# Vibecodr > Vibecodr is a social runtime for live, runnable, remixable web software. People create, share, play, remix, and run interactive web apps ("vibes") in the browser, with owner-managed public HTTP backend endpoints ("pulses") when trusted work needs a backend plane. This is the canonical machine-readable entrypoint for AI systems. The older `/ai/*` microsite has been retired; use this file as the discovery layer and `llms-full.txt` as the detailed reference. ## Canonical Files - LLM Index: https://player.vxbe.space/llms.txt — Canonical short discovery file for AI systems. - Full Reference: https://player.vxbe.space/llms-full.txt — Canonical long-form reference for retrieval. - Docs Overview: https://player.vxbe.space/docs — Start with the core model for capsules, artifacts, Drops, publishing, remixing, and backend boundaries before you go deeper. - Product Walkthrough: https://player.vxbe.space/how-it-works — Understand the full flow from capsule draft to immutable artifact to live Drop, including VXBE runtime hosts, BUMP IT lineage, and when Pulses join the stack. - Platform Glossary: https://player.vxbe.space/lingo — Learn core terms like vibes, pulses, capsules, player, and remix so new contributors can onboard quickly. - Security Model: https://player.vxbe.space/security — Review sandboxing, policy boundaries, and platform guardrails that keep runnable user content safe by default. - Vulnerability Disclosure: https://player.vxbe.space/vulnerability-disclosure-policy — Privately report Vibecodr security vulnerabilities, review safe-harbor expectations, and understand disclosure scope and handling. - Security.txt: https://player.vxbe.space/.well-known/security.txt — Machine-readable vulnerability disclosure contacts. - Vibes: https://player.vxbe.space/vibes — Definition page for the runnable browser-side experiences people can open, play, share, and remix. - Blueprints: https://player.vxbe.space/blueprints — Browse reusable Pulse functions for trusted backend work without leaking secrets into public code. - Power of Pulses: https://player.vxbe.space/power-of-pulses — Public product page for Pulse-backed secrets, storage, schedules, webhooks, and external API work. - Edge backend: https://player.vxbe.space/cloudflare-workers — Capability map for the Vibecodr-managed backend layer behind Pulses. ## Platform Summary - Vibes are client-side, sandboxed runnable apps on isolated VXBE runtime hosts. - A capsule is the editable source home; publishing creates an immutable release artifact that people actually run. - The live Drop on a post moves to the newest artifact when you BUMP IT. - Deployed Pulse endpoints are public HTTP by default, while Pulse source and operational metadata stay out of public and remixable projections. - Owners must add authentication, signatures, validation, and throttles in Pulse code when endpoint behavior should be restricted. - Pulse execution URLs can remain active at runtime, but pulse URL families are noindex runtime surfaces, not sitemap, canonical, source, or metadata discovery surfaces. - Public docs live under `/docs/*`; product/editorial pages like `/how-it-works`, `/lingo`, `/security`, and `/vulnerability-disclosure-policy` remain authoritative HTML references. ## Documentation Sections - [Vibecodr Documentation](https://player.vxbe.space/docs) — Start with the core model for capsules, artifacts, Drops, publishing, remixing, and backend boundaries before you go deeper. - [How-To Guides](https://player.vxbe.space/docs/how-to) — Execution-first playbooks for publishing, secrets, webhooks, routing, and production-safe Vibecodr workflows. - [Publish and Share](https://player.vxbe.space/docs/publish-share) — Learn how to publish a Vibecodr project, prepare public metadata, share player links, choose live or exact embeds, and keep public descriptions safe and useful. - [VibeComposer Guide](https://player.vxbe.space/docs/composer) — Learn fast posting and single-file capsule workflows with VibeComposer, optimized for shipping ideas quickly. - [Studio Guide](https://player.vxbe.space/docs/studio) — Use Studio as your full workspace for editing, previewing, publishing, and iterating on runnable projects. - [Edit and Manage Projects](https://player.vxbe.space/docs/edit-manage) — Manage