Set("Content-Type", "application/json")
 
-	resp, err := zmHTTPClient.Do(req)
+	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		return nil, fmt.Errorf("failed to call API: %w", err)
 	}
 	defer resp.Body.Close()
 
-	// Cap the body we'll ever read so a misbehaving endpoint can't exhaust
-	// memory. +1 lets us detect that the cap was hit.
-	limited := io.LimitReader(resp.Body, maxResponseBytes+1)
-
 	if resp.StatusCode != http.StatusOK {
-		b, readErr := io.ReadAll(limited)
-		if readErr != nil {
-			return nil, fmt.Errorf("API returned status %d (failed to read body: %v)", resp.StatusCode, readErr)
-		}
-		if len(b) > maxResponseBytes {
-			b = b[:maxResponseBytes]
-		}
+		b, _ := io.ReadAll(resp.Body)
 		return nil, fmt.Errorf("API returned status %d: %s", resp.StatusCode, string(b))
 	}
 
-	body, readErr := io.ReadAll(limited)
-	if readErr != nil {
-		return nil, fmt.Errorf("failed to read response: %w", readErr)
-	}
-	if len(body) > maxResponseBytes {
-		return nil, fmt.Errorf("API response exceeds %d bytes", maxResponseBytes)
-	}
-
 	var rpcResp zmJSONRPCResponse
-	if err := json.Unmarshal(body, &rpcResp); err != nil {
+	if err := json.NewDecoder(resp.Body).Decode(&rpcResp); err != nil {
 		return nil, fmt.Errorf("failed to decode response: %w", err)
 	}
 
diff --git a/checker/definition.go b/checker/definition.go
index b94bb7b..bcff0d0 100644
--- a/checker/definition.go
+++ b/checker/definition.go
@@ -17,7 +17,7 @@ import (
 var Version = "built-in"
 
 // Definition returns the CheckerDefinition for the zonemaster checker.
-func (p *zonemasterProvider) Definition() *sdk.CheckerDefinition {
+func Definition() *sdk.CheckerDefinition {
 	return &sdk.CheckerDefinition{
 		ID:      "zonemaster",
 		Name:    "Zonemaster",
@@ -75,11 +75,13 @@ func (p *zonemasterProvider) Definition() *sdk.CheckerDefinition {
 				},
 			},
 		},
-		Rules: Rules(),
+		Rules: []sdk.CheckRule{
+			Rule(),
+		},
 		Interval: &sdk.CheckIntervalSpec{
-			Min:     12 * time.Hour,
-			Max:     30 * 24 * time.Hour,
-			Default: 7 * 24 * time.Hour,
+			Min:     1 * time.Hour,
+			Max:     7 * 24 * time.Hour,
+			Default: 24 * time.Hour,
 		},
 	}
 }
diff --git a/checker/interactive.go b/checker/interactive.go
deleted file mode 100644
index 95dcca6..0000000
--- a/checker/interactive.go
+++ /dev/null
@@ -1,69 +0,0 @@
-//go:build standalone
-
-package checker
-
-import (
-	"errors"
-	"net/http"
-	"strings"
-
-	sdk "git.happydns.org/checker-sdk-go/checker"
-)
-
-func (p *zonemasterProvider) RenderForm() []sdk.CheckerOptionField {
-	return []sdk.CheckerOptionField{
-		{
-			Id:          "domainName",
-			Type:        "string",
-			Label:       "Domain name to check",
-			Placeholder: "example.com",
-			Required:    true,
-			Description: "Fully-qualified domain name to submit to the Zonemaster engine.",
-		},
-		{
-			Id:          "profile",
-			Type:        "string",
-			Label:       "Profile",
-			Placeholder: "default",
-			Description: "Zonemaster test profile to apply (engine-defined; usually \"default\").",
-		},
-		{
-			Id:          "language",
-			Type:        "string",
-			Label:       "Result language",
-			Placeholder: "en",
-			Description: "Language for human-readable test messages (en, fr, de, es, sv, da, fi, nb, nl, pt).",
-		},
-		{
-			Id:          "zonemasterAPIURL",
-			Type:        "string",
-			Label:       "Zonemaster API URL",
-			Placeholder: "https://zonemaster.net/api",
-			Description: "JSON-RPC endpoint of the Zonemaster backend to query.",
-		},
-	}
-}
-
-func (p *zonemasterProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
-	domainName := strings.TrimSpace(r.FormValue("domainName"))
-	if domainName == "" {
-		return nil, errors.New("domainName is required")
-	}
-	domainName = strings.TrimSuffix(domainName, ".")
-
-	opts := sdk.CheckerOptions{
-		"domainName": domainName,
-	}
-
-	if v := strings.TrimSpace(r.FormValue("profile")); v != "" {
-		opts["profile"] = v
-	}
-	if v := strings.TrimSpace(r.FormValue("language")); v != "" {
-		opts["language"] = v
-	}
-	if v := strings.TrimSpace(r.FormValue("zonemasterAPIURL")); v != "" {
-		opts["zonemasterAPIURL"] = strings.TrimSuffix(v, "/")
-	}
-
-	return opts, nil
-}
diff --git a/checker/provider.go b/checker/provider.go
index 3efec93..d3c6767 100644
--- a/checker/provider.go
+++ b/checker/provider.go
@@ -14,3 +14,8 @@ type zonemasterProvider struct{}
 func (p *zonemasterProvider) Key() sdk.ObservationKey {
 	return ObservationKeyZonemaster
 }
+
+// Definition implements sdk.CheckerDefinitionProvider.
+func (p *zonemasterProvider) Definition() *sdk.CheckerDefinition {
+	return Definition()
+}
diff --git a/checker/report.go b/checker/report.go
index 834274e..b241b15 100644
--- a/checker/report.go
+++ b/checker/report.go
@@ -15,14 +15,13 @@ import (
 // zmLevelDisplayOrder defines the severity order used for sorting and display.
 var zmLevelDisplayOrder = []string{"CRITICAL", "ERROR", "WARNING", "NOTICE", "INFO", "DEBUG"}
 
