Cloud Development Environment Glossary
A-Z reference guide to CDE terminology, platform engineering, and remote development concepts
A
Agentic Engineering
The discipline of designing, deploying, and supervising AI agents that autonomously perform software development tasks. Agentic engineering encompasses prompt design, guardrail implementation, tool orchestration, and human-in-the-loop oversight patterns for AI agents operating within CDEs and CI/CD pipelines.
AI Coding Assistant
An AI-powered tool that assists developers with code generation, completion, refactoring, and debugging directly within their IDE. When integrated with CDEs, AI coding assistants like GitHub Copilot, Cursor, Claude Code, and AWS Kiro Developer gain access to consistent, centralized environments with governed security policies.
AI-Native IDE
An integrated development environment with AI capabilities built into its core architecture rather than added as plugins. AI-native IDEs like Cursor, Windsurf, and Zed feature inline code generation, natural language editing, codebase-aware chat, and agentic workflows as first-class features, representing a shift from traditional IDEs with bolt-on AI extensions.
AI Proxy Pattern
An architecture pattern that routes all AI API traffic through an internal proxy service for centralized logging, rate limiting, cost tracking, and policy enforcement. Organizations use AI proxies to govern how developers and AI agents consume LLM APIs within CDEs, preventing runaway costs and ensuring compliance with data handling policies.
Auto-stop
An automated feature that shuts down idle workspaces after a specified period of inactivity to save cloud compute costs. Common in CDEs like Coder and GitHub Codespaces.
Air-Gapped CDE
A cloud development environment deployed in a network with no direct internet access, used by defense, intelligence, and highly regulated industries. Air-gapped CDEs require pre-cached dependencies, internal package registries, and offline-capable tooling to function without external connectivity.
B
Backstage
An open-source developer portal framework created by Spotify and donated to the CNCF. Backstage provides a unified interface for service catalogs, documentation, CI/CD pipelines, and infrastructure provisioning, and can integrate CDE workspace creation as a self-service action.
Base Image
The foundational Docker image or VM image used to create workspaces. Contains the operating system and core tools that all developers in a team will use.
Buildpack
A tool that automatically detects application dependencies and builds a container image without requiring a Dockerfile. Used by platforms like Heroku and Cloud Native Buildpacks.
C
Carbon-Aware Scheduling
The practice of shifting compute workloads to times and regions with lower grid carbon intensity. For CDEs and CI/CD pipelines, carbon-aware scheduling automatically routes builds, tests, and batch jobs to data centers powered by cleaner energy, reducing the carbon footprint of software development without impacting developer experience.
CDE (Cloud Development Environment)
A remote workspace that runs in the cloud instead of on a developer's local machine. Provides pre-configured environments accessible via VS Code, JetBrains IDEs, or web browsers.
CDE Orchestrator
The control plane software that manages the lifecycle of cloud development environments - provisioning, scaling, monitoring, and terminating workspaces. Examples include Coder's provisioner, Ona's workspace manager, and GitHub Codespaces' backend orchestration layer.
Cloud Workstation
A fully managed, cloud-hosted development machine accessible via browser or local IDE. Unlike container-based CDEs, cloud workstations often provide full VM-level isolation with persistent storage. Google Cloud Workstations and Microsoft Dev Box are leading examples.
Cluster
A group of connected servers (nodes) that work together, typically in Kubernetes. CDEs often run as pods within a Kubernetes cluster.
D
Daytona
An open-source CDE platform focused on developer experience. Supports multiple IDE connections and infrastructure providers.
Developer Experience (DevEx)
The overall experience developers have while building software, encompassing tooling, workflow friction, documentation quality, environment setup time, and cognitive load. CDEs improve DevEx by eliminating "works on my machine" problems, reducing onboarding time from days to minutes, and providing consistent, pre-configured environments.
Developer Portal
A web-based interface where developers can discover services, provision resources, and access documentation. Developer portals like Backstage, Port, and Cortex serve as the front door to an organization's internal developer platform, often integrating CDE workspace provisioning.
