docs: add nordvpn tailscale coordination plan

docs/plans/2026-03-12-nordvpn-tailscale-coordination-design.md

@@ -0,0 +1,26 @@
+# NordVPN Tailscale Coordination Design
+
+## Goal
+Stabilize macOS NordVPN connects by explicitly stopping Tailscale before bringing up the NordVPN WireGuard tunnel, then restarting Tailscale after NordVPN disconnects.
+
+## Behavior
+- macOS only
+- on `connect`:
+  - detect whether Tailscale is active
+  - if active, stop it and record that state
+  - bring up NordVPN
+- on `disconnect`:
+  - tear down NordVPN
+  - if the skill stopped Tailscale earlier, start it again
+  - clear the saved state
+- on connect failure after stopping Tailscale:
+  - attempt to start Tailscale again before returning the error
+
+## State
+- persist `tailscaleWasActive` under `~/.nordvpn-client`
+- only restart Tailscale if the skill actually stopped it
+
+## Rollback target if successful
+- remove the temporary macOS physical-service DNS management patch
+- restore the simpler NordVPN config path that uses NordVPN DNS directly in the WireGuard config
+- keep Tailscale suspend/resume as the macOS coexistence solution

docs/plans/2026-03-12-nordvpn-tailscale-coordination.md

@@ -0,0 +1,10 @@
+# NordVPN Tailscale Coordination Plan
+
+1. Add macOS Tailscale state file support under `~/.nordvpn-client`.
+2. Implement helpers to detect, stop, and start Tailscale on macOS.
+3. Add unit tests for Tailscale state transitions.
+4. Wire Tailscale stop into macOS `connect` before WireGuard up.
+5. Wire Tailscale restart into macOS `disconnect` and connect-failure rollback.
+6. Sync the installed workspace copy.
+7. Run tests and non-destructive verification.
+8. Commit and push.