included baselineGit, tmux, editors, Claude, Codex, logs, repo storage, workspace metadata, and signed-link state stay ready before service CPU starts.
Pricing + security story
EnvForge keeps collaboration available without pretending every workspace is always running: the included shell baseline stays ready, the runtime meter wakes only for service work, and access controls stay scoped to the organization, workspace, service, and session.
Boundary ledger
The marketing story should make the product contract obvious before a buyer asks for architecture detail: what stays ready, what bills, what a reviewer can open, where the VM boundary sits, and how secrets reach runtime services.
included baselineGit, tmux, editors, Claude, Codex, logs, repo storage, workspace metadata, and signed-link state stay ready before service CPU starts.
Small / Medium / LargeDev URL traffic, tests, workers, and agent jobs wake the selected runtime size; idle sleep stops CPU and memory billing without deleting the workspace.
service / workspace / org / expirationA signed dev.envforge.ai link creates one browser session for the app surface and blocks SSH, secrets, logs, private consoles, and runtime admin.
one organization per VMCustomer organizations never share shell or runtime VMs. Root is disabled, approved break-glass, or workspace elevation as an explicit organization policy.
/envforge/{org}/{workspace}/SSM SecureString/KMS references are injected only into declared runtime inputs, while platform secrets remain in the control plane.
Rollout checks
This page keeps the pricing and security claims close together so docs, demos, and product review can reuse the same language without widening the promise into infrastructure detail.