netdiag-cli 0.1.0__tar.gz

netdiag_cli-0.1.0/.gitignore

@@ -0,0 +1,13 @@
+__pycache__/
+*.py[cod]
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+*.egg-info/
+dist/
+build/
+.venv/
+venv/
+.env
+verification-results.txt
+incident.md

netdiag_cli-0.1.0/CHANGELOG.md

@@ -0,0 +1,33 @@
+# Changelog
+
+All notable changes are documented here.
+
+Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).  
+Versioning follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+_No changes yet._
+
+## [0.1.0] - 2025-06-04
+
+### Initial release
+
+**netdiag** is a new stdlib-only CLI for SRE and on-call network troubleshooting - one tool for incident triage instead of stitching together `dig`, `ping`, `curl`, and `traceroute` scripts.
+
+**What ships in 0.1.0**
+
+- Runbook workflow: `doctor` → `oncall` → `report`, with stable exit codes (`0` / `1` / `2`) for automation
+- Layered probes: traceroute (ASN/BGP enrichment), ping, latency, DNS, TCP ports, HTTP/TLS, redirects, headers
+- Presets for common roles: `web`, `api`, `vpn`, `oncall`
+- VPN diagnostics: tunnel interfaces, routes, resolver drift, corp vs public reachability
+- Throughput smoke test via `speed` (Cloudflare CDN)
+- `--json` on every command; optional `~/.config/netdiag/config.toml`
+- Shell completions (bash / zsh); `netdiag --info` for version and environment
+- Documentation: [README](README.md), [CLI contract](docs/CLI_CONTRACT.md), [cookbook](docs/cookbook.md), CONTRIBUTING, SECURITY
+- CI on Ubuntu and macOS (Python 3.11–3.13); 95+ tests with offline fixtures
+
+Install from source or Git - see [README](README.md#install).
+
+[Unreleased]: https://github.com/akintunero/netdiag/compare/v0.1.0...HEAD
+[0.1.0]: https://github.com/akintunero/netdiag/releases/tag/v0.1.0

netdiag_cli-0.1.0/CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing to netdiag
+
+Thanks for helping build a CLI operators reach for during incidents.
+
+## Principles
+
+- **Zero runtime PyPI dependencies** - probes wrap system tools and the stdlib
+- **Predictable CLI** - exit codes `0` / `1` / `2`, documented in [docs/CLI_CONTRACT.md](docs/CLI_CONTRACT.md)
+- **Incident-friendly JSON** - new commands should support `--json`
+
+## Development setup
+
+```bash
+git clone https://github.com/akintunero/netdiag.git
+cd netdiag
+python3 -m pip install -e ".[dev]"
+pytest -q
+```
+
+Optional full CLI smoke (requires network):
+
+```bash
+bash scripts/cli_smoke.sh
+```
+
+## Good first contributions
+
+- Parser tests using fixtures under `tests/fixtures/` (ping, traceroute, `dig`)
+- Additional cookbook entries in [docs/cookbook.md](docs/cookbook.md)
+- Platform notes (macOS vs Linux tool paths and flags)
+- Clearer errors when `dig`, `traceroute`, or `ping` is missing
+- Probes that do not add required dependencies to `pyproject.toml`
+
+For larger features, open an issue first with the on-call or VPN use case.
+
+## Pull request checklist
+
+- [ ] `pytest -q` passes
+- [ ] New behavior has tests (fixtures preferred over live network)
+- [ ] README or [docs/](docs/) updated for new commands or flags
+- [ ] No new **required** runtime dependencies in `pyproject.toml`
+- [ ] Scanning or probing commands note authorized-use expectations
+
+## Code conventions
+
+- Keep `cli.py` handlers thin; logic lives in `netdiag/` modules
+- Use dataclasses for structured results; emit JSON via existing helpers
+- Errors on stderr (`error:` prefix); respect exit codes in `exit_codes.py`
+- Handle missing binaries with actionable messages, not tracebacks
+
+## Security
+
+See [SECURITY.md](SECURITY.md). Do not commit API keys or internal hostnames in fixtures. Report vulnerabilities privately before public issues.
+
+## Releases (maintainers)
+
+1. Bump `version` in `pyproject.toml` and `netdiag/__init__.py`
+2. Update [CHANGELOG.md](CHANGELOG.md)
+3. `python -m build && python -m twine check dist/*`
+4. Upload to PyPI: `python3 -m twine upload dist/*` (project name `netdiag-cli`)
+5. Tag the release on GitHub