-var zmLevelRank = map[string]int{
-	"CRITICAL": 6,
-	"ERROR":    5,
-	"WARNING":  4,
-	"NOTICE":   3,
-	"INFO":     2,
-	"DEBUG":    1,
-}
+var zmLevelRank = func() map[string]int {
+	m := make(map[string]int, len(zmLevelDisplayOrder))
+	for i, l := range zmLevelDisplayOrder {
+		m[l] = len(zmLevelDisplayOrder) - i
+	}
+	return m
+}()
 
 type zmLevelCount struct {
 	Level string
@@ -51,7 +50,7 @@ var zonemasterHTMLTemplate = template.Must(
 	template.New("zonemaster").
 		Funcs(template.FuncMap{
 			"badgeClass": func(level string) string {
-				switch normLevel(level) {
+				switch strings.ToUpper(level) {
 				case "CRITICAL":
 					return "badge-critical"
 				case "ERROR":
@@ -72,7 +71,7 @@ var zonemasterHTMLTemplate = template.Must(
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Zonemaster{{if .Domain}}, {{.Domain}}{{end}}</title>
+<title>Zonemaster{{if .Domain}} — {{.Domain}}{{end}}</title>
 <style>
 *, *::before, *::after { box-sizing: border-box; }
 :root {
@@ -158,7 +157,7 @@ details[open] > summary::before { transform: rotate(90deg); }
 <body>
 
 <div class="hd">
-  <h1>Zonemaster{{if .Domain}}, <code>{{.Domain}}</code>{{end}}</h1>
+  <h1>Zonemaster{{if .Domain}} — <code>{{.Domain}}</code>{{end}}</h1>
   <div class="meta">
     {{- if .CreatedAt}}Run at {{.CreatedAt}}{{end -}}
     {{- if and .CreatedAt .HashID}} &middot; {{end -}}
@@ -223,7 +222,7 @@ func (p *zonemasterProvider) GetHTMLReport(ctx sdk.ReportContext) (string, error
 		rs := moduleMap[name]
 		counts := map[string]int{}
 		for _, r := range rs {
-			lvl := normLevel(r.Level)
+			lvl := strings.ToUpper(r.Level)
 			counts[lvl]++
 			totalCounts[lvl]++
 		}
diff --git a/checker/rule.go b/checker/rule.go
index a5c1db7..d201dd6 100644
--- a/checker/rule.go
+++ b/checker/rule.go
@@ -9,32 +9,20 @@ import (
 	sdk "git.happydns.org/checker-sdk-go/checker"
 )
 
-// Rules returns the full list of CheckRules exposed by the Zonemaster checker.
-// Each rule narrows the Zonemaster results to a single test category so
-// callers can see at a glance which category passed and which did not,
-// instead of squashing every Zonemaster message into a single monolithic
-// state. The Zonemaster-returned severity (INFO/NOTICE/WARNING/ERROR/
-// CRITICAL) is treated as a raw input coming from Zonemaster's own
-// judgement; each rule maps it onto happyDomain's CheckState.Status.
-func Rules() []sdk.CheckRule {
-	return []sdk.CheckRule{
-		dnssecRule(),
-		delegationRule(),
-		consistencyRule(),
-		connectivityRule(),
-		nameserverRule(),
-		syntaxRule(),
-		zoneRule(),
-		addressRule(),
-		basicRule(),
-	}
+// Rule returns a new zonemaster check rule.
+func Rule() sdk.CheckRule {
+	return &zonemasterRule{}
 }
 
-// ── shared helpers ────────────────────────────────────────────────────────────
+type zonemasterRule struct{}
 
