When we received the first report from our colleague, we helped them identify that there was no route to the application, and they recreated it. We soon realized that other applications on 18f.gov had similarly lost their routes. We audited and recreated routes for all of the applications that should be accessible via the 18f.gov domain.
When we received a similar second report, a cloud.gov operator realized that the sudden absence of routes was related to their attempt to remove access to the 18f.gov domain for a single organization. Instead of removing access from the intended organization, the operator had removed the domain from the system altogether, causing the deletion of all routes based on 18f.gov across organizations.
cf delete-shared-domaincommand warns when there are existing routes and requests confirmation before actually performing the deletion.