netdiag_cli-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Olúmáyòwá Akinkuehinmi
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

netdiag_cli-0.1.0/PKG-INFO

@@ -0,0 +1,203 @@
+Metadata-Version: 2.4
+Name: netdiag-cli
+Version: 0.1.0
+Summary: One CLI for network troubleshooting: traceroute with BGP/ASN, DNS, latency, VPN checks, and SRE on-call presets.
+Project-URL: Homepage, https://github.com/akintunero/netdiag
+Project-URL: Documentation, https://github.com/akintunero/netdiag#readme
+Project-URL: Repository, https://github.com/akintunero/netdiag
+Project-URL: Issues, https://github.com/akintunero/netdiag/issues
+Author-email: Olúmáyòwá Akinkuehinmi <akintunero101@gmail.com>
+License-Expression: MIT
+License-File: LICENSE
+Keywords: bgp,cli,devtools,dns,network,ping,sre,traceroute,vpn
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Developers
+Classifier: Intended Audience :: System Administrators
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: System :: Networking
+Classifier: Topic :: System :: Networking :: Monitoring
+Requires-Python: >=3.11
+Provides-Extra: dev
+Requires-Dist: build>=1.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: twine>=5.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# netdiag
+
+**Production runbook CLI for network incidents** - traceroute with ASN/BGP, DNS drift, latency, VPN checks, and on-call presets in one binary.
+
+[![CI](https://github.com/akintunero/netdiag/actions/workflows/ci.yml/badge.svg)](https://github.com/akintunero/netdiag/actions/workflows/ci.yml)
+![Python](https://img.shields.io/badge/python-3.11%2B-blue)
+![License](https://img.shields.io/badge/license-MIT-green)
+
+**Stdlib-only at runtime** · **`--json` on every command** · **Exit codes built for automation**
+
+```bash
+netdiag doctor
+netdiag oncall <HOST> --json
+```
+
+---
+
+## Install
+
+| Method | Command |
+|--------|---------|
+| From source (dev) | `python3 -m pip install -e ".[dev]"` |
+| PyPI | `python3 -m pip install netdiag-cli` |
+| From Git | `python3 -m pip install "git+https://github.com/akintunero/netdiag.git"` |
+
+Use `python3 -m pip` (not bare `pip`) on macOS if `pip` is missing. The PyPI package is **`netdiag-cli`**; the command is still **`netdiag`**.
+
+**System tools:** `ping` (required), plus `traceroute`, `dig`, and routing/socket tools as needed. Run `netdiag doctor` to see what is on your PATH.
+
+---
+
+## Runbook workflow
+
+| Step | Command | Exit code |
+|------|---------|-----------|
+| 1. Pre-flight | `netdiag doctor` | `0` ready · `2` missing required tools |
+| 2. Incident check | `netdiag oncall <HOST> --json` | `0` pass · `1` fail · `2` error |
+| 3. Ticket artifact | `netdiag report <HOST> -o incident.md` | same |
+
+Exit code semantics are stable in v0.x - see [docs/CLI_CONTRACT.md](docs/CLI_CONTRACT.md).
+
+```bash
+netdiag oncall 1.1.1.1 --json
+netdiag oncall YOUR-SERVICE.example.com --json | jq '.steps[] | select(.ok==false)'
+```
+
+> **Tip:** Run one command per line. Do not paste trailing `#` comments from docs into zsh/bash.
+
+### VPN and corporate DNS
+
+```bash
