Studio Guide

Welcome to the Studio

Studio is where Vibecodr shifts from quick posting into real project building. It gives you a full editing workspace with preview, files, configuration, and publishing controls in one place so a capsule can grow without turning into a mess.

BUMP IT: update a live app

BUMP IT is the standard way to ship a new version of an app that already has a public player page. It keeps the same app identity, creates a new immutable artifact, and updates the live Drop instead of creating a second top-level listing.

What stays the same

• The public player URL and app listing.
• Comments, follows, and the social identity around that app.
• Your older cuts, pinned embeds, and revert options.

What changes

• A new artifact is built and added to version history.
• The app's live Drop moves to the newest artifact.
• Live embeds follow the latest version while pinned cuts stay exact.

Use BUMP IT from Studio when you are updating an existing live app. Use Publish As New App only when the work should become a deliberately separate listing with its own lineage.

Interface Overview

File Sidebar

Alt+E

Browse and manage your project files. Create, rename, delete, and organize files in folders.

Code Editor

CodeMirror 6-based editor with syntax highlighting, autocomplete, and inline errors. It understands TypeScript, JSX, JSON, and more.

Preview

Alt+P

App projects can use Source while editing and Runtime for the real built app lane. Pulse and Blueprint source stay editor-only until you publish and test the deployed Pulse endpoint.

Console

Alt+J

View console.log output from your vibe. Filter by log level (errors, warnings, info). Essential for debugging.

Config Panel

Alt+B

Manifest editor for title, description, parameters, and entry point. Configure how your vibe appears and behaves.

Hints Panel

Alt+/

Quick reference for pulse tools and code snippets. Copy examples directly into your code.

Project structure & entry resolution

During import, uploaded manifest.json files are treated as advisory source input rather than authority. Studio validates and owns the capsule manifest server-side, then uses that validated entry when it is correct. If the entry is missing, outdated, or points at the wrong file, Studio works out the most likely starting file from your project structure so you can still open and ship the project without repair work first.

The practical rule: Studio preserves editable source for you to keep working on, while publish and Runtime follow the browser-ready release entry when the imported project already includes one.

Allowed entry extensions

.html, .htm, .js, .jsx, .ts, .tsx

These are the file types Studio considers runnable starting points.

Reserved/system files

• Platform-generated shim files and reserved prefixes.
• manifest.json and other system-owned helper files Vibecodr manages for you.
• Legacy compatibility files that still exist for older projects.

Entry resolution order

1) manifest.json entry (if the file exists)
2) package.json fields: module, browser, main, source, exports["."]
3) common filenames (in order):
   index.html, main.html, index.htm
   main.tsx, index.tsx, main.ts, index.ts, main.jsx, index.jsx, main.js, index.js
   App.tsx, App.jsx, App.js, app.tsx, app.jsx, app.js
   bundle.js
   dist/index.html, dist/main.html, build/index.html, public/index.html
   src/main.tsx, src/index.tsx, src/main.ts, src/index.ts, src/main.jsx, src/index.jsx, src/main.js, src/index.js
   src/App.tsx, src/App.jsx, src/app.tsx, src/app.jsx, src/app.ts, src/app.js

Studio surfaces these candidates in the Config panel so you can confirm the launch file instead of guessing what the runtime chose.

Image/Asset Support

Local disk paths (like C:/Users/you/image.png or /Users/you/image.png) do not exist in the browser runtime. Upload assets to your capsule and reference them by relative path.

Option A: Project assets (recommended)

1. Upload images in Studio > Files (Creator/Pro) or Storage v2.
2. Keep assets in folders like assets/ or src/assets/.
3. Copy the file path or snippet from the Storage v2 file list.

Option B: External URLs (HTTPS)

• Use https:// URLs only. Plain HTTP is not allowed in the runtime.
• Browser code can talk to ordinary public HTTPS and secure WebSocket endpoints.
• Browser code does not get a shortcut into private Vibecodr platform surfaces or other runtime hosts. If you need trusted server-side access, move that work into a Pulse.
• Common data and backend providers that are already known to work well include https://clerk.accounts.dev, https://*.clerk.com, https://*.clerk.services, https://*.clerkstage.dev, https://identitytoolkit.googleapis.com, https://securetoken.googleapis.com, https://*.appwrite.global, https://*.appwrite.network, https://*.convex.cloud, https://*.convex.site, https://*.firebaseio.com, https://firestore.googleapis.com, https://*.hasura.app, https://*.nhost.run, https://*.supabase.co, https://*.supabase.in, https://*.algolia.net, https://*.algolianet.com, https://*.typesense.net, https://*.upstash.io, https://*.redis.cloud, https://api.github.com, https://api.openai.com.
• For HTML vibes, external script tags (<script src="...">) should come from these supported script CDNs: https://cdn.jsdelivr.net, https://cdnjs.cloudflare.com, https://unpkg.com, https://esm.sh, https://ga.jspm.io, https://jspm.dev.
• Google Fonts are supported through https://fonts.googleapis.com, https://fonts.bunny.net, https://rsms.me and https://fonts.gstatic.com, https://fonts.bunny.net, https://rsms.me, https://cdnjs.cloudflare.com, https://r2cdn.perplexity.ai, https://frontend-cdn.perplexity.ai.
• Common image CDNs that work out of the box include https://images.unsplash.com, https://images.pexels.com, https://cdn.pixabay.com, https://i.imgur.com, https://res.cloudinary.com, https://images.ctfassets.net, https://img.clerk.com, https://images.clerk.dev, https://*.vercel.app.
• Paste into src= or url() where you need it.
• Do not include secrets or private content in URLs.