Vibecodr projects across drafts, previews, BUMP IT releases, visibility choices, embed settings, owner-only material, and rollback decisions. - [BUMP IT](https://player.vxbe.space/docs/bump-it) — Understand how BUMP IT moves the live Drop forward on the same public app while preserving immutable cuts and rollback history. - [Source and Versions](https://player.vxbe.space/docs/source) — Understand capsule lineage, editable source, immutable release history, live Drop updates, and how to track changes across drafts and published releases. - [Dependency Determinism](https://player.vxbe.space/docs/dependency-determinism) — Learn how Vibecodr freezes runtime dependency graphs, content-addresses executable dependency bytes, and keeps published vibes stable across player, overlay, embed, and vanity surfaces. - [What Can Be a Vibe?](https://player.vxbe.space/docs/vibe-runtime) — Understand the Vibecodr vibe runtime: browser artifacts, WebAssembly support, sandbox limits, import shape, and the boundary where trusted work moves into Pulses. - [Runtime Presentation](https://player.vxbe.space/docs/runtime-presentation) — Learn how Vibecodr uses presentation profiles to keep games, canvases, pages, dashboards, embeds, and vanity domains consistent across runtime surfaces. - [SEO and Discovery](https://player.vxbe.space/docs/seo-discovery) — Learn how Vibecodr makes public apps, posts, profiles, conversations, tags, and topics understandable and discoverable. - [Profiles and Social Features](https://player.vxbe.space/docs/profiles-social) — Understand Vibecodr profiles, feeds, comments, conversations, tags, topics, remix lineage, and the social context around runnable apps. - [Vibes and Pulses](https://player.vxbe.space/docs/vibes-pulses) — Get a clear mental model for VXBE client runtimes, artifact-scoped playback, same-origin Pulse routes, and when each architecture is best. - [Embeds Guide](https://player.vxbe.space/docs/embeds) — Embed vibes across sites safely with live-vs-exact artifact behavior, VXBE frame delivery, and sandbox constraints that preserve trust. - [Automation Safety](https://player.vxbe.space/docs/automation-safety) — Protect creators with safe defaults for triggers, grants, runtime-event automations, rate limits, and backend execution behavior. - [MCP for Agents](https://player.vxbe.space/docs/mcp-agents) — Understand the Vibecodr remote MCP gateway, Streamable HTTP endpoint, OAuth boundaries, Code Mode constraints, and agent-safe product tools. - [Pulse SDK and Handlers](https://player.vxbe.space/docs/handlers) — Use the Pulse SDK, definePulse, defineWebPulse, env.fetch, env.state, and web-standard Request/Response handlers to ship safe backend endpoints. - [Secrets and API Calls](https://player.vxbe.space/docs/secrets) — Configure secure external API access with secret handling patterns designed for multi-tenant safety. - [Approved CDNs](https://player.vxbe.space/docs/approved-cdns) — Reference allowed CDN, asset, and host policies so new projects remain compatible with runtime security controls. - [Pulse Routing](https://player.vxbe.space/docs/pulse-routing) — Map server files to same-origin /api routes and learn how routing decisions influence deployment and invocation behavior. - [Calling Pulses](https://player.vxbe.space/docs/calling-pulses) — Call Pulses from vibes and browsers with patterns for same-origin /api routes, grants, auth, and predictable request contracts. - [Troubleshooting](https://player.vxbe.space/docs/troubleshooting) — Diagnose Vibecodr preview, publish, player, embed, discovery, Pulse routing, secret, and backend capability issues with practical recovery paths. - [Build Your First Vibe](https://player.vxbe.space/docs/first-vibe) — Create, preview, publish, and reopen a first Vibecodr app while learning Composer, Studio, public playback, and BUMP IT basics. - [Import a Project](https://player.vxbe.space/docs/import-project) — Prepare ZIP and GitHub imports for Vibecodr, understand staged upload verification, and recover from common import or build failures. - [Supported Build Recipes](https://player.vxbe.space/docs/supported-build-recipes) — Reference Vibecodr build recipes, package manager support, output directories, and recipe failure recovery for imported