web / /api / assets / websockets- Browser routes for the selected service
- Same-origin /api calls bound to the workspace
- Static assets served by the selected service
- WebSocket and realtime paths declared for the app
Docs / Signed dev links
EnvForge signed dev links are app handoffs, not tunnels. A signed URL names the service, workspace, organization, route family, and expiration before the gateway creates a browser session for dev.envforge.ai traffic.
service: web
workspace: signed-links
org: acme
host: web--signed-links--acme.dev.envforge.ai
session: web, /api, assets, websockets; expires 2h
wake: verified dev request can start sleeping runtime
blocked: ssh, secrets, logs, runtime admin
Session lifecycle
The host shape keeps links readable, but the signed session is the permission boundary. Runtime wake, route readiness, and request forwarding happen only after the signed dev link scope is verified.
service + workspace + org + expirationEnvForge signs the service, workspace, organization, route family, and expiration before the reviewer gets a shareable signed dev link.
dev.envforge.ai/share/tokenThe first request checks the signature, creates a workspace-scoped browser session, wakes a sleeping runtime when needed, and only then forwards app traffic to the selected service.
web + /api + assets + websocketsBrowser routes, same-origin API calls, static assets, and realtime paths reuse the signed dev session so reviews behave like the real app.
expire or revoke at gatewayExpired or revoked links stop at the gateway while shell access, repo state, runtime sleep, and workspace metadata remain governed separately.
Boundary
A signed dev link can wake the runtime for review traffic, but it does not become workspace administration. Operational access remains behind Auth0 roles, CLI access, Tailscale policy, and root policy.
web / /api / assets / websocketsssh / secrets / logs / adminscope + readiness + expiration