+netdiag vpn --corp intranet.company.com
+netdiag oncall app.internal --corp app.internal --vpn --json
+```
+
+### Optional config
+
+Copy [docs/config.example.toml](docs/config.example.toml) to `~/.config/netdiag/config.toml`:
+
+```toml
+[defaults]
+corp_host = "app.internal.corp"
+
+[oncall]
+preset = "oncall"
+```
+
+### Shell completions
+
+```bash
+eval "$(netdiag completion bash)"
+eval "$(netdiag completion zsh)"
+```
+
+### About the CLI
+
+```bash
+netdiag --info    # version, platform, repo links, wordmark banner
+```
+
+Set `NETDIAG_NO_BANNER=1` to hide the banner.
+
+---
+
+## Why operators use it
+
+| | |
+|---|---|
+| **One CLI** | Replaces ad-hoc `dig` + `ping` + `curl` + `traceroute` scripts |
+| **`--json`** | PagerDuty, CI, Slack bots, `jq` filters |
+| **Presets** | `web`, `api`, `vpn`, `oncall` - tuned check bundles |
+| **Small runtime** | No required PyPI dependencies |
+
+---
+
+## Quick start (developers)
+
+```bash
+git clone https://github.com/akintunero/netdiag.git
+cd netdiag
+python3 -m pip install -e ".[dev]"
+netdiag doctor
+python3 -m pytest tests/ -q
+```
+
+Smoke test (live network, all subcommands):
+
+```bash
+bash scripts/cli_smoke.sh
+```
+
+Example probes:
+
+```bash
+netdiag oncall 1.1.1.1 --json
+netdiag oncall 1.1.1.1 --preset api --json
+netdiag trace 8.8.8.8 -m 12 --no-bgp-api
+netdiag report 1.1.1.1 -o incident.md
+```
+
+---
+
+## Command reference
+
+| Command | Description |
+|---------|-------------|
+| **`doctor`** | Pre-flight: required tools for runbooks |
+| **`oncall`** | Primary incident bundle (preset `oncall`) |
+| `report` | Markdown report (`-o file.md`, `--vpn`) |
+| `vpn` | VPN, split-tunnel, DNS drift |
+| `check` | Health check; `--preset` for bundles |
+| `trace` | Traceroute + ASN/BGP enrichment |
+| `ping` / `latency` | RTT, jitter, percentiles |
+| `dns` / `dns-trace` / `dns-compare` / `dns-all` | DNS tooling |
+| `port` / `ports` | TCP probes and scans |
+| `http` / `tls` / `redirects` / `headers` | Application layer |
+| `speed` | CDN throughput (Cloudflare by default) |
+| `compare` | Two-host DNS + ping diff |
+| `presets` | List available presets |
+| `completion` | bash / zsh completions |
+
+Also: `route`, `ifaces`, `local-ports`, `connections`, `whois`, `subnet`, `ip`, `ptr`, `mtr`, and more - `netdiag --help`.
+
+All commands support `--json`.
+
+---
+
+## Documentation
+
+| Doc | Link |
+|-----|------|
+| Docs index | [docs/README.md](docs/README.md) |
+| Cookbook (on-call recipes) | [docs/cookbook.md](docs/cookbook.md) |
+| CLI contract (exit codes, flags) | [docs/CLI_CONTRACT.md](docs/CLI_CONTRACT.md) |
+| Contributing | [CONTRIBUTING.md](CONTRIBUTING.md) |
+| Security | [SECURITY.md](SECURITY.md) |
+| Roadmap | [ROADMAP.md](ROADMAP.md) |
+| Changelog | [CHANGELOG.md](CHANGELOG.md) |
+
+---
+
+## Author
+
+**Olúmáyòwá Akinkuehinmi** - [@akintunero](https://github.com/akintunero) · [akintunero101@gmail.com](mailto:akintunero101@gmail.com)
+
+## License
+
+MIT - see [LICENSE](LICENSE).
+
+## Responsible use
+
+Use only on networks and hosts you are authorized to test.