-// validateZonemasterOptions validates the options accepted by the Zonemaster
-// checker. Shared across rules that implement OptionsValidator.
-func validateZonemasterOptions(opts sdk.CheckerOptions) error {
+func (r *zonemasterRule) Name() string { return "zonemaster" }
+
+func (r *zonemasterRule) Description() string {
+	return "Runs Zonemaster DNS validation tests against the zone"
+}
+
+func (r *zonemasterRule) ValidateOptions(opts sdk.CheckerOptions) error {
 	if v, ok := opts["zonemasterAPIURL"]; ok {
 		s, ok := v.(string)
 		if !ok {
@@ -56,182 +44,69 @@ func validateZonemasterOptions(opts sdk.CheckerOptions) error {
 	return nil
 }
 
-// loadZonemasterData fetches the Zonemaster observation. On error, returns a
-// CheckState the caller should emit to short-circuit its rule.
-func loadZonemasterData(ctx context.Context, obs sdk.ObservationGetter) (*ZonemasterData, *sdk.CheckState) {
+func (r *zonemasterRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts sdk.CheckerOptions) []sdk.CheckState {
 	var data ZonemasterData
 	if err := obs.Get(ctx, ObservationKeyZonemaster, &data); err != nil {
-		return nil, &sdk.CheckState{
-			Status:  sdk.StatusError,
-			Message: fmt.Sprintf("failed to load Zonemaster observation: %v", err),
-			Code:    "zonemaster.observation_error",
-		}
-	}
-	return &data, nil
-}
-
-// normLevel returns the canonical (upper-case) form of a Zonemaster severity
-// string. Use this anywhere a severity needs to be compared, looked up or
-// keyed so the canonical list stays in one place.
-func normLevel(level string) string {
-	return strings.ToUpper(level)
-}
-
-// levelToStatus maps a Zonemaster-returned severity to happyDomain's status.
-// Zonemaster's own judgement is treated as raw input; this is happyDomain's
-// own mapping onto the SDK status enum.
-func levelToStatus(level string) sdk.Status {
-	switch normLevel(level) {
-	case "CRITICAL", "ERROR":
-		return sdk.StatusCrit
-	case "WARNING":
-		return sdk.StatusWarn
-	case "NOTICE", "INFO", "DEBUG":
-		return sdk.StatusInfo
-	default:
-		return sdk.StatusUnknown
-	}
-}
-
-// worstStatus returns the more severe of two statuses. StatusError always
-// wins because it means "we could not evaluate".
-func worstStatus(a, b sdk.Status) sdk.Status {
-	rank := func(s sdk.Status) int {
-		switch s {
-		case sdk.StatusError:
-			return 6
-		case sdk.StatusCrit:
-			return 5
-		case sdk.StatusWarn:
-			return 4
-		case sdk.StatusInfo:
-			return 2
-		case sdk.StatusOK:
-			return 1
-		default:
-			return 0
-		}
-	}
-	if rank(a) >= rank(b) {
-		return a
-	}
-	return b
-}
-
-// categoryRule is the common shape used by every per-category Zonemaster
-// rule: load the observation, filter messages whose module matches one of
-// the declared names, map Zonemaster severities onto CheckState.Status,
-// and emit a summary state plus one state per WARNING-or-worse message.
-// INFO/NOTICE messages are folded into the summary counts so the state
-// list stays readable.
-type categoryRule struct {
-	name        string
-	description string
-	modules     []string // case-insensitive module names handled by this rule
-}
-
-func (r *categoryRule) Name() string        { return r.name }
-func (r *categoryRule) Description() string { return r.description }
-
-func (r *categoryRule) ValidateOptions(opts sdk.CheckerOptions) error {
-	return validateZonemasterOptions(opts)
-}
-
-func (r *categoryRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
-	data, errSt := loadZonemasterData(ctx, obs)
-	if errSt != nil {
-		return []sdk.CheckState{*errSt}
-	}
-
-	matched := filterByModules(data.Results, r.modules)
-	if len(matched) == 0 {
 		return []sdk.CheckState{{
-			Status:  sdk.StatusUnknown,
-			Message: fmt.Sprintf("No %s messages returned by Zonemaster for this zone.", r.name),
-			Code:    r.name + ".not_tested",
+			Status:  sdk.StatusError,
+			Message: fmt.Sprintf("Failed to get Zonemaster data: %v", err),
+			Code:    "zonemaster_error",
 		}}
 	}
 
-	var (
-		critCount, errCount, warnCount, noticeCount, infoCount int
-		worst                                                  = sdk.StatusOK
-		issueStates                                            []sdk.CheckState
-	)
+	var errorCount, warningCount int
+	var criticalMsgs []string
 
