From 9158d71e7982e4a7a5d9812e98e9588053d9ceb0 Mon Sep 17 00:00:00 2001
From: Matthew Grange <mgrange@meta.com>
Date: Fri, 27 Mar 2026 13:29:43 -0700
Subject: [PATCH] =?UTF-8?q?Add=20web=20playground=20=E2=80=94=20in-browser?=
 =?UTF-8?q?=20privacy=20analysis=20via=20Pyodide=20(#122)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Summary:

## Problem
PrivacyGuard is an OSS privacy auditing library, but users need to install Python + dependencies to try it. There's no interactive way to explore the attacks and analyses without setting up a local environment.

## Solution
A React + Vite single-page app that runs PrivacyGuard's actual Python analysis code in the browser via Pyodide (CPython compiled to WebAssembly). No server, no backend — user data never leaves the browser.

## What's Included (Stage 1 MVP)

**Web UI** (`privacy_guard/github/web/`):
- Landing page with attack category cards
- MIA tab (LiRA, RMIA, Calib sub-tabs) with parameter forms and CSV input
- LIA tab with target + calibration model inputs
- Text Similarity tab (TextInclusion + EditSimilarity, Probabilistic Memorization)
- f-DP Calculator tab (instant epsilon computation)
- Code Similarity tab (Coming Soon placeholder)
- Results display with summary cards and JSON/CSV export

**Pyodide Integration**:
- Web Worker runs Pyodide in background thread for UI responsiveness
- Bridge layer for async React ↔ Worker communication
- Python runners module with entry points for each attack/analysis
- Module loader copies PrivacyGuard .py files into static assets at build time (no duplication)

**Deployment**:
- GitHub Actions workflow (`deploy-web.yml`) deploys to GitHub Pages
- Triggers on changes to `web/`, `attacks/`, or `analysis/`
- Separate from library CI — web build failures don't block library releases

**Design document**: `privacy_guard/docs/plans/2026-03-27-web-playground-design.md`

## What's NOT included (future stages)
- Stage 2: torch shim for MIA AnalysisNode (epsilon/AUC/CI), Plotly.js charts
- Stage 3: Code Similarity via web-tree-sitter

Differential Revision: D98518329
---
 .github/workflows/deploy-web.yml     |  54 ++++
 web/.gitignore                       |  18 ++
 web/index.html                       |  12 +
 web/package.json                     |  34 ++
 web/src/App.tsx                      |  34 ++
 web/src/components/DataInput.tsx     | 119 +++++++
 web/src/components/ExportButton.tsx  |  18 ++
 web/src/components/ParameterForm.tsx | 103 ++++++
 web/src/components/ResultsCard.tsx   | 140 +++++++++
 web/src/index.css                    | 453 +++++++++++++++++++++++++++
 web/src/main.tsx                     |  10 +
 web/src/pyodide/bridge.ts            |  74 +++++
 web/src/pyodide/python/runners.py    | 274 ++++++++++++++++
 web/src/pyodide/worker.ts            | 169 ++++++++++
 web/src/tabs/CodeSimilarityTab.tsx   |  52 +++
 web/src/tabs/FDPCalculatorTab.tsx    | 133 ++++++++
 web/src/tabs/LIATab.tsx              | 167 ++++++++++
 web/src/tabs/Landing.tsx             |  67 ++++
 web/src/tabs/MIATab.tsx              | 379 ++++++++++++++++++++++
 web/src/tabs/TextSimilarityTab.tsx   | 224 +++++++++++++
 web/src/utils/export.ts              |  24 ++
 web/src/vite-env.d.ts                |   1 +
 web/tsconfig.app.json                |  25 ++
 web/tsconfig.json                    |   7 +
 web/tsconfig.node.json               |  24 ++
 web/vite.config.ts                   |  58 ++++
 26 files changed, 2673 insertions(+)
 create mode 100644 .github/workflows/deploy-web.yml
 create mode 100644 web/.gitignore
 create mode 100644 web/index.html
 create mode 100644 web/package.json
 create mode 100644 web/src/App.tsx
 create mode 100644 web/src/components/DataInput.tsx
 create mode 100644 web/src/components/ExportButton.tsx
 create mode 100644 web/src/components/ParameterForm.tsx
 create mode 100644 web/src/components/ResultsCard.tsx
 create mode 100644 web/src/index.css
 create mode 100644 web/src/main.tsx
 create mode 100644 web/src/pyodide/bridge.ts
 create mode 100644 web/src/pyodide/python/runners.py
 create mode 100644 web/src/pyodide/worker.ts
 create mode 100644 web/src/tabs/CodeSimilarityTab.tsx
 create mode 100644 web/src/tabs/FDPCalculatorTab.tsx
 create mode 100644 web/src/tabs/LIATab.tsx
 create mode 100644 web/src/tabs/Landing.tsx
 create mode 100644 web/src/tabs/MIATab.tsx
 create mode 100644 web/src/tabs/TextSimilarityTab.tsx
 create mode 100644 web/src/utils/export.ts
 create mode 100644 web/src/vite-env.d.ts
 create mode 100644 web/tsconfig.app.json
 create mode 100644 web/tsconfig.json
 create mode 100644 web/tsconfig.node.json
 create mode 100644 web/vite.config.ts

diff --git a/.github/workflows/deploy-web.yml b/.github/workflows/deploy-web.yml
