fcd8f99a52
All checks were successful
AI Code Review / ai-review (pull_request) Has been skipped
No forte-helm chart change needed after all. The forteapp chart emits one exact Host(`drop.forteapps.net`) route (apex: admin + /api + public /shared). Add an ADDITIVE standalone IngressRoute for the per-slug wildcard *.drop.forteapps.net, pointing at the SAME chart service (forte-drop-app:3000 — whose targetPort is the auth sidecar when auth is on), so forte drop subdomains flow through the sidecar and are Forte-login gated exactly like the admin root. priority:1 (LOW) is load-bearing: Traefik orders routers by rule-length by default, and this regex is longer than Host(`mcp.drop.forteapps.net`) — without the explicit low priority it would STEAL mcp.drop (and apex) traffic into the web pod. priority:1 guarantees the exact Host() routers (mcp release + chart apex) always win. Traefik v3 (chart 28.x) HostRegexp = Go RE2; verify the rendered router against mcp./www./app./apex/<real-slug> before prod. Uses the wildcard-drop-forteapps-net-tls secret from the Certificate added in the same branch. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>