feat(infra): add dev environment support

[waleedlatif1]

Summary

• Update `isHosted` to check for `sim.ai` or any subdomain instead of hardcoded URLs — automatically covers any new environment
• Add `dev` branch to CI push/PR triggers with separate AWS credentials (`DEV_AWS_ROLE_TO_ASSUME`/`DEV_AWS_REGION`)
• Fix ECR tag logic so dev branch correctly pushes `:dev` tag (was falling through to `:staging`)

Type of Change

• New feature

Testing

Tested manually — dev environment deployed at `dev.sim.ai`, Docker images building and pushing `:dev` tag to ECR correctly, `isHosted` verified for `www.sim.ai`, `staging.sim.ai`, and `dev.sim.ai`

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[cursor]

PR Summary

Medium Risk
Medium risk because it changes CI/CD branch triggers, AWS role/region selection, and container tagging logic, which can affect what gets built and deployed. It also broadens isHosted detection, impacting hosted-only security gating such as ignoring DISABLE_AUTH on *.sim.ai.

Overview
Extends GitHub Actions workflows to treat the dev branch like main/staging for CI and image publishing, including selecting dev-specific AWS credentials and pushing ECR images with a dedicated :dev tag instead of falling back to :staging.

Updates isHosted in apps/sim/lib/core/config/feature-flags.ts to consider sim.ai and any *.sim.ai subdomain (parsed from NEXT_PUBLIC_APP_URL) as hosted, replacing hardcoded URL checks.

^{Written by Cursor Bugbot for commit 158e4df. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Mar 31, 2026 10:05pm

[greptile-apps]

Greptile Summary

This PR adds dev environment support across three areas: CI/CD workflows gain a dev branch trigger with dedicated AWS credentials and a :dev ECR tag, and isHosted is generalized from two hardcoded URL comparisons to a hostname-based check that automatically covers sim.ai and any subdomain.

Key changes:

• feature-flags.ts: isHosted now parses NEXT_PUBLIC_APP_URL with new URL() (wrapped in try-catch to guard against malformed values) and checks hostname === 'sim.ai' || hostname.endsWith('.sim.ai') — cleanly covers www.sim.ai, staging.sim.ai, dev.sim.ai, and any future subdomain without code changes.
• ci.yml: dev branch added to push/PR triggers, detect-version and build-amd64 job conditions, AWS credentials selection (three-way main/dev/staging expression), and the ECR tag assignment (elif for :dev).
• images.yml: Same three-way AWS credentials and ECR tag logic applied consistently to the reusable image-build workflow.

The implementation is consistent across both workflow files and the previous concern about new URL() crashing at module-load time has been addressed with a try-catch fallback.

Confidence Score: 5/5

Safe to merge — changes are well-scoped, consistent across both workflow files, and the prior new URL() crash concern has been addressed.

No P0/P1 findings. The isHosted logic is correct (.endsWith('.sim.ai') with a leading dot prevents false positives), the three-way AWS credential expressions follow the established pattern, and the ECR tag elif correctly prevents dev from falling through to :staging.

No files require special attention.

Important Files Changed

Filename	Overview
apps/sim/lib/core/config/feature-flags.ts	Replaces two hardcoded URL equality checks with a hostname-based check using new URL(), wrapped in try-catch per previous review; correctly uses .endsWith('.sim.ai') to match any subdomain without false positives.
.github/workflows/ci.yml	Adds dev branch to push/PR triggers, job conditions, AWS credentials three-way logic, and ECR tag assignment; logic is consistent and correct.
.github/workflows/images.yml	Updates AWS credentials and ECR tag logic to match ci.yml's three-way main/dev/staging pattern; no branch-trigger changes needed since it's a reusable workflow_call workflow.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Git Push / PR] --> B{Branch?}
    B -- main --> C[AWS_ROLE_TO_ASSUME\nAWS_REGION]
    B -- dev --> D[DEV_AWS_ROLE_TO_ASSUME\nDEV_AWS_REGION]
    B -- staging --> E[STAGING_AWS_ROLE_TO_ASSUME\nSTAGING_AWS_REGION]
    C --> F[ECR Tag: latest]
    D --> G[ECR Tag: dev]
    E --> H[ECR Tag: staging]
    F --> I[GHCR tags + manifests\nmain only]
    G --> J[ECR push only]
    H --> J

    K[NEXT_PUBLIC_APP_URL] --> L{Parse hostname}
    L -- valid URL --> M{hostname == sim.ai\nor endsWith .sim.ai?}
    L -- invalid / empty --> N[isHosted = false]
    M -- yes --> O[isHosted = true]
    M -- no --> N

Loading

_{Reviews (2): Last reviewed commit: "fix(ci,feature-flags): guard URL parse, ..." | Re-trigger Greptile}

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR