docs: align vibe-coding prompt + install guide with canonical API

[Dhravya]

Summary

A survey of 52 hackathon projects integrating Supermemory found the same handful of AI-codegen failure modes over and over: deprecated containerTags plural array, legacy /v3/search, missing containerTag scoping (every user's data lands in one bucket), and inconsistent auth headers. Two of our own docs — `vibe-coding.mdx` (the prompt users paste into Claude/Cursor) and `install.md` (the same prompt as a separate doc) — were actively recommending those patterns.

This PR aligns both with the canonical API.

`apps/docs/vibe-coding.mdx`

• Added a CANONICAL API SURFACE + DO NOT USE block before STEP 1 so the agent sees the rules before any code example.
• Replaced every `x-supermemory-api-key` with `Authorization: Bearer`.
• Replaced `containerTags: [userId]` (plural array) with `containerTag: userId` (singular string).
• Repaired ~10 broken code fences. STEPs 3 through 8 were all malformed (bare `typescript` / `bash` lines instead of triple-backtick fences), and the `USER-ONLY APP` example was an empty block.
• Added an explicit note that `rerank` / `rewriteQuery` / `filters` are valid on `/v4/search` only.
• Added a note that `client.memories.update` / `delete` / `forget` are real methods but most apps don't need them — memories are auto-extracted, so a write to `/v3/documents` is usually the right call.

`apps/docs/install.md`

• All 8 occurrences of `x-supermemory-api-key` → `Authorization: Bearer` with `Content-Type` added where needed.

Intentionally not touched

`apps/docs/{memory-router,ai-sdk/infinite-chat,model-enhancement,supermemory-mcp}/` continue to use `x-sm-user-id` / `x-sm-project` — those endpoints actually route off those headers, so the docs are correct as-is. Same for any `x-supermemory-api-key` references in those subtrees.

Companion PR

supermemoryai/skills#2 applies the same canonical-surface + anti-patterns treatment to the Supermemory Claude Code skill, which is the higher-leverage fix (every Claude Code session that uses the skill loads it into context).

Test plan

• Mintlify preview renders all the repaired code fences correctly.
• Grep `apps/docs/vibe-coding.mdx` and `apps/docs/install.md` for `x-supermemory-api-key` / `containerTags` / `/v3/search` / `/v3/memories` — should appear only in the FORBIDDEN list inside the prompt.
• Skim the prompt as if you were Claude — does it teach you to write code that scopes by `containerTag` and uses Bearer? Yes.

🤖 Generated with Claude Code

[claude]

Claude finished @Dhravya's task in 1m 28s —— View job

---

Review Complete

• Analyze PR context and changes
• Review documentation changes for correctness
• Check for any issues in code examples
• Submit review summary

Overview: Aligns documentation with the canonical API by updating auth headers, fixing containerTag singularity, and repairing broken code fences.

Issues found:

• apps/docs/install.md line 245: Incorrect Content-Type: application/json header on a FormData file upload — this will break the request. The same example in vibe-coding.mdx correctly omits this header.

Score: 9/10

Clean documentation update that addresses real codegen failure modes. The CANONICAL API SURFACE + DO NOT USE blocks are a smart addition for AI context. One bug in the file upload example needs fixing before merge.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
✅ Deployment successful! View logs	supermemory-mcp	816bc49	May 19 2026, 10:24 PM

[claude]

Overview: Aligns documentation with the canonical API by updating auth headers, fixing containerTag singularity, and repairing broken code fences.

Issues found:

• apps/docs/install.md line 245: Incorrect Content-Type: application/json header on a FormData file upload — this will break the request. The same example in vibe-coding.mdx correctly omits this header.

Score: 9/10

Clean documentation update that addresses real codegen failure modes. The CANONICAL API SURFACE + DO NOT USE blocks are a smart addition for AI context. One bug in the file upload example needs fixing before merge.

[claude]

Bug: Setting Content-Type: application/json when the body is a FormData object will break file uploads. The fetch API automatically sets Content-Type: multipart/form-data with the correct boundary when passing FormData as the body.

Note that vibe-coding.mdx correctly omits this header for the same file upload example.

Suggested change

	headers: {
	'Authorization': `Bearer ${process.env.SUPERMEMORY_API_KEY}`,
	'Content-Type': 'application/json',
	},
	headers: {
	'Authorization': `Bearer ${process.env.SUPERMEMORY_API_KEY}`,
	},

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	supermemory-app	816bc49	Commit Preview URL Branch Preview URL	May 19 2026, 10:25 PM

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
supermemory	🟢 Ready	View Preview	May 19, 2026, 10:37 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.