From 916d8bf95a681ccbf543e3f626a81c4a72a5fee7 Mon Sep 17 00:00:00 2001
From: Stefano Fiorini <stefano@Stefanos-MacBook-Air.local>
Date: Thu, 12 Mar 2026 01:46:52 -0500
Subject: [PATCH] docs: add nordvpn tailscale coordination plan

---
 ...2-nordvpn-tailscale-coordination-design.md | 26 +++++++++++++++++++
 ...26-03-12-nordvpn-tailscale-coordination.md | 10 +++++++
 2 files changed, 36 insertions(+)
 create mode 100644 docs/plans/2026-03-12-nordvpn-tailscale-coordination-design.md
 create mode 100644 docs/plans/2026-03-12-nordvpn-tailscale-coordination.md

diff --git a/docs/plans/2026-03-12-nordvpn-tailscale-coordination-design.md b/docs/plans/2026-03-12-nordvpn-tailscale-coordination-design.md
new file mode 100644
index 0000000..eb45f2a
--- /dev/null
+++ b/docs/plans/2026-03-12-nordvpn-tailscale-coordination-design.md
@@ -0,0 +1,26 @@
+# NordVPN Tailscale Coordination Design
+
+## Goal
+Stabilize macOS NordVPN connects by explicitly stopping Tailscale before bringing up the NordVPN WireGuard tunnel, then restarting Tailscale after NordVPN disconnects.
+
+## Behavior
+- macOS only
+- on `connect`:
+  - detect whether Tailscale is active
+  - if active, stop it and record that state
+  - bring up NordVPN
+- on `disconnect`:
+  - tear down NordVPN
+  - if the skill stopped Tailscale earlier, start it again
+  - clear the saved state
+- on connect failure after stopping Tailscale:
+  - attempt to start Tailscale again before returning the error
+
+## State
+- persist `tailscaleWasActive` under `~/.nordvpn-client`
+- only restart Tailscale if the skill actually stopped it
+
+## Rollback target if successful
+- remove the temporary macOS physical-service DNS management patch
+- restore the simpler NordVPN config path that uses NordVPN DNS directly in the WireGuard config
+- keep Tailscale suspend/resume as the macOS coexistence solution
diff --git a/docs/plans/2026-03-12-nordvpn-tailscale-coordination.md b/docs/plans/2026-03-12-nordvpn-tailscale-coordination.md
new file mode 100644
index 0000000..189ecf5
--- /dev/null
+++ b/docs/plans/2026-03-12-nordvpn-tailscale-coordination.md
@@ -0,0 +1,10 @@
+# NordVPN Tailscale Coordination Plan
+
+1. Add macOS Tailscale state file support under `~/.nordvpn-client`.
+2. Implement helpers to detect, stop, and start Tailscale on macOS.
+3. Add unit tests for Tailscale state transitions.
+4. Wire Tailscale stop into macOS `connect` before WireGuard up.
+5. Wire Tailscale restart into macOS `disconnect` and connect-failure rollback.
+6. Sync the installed workspace copy.
+7. Run tests and non-destructive verification.
+8. Commit and push.