new file mode 100644
index 0000000..6c9e2a9
--- /dev/null
+++ b/.github/workflows/deploy-web.yml
@@ -0,0 +1,54 @@
+name: Deploy Web Playground
+
+on:
+  push:
+    branches: [ main ]
+    paths:
+      - 'web/**'
+      - 'attacks/**'
+      - 'analysis/**'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: false
+
+jobs:
+  build:
+    name: Build web playground
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '20'
+        cache: 'npm'
+        cache-dependency-path: web/package-lock.json
+    - name: Install dependencies
+      run: npm ci
+      working-directory: web
+    - name: Build
+      run: npm run build
+      working-directory: web
+    - name: Upload pages artifact
+      uses: actions/upload-pages-artifact@v3
+      with:
+        path: web/dist
+
+  deploy:
+    name: Deploy to GitHub Pages
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+    - name: Deploy to GitHub Pages
+      id: deployment
+      uses: actions/deploy-pages@v4
diff --git a/web/.gitignore b/web/.gitignore
new file mode 100644
index 0000000..5ccae52
--- /dev/null
+++ b/web/.gitignore
@@ -0,0 +1,18 @@
+# Dependencies
+node_modules
+
+# Build output
+dist
+
+# Generated at build time by vite.config.ts
+public/pg_modules
+
+# Editor directories and files
+.vscode/*
+!.vscode/extensions.json
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
diff --git a/web/index.html b/web/index.html
new file mode 100644
index 0000000..e0f738b
--- /dev/null
+++ b/web/index.html
@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>PrivacyGuard Playground</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/main.tsx"></script>
+  </body>
+</html>
diff --git a/web/package.json b/web/package.json
new file mode 100644
index 0000000..86055e6
--- /dev/null
+++ b/web/package.json
@@ -0,0 +1,34 @@
+{
+  "name": "privacyguard-web",
+  "private": true,
+  "version": "0.0.1",
+  "type": "module",
+  "scripts": {
+    "dev": "vite",
+    "build": "tsc -b && vite build",
+    "lint": "eslint .",
+    "preview": "vite preview"
+  },
+  "dependencies": {
+    "plotly.js-dist-min": "^2.35.0",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "react-plotly.js": "^2.6.0",
+    "react-router-dom": "^7.1.0"
+  },
+  "devDependencies": {
+    "@eslint/js": "^9.17.0",
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "@types/react-plotly.js": "^2.6.0",
+    "@vitejs/plugin-react": "^4.3.0",
+    "eslint": "^9.17.0",
+    "eslint-plugin-react-hooks": "^5.0.0",
+    "eslint-plugin-react-refresh": "^0.4.16",
+    "globals": "^15.14.0",
+    "@types/node": "^22.0.0",
+    "typescript": "~5.7.0",
+    "typescript-eslint": "^8.18.2",
+    "vite": "^6.0.0"
+  }
+}
diff --git a/web/src/App.tsx b/web/src/App.tsx
new file mode 100644
index 0000000..8f6ef82
--- /dev/null
+++ b/web/src/App.tsx
@@ -0,0 +1,34 @@
+import { BrowserRouter, Routes, Route, NavLink } from "react-router-dom";
+import Landing from "./tabs/Landing";
+import MIATab from "./tabs/MIATab";
+import LIATab from "./tabs/LIATab";
+import TextSimilarityTab from "./tabs/TextSimilarityTab";
+import CodeSimilarityTab from "./tabs/CodeSimilarityTab";
+import FDPCalculatorTab from "./tabs/FDPCalculatorTab";
+
+function App() {
+  return (
+    <BrowserRouter basename="/PrivacyGuard">
+      <nav className="tab-bar">
+        <NavLink to="/">Home</NavLink>
+        <NavLink to="/mia">MIA</NavLink>
+        <NavLink to="/lia">LIA</NavLink>
+        <NavLink to="/text-similarity">Text Similarity</NavLink>
+        <NavLink to="/code-similarity">Code Similarity</NavLink>
+        <NavLink to="/fdp">f-DP Calculator</NavLink>
+      </nav>
+      <main>
+        <Routes>
+          <Route path="/" element={<Landing />} />
+          <Route path="/mia" element={<MIATab />} />
+          <Route path="/lia" element={<LIATab />} />
+          <Route path="/text-similarity" element={<TextSimilarityTab />} />
+          <Route path="/code-similarity" element={<CodeSimilarityTab />} />
+          <Route path="/fdp" element={<FDPCalculatorTab />} />
+        </Routes>
+      </main>
+    </BrowserRouter>
+  );
+}
+
+export default App;
diff --git a/web/src/components/DataInput.tsx b/web/src/components/DataInput.tsx
new file mode 100644
index 0000000..cd95a70
--- /dev/null
+++ b/web/src/components/DataInput.tsx
@@ -0,0 +1,119 @@
+import { useState, useRef } from "react";
+
+interface DataInputProps {
+  format: "csv" | "jsonl";
+  requiredColumns: string[];
+  placeholder: string;
+  onData: (data: string) => void;
+}
+
+function DataInput({ format, requiredColumns, placeholder, onData }: DataInputProps) {
+  const [text, setText] = useState("");
+  const [validationError, setValidationError] = useState<string | null>(null);
