Merge branch 'main' into fix/readme-accuracy

## Summary

When `DNSWATCHER_TARGETS` is empty (the default), dnswatcher previously started successfully and ran indefinitely monitoring nothing. This is a common misconfiguration — forgetting to set the variable or making a typo in its name — and gave no indication anything was wrong.

## Changes

- Added `ErrNoTargets` sentinel error in `internal/config/config.go`
- Extracted `parseAndValidateTargets()` helper to validate that at least one domain or hostname is configured after target classification
- If no targets are configured, dnswatcher now exits with a clear error: `"no monitoring targets configured: set DNSWATCHER_TARGETS environment variable"`
- Updated README.md to document that `DNSWATCHER_TARGETS` is required and dnswatcher will refuse to start without it

## How it works

The validation runs during config construction (via uber/fx), before the watcher or any other component starts. If `DNSWATCHER_TARGETS` is empty or contains only whitespace/empty entries, `buildConfig()` returns `ErrNoTargets`, which causes fx to fail startup with a clear error message.

This is fail-fast behavior: a monitoring daemon with nothing to monitor is a misconfiguration and should not silently run.

Closes #69

Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #75
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>

README.md

@@ -52,10 +52,6 @@ without requiring an external database.
     responding again.
   - **Inconsistency detected**: Two nameservers that previously agreed
     now return different record sets for the same hostname.
-  - **Inconsistency resolved**: Nameservers that previously disagreed
-    are now back in agreement.
-  - **Empty response**: A nameserver that previously returned records
-    now returns an authoritative empty response (NODATA/NXDOMAIN).
 
 ### TCP Port Monitoring
 
@@ -136,8 +132,6 @@ dnswatcher exposes a lightweight HTTP API for operational visibility:
 |---------------------------------------|--------------------------------|
 | `GET /health`                         | Health check (JSON)            |
 | `GET /api/v1/status`                  | Current monitoring state       |
-| `GET /api/v1/domains`                 | Configured domains and status  |
-| `GET /api/v1/hostnames`              | Configured hostnames and status|
 | `GET /metrics`                        | Prometheus metrics (optional)  |
 
 ---
@@ -210,6 +204,12 @@ the following precedence (highest to lowest):
 | `DNSWATCHER_METRICS_USERNAME`   | Basic auth username for /metrics           | `""`        |
 | `DNSWATCHER_METRICS_PASSWORD`   | Basic auth password for /metrics           | `""`        |
 
