AI coding agent in your browser
# Add to your Claude Code skills
git clone https://github.com/BrandeisPatrick/blankspaceLast scanned: 6/11/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@google-cloud/firestore: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@google-cloud/storage: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@protobufjs/utf8: protobufjs has overlong UTF-8 decoding",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@tootallnate/once: @tootallnate/once vulnerable to Incorrect Control Flow Scoping",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@vercel/fun: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@vercel/gatsby-plugin-vercel-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@vercel/hydrogen: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@vercel/node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@vercel/redwood: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@vercel/remix-builder: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@vercel/routing-utils: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@vercel/static-build: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@vercel/static-config: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"severity": "low"
},
{
"type": "npm-audit",
"message": "dompurify: DOMPurify contains a Cross-site Scripting vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "fast-xml-parser: fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "firebase-admin: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "gaxios: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "google-gax: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "monaco-editor: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "node-forge: Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)",
"severity": "high"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp outputs backtracking regular expressions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: Arbitrary code execution in protobufjs",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "react-router: React Router vulnerable to XSS via Open Redirects",
"severity": "high"
},
{
"type": "npm-audit",
"message": "react-router-dom: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "retry-request: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: Denial of service while parsing a tar file due to lack of folders count validation",
"severity": "high"
},
{
"type": "npm-audit",
"message": "teeny-request: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "undici: Use of Insufficiently Random Values in undici",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vercel: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-06-11T08:49:51.103Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
Open-source AI app builder. Fast, simple, self-hostable (optimized for mobile).
┌─────────────────────────────────────────────────────────────────┐
│ FRONTEND │
│ src/ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ React + Vite │ │
│ │ │ │
│ │ components/ UI components (editor, preview, chat) │ │
│ │ contexts/ React contexts (auth, files, theme) │ │
│ │ hooks/ Custom React hooks │ │
│ │ services/ Business logic & AI orchestration │ │
│ │ ├── orchestration/ Multi-agent routing │ │
│ │ ├── tools/ LLM function calling tools │ │
│ │ ├── prompts/ Prompt templates │ │
│ │ └── utils/ Shared utilities │ │
│ └───────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
│
│ HTTP/REST API
▼
┌─────────────────────────────────────────────────────────────────┐
│ BACKEND API │
│ api/ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ Vercel Serverless Functions │ │
│ │ │ │
│ │ chat.js OpenAI proxy (GPT-5, web search) │ │
│ │ gemini.js Google Gemini proxy (code generation) │ │
│ │ files.js File CRUD (Firebase Storage) │ │
│ │ conversations.js Conversation history │ │
│ │ user/ User profile, usage, quotas │ │
│ └───────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
│
│ External Services
▼
┌─────────────────────────────────────────────────────────────────┐
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ OpenAI │ │ Google │ │ Firebase │ │
│ │ GPT-5 │ │ Gemini │ │ Auth + DB │ │
│ └─────────────┘ └─────────────┘ └─────────────┘ │
└─────────────────────────────────────────────────────────────────┘
/
├── src/ # React frontend (Vite)
│ ├── components/ # UI components
│ ├── contexts/ # React contexts (auth, files, theme)
│ ├── hooks/ # Custom React hooks
│ ├── services/ # Business logic & AI orchestration
│ │ ├── orchestration/ # Multi-agent routing
│ │ ├── tools/ # LLM function calling tools
│ │ ├── prompts/ # Prompt templates
│ │ └── utils/ # Shared utilities
│ ├── styles/ # Global styles
│ └── templates/ # Project templates
│
├── api/ # Vercel serverless functions
│ ├── chat.js # OpenAI chat endpoint
│ ├── gemini.js # Gemini code generation
│ ├── files.js # File operations
│ ├── conversations.js # Conversation history
│ └── user/ # User endpoints
│
└── public/ # Static assets
The orchestration layer routes user requests to specialized agents:
| Agent | Model | Purpose | Tools |
|---|---|---|---|
| Code Agent | Gemini 3 Flash/Pro | Code generation, debugging | read, write, edit, glob, grep, validate |
| Chat Agent | GPT-5-mini | General conversation, web search | None (single response) |
| Assistant Agent | GPT-5-mini | File operations on user storage | read_file, write_file, list_directory |
User Message
│
▼
Intent Classification (GPT-4o-mini)
│
├── "create" / "debug" ──→ Code Agent ──→ Gemini API
│ │
│ ▼
│ Tool Loop (read/write/validate)
│ │
│ ▼
│ Generated Files
│
├── "chat" ──→ Chat Agent ──→ OpenAI API (+ web search)
│ │
│ ▼
│ Text Response
│
└── "assistant" ──→ Assistant Agent ──→ OpenAI API
│
▼
File Operations (Firebase Storage)
npm install
vercel
# 1) Clone
git clone https://github.com/BrandeisPatrick/blank-space
cd blank-space
# 2) Configure
cp .env.example .env.local
# Edit .env.local with your API keys
# 3) Install & run
npm install
npm run dev
# open http://localhost:5173
# Required
OPENAI_API_KEY=sk-...
GOOGLE_AI_API_KEY=...
# Firebase (for auth & storage)
FIREBASE_PROJECT_ID=...
FIREBASE_PRIVATE_KEY=...
FIREBASE_CLIENT_EMAIL=...
# Optional
USE_GPT5=true # Enable GPT-5 models
PRODUCTION_MODE=true # Use premium models everywhere
git checkout -b feature/amazing-feature)git commit -m 'Add amazing feature')git push origin feature/amazing-feature)Apache 2.0 - see LICENSE for details.