<service>--<workspace>--<org>EnvForge keeps the service, workspace, and organization inside one left-hand DNS label so the single wildcard can catch every generated dev host.
Docs / Dev URL model
EnvForge keeps public development traffic under dev.envforge.ai. A single *.dev.envforge.ai wildcard sends every workspace dev link to the gateway, which reads the service, workspace, and organization from one scoped host label before routing the request. That implemented shape is <service>--<workspace>--<org>.dev.envforge.ai.
wildcard*.dev.envforge.ai
shape<service>--<workspace>--<org>.dev.envforge.ai
generated host: service--workspace--org.dev.envforge.ai
wildcard DNS: *.dev.envforge.ai
exampleweb--signed-links--bravara.dev.envforge.ai
dns records per workspace0
Host rules
The public hostname should explain what is being opened without leaking ports, instance IDs, runtime IDs, or IP addresses. EnvForge uses a stable label format and deterministic abbreviation so dev links can be generated programmatically.
<service>--<workspace>--<org>EnvForge keeps the service, workspace, and organization inside one left-hand DNS label so the single wildcard can catch every generated dev host.
*.dev.envforge.aiOne wildcard DNS setup backs the dev URL fleet. Teams do not add records for each branch, service, or workspace; the gateway routes every generated host from that entry.
web / api / mktCommon service labels stay compact so shared links remain readable in chat, pull requests, and issue comments.
long labelsLong service, workspace, or organization slugs are abbreviated consistently when needed so future handoffs keep the same target without exposing implementation details.
Gateway routing
A request for web--signed-links--bravara.dev.envforge.aienters the same access gateway as every other dev URL. The gateway validates access, wakes the runtime when needed, and forwards traffic to the selected workspace service.
web--signed-links--bravara.dev.envforge.aiThe scoped host stays stable while workspace placement, runtime wake state, and service ports remain internal EnvForge details.
api--scheduler--envforge.dev.envforge.aiThe scoped host stays stable while workspace placement, runtime wake state, and service ports remain internal EnvForge details.
mkt--pricing-page--envforge.dev.envforge.aiThe scoped host stays stable while workspace placement, runtime wake state, and service ports remain internal EnvForge details.
Hosted dev URL contract
EnvForge separates the DNS handle from the workspace lifecycle. A scoped hostname can be generated immediately, signed dev link access can expire or be revoked, and the runtime can sleep without requiring DNS changes.
The platform owns *.dev.envforge.ai once. Workspace creation does not write Route 53, Cloudflare, or customer DNS records for each branch.
The gateway reads service, workspace, and organization from the single left-hand label before applying signed dev link policy.
Review links create an expiring browser session for web, same-origin /api, assets, and realtime routes without exposing SSH, logs, or secrets.
If the runtime is asleep, verified dev traffic can wake it. Runtime billing follows the awake window and stops again after idle sleep.
Production posture
A dev.envforge.ai URL is the public app handle for a workspace review. It is not a raw runtime endpoint: the gateway verifies the signed session, wakes services only when needed, and preserves the organization VM boundary behind the host.
service--workspace--orgThe host names the service, workspace, and organization inside one wildcard-matched label, not a VM, port, IP address, or runtime ID.
no per-workspace recordsNew branch workspaces and services use the existing *.dev.envforge.ai wildcard, so access changes do not depend on DNS propagation.
signed dev linksA signed link grants an expiring browser session for the app surface only: web, same-origin /api, assets, and realtime routes.
wake / sleep meterVerified dev traffic can wake a sleeping runtime. Billing follows the awake service window and stops after idle sleep.
one-org-per-VMShell and runtime VMs are assigned to a single customer organization, so another organization's code, processes, logs, and dev traffic never co-tenant.
Access boundary
Signed dev links can open browser routes, assets, same-origin API calls, and WebSockets. SSH, Mailpit, MinIO console, raw logs, secrets, and runtime admin stay behind authenticated workspace access or private Tailscale access.
service--workspace--orgThe host names the product surface, not the underlying VM, port, or runtime placement.
Readable enough for pull request review.*.dev.envforge.aiEnvForge can create thousands of workspace URLs without writing DNS records for each branch or service.
New workspaces route immediately./share/tokenSigned links mint a workspace-scoped browser session before forwarding to web, API, asset, or realtime routes.
Access follows the signed dev policy.ssh / logs / secretsOperational surfaces stay off public dev URLs unless an authenticated product policy explicitly allows them.
URLs do not widen privilege.