+  const fileInputRef = useRef<HTMLInputElement>(null);
+
+  const validate = (data: string): string | null => {
+    const trimmed = data.trim();
+    if (!trimmed) {
+      return "No data provided.";
+    }
+
+    if (format === "csv") {
+      const firstLine = trimmed.split("\n")[0];
+      const headers = firstLine.split(",").map((h) => h.trim());
+      const missing = requiredColumns.filter((col) => !headers.includes(col));
+      if (missing.length > 0) {
+        return `CSV is missing required column(s): ${missing.join(", ")}. Found headers: ${headers.join(", ")}`;
+      }
+    } else {
+      // jsonl — validate the first line
+      const firstLine = trimmed.split("\n")[0];
+      try {
+        const obj = JSON.parse(firstLine);
+        const keys = Object.keys(obj);
+        const missing = requiredColumns.filter((col) => !keys.includes(col));
+        if (missing.length > 0) {
+          return `JSONL first line is missing required field(s): ${missing.join(", ")}. Found fields: ${keys.join(", ")}`;
+        }
+      } catch {
+        return "First line is not valid JSON. Expected JSONL format (one JSON object per line).";
+      }
+    }
+
+    return null;
+  };
+
+  const handleLoad = () => {
+    const err = validate(text);
+    if (err) {
+      setValidationError(err);
+      return;
+    }
+    setValidationError(null);
+    onData(text.trim());
+  };
+
+  const handleFileUpload = (e: React.ChangeEvent<HTMLInputElement>) => {
+    const file = e.target.files?.[0];
+    if (!file) return;
+
+    const reader = new FileReader();
+    reader.onload = (event) => {
+      const content = event.target?.result;
+      if (typeof content === "string") {
+        setText(content);
+        setValidationError(null);
+      }
+    };
+    reader.readAsText(file);
+
+    // Reset file input so the same file can be re-selected
+    if (fileInputRef.current) {
+      fileInputRef.current.value = "";
+    }
+  };
+
+  return (
+    <div className="data-input">
+      <div style={{ display: "flex", gap: "0.5rem", marginBottom: "0.5rem" }}>
+        <button
+          type="button"
+          onClick={() => fileInputRef.current?.click()}
+          className="secondary"
+        >
+          Upload {format.toUpperCase()} file
+        </button>
+        <input
+          ref={fileInputRef}
+          type="file"
+          accept={format === "csv" ? ".csv" : ".jsonl,.json"}
+          onChange={handleFileUpload}
+          style={{ display: "none" }}
+        />
+        <span className="hint">
+          Required {format === "csv" ? "columns" : "fields"}:{" "}
+          <code>{requiredColumns.join(", ")}</code>
+        </span>
+      </div>
+
+      <textarea
+        value={text}
+        onChange={(e) => {
+          setText(e.target.value);
+          setValidationError(null);
+        }}
+        placeholder={placeholder}
+        rows={8}
+        spellCheck={false}
+      />
+
+      {validationError && <div className="error">{validationError}</div>}
+
+      <button onClick={handleLoad} disabled={!text.trim()}>
+        Load Data
+      </button>
+    </div>
+  );
+}
+
+export default DataInput;
diff --git a/web/src/components/ExportButton.tsx b/web/src/components/ExportButton.tsx
new file mode 100644
index 0000000..cc46ed3
--- /dev/null
+++ b/web/src/components/ExportButton.tsx
@@ -0,0 +1,18 @@
+import { downloadJSON, downloadCSV } from "../utils/export";
+
+interface ExportButtonProps {
+  data: any;
+  perSampleData?: any[];
+  filename: string;
+}
+
+export default function ExportButton({ data, perSampleData, filename }: ExportButtonProps) {
+  return (
+    <div className="export-buttons">
+      <button onClick={() => downloadJSON(data, filename)}>Export JSON</button>
+      {perSampleData && perSampleData.length > 0 && (
+        <button onClick={() => downloadCSV(perSampleData, filename)}>Export CSV</button>
+      )}
+    </div>
+  );
+}
diff --git a/web/src/components/ParameterForm.tsx b/web/src/components/ParameterForm.tsx
new file mode 100644
index 0000000..e177000
--- /dev/null
+++ b/web/src/components/ParameterForm.tsx
@@ -0,0 +1,103 @@
+import { useState } from "react";
+
+export interface ParamField {
+  name: string;
+  label: string;
+  type: "number" | "select" | "checkbox";
+  default: any;
+  options?: { label: string; value: string }[];
+  step?: number;
+  advanced?: boolean;
+}
+
+interface ParameterFormProps {
+  fields: ParamField[];
+  values: Record<string, any>;
+  onChange: (values: Record<string, any>) => void;
+}
+
+function renderField(
+  field: ParamField,
+  value: any,
+  onChange: (name: string, value: any) => void,
+) {
