Skip to main content
@enclave-vm/browser brings Enclave’s defense-in-depth security model to the browser. Instead of Node.js VM contexts, it uses a double iframe architecture with CSP isolation, prototype freezing, and secure proxies to safely execute untrusted and LLM-generated code entirely client-side.

AST Validation

Block dangerous constructs before execution using ast-guard’s AgentScript preset

Code Transformation

Automatically transform code for safe execution with proxied functions and loop limits

Double Iframe Sandbox

Execute in nested iframe isolation with CSP, sandbox attributes, and secure proxies

When to Use Browser Enclave

  • Client-side AI code execution — Run LLM-generated code in the browser without a server round-trip
  • No server required — All sandboxing happens in the browser via iframe isolation
  • Interactive code playgrounds — Build code editors with live execution and tool integration
  • Edge and offline scenarios — Execute sandboxed code without network connectivity
  • Rapid prototyping — Let users experiment with AgentScript in the browser

Browser vs Node.js

Installation

Quick Start

Execution Results

Every call to run() returns a structured result with success/error status and execution statistics:

Error Codes