Developer Productivity Engineering (DPE)
The discipline of measuring and optimizing developer tooling, build systems, and workflows for maximum engineering efficiency. DPE teams focus on build and test acceleration, flaky test detection, dependency management, and developer environment performance. CDEs are a core DPE initiative, reducing environment setup time from hours to seconds.
DevContainer
A Docker container specifically configured for development work. Defined by a devcontainer.json file that specifies tools, extensions, and settings for a consistent dev environment.
devcontainer.json
A configuration file that defines a development container's specifications, including base image, VS Code extensions, port forwarding, and post-creation commands.
Development Container Feature
A shareable unit of installation code and configuration for Dev Containers. Features allow developers to add tools, runtimes, or libraries (e.g., Node.js, Docker-in-Docker, AWS CLI) to any devcontainer.json with a single line, without writing custom Dockerfiles. Published to OCI registries for versioned distribution.
DevPod
An open-source desktop application that creates reproducible development environments across different providers (Kubernetes, Docker, cloud VMs) with a unified interface.
DLP (Data Loss Prevention)
Security measures that prevent sensitive data from leaving an organization's control. CDEs help with DLP by keeping source code in the cloud rather than on local laptops.
Dotfiles
Personal configuration files (like .bashrc, .gitconfig, .vimrc) that developers use to customize their shell, editor, and tools. CDE platforms allow developers to automatically apply their dotfiles repository to every new workspace, preserving personal preferences and shortcuts across ephemeral environments.
DORA Metrics
Four key metrics from the DevOps Research and Assessment (DORA) team for measuring software delivery performance: deployment frequency, lead time for changes, change failure rate, and mean time to recovery. CDEs directly improve lead time for changes by eliminating environment setup delays and enabling faster onboarding to new codebases.
Dockerfile
A text file containing instructions to build a Docker image. Defines the base OS, installed packages, environment variables, and commands needed to set up a container.
E
Eclipse Che
An open-source Kubernetes-native IDE and CDE platform. Provides browser-based workspaces and supports multiple programming languages and frameworks.
Ephemeral Environment
A temporary workspace that exists only for the duration of a task (like reviewing a pull request). Automatically destroyed when no longer needed to save resources.
Environment as Code (EaC)
The practice of defining complete development environments declaratively in version-controlled configuration files. EaC encompasses devcontainer.json, Dockerfile, Terraform templates, and tool configuration, ensuring every aspect of a development workspace is reproducible, auditable, and consistently provisioned across teams.
F
FedRAMP
Federal Risk and Authorization Management Program - a US government compliance framework for cloud services. Required for CDEs used by federal agencies.
FinOps
Financial Operations - a practice that brings financial accountability to cloud spending. For CDEs, FinOps involves tracking per-developer and per-team cloud costs, implementing auto-shutdown policies, right-sizing workspace classes, and providing showback/chargeback reporting to optimize the ROI of cloud development infrastructure.
G
GDPR
General Data Protection Regulation - European Union regulation governing data privacy and protection. CDEs help with GDPR compliance by controlling data residency and access.
Golden Path
A pre-paved, opinionated route for building and deploying software that platform teams provide to developers. Golden paths include standardized templates, CI/CD pipelines, workspace configurations, and deployment patterns that encode organizational best practices while still allowing developers to deviate when needed.
GPU Passthrough
A technique that gives a virtual machine or container direct access to a physical GPU for hardware-accelerated computing. Essential for AI/ML development in CDEs, enabling model training and inference on cloud GPUs (NVIDIA H200, A100, AMD MI300X) from remote workspaces.
GPU Time-Slicing
A technique for sharing a single physical GPU among multiple CDE workspaces by dividing GPU time into slices allocated to different users. GPU time-slicing enables cost-effective AI/ML development in CDEs without dedicating an entire GPU to each developer, though it trades throughput for better resource utilization.