+  switch (field.type) {
+    case "select":
+      return (
+        <select
+          value={value}
+          onChange={(e) => onChange(field.name, e.target.value)}
+        >
+          {field.options?.map((opt) => (
+            <option key={opt.value} value={opt.value}>
+              {opt.label}
+            </option>
+          ))}
+        </select>
+      );
+    case "checkbox":
+      return (
+        <input
+          type="checkbox"
+          checked={!!value}
+          onChange={(e) => onChange(field.name, e.target.checked)}
+        />
+      );
+    case "number":
+      return (
+        <input
+          type="number"
+          value={value}
+          step={field.step ?? "any"}
+          onChange={(e) => onChange(field.name, parseFloat(e.target.value))}
+        />
+      );
+    default:
+      return null;
+  }
+}
+
+function ParameterForm({ fields, values, onChange }: ParameterFormProps) {
+  const [showAdvanced, setShowAdvanced] = useState(false);
+
+  const basicFields = fields.filter((f) => !f.advanced);
+  const advancedFields = fields.filter((f) => f.advanced);
+
+  const handleChange = (name: string, value: any) => {
+    onChange({ ...values, [name]: value });
+  };
+
+  return (
+    <div className="parameter-form">
+      <div className="param-grid">
+        {basicFields.map((field) => (
+          <label key={field.name} className="param-field">
+            <span className="param-label">{field.label}</span>
+            {renderField(field, values[field.name], handleChange)}
+          </label>
+        ))}
+      </div>
+
+      {advancedFields.length > 0 && (
+        <details
+          open={showAdvanced}
+          onToggle={(e) =>
+            setShowAdvanced((e.target as HTMLDetailsElement).open)
+          }
+        >
+          <summary>Advanced Parameters</summary>
+          <div className="param-grid">
+            {advancedFields.map((field) => (
+              <label key={field.name} className="param-field">
+                <span className="param-label">{field.label}</span>
+                {renderField(field, values[field.name], handleChange)}
+              </label>
+            ))}
+          </div>
+        </details>
+      )}
+    </div>
+  );
+}
+
+export default ParameterForm;
diff --git a/web/src/components/ResultsCard.tsx b/web/src/components/ResultsCard.tsx
new file mode 100644
index 0000000..c0cabe0
--- /dev/null
+++ b/web/src/components/ResultsCard.tsx
@@ -0,0 +1,140 @@
+import ExportButton from "./ExportButton";
+
+interface ResultsCardProps {
+  data: any;
+  type: "fdp" | "mia" | "text_similarity" | "prob_memorization";
+}
+
+function formatValue(value: any, key: string): string {
+  if (value === null || value === undefined) return "N/A";
+  if (typeof value === "boolean") return value ? "Yes" : "No";
+  if (typeof value === "string") return value;
+  if (typeof value !== "number") return String(value);
+
+  // Epsilon-like values get 6 decimal places
+  const epsilonKeys = ["epsilon", "delta", "p_value", "target_noise"];
+  if (epsilonKeys.some((k) => key.toLowerCase().includes(k))) {
+    return value.toFixed(6);
+  }
+  // Counts stay as integers
+  if (Number.isInteger(value) && Math.abs(value) < 1e12) {
+    return value.toString();
+  }
+  return value.toFixed(4);
+}
+
+function MetricItem({ label, value }: { label: string; value: any }) {
+  return (
+    <div className="metric">
+      <span className="metric-label">{label}</span>
+      <span className="metric-value">{formatValue(value, label)}</span>
+    </div>
+  );
+}
+
+function renderFDP(data: any) {
+  return (
+    <div className="results-card">
+      <h3>f-DP Results</h3>
+      <div className="metrics-grid">
+        {Object.entries(data).map(([key, value]) => (
+          <MetricItem key={key} label={key} value={value} />
+        ))}
+      </div>
+      <ExportButton data={data} filename="privacyguard-fdp-results" />
+    </div>
+  );
+}
+
+function renderMIA(data: any) {
+  return (
+    <div className="results-card">
+      <h3>MIA Results</h3>
+      <div className="metrics-grid">
+        <MetricItem label="Train samples" value={data.n_train} />
+        <MetricItem label="Test samples" value={data.n_test} />
+      </div>
+      <div style={{ display: "flex", gap: "2rem", marginTop: "1rem" }}>
+        <div style={{ flex: 1 }}>
+          <h4>Train Scores</h4>
+          <div className="metrics-grid">
+            {data.train_scores &&
+              Object.entries(data.train_scores).map(([key, value]) => (
+                <MetricItem key={key} label={key} value={value} />
+              ))}
+          </div>
+        </div>
+        <div style={{ flex: 1 }}>
+          <h4>Test Scores</h4>