Usage examples

<!-- HTML -->
<img src="assets/products/shirt.png" alt="" />

/* CSS */
.hero {
  background-image: url("assets/products/shirt.png");
}

// React
import shirtUrl from "./assets/products/shirt.png";
<img src={shirtUrl} alt="" />

Supported formats

Covers/thumbnails: PNG, JPEG, WebP, AVIF. Avatars: PNG, JPEG, WebP, GIF.

Capsule file uploads are capped at 10MB per file.

Security & CSP

• Scriptable files (SVG, HTML, XML) are served with CSP script-src 'none' and frame-ancestors 'none' plus X-Content-Type-Options: nosniff.
• Paths are case-sensitive and must match the file browser.
• React apps should import assets before using them in JSX.

Import & remix pipeline

Imports do more than copy files into Studio. Vibecodr checks what you uploaded, figures out how it should start, and warns you about anything that might surprise you later.

GitHub import

• Accepts GitHub URLs only (github.com).
• Defaults to the main branch unless you specify one.
• Downloads the repo archive and analyzes it locally.
• Uses manifest.json if it is present and valid; otherwise it works out the entry file for you.
• Warns when server-side code is detected so you can move that logic into a Pulse if needed.
• Size limits apply; oversized archives are rejected.

ZIP + single-file import

• ZIP uploads run the same analysis and entry detection.
• ZIPs with a frontend entry plus src/server/ or server/ TypeScript/JavaScript files import as full-stack projects: frontend previews in Studio, and those server files deploy as /api/* routes when you publish.
• A ZIP that only contains built output such as dist/ cannot recover missing backend source. Include the original src/server/ or server/ files when you want API routes.
• Single-file import supports .js, .jsx, .ts, .tsx, .html, and .htm.
• PHP and WordPress projects are not supported inside vibes. Files such as .php, WordPress themes, WordPress plugins, and WordPress admin routes are not imported as runnable Vibecodr code.
• Missing license files trigger a warning so shared projects are easier to understand.
• Likely entry files are surfaced in Config instead of making you guess.

Remix rules

• Inline remix is available for single-file vibes (one user file).
• Studio remix creates a new draft from the source project, including multi-file apps.
• Remix requires the source vibe to be link-visible (public or unlisted); owners can also remix private vibes.
• Sensitive files such as .env, keys, and raw credentials are stripped automatically.
• Use .pulse for non-secret runtime constants and Pulse Secrets for API keys, tokens, and credentials. .env files are treated as an import safety signal, not as deployable runtime config.

Dependency imports & runtime pipeline

Vibecodr uses one dependency system across Studio builds, imports, publish, and runtime playback. Different paths can bring different evidence into the system, like source files, lockfiles, or container-built output, but the platform still converges that evidence onto one release contract. That is how we stay permissive about project shape without letting every surface invent its own rules.

If you are importing an existing project, read Project structure & entry resolution and Import & remix pipeline first. For where the final release lives after publish, see Project Storage and Assets. For host-side trust rules, see the Published runtime code sources section in the Approved CDNs docs.

One truth plane

• Studio edits, GitHub imports, ZIP imports, and build output can all feed the same dependency decision system. Blueprint handoff is different on purpose: it preserves Pulse source for editing instead of compiling it into browser preview output.
• Lockfiles are evidence, not authority: package-lock.json, pnpm-lock.yaml, and yarn.lock help pin exact versions when they are present.
• Entry-file choices and import settings can shape the release, but the final runtime manifest stays platform-generated.

What publish does

• External package imports are detected from your source or built output.
• Browser runtimes reject Node.js built-ins (fs, path, node:*). If you need Node-style imports, move that code into a Pulse.
• Versions are pinned using your package manifest plus lockfile truth when it exists.
• Vibecodr freezes publishable dependencies onto exact mirrored routes and records the final startup contract needed to replay the release consistently.
• Playback checks those startup details before launch so broken publishes do not turn into mysterious half-working runs.