GitHub Codespaces
GitHub's managed CDE service. Provides instant, cloud-based VS Code environments with seamless GitHub integration. Runs as containers on Azure infrastructure.
Gitpod
Now rebranded as Ona. A container-based CDE platform available as SaaS or self-hosted. Known for its fast prebuild system and tight Git integration for automated workspace creation from repositories.
Google Cloud Workstations
Google Cloud's managed CDE service. Provides fully managed development environments with security features like VPC Service Controls and integration with Google Cloud services.
H
HIPAA
Health Insurance Portability and Accountability Act - US regulation for protecting sensitive patient health information. CDEs help healthcare organizations maintain HIPAA compliance.
I
IaC (Infrastructure as Code)
The practice of managing infrastructure through code files rather than manual configuration. Terraform is the primary IaC tool used by CDEs like Coder.
IDP (Internal Developer Platform)
A self-service layer that platform teams build on top of infrastructure to abstract away complexity. An IDP typically includes a developer portal, service catalog, environment provisioning (including CDEs), CI/CD pipelines, and observability tools. Examples include Backstage-based platforms, Port, and Humanitec.
Inner Loop
The core development cycle of writing, building, testing, and debugging code locally before committing. CDEs optimize the inner loop by providing fast, pre-configured environments with powerful cloud compute, eliminating slow local builds and reducing the code-to-feedback time that directly impacts developer productivity.
J
JetBrains Gateway
A lightweight launcher that connects JetBrains IDEs (IntelliJ, PyCharm, GoLand) to remote development environments. Allows developers to use their preferred IDE with cloud workspaces.
K
L
Latency Budget
The maximum acceptable network delay between a developer's local machine and their remote CDE workspace. Latency budgets typically target under 50ms for a responsive IDE experience. CDE platform teams use latency budgets to determine workspace region placement and evaluate whether remote development will feel native to developers.
Local Development
Traditional development approach where code runs directly on a developer's laptop or workstation, as opposed to cloud-based development environments.
M
MCP (Model Context Protocol)
An open protocol created by Anthropic for standardizing how AI applications connect to external data sources and tools. MCP enables AI coding assistants and agents within CDEs to securely access databases, APIs, file systems, and development tools through a unified interface, replacing fragmented custom integrations.
Microsoft Dev Box
Microsoft's cloud-based workstation service. Provides Windows-based development environments with full GUI access, ideal for .NET and Windows development.
mTLS (Mutual TLS)
A security protocol where both client and server authenticate each other using certificates. Used in CDEs to secure connections between developer machines and workspaces.
N
Namespace
A logical partition within a Kubernetes cluster that provides resource isolation. CDEs often create workspaces within specific namespaces for organization and security.
Nix/Devbox
Nix is a purely functional package manager that creates reproducible, declarative development environments. Devbox (by Jetify) provides a user-friendly wrapper around Nix, letting developers define project dependencies in a simple JSON file for instant, isolated, reproducible environments without Docker.
O
OIDC (OpenID Connect)
An authentication layer built on OAuth 2.0. Used by CDEs to integrate with identity providers like Okta, Azure AD, or Google Workspace for single sign-on.
Observability (Dev Environments)
The ability to monitor, measure, and understand the health and performance of cloud development environments through metrics, logs, and traces. CDE observability covers workspace startup times, resource utilization, build performance, and developer session analytics, enabling platform teams to proactively identify and resolve infrastructure issues.
OpenTofu
An open-source fork of Terraform maintained by the Linux Foundation, created after HashiCorp changed Terraform's license to BSL in 2023. OpenTofu provides a community-driven, truly open-source alternative for infrastructure as code, and can be used with CDE platforms like Coder as a drop-in replacement for Terraform-based workspace provisioning.
Ona (formerly Gitpod)
A cloud development environment platform rebranded from Gitpod in 2025 with an agent-first pivot. Ona provides automated, ready-to-code environments designed for both human developers and AI agents, featuring workspaces that AI coding agents can provision and operate autonomously. Known for its fast prebuild system, tight Git integration, and both SaaS and self-hosted deployment options.