+**`DNSWATCHER_TARGETS` is required.** dnswatcher will refuse to start if no
+monitoring targets are configured. A monitoring daemon with nothing to monitor
+is a misconfiguration, so dnswatcher fails fast with a clear error message
+rather than running silently. Set `DNSWATCHER_TARGETS` to a comma-separated
+list of DNS names before starting.
+
 ### Example `.env`
 
 ```sh
@@ -319,8 +319,6 @@ tracks reachability:
 |-------------|-------------------------------------------------|
 | `ok`        | Query succeeded, records are current             |
 | `error`     | Query failed (timeout, SERVFAIL, network error)  |
-| `nxdomain`  | Authoritative NXDOMAIN response                  |
-| `nodata`    | Authoritative empty response (NODATA)            |
 
 ---
 

internal/config/config.go

@@ -23,6 +23,11 @@ const (
 	defaultTLSExpiryWarning = 7
 )
 
+// ErrNoTargets is returned when no monitoring targets are configured.
+var ErrNoTargets = errors.New(
+	"no monitoring targets configured: set DNSWATCHER_TARGETS environment variable",
+)
+
 // Params contains dependencies for Config.
 type Params struct {
 	fx.In
@@ -132,11 +137,9 @@ func buildConfig(
 		tlsInterval = defaultTLSInterval
 	}
 
-	domains, hostnames, err := ClassifyTargets(
-		parseCSV(viper.GetString("TARGETS")),
-	)
+	domains, hostnames, err := parseAndValidateTargets()
 	if err != nil {
-		return nil, fmt.Errorf("invalid targets configuration: %w", err)
+		return nil, err
 	}
 
 	cfg := &Config{
@@ -162,6 +165,23 @@ func buildConfig(
 	return cfg, nil
 }
 
+func parseAndValidateTargets() ([]string, []string, error) {
+	domains, hostnames, err := ClassifyTargets(
+		parseCSV(viper.GetString("TARGETS")),
+	)
+	if err != nil {
+		return nil, nil, fmt.Errorf(
+			"invalid targets configuration: %w", err,
+		)
+	}
+
+	if len(domains) == 0 && len(hostnames) == 0 {
+		return nil, nil, ErrNoTargets
+	}
+
+	return domains, hostnames, nil
+}
+
 func parseCSV(input string) []string {
 	if input == "" {
 		return nil

internal/handlers/domains.go

@@ -1,60 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"time"
-)
-
-// domainResponse represents a single domain in the API response.
-type domainResponse struct {
-	Domain      string   `json:"domain"`
-	Nameservers []string `json:"nameservers,omitempty"`
-	LastChecked string   `json:"lastChecked,omitempty"`
-	Status      string   `json:"status"`
-}
-
-// domainsResponse is the top-level response for GET /api/v1/domains.
-type domainsResponse struct {
-	Domains []domainResponse `json:"domains"`
-}
-
-// HandleDomains returns the configured domains and their status.
-func (h *Handlers) HandleDomains() http.HandlerFunc {
-	return func(
-		writer http.ResponseWriter,
-		request *http.Request,
-	) {
-		configured := h.config.Domains
-		snapshot := h.state.GetSnapshot()
-
-		domains := make(
-			[]domainResponse, 0, len(configured),
-		)
-
-		for _, domain := range configured {
-			dr := domainResponse{
-				Domain: domain,
-				Status: "pending",
-			}
-
-			ds, ok := snapshot.Domains[domain]
-			if ok {
-				dr.Nameservers = ds.Nameservers
-				dr.Status = "ok"
-
-				if !ds.LastChecked.IsZero() {
-					dr.LastChecked = ds.LastChecked.
-						Format(time.RFC3339)
-				}
-			}
-
-			domains = append(domains, dr)
-		}
-
-		h.respondJSON(
-			writer, request,
-			&domainsResponse{Domains: domains},
-			http.StatusOK,
-		)
-	}
-}

internal/handlers/handlers.go

@@ -8,11 +8,9 @@ import (
 
 	"go.uber.org/fx"
 
-	"sneak.berlin/go/dnswatcher/internal/config"
 	"sneak.berlin/go/dnswatcher/internal/globals"
 	"sneak.berlin/go/dnswatcher/internal/healthcheck"
 	"sneak.berlin/go/dnswatcher/internal/logger"
-	"sneak.berlin/go/dnswatcher/internal/state"
 )
 
 // Params contains dependencies for Handlers.
@@ -22,8 +20,6 @@ type Params struct {
 	Logger      *logger.Logger
 	Globals     *globals.Globals
 	Healthcheck *healthcheck.Healthcheck
-	State       *state.State
-	Config      *config.Config
 }
 
 // Handlers provides HTTP request handlers.
