docs: add DD-064 std/net enhancements plan

[larimonious]

Summary

• Adds DD-064 for future std/net v0.4.12 enhancements.
• Captures the proposed feature candidates: local interface context, address-family controls, DNS resolver ergonomics, probe result consistency, TLS audit conveniences, optional TCP banner reads, and capability-reporting polish.
• Explicitly keeps closed PR feat(std-net): parallel hop probing for traceroute #124 / parallel traceroute, SNMP, sweeps, MTR-style stats, and monitoring state out of default std/net.
• Includes a sliced PR/release plan so v0.4.12 can stop after the safe/high-confidence pieces.

Test Plan

• git diff --check
• Documentation-only change; no Rust/build tests run.

[greptile-apps]

Greptile Summary

This PR adds DD-064, a design document specifying std/net enhancements targeted for v0.4.12. It addresses a prior round of review comments (previous concerns about ping() omission, dns_reverse() coverage, tcp_banner timeout scope, expires_soon semantics, port_scan() reason_code examples, and MVP completeness are all resolved in this revision).

• Seven candidate feature areas are specified (local interface helpers, address-family controls, DNS ergonomics, probe result consistency, TLS audit conveniences, TCP banner reads, and capability reporting), plus a six-PR release plan and explicit non-goals that keep parallel traceroute, SNMP, and monitoring out of std/net.
• Three spec clarifications are still needed: (1) Section 4's "successful results omit reason_code" rule is ambiguous against Section 6's connected: true banner-timeout result that explicitly includes reason_code; (2) Open Decision 3 is already answered by Section 3's target-policy rules and should be annotated or removed; (3) PR 3's scope bullets omit dns_reverse() while both Section 3 and PR 3's own test cases expect it to receive nameserver controls.

Confidence Score: 5/5

Documentation-only change with no runtime code; safe to merge, with three spec clarifications recommended before implementation begins.

This is a design document with no runtime code changes. The spec is thorough and has addressed the substantial issues raised in previous review rounds. The remaining findings are clarifications and editorial consistency issues rather than defects that would cause broken implementations.

design-docs/dd-064-std-net-enhancements.md — the Section 4 vs Section 6 reason_code ambiguity, the Open Decision 3 annotation, and the PR 3 scope bullets are worth resolving before this doc is used as the authoritative implementation guide.

Important Files Changed

Filename

Overview

design-docs/dd-064-std-net-enhancements.md

New 715-line design doc specifying std/net v0.4.12 enhancements across 7 candidate feature areas, a 6-PR release plan, and explicit non-goals. The document correctly addresses the majority of issues raised in prior review rounds. Three clarifications remain: Section 4's 'successful results omit reason_code' rule is ambiguous against tcp_banner's connected:true timeout result; Open Decision 3 is already settled by the spec body; and PR 3's scope bullets omit dns_reverse() while both the feature spec and PR 3's tests expect it.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[v0.4.12 PR Plan] --> PR1
    A --> PR2
    A --> PR3
    A --> PR4
    A --> PR5
    A --> PR6

    PR1[PR 1: Result consistency\nreason_code, normalize reason strings]
    PR2[PR 2: Local interface introspection\nlocal_interfaces, local_addr_for]
    PR3[PR 3: DNS resolver controls\ndns_lookup nameservers/strategy\ndns_lookup_many, dns_reverse]
    PR4[PR 4: Address-family controls\nping, tcp_connect, reachable\nport_scan, tls_info]
    PR5[PR 5: TLS check OR tcp_banner\nchoose one based on app need]
    PR6[PR 6: Docs and examples\nfinal release coherence]

    PR1 --> PR2
    PR2 --> PR3
    PR3 --> PR4
    PR4 --> PR5
    PR5 --> PR6

    MVP[Minimum Viable Scope] --> |PR 1 + PR 2 + PR 4 + DNS nameservers|DONE[v0.4.12 release]

    style PR5 fill:#ffe0b2,stroke:#e65100
    style MVP fill:#e8f5e9,stroke:#388e3c

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A[v0.4.12 PR Plan] --> PR1
    A --> PR2
    A --> PR3
    A --> PR4
    A --> PR5
    A --> PR6

    PR1[PR 1: Result consistency\nreason_code, normalize reason strings]
    PR2[PR 2: Local interface introspection\nlocal_interfaces, local_addr_for]
    PR3[PR 3: DNS resolver controls\ndns_lookup nameservers/strategy\ndns_lookup_many, dns_reverse]
    PR4[PR 4: Address-family controls\nping, tcp_connect, reachable\nport_scan, tls_info]
    PR5[PR 5: TLS check OR tcp_banner\nchoose one based on app need]
    PR6[PR 6: Docs and examples\nfinal release coherence]

    PR1 --> PR2
    PR2 --> PR3
    PR3 --> PR4
    PR4 --> PR5
    PR5 --> PR6

    MVP[Minimum Viable Scope] --> |PR 1 + PR 2 + PR 4 + DNS nameservers|DONE[v0.4.12 release]

    style PR5 fill:#ffe0b2,stroke:#e65100
    style MVP fill:#e8f5e9,stroke:#388e3c

Loading

_{Reviews (3): Last reviewed commit: "docs: tighten DD-064 std/net enhancement..." | Re-trigger Greptile}

[greptile-apps]

dns_reverse() is silently excluded from Section 3's resolver controls — leaving PTR lookups with no way to use custom nameservers.

Section 3 explicitly extends dns_lookup() with custom nameservers / strategy options and states that dns_lookup_many() "inherits the same resolver controls as dns_lookup()." But dns_reverse(ip, opts?) is in the baseline function list and is never mentioned here, in PR 3's scope, or in PR 3's test cases.

An implementor reading Section 3 will extend custom-nameserver support to dns_lookup() and dns_lookup_many() but not to dns_reverse(). PTR lookups against an explicit DNS server are a common need when verifying reverse DNS on a network you control. If exclusion is intentional, document it. If it should be supported, add it to Section 3's rules and PR 3's scope.