Tunnel wildcard ingress does not auto-create wildcard DNS CNAME (request support)

[jonastemplestein]

We found that Tunnel wildcard ingress rules (for example *.boop.dev.iterate.com) do not auto-create wildcard CNAME records.

For our dev workflow this is a big gap, because we want to run many named dev tunnels and rely on Cloudflare Total TLS + Let's Encrypt wildcard cert issuance automatically once proxied wildcard DNS exists.

What we expected

When a Tunnel ingress rule includes a wildcard hostname, we expected Alchemy to create/update the corresponding wildcard CNAME DNS record too.

What actually happens

Wildcard hostnames are skipped in Tunnel DNS auto-creation logic:

• https://github.com/alchemy-run/alchemy/blob/main/alchemy/src/cloudflare/tunnel.ts#L614-L616

So we currently need to add a manual fetch/API call to create wildcard CNAMEs.

Repro from our side

We opened a PR in our repo with a minimal repro script:

• PR: Support explicit multi-dev tunnels + wildcard subdomains for ingress testing iterate/iterate#977
• Repro file: https://github.com/iterate/iterate/blob/jonastemplestein/alchemy-wildcard-repro/apps/os/scripts/alchemy-wildcard-tunnel-repro.ts

The script shows:

1. local Worker in Alchemy dev mode
2. Tunnel with both base + wildcard ingress
3. manual wildcard CNAME create via Cloudflare API (workaround)
4. then wildcard cert issuance works via Total TLS

Ask

Could Alchemy support wildcard DNS auto-creation for wildcard ingress hostnames (or add an opt-in flag)?

If the current behavior is intentional for an edge-case/safety reason, docs on the rationale would help a lot.

[jonastemplestein]

Paging @BlankParticle