@@ -32,8 +28,6 @@ type Handlers struct {
 	params  *Params
 	globals *globals.Globals
 	hc      *healthcheck.Healthcheck
-	state   *state.State
-	config  *config.Config
 }
 
 // New creates a new Handlers instance.
@@ -43,8 +37,6 @@ func New(_ fx.Lifecycle, params Params) (*Handlers, error) {
 		params:  &params,
 		globals: params.Globals,
 		hc:      params.Healthcheck,
-		state:   params.State,
-		config:  params.Config,
 	}, nil
 }
 
@@ -52,7 +44,7 @@ func (h *Handlers) respondJSON(
 	writer http.ResponseWriter,
 	_ *http.Request,
 	data any,
-	status int, //nolint:unparam // general-purpose utility; status varies in future use
+	status int,
 ) {
 	writer.Header().Set("Content-Type", "application/json")
 	writer.WriteHeader(status)

internal/handlers/hostnames.go

@@ -1,120 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-	"sort"
-	"time"
-
-	"sneak.berlin/go/dnswatcher/internal/state"
-)
-
-// nameserverRecordResponse represents one nameserver's records
-// in the API response.
-type nameserverRecordResponse struct {
-	Nameserver  string              `json:"nameserver"`
-	Records     map[string][]string `json:"records"`
-	Status      string              `json:"status"`
-	Error       string              `json:"error,omitempty"`
-	LastChecked string              `json:"lastChecked,omitempty"`
-}
-
-// hostnameResponse represents a single hostname in the API response.
-type hostnameResponse struct {
-	Hostname    string                     `json:"hostname"`
-	Nameservers []nameserverRecordResponse `json:"nameservers,omitempty"`
-	LastChecked string                     `json:"lastChecked,omitempty"`
-	Status      string                     `json:"status"`
-}
-
-// hostnamesResponse is the top-level response for
-// GET /api/v1/hostnames.
-type hostnamesResponse struct {
-	Hostnames []hostnameResponse `json:"hostnames"`
-}
-
-// HandleHostnames returns the configured hostnames and their status.
-func (h *Handlers) HandleHostnames() http.HandlerFunc {
-	return func(
-		writer http.ResponseWriter,
-		request *http.Request,
-	) {
-		configured := h.config.Hostnames
-		snapshot := h.state.GetSnapshot()
-
-		hostnames := make(
-			[]hostnameResponse, 0, len(configured),
-		)
-
-		for _, hostname := range configured {
-			hr := hostnameResponse{
-				Hostname: hostname,
-				Status:   "pending",
-			}
-
-			hs, ok := snapshot.Hostnames[hostname]
-			if ok {
-				hr.Status = "ok"
-
-				if !hs.LastChecked.IsZero() {
-					hr.LastChecked = hs.LastChecked.
-						Format(time.RFC3339)
-				}
-
-				hr.Nameservers = buildNameserverRecords(
-					hs,
-				)
-			}
-
-			hostnames = append(hostnames, hr)
-		}
-
-		h.respondJSON(
-			writer, request,
-			&hostnamesResponse{Hostnames: hostnames},
-			http.StatusOK,
-		)
-	}
-}
-
-// buildNameserverRecords converts the per-nameserver state map
-// into a sorted slice for deterministic JSON output.
-func buildNameserverRecords(
-	hs *state.HostnameState,
-) []nameserverRecordResponse {
-	if hs.RecordsByNameserver == nil {
-		return nil
-	}
-
-	nsNames := make(
-		[]string, 0, len(hs.RecordsByNameserver),
-	)
-	for ns := range hs.RecordsByNameserver {
-		nsNames = append(nsNames, ns)
-	}
-
-	sort.Strings(nsNames)
-
-	records := make(
-		[]nameserverRecordResponse, 0, len(nsNames),
-	)
-
-	for _, ns := range nsNames {
-		nsr := hs.RecordsByNameserver[ns]
-
-		entry := nameserverRecordResponse{
-			Nameserver: ns,
-			Records:    nsr.Records,
-			Status:     nsr.Status,
-			Error:      nsr.Error,
-		}
-
-		if !nsr.LastChecked.IsZero() {
-			entry.LastChecked = nsr.LastChecked.
-				Format(time.RFC3339)
-		}
-
-		records = append(records, entry)
-	}
-
-	return records
-}

internal/server/routes.go

@@ -28,8 +28,6 @@ func (s *Server) SetupRoutes() {
 	// API v1 routes
 	s.router.Route("/api/v1", func(r chi.Router) {
 		r.Get("/status", s.handlers.HandleStatus())
-		r.Get("/domains", s.handlers.HandleDomains())
-		r.Get("/hostnames", s.handlers.HandleHostnames())
 	})
 
 	// Metrics endpoint (optional, with basic auth)