+          <div className="metrics-grid">
+            {data.test_scores &&
+              Object.entries(data.test_scores).map(([key, value]) => (
+                <MetricItem key={key} label={key} value={value} />
+              ))}
+          </div>
+        </div>
+      </div>
+      <ExportButton data={data} perSampleData={data.per_sample} filename="privacyguard-mia-results" />
+    </div>
+  );
+}
+
+function renderTextSimilarity(data: any) {
+  return (
+    <div className="results-card">
+      <h3>Text Similarity Results</h3>
+      {data.text_inclusion && (
+        <div style={{ marginBottom: "1.5rem" }}>
+          <h4>Text Inclusion</h4>
+          <div className="metrics-grid">
+            {Object.entries(data.text_inclusion).map(([key, value]) => (
+              <MetricItem key={key} label={key} value={value} />
+            ))}
+          </div>
+        </div>
+      )}
+      {data.edit_similarity && (
+        <div>
+          <h4>Edit Similarity</h4>
+          <div className="metrics-grid">
+            {Object.entries(data.edit_similarity).map(([key, value]) => (
+              <MetricItem key={key} label={key} value={value} />
+            ))}
+          </div>
+        </div>
+      )}
+      <ExportButton data={data} filename="privacyguard-text-similarity-results" />
+    </div>
+  );
+}
+
+function renderProbMemorization(data: any) {
+  return (
+    <div className="results-card">
+      <h3>Probabilistic Memorization Results</h3>
+      <div className="metrics-grid">
+        {Object.entries(data).map(([key, value]) => (
+          <MetricItem key={key} label={key} value={value} />
+        ))}
+      </div>
+      <ExportButton data={data} filename="privacyguard-prob-memorization-results" />
+    </div>
+  );
+}
+
+function ResultsCard({ data, type }: ResultsCardProps) {
+  switch (type) {
+    case "fdp":
+      return renderFDP(data);
+    case "mia":
+      return renderMIA(data);
+    case "text_similarity":
+      return renderTextSimilarity(data);
+    case "prob_memorization":
+      return renderProbMemorization(data);
+    default:
+      return null;
+  }
+}
+
+export default ResultsCard;
diff --git a/web/src/index.css b/web/src/index.css
new file mode 100644
index 0000000..2b31e3d
--- /dev/null
+++ b/web/src/index.css
@@ -0,0 +1,453 @@
+/* PrivacyGuard Web Playground — Global Styles */
+
+:root {
+  --color-bg: #ffffff;
+  --color-text: #1a1a2e;
+  --color-muted: #6b7280;
+  --color-accent: #2563eb;
+  --color-accent-hover: #1d4ed8;
+  --color-border: #e5e7eb;
+  --color-card-bg: #f9fafb;
+  --color-error-bg: #fef2f2;
+  --color-error-text: #991b1b;
+  --color-error-border: #fca5a5;
+  --radius: 8px;
+}
+
+*,
+*::before,
+*::after {
+  box-sizing: border-box;
+}
+
+body {
+  margin: 0;
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,
+    "Helvetica Neue", Arial, sans-serif;
+  color: var(--color-text);
+  background: var(--color-bg);
+  line-height: 1.5;
+}
+
+/* --- Tab Bar --- */
+
+.tab-bar {
+  display: flex;
+  gap: 0;
+  border-bottom: 2px solid var(--color-border);
+  background: var(--color-card-bg);
+  padding: 0 1rem;
+}
+
+.tab-bar a {
+  padding: 0.75rem 1.25rem;
+  text-decoration: none;
+  color: var(--color-muted);
+  font-weight: 500;
+  font-size: 0.9rem;
+  border-bottom: 2px solid transparent;
+  margin-bottom: -2px;
+  transition: color 0.15s, border-color 0.15s;
+}
+
+.tab-bar a:hover {
+  color: var(--color-text);
+}
+
+.tab-bar a.active {
+  color: var(--color-accent);
+  border-bottom-color: var(--color-accent);
+}
+
+/* --- Tab Content --- */
+
+.tab-content {
+  max-width: 960px;
+  margin: 0 auto;
+  padding: 2rem 1.5rem;
+}
+
+/* --- Parameter Grid --- */
+
+.param-grid {
+  display: grid;
+  grid-template-columns: repeat(3, 1fr);
+  gap: 1rem;
+  margin-bottom: 1.5rem;
+}
+
+@media (max-width: 640px) {
+  .param-grid {
+    grid-template-columns: 1fr 1fr;
+  }
+}
+
+.param-grid label {
+  display: flex;
+  flex-direction: column;
+  gap: 0.25rem;
+  font-size: 0.85rem;
+  font-weight: 500;
+  color: var(--color-text);
+}
+
+/* --- Results Card --- */
+
+.results-card {
+  border: 1px solid var(--color-border);
+  border-radius: var(--radius);
+  padding: 1.5rem;
+  margin-top: 1.5rem;
+  background: var(--color-card-bg);
+}
+
+.results-card h3 {
+  margin: 0 0 1rem;
+  font-size: 1.1rem;
+}
+
+.results-card h4 {
+  margin: 0 0 0.5rem;
+  font-size: 0.95rem;
+  color: var(--color-muted);
+}
+
+/* --- Metrics Grid --- */
+
+.metrics-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(180px, 1fr));
+  gap: 1rem;
+}
+
+.metric {
+  display: flex;
+  flex-direction: column;
+  gap: 0.15rem;
+  padding: 0.75rem;
+  background: var(--color-bg);
