Manifest & Bundle Schema
VibeFi uses two JSON files in the packaging flow:
- Pre-bundle
vibefi.json(authored with the dapp source) - Post-bundle
manifest.json(generated byvibefi package)
The client verifies generated manifest.json before building.
Source Properties (vibefi.json)
{
"addresses": {
"mainnet": {
"pool": "0x87870Bca3F3fD6335C3F4ce8392D69350B4fA4E2"
}
},
"capabilities": {
"ipfs": {
"allow": [
{
"cid": "bafy...",
"paths": ["metadata/**"],
"as": ["json", "text", "snippet", "image"],
"maxBytes": 262144
}
]
}
}
}
addresses is required and validated for EIP-55 checksums (numeric metadata like chainId is allowed). capabilities is optional.
Capabilities
capabilities is optional in source vibefi.json. When present, packaging validates it and copies it into emitted manifest.json.
Current shape:
capabilities.ipfs.allow[]: allowlist entries for IPFS reads.paths: non-empty path-pattern list.as: non-empty list of allowed read kinds (json,text,snippet,image).cid(optional): pin policy to a specific CID.maxBytes(optional): positive integer byte limit per read.
Manifest Structure
{
"name": "My Dapp",
"version": "1.0.0",
"description": "A VibeFi dapp",
"createdAt": "2026-02-14T12:00:00.000Z",
"layout": "constrained",
"capabilities": {
"ipfs": {
"allow": [
{
"cid": "bafy...",
"paths": ["metadata/**"],
"as": ["json", "text", "snippet", "image"],
"maxBytes": 262144
}
]
}
},
"constraints": {
"type": "default",
"allowedDependencies": { "react": "19.2.4", "viem": "2.45.0", "..." : "..." },
"allowedDevDependencies": { "vite": "7.2.4", "typescript": "5.9.3", "..." : "..." }
},
"entry": "index.html",
"files": [
{ "path": "index.html", "bytes": 542 },
{ "path": "src/App.tsx", "bytes": 1823 },
{ "path": "abis/ERC20.json", "bytes": 4201 },
{ "path": "vibefi.json", "bytes": 612 },
{ "path": "assets/logo.webp", "bytes": 8422 }
]
}
| Field | Type | Description |
|---|---|---|
name | string | Dapp display name |
version | string | Dapp version string |
description | string | Human-readable description |
createdAt | ISO8601 | Packaging timestamp |
layout | "constrained" | "static-html" | Bundle layout selected by CLI |
capabilities | object | Optional runtime capability rules copied from source vibefi.json |
constraints | object | Security policy used during packaging (type). Includes dependency allowlists for constrained bundles; type: "static-html" for static bundles |
entry | string | Entry HTML file (always index.html) |
files | {path, bytes}[] | Every file in the bundle — client verifies sizes against disk |
Allowed Bundle Files
Constrained Layout
| Path | Extensions | Notes |
|---|---|---|
src/** | .ts, .tsx, .css | Application source |
src/main.tsx | .tsx | Required constrained entrypoint source file |
assets/** | .webp | Images |
abis/** | .json | Contract ABIs (must parse as valid JSON) |
vibefi.json | — | Source properties (addresses, optional capabilities) |
index.html | — | Entry point; must include <script type="module" src="/src/main.tsx"></script> |
package.json | — | Required for layout detection; dependencies validated against allowlist |
tsconfig.json, vite.config.ts | — | Generated by runtime build path (not source-authoring requirements) |
Static-HTML Layout
| Path | Extensions | Notes |
|---|---|---|
| bundle tree | .html, .js, .json | Any depth; other extensions rejected by packaging |
vibefi.json | — | Required source properties |
index.html | — | Required entry point |
Determinism
The file list is sorted alphabetically and serialized with a stable JSON stringifier. Identical source produces identical manifests and therefore identical IPFS CIDs across runs.