Docs
EnvForge documentation starts with the workspace loop.
Start with the workflow every user sees: connect identity and repos, prepare service contracts, open a shell with envforge up, share signed dev links, and let runtime billing follow awake service work.
1Install GitHub App
2Review envforge.yml PRs
3envforge login
4envforge up
First-release map
First-release docs map.
Start with the pages that explain first-release behavior: how the first workspace opens, how signed dev URLs are shared, how trust boundaries work, and when runtime billing starts or stops.
Connect GitHub, review envforge.yml PRs, install the CLI, run envforge login, then run envforge up and hand back readiness.
Signed dev.envforge.ai URLsExplain signed browser sessions, the service--workspace--org.dev.envforge.ai host, allowed app routes, expiration, and revocation.
One-org-per-VM trustShow organization-exclusive shell/runtime VMs, Auth0 identity, EnvForge authorization, root policy, secrets, and audit boundaries.
Runtime billing boundarySeparate the included shell baseline from the awake runtime meter, auto-sleep, caps, and customer-cloud resource costs.
Decision paths
Route the first product question to the right page.
The landing page should help evaluators choose by workflow instead of making them know EnvForge internals first.
Install the GitHub App, review the repo setup PR, install the CLI, and run envforge up against a real branch.
Use signed dev link docsExplaining access to reviewers?Show how signed dev links mint scoped browser sessions for web, same-origin /api, assets, and realtime review traffic.
Use dev URL docsExplaining dev hostnames?Show the dev.envforge.ai wildcard, zero per-workspace DNS records, and short service--workspace--org hostnames.
Use pricing docsSizing runtime cost?Show the shell baseline, awake-only runtime meter, Small/Medium/Large capacity, auto-sleep, and live usage visibility.
Read first
Product concepts before infrastructure names.
Each page should explain product concepts without exposing raw VM names, ports, IP addresses, runtime IDs, or implementation-specific checkout details.
Connect GitHub, prepare per-repo envforge.yml PRs, create project services and bindings, install the CLI, then run envforge login, envforge up, and envforge workspace resources.
Branch workspacesFollow a workspace from branch selection through shell attach, runtime wake, signed review links, idle sleep, and cleanup.
Workspace policiesReview workspace metadata, runtime size, idle sleep, caps, retained state, and cleanup boundaries before branch workspaces wake services.
Repository contractsUnderstand the per-repo envforge.yml model: services describe themselves, declare inputs, and avoid depends_on or cross-service references.
Repo-prep PR flowUse envforge repo connect and envforge prepare-pr to open a small setup PR that repo owners can review before branch workspaces depend on it.
Resource modesMap database, cache, storage, mail, and queue references to managed local, provided, customer-cloud, or disabled workspace resources.
Safe resource outputsShow resource references, modes, readiness, and consumer services in handoffs while keeping credentials, provider IDs, and private console links hidden.
Service commandsRun setup and test commands against workspace services, then review command receipts by workspace, service, status, and limit without exposing secrets.
Workspace logsUse envforge logs to filter workspace logs by source, level, limit, and since/until windows before sharing debugging context.
Signed dev linksUse dev.envforge.ai hosts for workspace-scoped browser sessions while SSH, secrets, logs, and runtime admin stay private.
Dev URL modelExplain dev.envforge.ai wildcard hostnames, short service/workspace/org slugs, and why new workspaces do not require new DNS records.
Access modelSeparate Auth0 login, GitHub App scope, signed dev link sessions, optional Tailscale, and root policy before sharing workspace access.
Auth0 identity setupConfigure the EnvForge Auth0 tenant, Web App, CLI, Gateway, and API audience while keeping owner/admin/developer/viewer/billing permissions in EnvForge.
Tailscale private accessConnect a tailnet for private shell or runtime routes while signed dev links keep their public app-only scope.
Runtime billingSeparate always-ready shell access from awake-only runtime usage, caps, live usage, and idle sleep behavior.
Security modelReview organization-exclusive VMs, Auth0 identity, EnvForge authorization, SSM SecureString secrets, signed dev links, Tailscale, root policy, and audit logs.