+  border: 1px solid var(--color-border);
+  border-radius: calc(var(--radius) - 2px);
+}
+
+.metric-label {
+  font-size: 0.75rem;
+  color: var(--color-muted);
+  text-transform: uppercase;
+  letter-spacing: 0.03em;
+  font-weight: 600;
+}
+
+.metric-value {
+  font-size: 1.15rem;
+  font-weight: 700;
+  color: var(--color-text);
+  font-variant-numeric: tabular-nums;
+}
+
+/* --- Error --- */
+
+.error {
+  background: var(--color-error-bg);
+  color: var(--color-error-text);
+  border: 1px solid var(--color-error-border);
+  border-radius: var(--radius);
+  padding: 0.75rem 1rem;
+  margin-top: 1rem;
+  font-size: 0.9rem;
+}
+
+/* --- Loading --- */
+
+.loading {
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 2rem;
+  color: var(--color-muted);
+  font-size: 0.95rem;
+}
+
+/* --- Buttons --- */
+
+button {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  padding: 0.6rem 1.25rem;
+  font-size: 0.9rem;
+  font-weight: 600;
+  border: none;
+  border-radius: var(--radius);
+  background: var(--color-accent);
+  color: #ffffff;
+  cursor: pointer;
+  transition: background 0.15s;
+}
+
+button:hover:not(:disabled) {
+  background: var(--color-accent-hover);
+}
+
+button:disabled {
+  opacity: 0.5;
+  cursor: not-allowed;
+}
+
+/* --- Inputs --- */
+
+input,
+select {
+  padding: 0.5rem 0.75rem;
+  font-size: 0.9rem;
+  border: 1px solid var(--color-border);
+  border-radius: calc(var(--radius) - 2px);
+  background: var(--color-bg);
+  color: var(--color-text);
+  transition: border-color 0.15s;
+  width: 100%;
+}
+
+input:focus,
+select:focus {
+  outline: none;
+  border-color: var(--color-accent);
+  box-shadow: 0 0 0 2px rgba(37, 99, 235, 0.15);
+}
+
+/* --- Collapsible (details/summary) --- */
+
+details {
+  border: 1px solid var(--color-border);
+  border-radius: var(--radius);
+  padding: 0.75rem 1rem;
+  margin-bottom: 1.5rem;
+}
+
+details[open] {
+  padding-bottom: 1rem;
+}
+
+summary {
+  cursor: pointer;
+  font-weight: 600;
+  font-size: 0.9rem;
+  color: var(--color-accent);
+  user-select: none;
+}
+
+summary:hover {
+  color: var(--color-accent-hover);
+}
+
+details[open] summary {
+  margin-bottom: 1rem;
+}
+
+/* --- Landing Page --- */
+
+.landing {
+  max-width: 960px;
+  margin: 0 auto;
+  padding: 2rem 1.5rem;
+}
+
+.hero {
+  text-align: center;
+  padding: 3rem 0 2rem;
+}
+
+.hero h1 {
+  font-size: 2.25rem;
+  margin: 0 0 0.5rem;
+}
+
+.tagline {
+  font-size: 1.25rem;
+  color: var(--color-muted);
+  margin: 0 0 1rem;
+}
+
+.privacy-note {
+  font-style: italic;
+  color: var(--color-muted);
+  font-size: 0.9rem;
+}
+
+/* --- Attack Cards Grid --- */
+
+.attack-cards {
+  display: grid;
+  grid-template-columns: repeat(3, 1fr);
+  gap: 1.25rem;
+  margin-top: 1rem;
+}
+
+@media (max-width: 768px) {
+  .attack-cards {
+    grid-template-columns: repeat(2, 1fr);
+  }
+}
+
+@media (max-width: 480px) {
+  .attack-cards {
+    grid-template-columns: 1fr;
+  }
+}
+
+.attack-card {
+  display: block;
+  border: 1px solid var(--color-border);
+  border-radius: var(--radius);
+  padding: 1.25rem;
+  background: var(--color-card-bg);
+  text-decoration: none;
+  color: var(--color-text);
+  transition: border-color 0.15s, box-shadow 0.15s;
+}
+
+.attack-card:hover {
+  border-color: var(--color-accent);
+  box-shadow: 0 2px 8px rgba(37, 99, 235, 0.1);
+}
+
+.attack-card h3 {
+  margin: 0 0 0.5rem;
+  font-size: 1rem;
+  display: flex;
+  align-items: center;
+  gap: 0.5rem;
+}
+
+.attack-card p {
+  margin: 0;
+  font-size: 0.85rem;
+  color: var(--color-muted);
+}
+
+.attack-card.coming-soon {
+  opacity: 0.6;
+}
+
+/* --- Badge --- */
+
+.badge {
+  display: inline-block;
+  font-size: 0.65rem;
+  font-weight: 700;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  padding: 0.15rem 0.5rem;
+  border-radius: 999px;
+  background: var(--color-muted);
+  color: #ffffff;
+  white-space: nowrap;
+}
+
+/* --- Coming Soon (tab content) --- */
+
+.results-card.coming-soon {
+  text-align: center;
+  color: var(--color-muted);
+}
+
+.results-card.coming-soon h3 {
+  color: var(--color-text);
+}
+
+/* --- Sub Tabs --- */
+
+.sub-tabs {
+  display: flex;
+  gap: 0.5rem;
+  margin-bottom: 1.5rem;
+}
+
+.sub-tabs button {
+  background: transparent;
+  color: var(--color-muted);
+  border: 1px solid var(--color-border);
+  font-size: 0.85rem;
+  padding: 0.4rem 1rem;
+}
+
+.sub-tabs button:hover:not(:disabled) {
+  background: var(--color-card-bg);
+  color: var(--color-text);
+}
+
+.sub-tabs button.active {
+  background: var(--color-accent);
+  color: #ffffff;
+  border-color: var(--color-accent);
+}
+
+/* --- Text Input Group (Text Similarity) --- */
+
+.text-input-group {
+  display: flex;