-	for _, res := range matched {
-		lvl := normLevel(res.Level)
-		st := levelToStatus(lvl)
-		worst = worstStatus(worst, st)
-
-		switch lvl {
-		case "CRITICAL":
-			critCount++
-		case "ERROR":
-			errCount++
+	for _, res := range data.Results {
+		switch strings.ToUpper(res.Level) {
+		case "CRITICAL", "ERROR":
+			errorCount++
+			if len(criticalMsgs) < 5 {
+				criticalMsgs = append(criticalMsgs, res.Message)
+			}
 		case "WARNING":
-			warnCount++
-		case "NOTICE":
-			noticeCount++
-		default:
-			infoCount++
-		}
-
-		if st == sdk.StatusCrit || st == sdk.StatusWarn {
-			issueStates = append(issueStates, sdk.CheckState{
-				Status:  st,
-				Message: res.Message,
-				Code:    r.name + "." + strings.ToLower(lvl),
-				Subject: res.Testcase,
-				Meta: map[string]any{
-					"module":   res.Module,
-					"testcase": res.Testcase,
-					"level":    lvl,
-				},
-			})
+			warningCount++
 		}
 	}
 
-	summary := sdk.CheckState{
-		Status: worst,
-		Code:   r.name + ".summary",
-		Meta: map[string]any{
-			"total":    len(matched),
-			"critical": critCount,
-			"error":    errCount,
-			"warning":  warnCount,
-			"notice":   noticeCount,
-			"info":     infoCount,
-		},
+	meta := map[string]any{
+		"errorCount":   errorCount,
+		"warningCount": warningCount,
+		"totalChecks":  len(data.Results),
+		"hashId":       data.HashID,
+		"createdAt":    data.CreatedAt,
 	}
 
-	switch {
-	case critCount+errCount > 0:
-		summary.Message = fmt.Sprintf("%d error(s), %d warning(s) reported by Zonemaster (%d checks).", critCount+errCount, warnCount, len(matched))
-	case warnCount > 0:
-		summary.Message = fmt.Sprintf("%d warning(s) reported by Zonemaster (%d checks).", warnCount, len(matched))
-	default:
-		summary.Status = sdk.StatusOK
-		summary.Message = fmt.Sprintf("No issues reported by Zonemaster (%d checks).", len(matched))
+	if errorCount > 0 {
+		statusLine := fmt.Sprintf("%d error(s), %d warning(s) found", errorCount, warningCount)
+		if len(criticalMsgs) > 0 {
+			n := 2
+			if len(criticalMsgs) < n {
+				n = len(criticalMsgs)
+			}
+			statusLine += ": " + strings.Join(criticalMsgs[:n], "; ")
+		}
+		return []sdk.CheckState{{
+			Status:  sdk.StatusCrit,
+			Message: statusLine,
+			Code:    "zonemaster_errors",
+			Meta:    meta,
+		}}
 	}
 