netdiag_cli-0.1.0/README.md

@@ -0,0 +1,172 @@
+# netdiag
+
+**Production runbook CLI for network incidents** - traceroute with ASN/BGP, DNS drift, latency, VPN checks, and on-call presets in one binary.
+
+[![CI](https://github.com/akintunero/netdiag/actions/workflows/ci.yml/badge.svg)](https://github.com/akintunero/netdiag/actions/workflows/ci.yml)
+![Python](https://img.shields.io/badge/python-3.11%2B-blue)
+![License](https://img.shields.io/badge/license-MIT-green)
+
+**Stdlib-only at runtime** · **`--json` on every command** · **Exit codes built for automation**
+
+```bash
+netdiag doctor
+netdiag oncall <HOST> --json
+```
+
+---
+
+## Install
+
+| Method | Command |
+|--------|---------|
+| From source (dev) | `python3 -m pip install -e ".[dev]"` |
+| PyPI | `python3 -m pip install netdiag-cli` |
+| From Git | `python3 -m pip install "git+https://github.com/akintunero/netdiag.git"` |
+
+Use `python3 -m pip` (not bare `pip`) on macOS if `pip` is missing. The PyPI package is **`netdiag-cli`**; the command is still **`netdiag`**.
+
+**System tools:** `ping` (required), plus `traceroute`, `dig`, and routing/socket tools as needed. Run `netdiag doctor` to see what is on your PATH.
+
+---
+
+## Runbook workflow
+
+| Step | Command | Exit code |
+|------|---------|-----------|
+| 1. Pre-flight | `netdiag doctor` | `0` ready · `2` missing required tools |
+| 2. Incident check | `netdiag oncall <HOST> --json` | `0` pass · `1` fail · `2` error |
+| 3. Ticket artifact | `netdiag report <HOST> -o incident.md` | same |
+
+Exit code semantics are stable in v0.x - see [docs/CLI_CONTRACT.md](docs/CLI_CONTRACT.md).
+
+```bash
+netdiag oncall 1.1.1.1 --json
+netdiag oncall YOUR-SERVICE.example.com --json | jq '.steps[] | select(.ok==false)'
+```
+
+> **Tip:** Run one command per line. Do not paste trailing `#` comments from docs into zsh/bash.
+
+### VPN and corporate DNS
+
+```bash
+netdiag vpn --corp intranet.company.com
+netdiag oncall app.internal --corp app.internal --vpn --json
+```
+
+### Optional config
+
+Copy [docs/config.example.toml](docs/config.example.toml) to `~/.config/netdiag/config.toml`:
+
+```toml
+[defaults]
+corp_host = "app.internal.corp"
+
+[oncall]
+preset = "oncall"
+```
+
+### Shell completions
+
+```bash
+eval "$(netdiag completion bash)"
+eval "$(netdiag completion zsh)"
+```
+
+### About the CLI
+
+```bash
+netdiag --info    # version, platform, repo links, wordmark banner
+```
+
+Set `NETDIAG_NO_BANNER=1` to hide the banner.
+
+---
+