+  flex-direction: column;
+  gap: 1rem;
+  margin-bottom: 1.5rem;
+}
+
+.text-input-group label {
+  display: flex;
+  flex-direction: column;
+  gap: 0.25rem;
+  font-size: 0.85rem;
+  font-weight: 500;
+  color: var(--color-text);
+}
+
+.text-input-group textarea {
+  padding: 0.5rem 0.75rem;
+  font-size: 0.9rem;
+  font-family: "SFMono-Regular", Consolas, "Liberation Mono", Menlo, monospace;
+  border: 1px solid var(--color-border);
+  border-radius: calc(var(--radius) - 2px);
+  background: var(--color-bg);
+  color: var(--color-text);
+  resize: vertical;
+  transition: border-color 0.15s;
+}
+
+.text-input-group textarea:focus {
+  outline: none;
+  border-color: var(--color-accent);
+  box-shadow: 0 0 0 2px rgba(37, 99, 235, 0.15);
+}
+
+/* --- Secondary Button --- */
+
+button.secondary {
+  background: transparent;
+  color: var(--color-accent);
+  border: 1px solid var(--color-accent);
+}
+
+button.secondary:hover:not(:disabled) {
+  background: var(--color-accent);
+  color: #ffffff;
+}
+
+/* --- Export Buttons --- */
+
+.export-buttons {
+  display: flex;
+  gap: 0.75rem;
+  margin-top: 1.25rem;
+}
+
+.export-buttons button {
+  font-size: 0.8rem;
+  padding: 0.4rem 1rem;
+  background: transparent;
+  color: var(--color-accent);
+  border: 1px solid var(--color-accent);
+}
+
+.export-buttons button:hover:not(:disabled) {
+  background: var(--color-accent);
+  color: #ffffff;
+}
diff --git a/web/src/main.tsx b/web/src/main.tsx
new file mode 100644
index 0000000..15753af
--- /dev/null
+++ b/web/src/main.tsx
@@ -0,0 +1,10 @@
+import { StrictMode } from "react";
+import { createRoot } from "react-dom/client";
+import "./index.css";
+import App from "./App";
+
+createRoot(document.getElementById("root")!).render(
+  <StrictMode>
+    <App />
+  </StrictMode>,
+);
diff --git a/web/src/pyodide/bridge.ts b/web/src/pyodide/bridge.ts
new file mode 100644
index 0000000..f592d25
--- /dev/null
+++ b/web/src/pyodide/bridge.ts
@@ -0,0 +1,74 @@
+// privacy_guard/web/src/pyodide/bridge.ts
+//
+// React-side async interface to the Pyodide Web Worker.
+// Usage:
+//   import { pyodide } from "./pyodide/bridge";
+//   await pyodide.isReady();
+//   const result = await pyodide.runPython(`import runners; runners.run_fdp(10, 5, 3)`);
+
+class PyodideBridge {
+  private worker: Worker;
+  private readyPromise: Promise<void>;
+  private pending = new Map<
+    string,
+    { resolve: (value: any) => void; reject: (reason: any) => void }
+  >();
+  private nextId = 0;
+
+  constructor() {
+    this.worker = new Worker(
+      new URL("./worker.ts", import.meta.url),
+      { type: "classic" },
+    );
+
+    // Resolve once the worker signals that Pyodide is fully loaded.
+    this.readyPromise = new Promise<void>((resolve) => {
+      const handler = (event: MessageEvent) => {
+        if (event.data.type === "ready") {
+          this.worker.removeEventListener("message", handler);
+          resolve();
+        }
+      };
+      this.worker.addEventListener("message", handler);
+    });
+
+    // Route responses back to their callers.
+    this.worker.addEventListener("message", (event: MessageEvent) => {
+      const { id, type, payload } = event.data;
+      if (id !== undefined && this.pending.has(id)) {
+        const { resolve, reject } = this.pending.get(id)!;
+        this.pending.delete(id);
+        if (type === "error") {
+          reject(new Error(payload));
+        } else {
+          resolve(payload);
+        }
+      }
+    });
+  }
+
+  /**
+   * Execute arbitrary Python code in the Pyodide worker.
+   * Blocks until Pyodide is ready, then returns whatever the Python
+   * expression evaluates to (serialised through the structured-clone
+   * algorithm).
+   */
+  async runPython(code: string): Promise<any> {
+    await this.readyPromise;
+    const id = String(this.nextId++);
+    return new Promise((resolve, reject) => {
+      this.pending.set(id, { resolve, reject });
+      this.worker.postMessage({ id, type: "run", payload: { code } });
+    });
+  }
+
+  /**
+   * Returns a promise that resolves once the worker has finished
+   * loading Pyodide and all PrivacyGuard modules.
+   */
+  async isReady(): Promise<void> {
+    return this.readyPromise;
+  }
+}
+
+export const pyodide = new PyodideBridge();
diff --git a/web/src/pyodide/python/runners.py b/web/src/pyodide/python/runners.py
new file mode 100644
index 0000000..2e3179f
--- /dev/null
+++ b/web/src/pyodide/python/runners.py
@@ -0,0 +1,274 @@
+"""
+runners.py — Python entry-points callable from JS via the Pyodide bridge.
+
+Each function accepts string inputs and returns a JSON string so that
+results cross the JS/Python boundary cleanly.