P
PCI DSS
Payment Card Industry Data Security Standard - security requirements for organizations handling credit card data. CDEs help maintain PCI DSS compliance through access controls and audit logging.
Platform Engineering
The discipline of building and maintaining internal developer platforms. Platform engineers typically manage CDE infrastructure, templates, and developer tooling. As of 2026, 80% of large organizations have dedicated platform engineering teams, reflecting the industry-wide shift toward self-service developer infrastructure.
Platform Team
A dedicated engineering team responsible for building and maintaining the internal developer platform, including CDE infrastructure, workspace templates, CI/CD pipelines, and developer tooling. Platform teams serve as product teams whose customers are the organization's developers.
Pod
The smallest deployable unit in Kubernetes - one or more containers that share storage and network resources. Container-based CDEs typically run as Kubernetes pods.
Port Forwarding
A networking technique that maps ports from a remote CDE workspace to a developer's local machine, enabling access to web servers, databases, and other services running in the cloud as if they were local. CDEs typically provide automatic port forwarding with secure tunneling so developers can preview applications in their local browser.
Prebuild
A pre-configured workspace image that's built ahead of time. Allows developers to start working instantly without waiting for dependencies to install.
Prebuilt Environment
A fully ready-to-use workspace created from a prebuild image. Developers can start coding immediately without waiting for dependency installation, container builds, or environment configuration. Prebuilt environments are the key to achieving sub-30-second workspace startup times.
R
Remote Development
Development approach where code runs on a remote machine (cloud or server) while the developer's local IDE connects to it. Core concept behind CDEs.
Remote Tunnel
A secure network connection that allows a local IDE to connect to a remote machine without requiring SSH configuration or open ports. VS Code Remote Tunnels and JetBrains remote development use this approach for zero-config connectivity to CDEs.
Resource Quota
Limits on CPU, memory, and storage that can be consumed by workspaces. Platform engineers set quotas to control costs and ensure fair resource distribution.
Reverse Proxy
A server that sits in front of CDE workspaces and forwards client requests to the appropriate backend. CDE platforms use reverse proxies (like Traefik, Caddy, or NGINX) to handle TLS termination, authentication, subdomain routing, and load balancing for workspace connections, enabling secure access without exposing individual workspace ports.
S
SBOM (Software Bill of Materials)
A formal inventory of all software components, libraries, and dependencies in an application. CDEs can auto-generate SBOMs at build time to meet supply chain security requirements like US Executive Order 14028 and the EU Cyber Resilience Act.
SAML (Security Assertion Markup Language)
A standard for exchanging authentication data between identity providers and service providers. Used for enterprise single sign-on with CDEs.
Sandbox Environment
An isolated, request-level development environment for testing changes in production-like conditions without affecting live systems. Sandboxes are ephemeral by nature, spun up per pull request or feature branch, and provide developers with full-stack isolation including databases, APIs, and services to validate changes safely before merging.
Score
An open-source workload specification from Humanitec that provides a platform-agnostic way to describe how applications should run. Developers define workloads once in a Score file, and platform teams map those declarations to specific infrastructure (Kubernetes, Docker Compose, cloud services).
SCIM (System for Cross-domain Identity Management)
A standard for automating user provisioning and deprovisioning. Allows CDEs to automatically create/remove workspaces when users join/leave the organization.
Service Catalog
A centralized registry of available services, APIs, and infrastructure components within an organization. Developer portals like Backstage provide service catalogs so teams can discover and consume existing services instead of building duplicates.
Self-Hosted
CDE platforms that run on your own infrastructure rather than as a managed service. Examples include Coder, self-hosted Ona, and Eclipse Che. Preferred for compliance requirements.
