Prerequisites
- macOS 14 (Sonoma) or later
- Vibe for Mac installed
Opening a .vibeapp
Double-click any.vibeapp file in Finder. Vibe will:
- Verify the signature — check the Ed25519 signature against the package’s file hashes
- Show the trust state — one of four states (see below)
- Prompt for capabilities — list the permissions the app requests (network, file import, etc.)
- Start the VM — boot the persistent Alpine Linux VM if not already running
- Pull images and start services — containers start in dependency order
- Open the app window — a WebView connected to the app’s primary port
Trust States
| State | Condition | What you see |
|---|---|---|
| Signed + Trusted | Valid signature from a publisher you trust | Green indicator; capabilities shown but not gated |
| Signed + Untrusted | Valid signature, publisher not in your trust store | Yellow warning; option to trust publisher |
| Unsigned (Dev Mode) | No signature — intended for local development | Orange warning; explicit acknowledgement required |
| Tampered | Signature present but verification fails | Red block; app cannot be opened |
Capability Prompts
Before an app runs for the first time, Vibe shows you the capabilities it requests:| Capability | What it means |
|---|---|
| Network access | App can make outbound internet requests |
| Host file import | App can import files from your Mac |
| Port exposure | App will listen on a local network port |