Elastik - treating LLM as an untrusted HTTP client (~200 lines) #8049
rangersui
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Built a minimal protocol for human-AI interaction. One MCP tool: http(method, path, body), transparent passthrough to a local server.
AI writes strings. Server stores them. Browser renders them in a sandboxed iframe. Server never inspects content.
Security: instead of semantic guardrails, physical isolation.
iframe sandbox (frontend) + Docker (backend) + git merge (evolution). Same principle as never trusting a browser just applied to LLM.
Read your CORS blog post, similar direction but I went with physical isolation over origin validation.
github.com/rangersui/Elastik
Beta Was this translation helpful? Give feedback.
All reactions