Docs / Dev URL model

One wildcard covers every workspace dev URL.

EnvForge keeps public development traffic under dev.envforge.ai. A single *.dev.envforge.ai wildcard sends every workspace dev link to the gateway, which reads the service, workspace, and organization from one scoped host label before routing the request. That implemented shape is <service>--<workspace>--<org>.dev.envforge.ai.

dev URL contractsingle wildcard

wildcard*.dev.envforge.ai

shape<service>--<workspace>--<org>.dev.envforge.ai

generated host: service--workspace--org.dev.envforge.ai

wildcard DNS: *.dev.envforge.ai

exampleweb--signed-links--bravara.dev.envforge.ai

dns records per workspace0

Host rules

The URL is scoped, short, and deterministic.

The public hostname should explain what is being opened without leaking ports, instance IDs, runtime IDs, or IP addresses. EnvForge uses a stable label format and deterministic abbreviation so dev links can be generated programmatically.

Single-label scope<service>--<workspace>--<org>

EnvForge keeps the service, workspace, and organization inside one left-hand DNS label so the single wildcard can catch every generated dev host.

No per-workspace DNS records*.dev.envforge.ai

One wildcard DNS setup backs the dev URL fleet. Teams do not add records for each branch, service, or workspace; the gateway routes every generated host from that entry.

Abbreviated service namesweb / api / mkt

Common service labels stay compact so shared links remain readable in chat, pull requests, and issue comments.

Deterministic abbreviationslong labels

Long service, workspace, or organization slugs are abbreviated consistently when needed so future handoffs keep the same target without exposing implementation details.

Gateway routing

The gateway maps host labels to workspace services.

A request for web--signed-links--bravara.dev.envforge.aienters the same access gateway as every other dev URL. The gateway validates access, wakes the runtime when needed, and forwards traffic to the selected workspace service.

host examplesgateway target
  1. web appweb--signed-links--bravara.dev.envforge.ai

    browser routes, assets, and same-origin /api

    The scoped host stays stable while workspace placement, runtime wake state, and service ports remain internal EnvForge details.

  2. apiapi--scheduler--envforge.dev.envforge.ai

    direct service health checks and backend dev calls

    The scoped host stays stable while workspace placement, runtime wake state, and service ports remain internal EnvForge details.

  3. marketingmkt--pricing-page--envforge.dev.envforge.ai

    public marketing branch review

    The scoped host stays stable while workspace placement, runtime wake state, and service ports remain internal EnvForge details.

Hosted dev URL contract

The public URL stays stable while access and runtime state change.

EnvForge separates the DNS handle from the workspace lifecycle. A scoped hostname can be generated immediately, signed dev link access can expire or be revoked, and the runtime can sleep without requiring DNS changes.

DNSone wildcard

The platform owns *.dev.envforge.ai once. Workspace creation does not write Route 53, Cloudflare, or customer DNS records for each branch.

Hostnamescoped label

The gateway reads service, workspace, and organization from the single left-hand label before applying signed dev link policy.

Accesssigned dev link

Review links create an expiring browser session for web, same-origin /api, assets, and realtime routes without exposing SSH, logs, or secrets.

Billingwake on request

If the runtime is asleep, verified dev traffic can wake it. Runtime billing follows the awake window and stops again after idle sleep.

Production posture

The hosted workspace loop keeps DNS, access, billing, and tenancy separate.

A dev.envforge.ai URL is the public app handle for a workspace review. It is not a raw runtime endpoint: the gateway verifies the signed session, wakes services only when needed, and preserves the organization VM boundary behind the host.

Scoped hostservice--workspace--org

The host names the service, workspace, and organization inside one wildcard-matched label, not a VM, port, IP address, or runtime ID.

DNS postureno per-workspace records

New branch workspaces and services use the existing *.dev.envforge.ai wildcard, so access changes do not depend on DNS propagation.

Reviewer accesssigned dev links

A signed link grants an expiring browser session for the app surface only: web, same-origin /api, assets, and realtime routes.

Runtime billingwake / sleep meter

Verified dev traffic can wake a sleeping runtime. Billing follows the awake service window and stops after idle sleep.

Tenant boundaryone-org-per-VM

Shell and runtime VMs are assigned to a single customer organization, so another organization's code, processes, logs, and dev traffic never co-tenant.

Access boundary

A dev URL is still only an app surface.

Signed dev links can open browser routes, assets, same-origin API calls, and WebSockets. SSH, Mailpit, MinIO console, raw logs, secrets, and runtime admin stay behind authenticated workspace access or private Tailscale access.

Public shapeservice--workspace--org

The host names the product surface, not the underlying VM, port, or runtime placement.

Readable enough for pull request review.
Wildcard DNS*.dev.envforge.ai

EnvForge can create thousands of workspace URLs without writing DNS records for each branch or service.

New workspaces route immediately.
Signed sessions/share/token

Signed links mint a workspace-scoped browser session before forwarding to web, API, asset, or realtime routes.

Access follows the signed dev policy.
Private routesssh / logs / secrets

Operational surfaces stay off public dev URLs unless an authenticated product policy explicitly allows them.

URLs do not widen privilege.