-	return append([]sdk.CheckState{summary}, issueStates...)
-}
-
-// filterByModules returns the subset of results whose Module matches any of
-// the given module names (case-insensitive).
-func filterByModules(results []ZonemasterTestResult, modules []string) []ZonemasterTestResult {
-	if len(modules) == 0 {
-		return nil
-	}
-	set := make(map[string]struct{}, len(modules))
-	for _, m := range modules {
-		set[strings.ToLower(m)] = struct{}{}
-	}
-	var out []ZonemasterTestResult
-	for _, r := range results {
-		if _, ok := set[strings.ToLower(r.Module)]; ok {
-			out = append(out, r)
-		}
-	}
-	return out
+	if warningCount > 0 {
+		return []sdk.CheckState{{
+			Status:  sdk.StatusWarn,
+			Message: fmt.Sprintf("%d warning(s) found", warningCount),
+			Code:    "zonemaster_warnings",
+			Meta:    meta,
+		}}
+	}
+
+	return []sdk.CheckState{{
+		Status:  sdk.StatusOK,
+		Message: fmt.Sprintf("All checks passed (%d checks)", len(data.Results)),
+		Code:    "zonemaster_ok",
+		Meta:    meta,
+	}}
 }
diff --git a/checker/rule_test.go b/checker/rule_test.go
deleted file mode 100644
index ba0c1a6..0000000
--- a/checker/rule_test.go
+++ /dev/null
@@ -1,298 +0,0 @@
-package checker
-
-import (
-	"context"
-	"encoding/json"
-	"errors"
-	"strings"
-	"testing"
-
-	sdk "git.happydns.org/checker-sdk-go/checker"
-)
-
-// fakeObs is a minimal ObservationGetter for tests. If err is non-nil, Get
-// returns it; otherwise, it JSON-roundtrips data into dest.
-type fakeObs struct {
-	data any
-	err  error
-}
-
-func (f *fakeObs) Get(_ context.Context, _ sdk.ObservationKey, dest any) error {
-	if f.err != nil {
-		return f.err
-	}
-	b, err := json.Marshal(f.data)
-	if err != nil {
-		return err
-	}
-	return json.Unmarshal(b, dest)
-}
-
-func (f *fakeObs) GetRelated(_ context.Context, _ sdk.ObservationKey) ([]sdk.RelatedObservation, error) {
-	return nil, nil
-}
-
-func TestLevelToStatus(t *testing.T) {
-	cases := []struct {
-		level string
-		want  sdk.Status
-	}{
-		{"CRITICAL", sdk.StatusCrit},
-		{"ERROR", sdk.StatusCrit},
-		{"critical", sdk.StatusCrit}, // case-insensitive
-		{"WARNING", sdk.StatusWarn},
-		{"NOTICE", sdk.StatusInfo},
-		{"INFO", sdk.StatusInfo},
-		{"DEBUG", sdk.StatusInfo},
-		{"", sdk.StatusUnknown},
-		{"BANANA", sdk.StatusUnknown},
-	}
-	for _, tc := range cases {
-		t.Run(tc.level, func(t *testing.T) {
-			if got := levelToStatus(tc.level); got != tc.want {
-				t.Errorf("levelToStatus(%q) = %v, want %v", tc.level, got, tc.want)
-			}
-		})
-	}
-}
-
-func TestWorstStatus(t *testing.T) {
-	// Severity ordering used by worstStatus:
-	// Error > Crit > Warn > Info > OK > Unknown
-	cases := []struct {
-		a, b, want sdk.Status
-	}{
-		{sdk.StatusOK, sdk.StatusOK, sdk.StatusOK},
-		{sdk.StatusOK, sdk.StatusInfo, sdk.StatusInfo},
-		{sdk.StatusInfo, sdk.StatusWarn, sdk.StatusWarn},
-		{sdk.StatusWarn, sdk.StatusCrit, sdk.StatusCrit},
-		{sdk.StatusCrit, sdk.StatusError, sdk.StatusError},
-		{sdk.StatusError, sdk.StatusCrit, sdk.StatusError},
-		{sdk.StatusUnknown, sdk.StatusOK, sdk.StatusOK},
-		{sdk.StatusUnknown, sdk.StatusUnknown, sdk.StatusUnknown},
-	}
-	for _, tc := range cases {
-		if got := worstStatus(tc.a, tc.b); got != tc.want {
-			t.Errorf("worstStatus(%v, %v) = %v, want %v", tc.a, tc.b, got, tc.want)
-		}
-	}
-}
-
-func TestFilterByModules(t *testing.T) {
-	results := []ZonemasterTestResult{
-		{Module: "DNSSEC", Message: "a"},
-		{Module: "Delegation", Message: "b"},
-		{Module: "dnssec", Message: "c"},
-		{Module: "Syntax", Message: "d"},
-	}
-
-	t.Run("matches case-insensitively", func(t *testing.T) {
-		got := filterByModules(results, []string{"dnssec"})
-		if len(got) != 2 {
-			t.Fatalf("got %d results, want 2: %+v", len(got), got)
-		}
-		if got[0].Message != "a" || got[1].Message != "c" {
-			t.Errorf("unexpected results: %+v", got)
-		}
-	})
-
-	t.Run("multiple modules", func(t *testing.T) {
-		got := filterByModules(results, []string{"delegation", "syntax"})
-		if len(got) != 2 {
-			t.Errorf("got %d, want 2", len(got))
-		}
-	})
-
-	t.Run("empty modules returns nil", func(t *testing.T) {
-		if got := filterByModules(results, nil); got != nil {
-			t.Errorf("got %+v, want nil", got)
-		}
-	})
-
-	t.Run("no match returns empty", func(t *testing.T) {
-		if got := filterByModules(results, []string{"nope"}); len(got) != 0 {
-			t.Errorf("got %+v, want empty", got)
-		}
-	})
-}
-
-func TestValidateZonemasterOptions(t *testing.T) {
-	cases := []struct {
-		name    string
-		opts    sdk.CheckerOptions
-		wantErr string // substring; empty means no error expected
-	}{
-		{"empty opts", sdk.CheckerOptions{}, ""},
-		{"empty url", sdk.CheckerOptions{"zonemasterAPIURL": ""}, ""},
-		{"valid http", sdk.CheckerOptions{"zonemasterAPIURL": "http://localhost:5000/api"}, ""},
-		{"valid https", sdk.CheckerOptions{"zonemasterAPIURL": "https://zonemaster.net/api"}, ""},
-		{"non-string", sdk.CheckerOptions{"zonemasterAPIURL": 42}, "must be a string"},
-		{"bad scheme", sdk.CheckerOptions{"zonemasterAPIURL": "ftp://x/api"}, "http or https"},
-		{"no host", sdk.CheckerOptions{"zonemasterAPIURL": "http:///api"}, "must include a host"},
-		{"unparseable", sdk.CheckerOptions{"zonemasterAPIURL": "http://[::1"}, "zonemasterAPIURL"},
