TL;DR
Developer demonstrates feasibility of running agentic AI tools safely in-browser using filesystem isolation, CSP constraints, and WASM sandboxing.
Key Points
- File System Access API enables chroot-like directory restrictions with read/write permissions scoped to user-selected folders
- Content Security Policy combined with double-iframe pattern isolates untrusted LLM output and prevents data exfiltration via network requests
- Co-do demo implements complete AI file manager in browser using WASM binaries for text operations without server-side processing
- Identifies browser gaps: CSP attribute missing in Firefox/Safari iframes, iframe sizing limitations, and performance overhead of double-iframe pattern
Why It Matters
As agentic AI tools become mainstream, browser-native sandboxing offers a practical alternative to VM-based isolation for local automation tasks. This research clarifies what's possible today and what browser APIs need improvement to safely run untrusted AI-generated code with filesystem access.
Source: aifoc.us