+## Why operators use it
+
+| | |
+|---|---|
+| **One CLI** | Replaces ad-hoc `dig` + `ping` + `curl` + `traceroute` scripts |
+| **`--json`** | PagerDuty, CI, Slack bots, `jq` filters |
+| **Presets** | `web`, `api`, `vpn`, `oncall` - tuned check bundles |
+| **Small runtime** | No required PyPI dependencies |
+
+---
+
+## Quick start (developers)
+
+```bash
+git clone https://github.com/akintunero/netdiag.git
+cd netdiag
+python3 -m pip install -e ".[dev]"
+netdiag doctor
+python3 -m pytest tests/ -q
+```
+
+Smoke test (live network, all subcommands):
+
+```bash
+bash scripts/cli_smoke.sh
+```
+
+Example probes:
+
+```bash
+netdiag oncall 1.1.1.1 --json
+netdiag oncall 1.1.1.1 --preset api --json
+netdiag trace 8.8.8.8 -m 12 --no-bgp-api
+netdiag report 1.1.1.1 -o incident.md
+```
+
+---
+
+## Command reference
+
+| Command | Description |
+|---------|-------------|
+| **`doctor`** | Pre-flight: required tools for runbooks |
+| **`oncall`** | Primary incident bundle (preset `oncall`) |
+| `report` | Markdown report (`-o file.md`, `--vpn`) |
+| `vpn` | VPN, split-tunnel, DNS drift |
+| `check` | Health check; `--preset` for bundles |
+| `trace` | Traceroute + ASN/BGP enrichment |
+| `ping` / `latency` | RTT, jitter, percentiles |
+| `dns` / `dns-trace` / `dns-compare` / `dns-all` | DNS tooling |
+| `port` / `ports` | TCP probes and scans |
+| `http` / `tls` / `redirects` / `headers` | Application layer |
+| `speed` | CDN throughput (Cloudflare by default) |
+| `compare` | Two-host DNS + ping diff |
+| `presets` | List available presets |
+| `completion` | bash / zsh completions |
+
+Also: `route`, `ifaces`, `local-ports`, `connections`, `whois`, `subnet`, `ip`, `ptr`, `mtr`, and more - `netdiag --help`.
+
+All commands support `--json`.
+
+---
+
+## Documentation
+
+| Doc | Link |
+|-----|------|
+| Docs index | [docs/README.md](docs/README.md) |
+| Cookbook (on-call recipes) | [docs/cookbook.md](docs/cookbook.md) |
+| CLI contract (exit codes, flags) | [docs/CLI_CONTRACT.md](docs/CLI_CONTRACT.md) |
+| Contributing | [CONTRIBUTING.md](CONTRIBUTING.md) |
+| Security | [SECURITY.md](SECURITY.md) |
+| Roadmap | [ROADMAP.md](ROADMAP.md) |
+| Changelog | [CHANGELOG.md](CHANGELOG.md) |
+
+---
+
+## Author
+
+**Olúmáyòwá Akinkuehinmi** - [@akintunero](https://github.com/akintunero) · [akintunero101@gmail.com](mailto:akintunero101@gmail.com)
+
+## License
+
+MIT - see [LICENSE](LICENSE).
+
+## Responsible use
+
+Use only on networks and hosts you are authorized to test.