-	}
-	for _, tc := range cases {
-		t.Run(tc.name, func(t *testing.T) {
-			err := validateZonemasterOptions(tc.opts)
-			switch {
-			case tc.wantErr == "" && err != nil:
-				t.Errorf("unexpected error: %v", err)
-			case tc.wantErr != "" && err == nil:
-				t.Errorf("expected error containing %q, got nil", tc.wantErr)
-			case tc.wantErr != "" && !strings.Contains(err.Error(), tc.wantErr):
-				t.Errorf("error %q does not contain %q", err.Error(), tc.wantErr)
-			}
-		})
-	}
-}
-
-func TestNormLevel(t *testing.T) {
-	cases := map[string]string{
-		"":         "",
-		"info":     "INFO",
-		"WaRnInG":  "WARNING",
-		"CRITICAL": "CRITICAL",
-	}
-	for in, want := range cases {
-		if got := normLevel(in); got != want {
-			t.Errorf("normLevel(%q) = %q, want %q", in, got, want)
-		}
-	}
-}
-
-func TestCategoryRuleEvaluate_NoData(t *testing.T) {
-	r := &categoryRule{name: "zonemaster.dnssec", modules: []string{"dnssec"}}
-	obs := &fakeObs{data: ZonemasterData{Results: nil}}
-
-	states := r.Evaluate(context.Background(), obs, nil)
-	if len(states) != 1 {
-		t.Fatalf("got %d states, want 1", len(states))
-	}
-	if states[0].Status != sdk.StatusUnknown {
-		t.Errorf("status = %v, want StatusUnknown", states[0].Status)
-	}
-	if states[0].Code != "zonemaster.dnssec.not_tested" {
-		t.Errorf("code = %q", states[0].Code)
-	}
-}
-
-func TestCategoryRuleEvaluate_ObservationError(t *testing.T) {
-	r := &categoryRule{name: "zonemaster.dnssec", modules: []string{"dnssec"}}
-	obs := &fakeObs{err: errors.New("boom")}
-
-	states := r.Evaluate(context.Background(), obs, nil)
-	if len(states) != 1 {
-		t.Fatalf("got %d states, want 1", len(states))
-	}
-	if states[0].Status != sdk.StatusError {
-		t.Errorf("status = %v, want StatusError", states[0].Status)
-	}
-	if states[0].Code != "zonemaster.observation_error" {
-		t.Errorf("code = %q", states[0].Code)
-	}
-}
-
-func TestCategoryRuleEvaluate_AllOK(t *testing.T) {
-	r := &categoryRule{name: "zonemaster.dnssec", modules: []string{"dnssec"}}
-	obs := &fakeObs{data: ZonemasterData{Results: []ZonemasterTestResult{
-		{Module: "dnssec", Level: "INFO", Message: "ok1"},
-		{Module: "dnssec", Level: "NOTICE", Message: "ok2"},
-		{Module: "delegation", Level: "ERROR", Message: "ignored, wrong module"},
-	}}}
-
-	states := r.Evaluate(context.Background(), obs, nil)
-	if len(states) != 1 {
-		t.Fatalf("got %d states, want 1 (summary only): %+v", len(states), states)
-	}
-	if states[0].Status != sdk.StatusOK {
-		t.Errorf("status = %v, want StatusOK", states[0].Status)
-	}
-	if got, _ := states[0].Meta["total"].(int); got != 2 {
-		t.Errorf("total = %d, want 2", got)
-	}
-}
-
-func TestCategoryRuleEvaluate_MixedSeverities(t *testing.T) {
-	r := &categoryRule{name: "zonemaster.dnssec", modules: []string{"dnssec"}}
-	obs := &fakeObs{data: ZonemasterData{Results: []ZonemasterTestResult{
-		{Module: "DNSSEC", Level: "INFO", Message: "i"},
-		{Module: "dnssec", Level: "WARNING", Message: "w", Testcase: "tc-w"},
-		{Module: "dnssec", Level: "ERROR", Message: "e", Testcase: "tc-e"},
-		{Module: "dnssec", Level: "CRITICAL", Message: "c", Testcase: "tc-c"},
-	}}}
-
-	states := r.Evaluate(context.Background(), obs, nil)
-	// Expect 1 summary + 3 issue states (warning + error + critical).
-	if len(states) != 4 {
-		t.Fatalf("got %d states, want 4: %+v", len(states), states)
-	}
-
-	summary := states[0]
-	if summary.Status != sdk.StatusCrit {
-		t.Errorf("summary status = %v, want StatusCrit", summary.Status)
-	}
-	if got, _ := summary.Meta["critical"].(int); got != 1 {
-		t.Errorf("critical = %d, want 1", got)
-	}
-	if got, _ := summary.Meta["error"].(int); got != 1 {
-		t.Errorf("error = %d, want 1", got)
-	}
-	if got, _ := summary.Meta["warning"].(int); got != 1 {
-		t.Errorf("warning = %d, want 1", got)
-	}
-	if got, _ := summary.Meta["info"].(int); got != 1 {
-		t.Errorf("info = %d, want 1", got)
-	}
-
-	// Issue states: codes should be dotted, lowercased levels.
-	wantCodes := map[string]bool{
-		"zonemaster.dnssec.warning":  false,
-		"zonemaster.dnssec.error":    false,
-		"zonemaster.dnssec.critical": false,
-	}
-	for _, s := range states[1:] {
-		if _, ok := wantCodes[s.Code]; !ok {
-			t.Errorf("unexpected issue code: %q", s.Code)
-			continue
-		}
-		wantCodes[s.Code] = true
-		if s.Subject == "" {
-			t.Errorf("issue state %q missing Subject", s.Code)
-		}
-	}
-	for code, seen := range wantCodes {
-		if !seen {
-			t.Errorf("missing issue state for %q", code)
-		}
-	}
-}
-
-func TestRulesContainsAllCategories(t *testing.T) {
-	got := Rules()
-	wantNames := []string{
-		"zonemaster.dnssec",
-		"zonemaster.delegation",
-		"zonemaster.consistency",
-		"zonemaster.connectivity",
-		"zonemaster.nameserver",
-		"zonemaster.syntax",
-		"zonemaster.zone",
-		"zonemaster.address",
-		"zonemaster.basic",
-	}
-	if len(got) != len(wantNames) {
-		t.Fatalf("Rules() returned %d rules, want %d", len(got), len(wantNames))
-	}
-	seen := map[string]bool{}
-	for _, r := range got {
-		seen[r.Name()] = true
-		if r.Description() == "" {
-			t.Errorf("rule %q has empty description", r.Name())
-		}
-	}
-	for _, n := range wantNames {
-		if !seen[n] {
-			t.Errorf("Rules() missing %q", n)
