DocsTechnology

Free

Technology

A deep dive into the AI systems, security scanning, and code generation architecture that power GenMB.

Architecture-Aware Generation

GenMB doesn't generate isolated code snippets. It generates multi-layer applications with proper separation of concerns — the same patterns a senior developer would use.

Controllers / Routes

API endpoint definitions with request validation and response formatting.

Services

Business logic isolated from HTTP concerns, reusable across routes.

Models

Data schemas (Pydantic, TypeScript interfaces) shared between frontend and backend.

Components

React components with proper props, state management, and event handling.

Configuration

Environment config, middleware setup, CORS, and deployment manifests.

Not just templates

Every generation is unique. The AI analyzes your specific requirements and generates custom code — not pre-built templates with variable substitution.

Multi-File Project Structure

Complex apps are generated as proper multi-file projects with separate files for each concern. The AI creates consistent imports, shared types, and module boundaries across all files.

# Example: Full-stack task manager

src/

components/TaskList.tsx, TaskForm.tsx, Layout.tsx

hooks/useTasks.ts, useAuth.ts

types/index.ts

lib/api.ts

backend/

main.py, routes/tasks.py, models/task.py

services/task_service.py, auth.py

An import processor validates every cross-file reference. Missing imports, circular dependencies, and type mismatches are caught and fixed before you see the code.

AI Provider System

GenMB uses a multi-provider architecture with automatic failover. No single model failure can break your generation.

Fallback chains

Each model has a 2-deep fallback chain that crosses provider boundaries (e.g., Gemini Flash -> GPT-5.2 -> Gemini Pro).

Circuit breaker

Tracks success/failure per model. When a model is failing, the system falls back immediately without waiting for timeouts.

Retry with backoff

Exponential backoff with jitter on transient errors. Retries exhaust before fallback triggers.

Task routing

Different AI tasks (generation, healing, detection, chat) can use different models optimized for each task type.

Security Scanning

Every generation runs through an OWASP Top 10 security scanner — pure static analysis with no LLM calls, completing in ~50ms.

XSS (A03)

Detects innerHTML assignments, dangerouslySetInnerHTML without sanitization, unescaped user input in templates.

Injection (A03)

Catches SQL via f-string interpolation, eval() with user input, and unsanitized command execution.

Exposed Secrets (A02)

Finds hardcoded API keys, tokens, and passwords in source code across all file types.

Broken Auth (A07)

Detects tokens stored in localStorage, missing CSRF protection, and insecure session handling.

Misconfigured CORS (A05)

Flags Access-Control-Allow-Origin: * and overly permissive CORS configurations.

The security score (0-100) is calculated as: 100 minus 20 per critical finding, 10 per high, 3 per medium, and 1 per low. Critical and high findings are automatically fed into the Code Healer for remediation.

Code Healing Pipeline

The Code Healer is an AI-powered repair system that fixes issues found during validation. It uses a tool-based approach — reading files, identifying issues, and applying targeted edits.

Collect

All issues from syntax checks, import validation, security scanning, and backend validation are collected in one pass.

Heal

The AI healer receives all issues together, giving it full context to fix root causes rather than chasing symptoms one by one.

Verify

After healing, the code is re-validated. If issues remain, a second healing pass runs. Up to 3 attempts ensure thorough remediation.

Tool-based healing

The healer uses tools (list_files, read_file, edit_file, write_file) just like a human developer would — reading code, understanding context, and making precise edits rather than regenerating entire files.

Plugin Injection

GenMB's 75+ plugins inject context directly into AI prompts during generation. When you mention "add Stripe payments," the Stripe plugin's configuration, code snippets, and best practices are included in the generation context.

Detection

Plugins are auto-detected from your prompt keywords and existing code patterns. No manual configuration needed.

Injection

Plugin templates and code snippets are injected into the generation prompt, giving the AI concrete implementation guidance.

Idempotent

Re-injection is safe. SDK markers ensure plugins are never duplicated across regenerations.

FAQs

How is GenMB different from tools that only generate UI?▾

GenMB generates complete applications — frontend, backend, database schema, authentication, and API routes. When you describe a "task manager with user accounts," you get React components, FastAPI routes, database models, auth middleware, and deployment configuration. Not just a mockup.

How does the AI handle complex dependencies between files?▾

The AI is architecture-aware. It generates consistent imports, shared types, and proper module boundaries across all files. The import processor validates every cross-file reference and the Code Healer fixes any inconsistencies.

What AI models power GenMB?▾

GenMB uses a multi-provider system with automatic fallback chains. Primary generation uses Gemini Flash for speed. Complex tasks can use GPT-5.2 for deeper reasoning. Each model has a 2-deep fallback chain that crosses provider boundaries, so if one model is unavailable, generation continues seamlessly.

Can GenMB generate enterprise-ready code?▾

Yes. Generated code includes proper error handling, input validation, OWASP-compliant security patterns, role-based access control, and structured logging. The architecture follows separation of concerns with controllers, services, and models.

Ready to build?

Create your first app for free — no credit card required.

How It Works For Founders