netdiag_cli-0.1.0/docs/CLI_CONTRACT.md

@@ -0,0 +1,103 @@
+# CLI contract
+
+Stable behavior for **production runbooks**, CI, and on-call automation.  
+Applies from **v0.1.0** onward unless a major version notes otherwise.
+
+---
+
+## Exit codes
+
+| Code | Name | Meaning | Typical action |
+|------|------|---------|----------------|
+| `0` | `EX_OK` | Ran successfully; checks passed | Close alert / continue |
+| `1` | `EX_FAIL` | Ran successfully; target or check failed | Page, escalate, retry |
+| `2` | `EX_ERROR` | Cannot run reliably (config, missing tool, bad args) | Fix host, install tools, fix script |
+
+```bash
+netdiag oncall 1.1.1.1 --json
+echo $?   # 0 = pass, 1 = fail, 2 = error
+```
+
+**Stability (v0.x):** These three meanings will not change. New failure modes map to `1` or `2`.
+
+### Examples
+
+| Situation | Code |
+|-----------|------|
+| `oncall` - all steps pass | `0` |
+| `oncall` - ping loss or TLS expiring soon | `1` |
+| `dns` - `dig` not installed | `2` |
+| `doctor` - required `ping` missing | `2` |
+| Invalid CLI arguments | `2` |
+
+---
+
+## Primary workflow
+
+Memorize one command:
+
+```bash
+netdiag oncall <HOST> --json
+```
+
+With corporate DNS context:
+
+```bash
+netdiag oncall <HOST> --json --corp app.internal
+```
+
+Markdown artifact for tickets:
+
+```bash
+netdiag report <HOST> -o incident.md --vpn --corp app.internal
+```
+
+Pre-flight before runbooks:
+
+```bash
+netdiag doctor   # exit 0 = ready, 2 = missing required tools
+```
+
+---
+
+## Stable flags (v0.x)
+
+| Flag | Commands | Notes |
+|------|----------|-------|
+| `--json` | All subcommands | Schema may grow; existing keys stay |
+| `--preset {web,api,vpn,oncall}` | `check`, `oncall`, `report` | Check bundle selection |
+| `--corp HOST` | `check`, `oncall`, `report`, `vpn` | Corporate resolver context |
+| `--no-bgp-api` | `trace`, `whois` | Skip external BGP HTTP APIs |
+| `--vpn` | `oncall`, `report`, `vpn` | Include VPN-related checks |
+
+---
+
+## JSON output
+
+- One JSON object per invocation when `--json` is set (some commands embed arrays under a key).
+- Failures may include an `"error"` field with a human-readable message.
+- Intended for `jq` in runbooks, e.g.:
+
+```bash
+netdiag oncall "$HOST" --json | jq '.steps[] | select(.ok == false)'
+```
+
+---
+
+## Optional config
+
+Path: `~/.config/netdiag/config.toml`  
+Example: [config.example.toml](config.example.toml)
+
+Config changes defaults only; it does **not** change exit code semantics.
+
+---
+
+## Versioning policy
+
+| Series | Policy |
+|--------|--------|
+| **v0.x** | Additive only - new commands, JSON keys, optional flags |
+| **v1.0+** | Breaking exit-code or flag removals only with major version + CHANGELOG migration notes |
+
+See [CHANGELOG.md](../CHANGELOG.md) for release history.

netdiag_cli-0.1.0/docs/README.md

@@ -0,0 +1,29 @@
+# Documentation
+
+Guides and reference for **netdiag** - a stdlib-only CLI for SRE and on-call network troubleshooting.
+
+| Document | Purpose |
+|----------|---------|
+| [Cookbook](cookbook.md) | On-call recipes: DNS, API outage, VPN, TLS, automation |
+| [CLI contract](CLI_CONTRACT.md) | Exit codes `0` / `1` / `2`, stable flags, JSON conventions |
+| [Config example](config.example.toml) | Optional `~/.config/netdiag/config.toml` |
+
+## Runbook essentials
+
+```bash
+netdiag doctor
+netdiag oncall <HOST> --json
+netdiag report <HOST> -o incident.md
+```
+
+Use a real hostname or IP (`1.1.1.1`, your service FQDN). Names like `api.example.com` are reserved ([RFC 6761](https://datatracker.ietf.org/doc/html/rfc6761)) and will not resolve on the public internet.
+
+## Project docs (repo root)
+
+| Document | Purpose |
+|----------|---------|
+| [README](../README.md) | Install, command overview, quick start |
+| [CONTRIBUTING](../CONTRIBUTING.md) | Development setup and PR expectations |
+| [SECURITY](../SECURITY.md) | Vulnerability reporting |
+| [ROADMAP](../ROADMAP.md) | Planned work and non-goals |
+| [CHANGELOG](../CHANGELOG.md) | Release history |

netdiag_cli-0.1.0/docs/config.example.toml

@@ -0,0 +1,21 @@
+# netdiag configuration
+# Copy to: ~/.config/netdiag/config.toml
+#
+# All keys are optional. CLI flags override these defaults.
+
+[defaults]
+# Corporate hostname for resolver compare and VPN checks
+# corp_host = "app.internal.corp"
+
+# Skip BGP/ASN HTTP enrichment globally where supported
+# no_bgp_api = false
+
+# Default JSON output for commands that support --json
+# json = false
+
+[oncall]
+# Preset for `netdiag oncall` / `report` when --preset is omitted
+preset = "oncall"
+
+# Override corp host for on-call runs only
+# corp_host = "app.internal.corp"