Secrets Management
The practice of securely storing, distributing, and rotating sensitive credentials like API keys, database passwords, and tokens within development environments. CDEs integrate with secrets managers (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) to inject credentials at runtime without exposing them in code, environment files, or workspace templates.
SLSA (Supply-chain Levels for Software Artifacts)
A security framework by Google that defines increasing levels of supply chain integrity guarantees (L0-L4). SLSA ensures that software artifacts have not been tampered with during the build and distribution process. CDEs can enforce SLSA compliance by controlling build environments.
SOC 2 Type II
A security compliance framework that verifies a service organization's controls over a period of time. Common requirement for enterprise CDE adoption.
SPACE Framework
A developer productivity framework measuring five dimensions: Satisfaction and well-being, Performance, Activity, Communication and collaboration, and Efficiency and flow. Developed by researchers at Microsoft, GitHub, and the University of Victoria, SPACE provides a holistic approach to measuring developer productivity that goes beyond simple output metrics, helping organizations justify and evaluate CDE investments.
SSH (Secure Shell)
A cryptographic network protocol for secure remote access to computers. The underlying protocol used by VS Code Remote SSH and most CDE connections.
T
Template
A pre-configured workspace specification that defines CPU, RAM, installed tools, and environment settings. Developers select templates to create standardized workspaces.
Thin Client
A lightweight computing device that relies on a remote server for processing. In the CDE context, developers use thin clients (Chromebooks, tablets, low-spec laptops) to connect to powerful cloud workspaces, eliminating the need for expensive developer hardware.
Terraform
An infrastructure-as-code tool by HashiCorp. Used by platforms like Coder to define workspace infrastructure across any cloud provider (AWS, Azure, GCP, Kubernetes).
TTL (Time to Live)
The maximum lifetime of a workspace before it's automatically destroyed. Helps control costs by preventing abandoned workspaces from running indefinitely.
V
VM-Based CDE
Cloud development environments that use full virtual machines instead of containers. Provides more OS flexibility and supports GUI applications. Examples: Microsoft Dev Box, Coder VMs.
VPC (Virtual Private Cloud)
An isolated network within a cloud provider where workspaces can run securely. Self-hosted CDEs typically run within an organization's VPC for data security and compliance.
VS Code Remote SSH
A VS Code extension that allows developers to connect their local VS Code editor to a remote machine via SSH. The most popular way to connect to cloud workspaces.
W
Web IDE
A browser-based code editor (like code-server, Eclipse Theia) that provides a full IDE experience without installing software locally. Common in CDEs for quick access.
Warm Pool
A set of pre-provisioned but unassigned CDE workspaces kept ready for instant allocation to developers. Warm pools eliminate startup latency by maintaining idle environments that can be claimed on demand, trading slightly higher infrastructure costs for near-instant workspace availability.
Wasm (WebAssembly)
A portable binary instruction format for stack-based virtual machines, enabling near-native performance across browsers, servers, and edge devices. In the CDE ecosystem, Wasm enables lightweight, sandboxed execution of development tools and language servers without full container overhead, and powers browser-based IDEs that run compilation and linting entirely client-side.
Workspace Class
A predefined resource tier for cloud workspaces that specifies CPU cores, RAM, disk size, and optional GPU. Platform teams define workspace classes (e.g., small, medium, large, GPU) to standardize provisioning and control costs.
Z
Zero Trust
A security model that requires verification for every access request, regardless of network location. CDEs implement Zero Trust by authenticating all connections and encrypting data in transit.
Zero Trust Architecture
A security model that requires strict identity verification for every person and device accessing resources, regardless of network location. Zero Trust Architecture eliminates implicit trust based on network perimeters, instead enforcing continuous authentication, least-privilege access, and micro-segmentation. For CDEs, this means every workspace connection, API call, and resource access is independently verified and authorized.
Zero Trust Development
An extension of zero-trust principles applied specifically to the software development lifecycle. Every developer action, code checkout, dependency install, and build process is verified and audited regardless of network location or identity trust level.