Scope
What Virex does, what it doesn't, and what it refuses to build
A short, honest reference for the limits of the product. The goal is not a legal page — it is clear expectations so you know exactly what you're getting and what stays on your side.
Product limits
Things Virex doesn't try to be
Knowing what a tool is not saves more time than knowing what it is. These are the lines Virex draws on purpose.
Not a full IDE
Virex generates, edits, repairs, and packages repos. Writing code by hand still happens in VS Code, Cursor, Webstorm, or whatever editor you already use — Virex hands you a clean repo to open there.
Not a hosting provider
You own the repo. Deploy it to Vercel, Railway, Fly, your own server — whatever fits. Virex doesn't force hosting and doesn't lock the output behind a runtime you rent from us.
Not a live collaboration tool
There's no shared cursor, real-time editing, or multi-user session. Each build is owned by one account. Teams can share the generated repo through GitHub like any other codebase.
Not a native mobile compiler
Mobile output runs through the Expo continuation lane. Virex doesn't generate bare-native Swift or Kotlin, and doesn't submit to the App Store or Play Store for you — those steps stay with you.
Not a package manager
The engine won't add, upgrade, or remove dependencies in package.json on its own. Dependency decisions stay yours — you add what you trust, and the engine uses what's already there.
Not a secrets manager
API keys, Stripe secrets, Supabase service roles, database URLs — you own those. Virex never asks for them, never stores them, and never writes them into a generated repo.
Guardrails inside the repo
What the engine won't touch during edits
Every edit and repair runs with a protected-files list so nothing critical to the build gets rewritten by accident.
Always protected
These files are skipped unless you explicitly remove them from the guardrails.
- package.json and lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock)
- Middleware files (middleware.ts, middleware.js)
- Next.js config (next.config.*)
- TypeScript config (tsconfig.json)
- Environment files (.env, .env.local, .env.production, etc.)
- Virex manifest files (.virex, virex.manifest.json)
Why this matters
These files are where a small edit can break the entire build silently. Keeping them off-limits to automated edits means rollback is always a working option.
Use-case policy
What Virex refuses to build
Virex enforces a short, strict content policy. Certain categories are blocked at the request layer and never reach code generation.
Child sexual abuse material
Any prompt related to CSAM or the sexualisation of minors is blocked without exception. No grey area, no jailbreaks, no 'educational' framing.
Phishing and credential theft
Fake login pages targeting real brands, password harvesting flows, cookie stealers, or UI designed to impersonate a real service for credential capture are refused.
Malware and intrusion tooling
Keyloggers, ransomware, exploit delivery, cryptojacking scripts, or tooling designed to compromise systems the builder doesn't own are out of scope.
Targeted harassment and stalking
Tools built to track, doxx, harass, or threaten a specific real person or group are refused. Generic safety and moderation tools are fine; targeted-harassment tools are not.
Weapons and high-harm instructions
Virex is a web and mobile app builder. Prompts that pivot into weapons fabrication, explosives, bio/chem synthesis, or similar high-harm territory are blocked.
Deliberate fraud infrastructure
Apps engineered to run scams — fake marketplaces designed to take payment and never deliver, synthetic-identity pipelines, forged-document generators — are refused.
How the block works
Requests are checked at the prompt-moderation layer before any template selection or generation happens. A blocked request returns a clear explanation and does not consume Deep Engine credits. Repeated attempts are logged against the account.
Grey areas
Things Virex will build, but not everything inside them
These categories are legitimate and supported. Some individual features inside them still sit on your side.
Commerce and marketplaces
Fully supported. You still need to register your own Stripe account, set real products, and follow the payment provider's own rules for the categories you sell.
Adult content (legal, consenting)
Age-gating shells and adult-oriented commerce can be generated, but the content, moderation, compliance, and regional legality stay entirely with you.
Political and activist tools
Campaign sites, civic platforms, and activist tools are supported. Virex doesn't pick sides — it also won't generate disinformation, coordinated manipulation, or impersonation infrastructure.
AI-adjacent products
Chat apps, analyzers, and AI-tool products are first-class templates. You bring your own model keys and your own rate limits — the repo wires the plumbing.
Next
Where to go from here
These pages go deeper into the guardrails and setup mentioned above.