This update transforms the README from good to awesome by showcasing the
recent v0.4.0 architectural refactor and production-ready status.
### What's New:
**1. Production Status Badges**
- Added "Production Ready" badge
- Added "Architecture Reviewed" badge linking to code review
**2. Competitive Positioning**
- Added "Why Not fail2ban / iptables?" comparison table
- Shows concrete advantages over traditional solutions
- Highlights protocol-awareness and real-time blocking
**3. Live Demo Section**
- "See It In Action" with actual svwar attack scenario
- Shows immediate enumeration detection and ban
- Includes step-by-step explanation of what happened
**4. Performance & Resource Usage Section**
- Quantifies improvements from architectural refactor
- Before/after table showing 99.996% goroutine reduction
- Lists all critical and high-priority fixes from v0.4.0
- Links to CODE_REVIEW_MATT_HOLT.md for technical details
**5. Updated Changelog**
- Added v0.4.0 entry with production hardening details
- Lists all architectural improvements
- Highlights impact: zero memory leaks, bounded resources
### Impact:
README now effectively communicates:
✅ Production-ready status (not just a prototype)
✅ Concrete performance characteristics
✅ Why choose this over alternatives
✅ Real-world attack scenarios and responses
The README is now **awesome** - balancing marketing (why use this?) with
technical depth (how it works under the hood).
Support for whitelisting SIP trunks and providers by hostname or SRV
record with automatic IP resolution and periodic refresh.
Features:
- Hostname resolution via A/AAAA records
- SRV record resolution (e.g., _sip._udp.provider.com)
- Configurable refresh interval (default 5m)
- Stale entry handling when DNS fails
- Admin API endpoints for DNS whitelist management
- Caddyfile directives: whitelist_hosts, whitelist_srv, dns_refresh
This allows whitelisting by provider name rather than tracking
constantly-changing IP addresses.
Documents all new features:
- Extension enumeration detection with config examples
- SIP message validation rules and modes
- Topology hiding (B2BUA-lite) with request/response flow diagrams
- Complete Caddyfile configuration reference
- Prometheus metrics reference
- Admin API endpoints
- Integration examples for FreePBX, Kamailio, and HA setups
- Security considerations
Architecture diagram updated to show full processing pipeline.