Why the platform is strict here

• Published artifacts need exact dependency versions so releases stay reproducible.
• Public runtime reads should be fast and boring. They should fetch mirrored assets, not solve dependency graphs on the fly.
• If a graph needs more packaging work than the foreground budget allows, Vibecodr finishes that work in a trusted maintenance lane instead of pushing the cost onto public reads.
• If a dependency is too loose, incompatible, or cannot be mirrored safely, publish asks for a change before shipping.
• This keeps the platform social and permissive for creators while still failing closed on unsafe or non-deterministic runtime behavior.

How the dependency system works

1. Collect evidence from the project: entry files, package metadata, lockfiles, and built output when needed.
2. Classify imports by runtime fit: browser-safe, server-only, platform library, or blocked.
3. Pin exact versions for publishable dependencies so the graph becomes reproducible.
4. Mirror those exact dependencies onto Vibecodr-owned delivery paths for stable runtime reads.
5. Generate the runtime manifest and launch contract the player uses later.
6. Serve public reads from the fast mirror lanes whenever that is safe, with worker-backed paths still available where public direct reads are not appropriate.

Pinned npm dependency example

// package.json
{
  "dependencies": {
    "react": "18.3.1",
    "three": "0.160.0"
  }
}

import * as THREE from "three";

Library module import

import { palette } from "@alex/color-kit";

// Published libraries resolve to:
// https://vibecodr.space/lib/@alex/color-kit?v=12

If you use version ranges (like ^ or ~) without a lockfile, publish may ask you to pin exact versions before a release can freeze cleanly.

If a dependency graph needs extra packaging work, Vibecodr handles that in trusted publish-time or post-publish maintenance rather than asking public launches to do the heavy lifting.

Import rules

• Browser runtimes only support bare npm specifiers (no URL, data, or absolute imports).
• For HTML vibes, external script hosts are intentionally curated (not wildcard https): https://cdn.jsdelivr.net, https://cdnjs.cloudflare.com, https://unpkg.com, https://esm.sh, https://ga.jspm.io, https://jspm.dev.
• Published library import references resolve to library capsules; third-party modules stay pinned until you update them.
• Server-side runners can use URL imports; they are pinned with hashes in the lockfile.
• Draft and legacy artifacts can still use compatibility paths when needed; published artifacts prefer the mirrored exact-dependency map.
• Move server-only libraries to Pulses if they rely on Node.js built-ins.

The Dependencies panel stores lock information for published library references and URL imports so builds stay reproducible, but the final runtime manifest is still generated by the platform.

Project Storage and Assets

Vibecodr stores project files, release output, and public asset references on platform-managed storage. The useful mental model is three lanes: editable source, published releases, and public assets. Manage files in Settings > Storage when your plan includes storage tools.

Editable source and releases

• Your draft capsule keeps the editable source and assets you continue working on.
• Each publish creates a separate immutable release bundle for playback.
• Older releases can stay available for rollback, pinned embeds, and exact history.

Public assets and delivery

• Avatars and thumbnails can live on direct public asset lanes when appropriate.
• Published release bundles can move onto the public artifact lane when safe.
• Visibility-aware assets still stay behind the API or proxy path when they should.

URL behavior (Storage v2)

• Public media and deterministic dependency links use cdn.vibecodr.space when a direct public URL is available.
• Public runtime bundle mirrors and platform-generated manifest copies use artifacts.vibecodr.space.
• Copy URL prefers the direct public URL when one exists, then falls back to the file reference URL.
• Search matches file names and both safe URL forms, so pasted Storage URLs are easier to find later.

Storage model (human version)

Capsule storage   -> editable source + assets you keep working on
Artifact storage  -> immutable published releases used for playback
Public asset lane -> safe-to-serve mirrors for bundles, manifests, and media

Plan

Storage

Project size limit

Max files / capsule

Free

1 GB

25 MB

100

Creator

5 GB

50 MB

500

Pro

25 GB

100 MB

2000

Project size matches the ZIP upload size people see at import time. Quota cleanup and release repair happen through trusted platform maintenance. Storage analytics and object management depend on plan availability.

Keyboard Shortcuts

Shortcut

Action

Alt+S

Save current file

Alt+Enter

Publish project

Alt+E

Toggle file sidebar

Alt+P

Toggle preview panel

Alt+B

Toggle config panel

Alt+J

Toggle console panel

Alt+/

Toggle hints panel

Alt+Shift+M

Toggle problems panel

Alt+\

Toggle split editor

Alt+Shift+F

Find in files

Alt+H

Find and replace

Alt+W

Close current tab

Alt+Shift+T

Reopen closed tab

Alt+Left

Previous tab

Alt+Right

Next tab

Alt+1-9

Jump to tab by number

F8

Go to next error

Shift+F8

Go to previous error

Project Types

We spot what you're building from your files:

V

Vibe

Browser-only capsule. No server endpoints.

index.html

src/App.tsx

src/styles.css

P

Pulse

Server endpoints only. No frontend entry.

src/server/api.ts

src/server/users/[id].ts

C

Combo (Full-Stack)

One capsule with UI + endpoints.

index.html

src/App.tsx

src/server/api.ts