-		}
-	}
-}
diff --git a/checker/rules_address.go b/checker/rules_address.go
deleted file mode 100644
index 8901877..0000000
--- a/checker/rules_address.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// addressRule covers Zonemaster's address test module (IP addresses of
-// nameservers, private/reserved ranges, IPv6 coverage).
-func addressRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.address",
-		description: "Zonemaster address tests (IP addresses of nameservers, private/reserved ranges).",
-		modules:     []string{"address"},
-	}
-}
diff --git a/checker/rules_basic.go b/checker/rules_basic.go
deleted file mode 100644
index 3337a97..0000000
--- a/checker/rules_basic.go
+++ /dev/null
@@ -1,14 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// basicRule covers Zonemaster's basic/system test modules (initial
-// reachability and fundamental pre-conditions for running the other test
-// categories).
-func basicRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.basic",
-		description: "Zonemaster basic tests (initial reachability and fundamental requirements).",
-		modules:     []string{"basic", "system"},
-	}
-}
diff --git a/checker/rules_connectivity.go b/checker/rules_connectivity.go
deleted file mode 100644
index 8808d1a..0000000
--- a/checker/rules_connectivity.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// connectivityRule covers Zonemaster's connectivity test module (UDP/TCP
-// reachability of authoritative servers, AS diversity).
-func connectivityRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.connectivity",
-		description: "Zonemaster connectivity tests (reachability of authoritative servers over UDP/TCP, AS diversity).",
-		modules:     []string{"connectivity"},
-	}
-}
diff --git a/checker/rules_consistency.go b/checker/rules_consistency.go
deleted file mode 100644
index 24db2b5..0000000
--- a/checker/rules_consistency.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// consistencyRule covers Zonemaster's consistency test module (SOA serial,
-// NS set, zone content identical across authoritative servers).
-func consistencyRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.consistency",
-		description: "Zonemaster consistency tests (SOA serial, NS set, zone content across servers).",
-		modules:     []string{"consistency"},
-	}
-}
diff --git a/checker/rules_delegation.go b/checker/rules_delegation.go
deleted file mode 100644
index 0c6e156..0000000
--- a/checker/rules_delegation.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// delegationRule covers Zonemaster's delegation test module (parent/child NS
-// agreement, glue correctness, referral integrity).
-func delegationRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.delegation",
-		description: "Zonemaster delegation tests (parent/child NS agreement, glue, referrals).",
-		modules:     []string{"delegation"},
-	}
-}
diff --git a/checker/rules_dnssec.go b/checker/rules_dnssec.go
deleted file mode 100644
index e3b5054..0000000
--- a/checker/rules_dnssec.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// dnssecRule covers Zonemaster's DNSSEC test module (signatures, NSEC/NSEC3,
-// DS/DNSKEY coherence, algorithm posture).
-func dnssecRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.dnssec",
-		description: "Zonemaster DNSSEC tests (signatures, NSEC/NSEC3, DS/DNSKEY coherence).",
-		modules:     []string{"dnssec"},
-	}
-}
diff --git a/checker/rules_nameserver.go b/checker/rules_nameserver.go
deleted file mode 100644
index e7ea6b4..0000000
--- a/checker/rules_nameserver.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// nameserverRule covers Zonemaster's nameserver test module (server
-// behaviour, EDNS posture, unknown RR handling).
-func nameserverRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.nameserver",
-		description: "Zonemaster nameserver tests (server behaviour, EDNS, unknown RR handling).",
-		modules:     []string{"nameserver"},
-	}
-}
diff --git a/checker/rules_syntax.go b/checker/rules_syntax.go
deleted file mode 100644
index 3daacad..0000000
--- a/checker/rules_syntax.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// syntaxRule covers Zonemaster's syntax test module (domain name syntax,
-// hostname legality).
-func syntaxRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.syntax",
-		description: "Zonemaster syntax tests (domain name syntax, hostname legality).",
-		modules:     []string{"syntax"},
-	}
-}
diff --git a/checker/rules_zone.go b/checker/rules_zone.go
deleted file mode 100644
index 1aaaae7..0000000
--- a/checker/rules_zone.go
+++ /dev/null
@@ -1,13 +0,0 @@
-package checker
-
-import sdk "git.happydns.org/checker-sdk-go/checker"
-
-// zoneRule covers Zonemaster's zone test module (SOA values, MX presence,
-// mandatory records at the apex).
-func zoneRule() sdk.CheckRule {
-	return &categoryRule{
-		name:        "zonemaster.zone",
-		description: "Zonemaster zone tests (SOA values, MX presence, mandatory records).",
-		modules:     []string{"zone"},
-	}
-}
diff --git a/go.mod b/go.mod
index 4835175..ffeb7b4 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,4 @@ module git.happydns.org/checker-zonemaster
 