projects. - [Source Visibility and Remix Rules](https://player.vxbe.space/docs/source-visibility-remix) — Understand public runtime, remixable source, private source, owner-only setup, and safe source projection for Vibecodr projects. - [Plans, Limits, and Quotas](https://player.vxbe.space/docs/plans-limits-quotas) — Understand Vibecodr plan limits for storage quota, project imports, Pulse usage, Pulse State, secrets, connections, and vanity domains. - [Storage Lanes](https://player.vxbe.space/docs/storage-lanes) — Learn how Vibecodr separates public media, editable source, staged uploads, runtime artifacts, dependency files, and safe cleanup. - [Blueprints Guide](https://player.vxbe.space/docs/blueprints) — Start from Vibecodr Blueprints, follow setup tasks, copy public source into Studio, and publish safe reusable Pulse patterns. - [Pulse Runtime API](https://player.vxbe.space/docs/pulse-runtime-api) — Reference the Vibecodr Pulse runtime API, including definePulse, defineWebPulse, env.fetch, env.secrets, env.connections, env.state, env.db, and env.runtime.capabilities(). - [Pulse State](https://player.vxbe.space/docs/pulse-state) — Use Pulse State for idempotent operations, duplicate webhook protection, runOnce workflows, retention, replay behavior, and quota-aware backend safety. - [Data Surfaces](https://player.vxbe.space/docs/data-surfaces) — Choose the right Vibecodr data surface for duplicate protection, app records, public media, external provider data, and public metadata. - [Public Assets and Runtime Files](https://player.vxbe.space/docs/public-assets-runtime-files) — Understand public media, passive assets, immutable runtime artifacts, deterministic dependency files, source access, and script trust in Vibecodr. - [Support Diagnostics](https://player.vxbe.space/docs/support-diagnostics) — Understand Vibecodr error fields, errorKey handling, retryable failures, request ids, status codes, and safe support reports. - [How Vibes Start](https://player.vxbe.space/docs/how-vibes-start) — Learn how Vibecodr vibes move from visible frame to shell readiness to interactive runtime behavior across player, focus, Studio, embeds, and vanity routes. - [Embed Sharing](https://player.vxbe.space/docs/embed-sharing) — Use Vibecodr embed controls, live-vs-exact behavior, sizing guidance, accessibility labels, and safe embed troubleshooting. - [Vanity Domains](https://player.vxbe.space/docs/vanity-domains) — Claim and manage Vibecodr vxbe.space vanity subdomains with target rules, plan limits, watermark behavior, embed interaction, and inactivity release expectations. - [Connections](https://player.vxbe.space/docs/connections) — Use Vibecodr provider connections from Pulse code with env.connections, understand how they differ from secrets, and handle missing or expired connected accounts. - [Discovery and Social Model](https://player.vxbe.space/docs/discovery-social-model) — Understand how Vibecodr public work appears in search, feeds, profiles, tags, topics, conversations, comments, remix lineage, and moderated social surfaces. - [MCP and CLI](https://player.vxbe.space/docs/mcp-cli) — Use Vibecodr MCP and CLI surfaces for product-shaped agent and terminal workflows while respecting upload, auth, publish, and capability boundaries. - [VC Tools](https://player.vxbe.space/docs/vc-tools) — Use the beta vc-tools Agent Computer for Quick Checks, Agent Browser, hosted Computer commands, Crawl, Saved Proof, account approval, and included paid-plan credits. - [Account and Safety Controls](https://player.vxbe.space/docs/account-safety-controls) — Find Vibecodr controls for account settings, billing, storage, secrets, connections, safety reports, blocks, bug reports, account deletion, and vulnerability disclosure. ## Retrieval Notes - Prefer `llms-full.txt` for broad platform context. - Prefer `/docs/*`, `/how-it-works`, `/lingo`, `/security`, and `/vulnerability-disclosure-policy` when you want human-readable HTML that also supports `Accept: text/markdown`. - `index.md` aliases are available for the primary docs/editorial routes, for example `/docs/how-to/index.md` and `/how-it-works/index.md`. - Treat `/player/*`, `/post/*`, `/u/*`, `/tags/*`, and authenticated routes as dynamic/public-user surfaces, not canonical documentation.