A production-ready TypeScript/React framework for AI-assisted runtime UI modification with multi-layered security boundaries.
When building AI-powered applications where coding agents modify UI at runtime, you need to:
- Protect critical components (auth, payments, core logic) from AI changes
- Secure data flows and API access from AI-generated code
- Control AI code generation with configurable size/scope limits
- Ensure runtime safety with validation and rollback
RuntimeUI solves all of these with a reusable, extensible framework.
npm install
npm run buildimport { RuntimeEngine, Locked, AIModifiable } from 'runtime-ui-framework';
// 1. Protect your components
@Locked
class PaymentForm extends React.Component {
// AI cannot touch this
}
@AIModifiable({ maxSize: 300 })
class Dashboard extends React.Component {
// AI can modify this
}
// 2. Initialize runtime engine
const engine = new RuntimeEngine({
maxTokens: 4000,
maxComponents: 10,
maxLinesPerComponent: 200
});
// 3. Process AI modifications
const result = await engine.processModification({
userQuery: "Make the dashboard cards bigger",
generatedCode: aiGeneratedCode
});
if (result.success) {
// Code validated and applied!
} else {
// Show validation errors
console.log(result.validation.errors);
}Read the 5-minute Quick Start Guide β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β USER QUERY β
β "Make the grid 4 columns" β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI CODE ENGINE β
β (GPT-4, Claude, or custom model) β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β RUNTIME ENGINE β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Layer 1: Constraint Validation β β
β β - Token limits, size limits, patterns β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β Layer 2: Component Protection β β
β β - Check locked/protected components β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β Layer 3: Security Analysis β β
β β - XSS, injection, unsafe patterns β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β
β β Layer 4: Sandbox Testing β β
β β - Parse and validate in isolation β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββ
β
APPLY or REJECT
Read the Full Architecture Guide β
Three-tier protection system with decorators:
@Locked // AI cannot touch at all
@Protected({ // AI can only update styles/props
allowedOperations: ['update-style', 'update-props']
})
@AIModifiable({ // AI has full control
maxSize: 300,
dataAccess: { canReadData: true, canWriteData: false }
})Proxy-based access control:
// Secure API access
const secureFetch = APIGuard.createSecureFetch({
canReadData: true,
canWriteData: false,
allowedEndpoints: ['/api/products'],
forbiddenEndpoints: ['/api/admin']
});
// Protected data stores
DataStoreGuard.protect('authToken');
const secureStore = DataStoreGuard.createSecureStore(store, policy);Configurable constraints:
{
maxTokens: 4000, // Max tokens per generation
maxComponents: 10, // Max components modified
maxLinesPerComponent: 200, // Max lines per component
allowedLibraries: ['react'], // Import whitelist
forbiddenPatterns: [/eval\(/, /fetch\(/] // Pattern blocklist
}Every AI modification goes through:
- Constraint validation (size, tokens, patterns)
- Protection check (locked components)
- Security analysis (XSS, injection)
- Sandbox testing (safe execution)
- Rollback support (undo mechanism)
// View request logs
const log = APIGuard.getRequestLog();
// View modification history
const history = engine.getHistory();
// Rollback to previous state
engine.rollback(rollbackToken);RuntimeUI/
βββ src/
β βββ core/ # Core framework
β β βββ types.ts
β β βββ decorators.ts # @Locked, @Protected, @AIModifiable
β β βββ registry.ts # Component registry
β β βββ constraints.ts # Generation limits
β β βββ api-guard.ts # API security
β β βββ validator.ts # Code validation
β β βββ runtime-engine.ts
β βββ react/ # React integration
β βββ utils/ # Helper utilities
βββ examples/ # Complete examples
βββ README.md
βββ ARCHITECTURE.md # Detailed architecture
βββ QUICKSTART.md # 5-minute guide
βββ SOLUTION_SUMMARY.md # Solution overview
- Quick Start Guide - Get started in 5 minutes
- Architecture Guide - Detailed design and patterns
- Solution Summary - Problem β solution mapping
- Examples - Real-world usage examples
See examples/runtime-modification.ts
See examples/api-protection.tsx
See examples/complete-app-example.tsx
- β Multi-layered protection (4 validation stages)
- β Component-level access control
- β API endpoint allowlist/denylist
- β Forbidden pattern detection (eval, XSS, injection)
- β Token and size limits
- β Sandbox execution testing
- β Request logging and monitoring
- β Rollback mechanism
- AI-Powered Dashboards - Let users customize layouts via natural language
- Dynamic Forms - AI generates form fields based on user requirements
- Theme Customization - AI applies styling based on user preferences
- Content Layouts - AI arranges content based on viewport/device
- A/B Testing - AI generates UI variations for testing
engine.updateConstraints({
maxTokens: 8000,
allowedLibraries: ['react', 'styled-components', 'lodash']
});import { formatValidationResult, getCodeStats } from 'runtime-ui-framework';
const result = await engine.processModification({...});
console.log(formatValidationResult(result.validation));
console.log(getCodeStats(generatedCode));import { withProtection } from 'runtime-ui-framework';
const SecureButton = withProtection(Button, 'Button', {
canReadData: true,
canWriteData: false
});Works with any AI provider:
- OpenAI (GPT-4, GPT-3.5)
- Anthropic (Claude)
- Google (Gemini)
- Custom models
Simply pass the AI-generated code to engine.processModification().
| Feature | RuntimeUI | Manual Implementation |
|---|---|---|
| Component Protection | β Built-in 3-tier | β Custom per-app |
| API Security | β Proxy + policies | ~ Basic blocking |
| Size Limits | β Configurable | β Manual checks |
| Validation | β 4-stage pipeline | ~ Basic |
| Rollback | β Automatic | β Manual |
| Monitoring | β Built-in | β Custom logging |
| Reusability | β Framework | β Copy-paste |
| Type Safety | β Full TypeScript | ~ Partial |
- Read QUICKSTART.md for a 5-minute tutorial
- Explore examples/ for real-world patterns
- Review ARCHITECTURE.md for deep dive
- Customize constraints for your use case
- Integrate with your AI provider
- Deploy with confidence
MIT License - see LICENSE file for details
Contributions welcome! Please read our contributing guidelines.
- GitHub Issues for bug reports
- Discussions for questions
- Examples for common patterns
Built with β€οΈ for safe AI-assisted development