Skip to content

docs(enterprise): add path-based sandbox routing documentation#486

Closed
jpshackelford wants to merge 4 commits intomainfrom
docs/path-based-sandbox-routing
Closed

docs(enterprise): add path-based sandbox routing documentation#486
jpshackelford wants to merge 4 commits intomainfrom
docs/path-based-sandbox-routing

Conversation

@jpshackelford
Copy link
Copy Markdown
Contributor

@jpshackelford jpshackelford commented May 4, 2026

Summary

This PR updates the enterprise quick-start guide to document the path-based sandbox routing feature introduced in OpenHands-Cloud PR #563.

Background

Some enterprise deployments cannot obtain wildcard TLS certificates due to:

  • Internal CA restrictions that prohibit wildcard certs
  • Compliance requirements that forbid wildcards
  • DNS limitations that don't support wildcard records

The path-based routing feature (released in v1.25.1) enables these deployments by routing all sandboxes through a single hostname with path-based routing instead of subdomain-based routing.

Changes

Updates to enterprise/quick-start.mdx:

  • DNS and TLS Setup: Added tabbed section explaining both routing modes with specific DNS records and certificate requirements for each
  • Preflight DNS Checks: Updated to include checks for both subdomain and path-based routing modes
  • Requirements Table: Clarified which DNS/cert requirements apply to which routing mode
  • Sandbox Routing Configuration: Added new section explaining how to select routing mode in the Admin Console

Testing

The documentation follows the existing mdx format and uses standard Mintlify components (Tabs, Tab, Info, Warning).

This PR was created by an AI agent (OpenHands) on behalf of the user.

all-hands-bot
all-hands-bot approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@all-hands-bot all-hands-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟢 Good taste - Clear, well-structured documentation that addresses a real enterprise deployment constraint.

[RISK ASSESSMENT]

  • [Overall PR] ⚠️ Risk Assessment: 🟢 LOW

Documentation-only change addressing verified enterprise requirement (wildcard certificate restrictions). Uses Mintlify components correctly, provides clear guidance for both routing modes, and maintains consistent terminology throughout. No code modifications.

VERDICT:
Worth merging: Solid documentation that solves a real problem.

KEY INSIGHT:
Tabbed structure elegantly separates two distinct deployment modes while keeping the documentation DRY and maintainable.

@mintlify
Copy link
Copy Markdown

mintlify Bot commented May 4, 2026
edited
Loading

Preview deployment for your docs. Learn more about Mintlify Previews.

Project Status Preview Updated (UTC)
all-hands-ai 🟢 Ready View Preview May 4, 2026, 2:07 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

@jpshackelford jpshackelford requested a review from jlav May 4, 2026 14:13
jlav
jlav reviewed May 4, 2026
View reviewed changes
Comment thread enterprise/quick-start.mdx Outdated
jlav
jlav reviewed May 4, 2026
View reviewed changes
Comment thread enterprise/quick-start.mdx Outdated
jlav
jlav approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jlav jlav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some nits, but overall LGTM.

jlav
jlav approved these changes May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jlav jlav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left some nits, but overall LGTM.

@openhands-agent
docs(enterprise): add path-based sandbox routing documentation
a0e64cf 
Update the enterprise quick-start guide to document the path-based
sandbox routing feature introduced in OpenHands-Cloud PR #563.

Key changes:
- Add tabbed DNS/TLS setup section covering both routing modes
- Document path-based mode for environments without wildcard cert support
- Update preflight DNS checks for both routing modes
- Add Sandbox Routing Configuration section in Admin Console setup
- Update requirements table to clarify routing mode dependencies

Co-authored-by: openhands <openhands@all-hands.dev>
@openhands-agent
docs(enterprise): add security callout for subdomain routing preference
2e331c8 
Add a warning callout explaining why subdomain-based routing is
preferred from a security perspective - cookie isolation between
sandboxes. Encourage customers to seek IT security exceptions.

Co-authored-by: openhands <openhands@all-hands.dev>
@openhands-agent
docs: update certificate requirements to reflect self-signed cert sup…
8de3a2a 
…port

Co-authored-by: openhands <openhands@all-hands.dev>
@openhands-agent
docs: move routing mode emphasis to front of table descriptions
1eccf68 
Co-authored-by: openhands <openhands@all-hands.dev>
@jpshackelford jpshackelford force-pushed the docs/path-based-sandbox-routing branch from e2ec028 to 1eccf68 Compare May 4, 2026 19:58
@jpshackelford jpshackelford mentioned this pull request May 4, 2026
Open
@jpshackelford OpenHands AI
Copy link
Copy Markdown
Contributor Author

jpshackelford commented May 4, 2026

Closing in favor of #488 - this PR had persistent merge state issues.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jlav jlav jlav approved these changes

@all-hands-bot all-hands-bot all-hands-bot approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jpshackelford @jlav @all-hands-bot @openhands-agent