 go 1.25.0
 
-require git.happydns.org/checker-sdk-go v1.5.0
+require git.happydns.org/checker-sdk-go v1.2.0
diff --git a/go.sum b/go.sum
index c389c68..272600a 100644
--- a/go.sum
+++ b/go.sum
@@ -1,2 +1,2 @@
-git.happydns.org/checker-sdk-go v1.5.0 h1:5uD5Cm6xJ+lwnhbJ09iCXGHbYS9zRh+Yh0NeBHkAPBY=
-git.happydns.org/checker-sdk-go v1.5.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
+git.happydns.org/checker-sdk-go v1.2.0 h1:v4MpKAz0W3PwP+bxx3pya8w893sVH5xTD1of1cc0TV8=
+git.happydns.org/checker-sdk-go v1.2.0/go.mod h1:aNAcfYFfbhvH9kJhE0Njp5GX0dQbxdRB0rJ0KvSC5nI=
diff --git a/main.go b/main.go
index df9c78f..2c212db 100644
--- a/main.go
+++ b/main.go
@@ -4,8 +4,8 @@ import (
 	"flag"
 	"log"
 
-	"git.happydns.org/checker-sdk-go/checker/server"
 	zonemaster "git.happydns.org/checker-zonemaster/checker"
+	sdk "git.happydns.org/checker-sdk-go/checker"
 )
 
 // Version is the standalone binary's version. It defaults to "custom-build"
@@ -23,8 +23,8 @@ func main() {
 	// CheckerDefinition.Version.
 	zonemaster.Version = Version
 
-	srv := server.New(zonemaster.Provider())
-	if err := srv.ListenAndServe(*listenAddr); err != nil {
+	server := sdk.NewServer(zonemaster.Provider())
+	if err := server.ListenAndServe(*listenAddr); err != nil {
 		log.Fatalf("server error: %v", err)
 	}
 }
diff --git a/plugin/plugin.go b/plugin/plugin.go
index bece978..f1c2846 100644
--- a/plugin/plugin.go
+++ b/plugin/plugin.go
@@ -5,8 +5,8 @@
 package main
 
 import (
-	sdk "git.happydns.org/checker-sdk-go/checker"
 	zonemaster "git.happydns.org/checker-zonemaster/checker"
+	sdk "git.happydns.org/checker-sdk-go/checker"
 )
 
 // Version is the plugin's version. It defaults to "custom-build" and is
@@ -20,6 +20,5 @@ var Version = "custom-build"
 // that the host will register in its global registries.
 func NewCheckerPlugin() (*sdk.CheckerDefinition, sdk.ObservationProvider, error) {
 	zonemaster.Version = Version
-	prvd := zonemaster.Provider()
-	return prvd.(sdk.CheckerDefinitionProvider).Definition(), prvd, nil
+	return zonemaster.Definition(), zonemaster.Provider(), nil
 }