resource.database.urlShow the stable reference the repo requested so developers know which contract resolved without exposing the backing provider value.
Docs / Safe resource outputs
Resource modes decide how a database, cache, storage bucket, mail sink, or queue is fulfilled. Resource outputs decide what the CLI, dashboard, logs, and handoff notes may show after that binding resolves: reference name, mode, readiness, and consumer service, never raw credential material.
resource.database.url: ready
mode: managed local; consumer: api
masked: postgres://***@resource.database/app
resource.storage.bucket: disabled by workspace policy
hidden: password, access key, provider ID, console URL
Output boundary
Safe receipts should be useful enough to debug workspace readiness and review setup, while keeping provider wiring and credentials behind runtime injection and authenticated admin surfaces.
resource.database.urlShow the stable reference the repo requested so developers know which contract resolved without exposing the backing provider value.
ready / waking / blockedReport whether the resource can be injected when the runtime wakes, plus the service that is waiting on it.
managed local / provided / customer-cloud / disabledName the workspace binding mode so reviewers can understand behavior without seeing account IDs, hostnames, or console links.
Output flow
The same resource may resolve differently across branches, provider modes, and runtime states. The visible output should update with readiness while preserving the secret boundary.
envforge.yml reference + workspace bindingEnvForge starts from the repo reference, reads the workspace resource mode, and resolves the value only for the service that declared it.
secret values removed before outputCLI, dashboard, logs, and handoff text can show status and reference names, but passwords, tokens, access keys, and private URLs stay out of the output.
reference + mode + readiness + consumerA safe output says which reference resolved, which mode fulfilled it, which service receives it, and whether the resource is ready, waking, or blocked.
wake / sleep / mode changeWhen runtime wake, idle sleep, or a mode change updates resource readiness, EnvForge records the state change without logging raw secret material.
Review checklist
Treat CLI output, dashboard status, logs, and support handoffs as shareable product surfaces. They should show what resolved and what is blocked without revealing the backing credential.
reference / mode / readiness / consumerUse product-level names such as resource.database.url, managed local, ready, and api service.
Useful for developers and reviewers.credential handlesIf a connection string must appear, show only a masked shape such as postgres://***@resource.database/app.
Confirms wiring without leaking secrets.secret / internal host / consoleDo not print passwords, tokens, access keys, private console URLs, internal IPs, or provider resource IDs.
Handoffs stay product-safe.missing / denied / disabledName the missing reference or disabled mode, then point to the workspace binding instead of dumping provider error payloads.
Operators get a fix path without a leak.