+"""
+
+import json
+from io import StringIO
+
+import pandas as pd
+
+
+# ---------------------------------------------------------------------------
+# MIA: FDP (analytical — no data upload needed)
+# ---------------------------------------------------------------------------
+
+
+def run_fdp(
+    m: int,
+    c: int,
+    c_cap: int,
+    target_noise: float = 0.001,
+    threshold: float = 0.05,
+    k: int = 2,
+    delta: float = 1e-6,
+) -> str:
+    from privacy_guard.analysis.mia.fdp_analysis_node import FDPAnalysisNode
+
+    node = FDPAnalysisNode(
+        m=m,
+        c=c,
+        c_cap=c_cap,
+        target_noise=target_noise,
+        threshold=threshold,
+        k=k,
+        delta=delta,
+    )
+    output = node.run_analysis()
+    return json.dumps(output.to_dict())
+
+
+# ---------------------------------------------------------------------------
+# MIA: LiRA attack
+# ---------------------------------------------------------------------------
+
+
+def run_lira(csv_string: str, params_json: str) -> str:
+    from privacy_guard.analysis.mia.aggregate_analysis_input import AggregationType
+    from privacy_guard.attacks.lira_attack import LiraAttack
+
+    params = json.loads(params_json)
+    df = pd.read_csv(StringIO(csv_string))
+    df_train = df[df["is_member"] == 1].copy()
+    df_test = df[df["is_member"] == 0].copy()
+
+    attack = LiraAttack(
+        df_train_merge=df_train,
+        df_test_merge=df_test,
+        row_aggregation=AggregationType(params.get("row_aggregation", "none")),
+        std_dev_type=params.get("std_dev_type", "global"),
+        online_attack=params.get("online_attack", False),
+    )
+    analysis_input = attack.run_attack()
+
+    result = {
+        "train_scores": analysis_input.df_train_user["score"].describe().to_dict(),
+        "test_scores": analysis_input.df_test_user["score"].describe().to_dict(),
+        "n_train": len(analysis_input.df_train_user),
+        "n_test": len(analysis_input.df_test_user),
+        "per_sample": pd.concat(
+            [
+                analysis_input.df_train_user.assign(split="train"),
+                analysis_input.df_test_user.assign(split="test"),
+            ]
+        ).to_dict(orient="records"),
+    }
+    return json.dumps(result, default=str)
+
+
+# ---------------------------------------------------------------------------
+# MIA: RMIA attack
+# ---------------------------------------------------------------------------
+
+
+def run_rmia(csv_string: str, population_csv_string: str, params_json: str) -> str:
+    from privacy_guard.analysis.mia.aggregate_analysis_input import AggregationType
+    from privacy_guard.attacks.rmia_attack import RmiaAttack
+
+    params = json.loads(params_json)
+    df = pd.read_csv(StringIO(csv_string))
+    df_population = pd.read_csv(StringIO(population_csv_string))
+    df_train = df[df["is_member"] == 1].copy()
+    df_test = df[df["is_member"] == 0].copy()
+
+    attack = RmiaAttack(
+        df_train_merge=df_train,
+        df_test_merge=df_test,
+        df_population=df_population,
+        row_aggregation=AggregationType(params.get("row_aggregation", "none")),
+        num_reference_models=params.get("num_reference_models"),
+        alpha_coefficient=params.get("alpha_coefficient", 0.3),
+    )
+    analysis_input = attack.run_attack()
+
+    result = {
+        "train_scores": analysis_input.df_train_user["score"].describe().to_dict(),
+        "test_scores": analysis_input.df_test_user["score"].describe().to_dict(),
+        "n_train": len(analysis_input.df_train_user),
+        "n_test": len(analysis_input.df_test_user),
+        "per_sample": pd.concat(
+            [
+                analysis_input.df_train_user.assign(split="train"),
+                analysis_input.df_test_user.assign(split="test"),
+            ]
+        ).to_dict(orient="records"),
+    }
+    return json.dumps(result, default=str)
+
+
+# ---------------------------------------------------------------------------
+# MIA: Calibration attack
+# ---------------------------------------------------------------------------
+
+
+def run_calib(csv_string: str, calib_csv_string: str, params_json: str) -> str:
+    from privacy_guard.analysis.mia.aggregate_analysis_input import AggregationType
+    from privacy_guard.attacks.calib_attack import CalibAttack, CalibScoreType
+
+    params = json.loads(params_json)
+    df = pd.read_csv(StringIO(csv_string))
+    df_calib = pd.read_csv(StringIO(calib_csv_string))
+    df_train = df[df["is_member"] == 1].copy()
+    df_test = df[df["is_member"] == 0].copy()
+    df_train_calib = df_calib[df_calib["is_member"] == 1].copy()
+    df_test_calib = df_calib[df_calib["is_member"] == 0].copy()
+
+    attack = CalibAttack(
+        df_hold_out_train=df_train,
+        df_hold_out_test=df_test,
+        df_hold_out_train_calib=df_train_calib,
+        df_hold_out_test_calib=df_test_calib,
+        row_aggregation=AggregationType(params.get("row_aggregation", "none")),
+        should_calibrate_scores=params.get("should_calibrate_scores", True),
+        score_type=CalibScoreType(params.get("score_type", "loss")),
+    )
+    analysis_input = attack.run_attack()
+
+    result = {
+        "train_scores": analysis_input.df_train_user["score"].describe().to_dict(),
+        "test_scores": analysis_input.df_test_user["score"].describe().to_dict(),
+        "n_train": len(analysis_input.df_train_user),
+        "n_test": len(analysis_input.df_test_user),
+        "per_sample": pd.concat(
+            [
+                analysis_input.df_train_user.assign(split="train"),
+                analysis_input.df_test_user.assign(split="test"),
+            ]
+        ).to_dict(orient="records"),
+    }
+    return json.dumps(result, default=str)
+
+
+# ---------------------------------------------------------------------------
+# LIA: Label Inference Attack
+# ---------------------------------------------------------------------------
+
+
+def run_lia(csv_string: str, calib_csv_string: str, params_json: str) -> str:
+    from privacy_guard.analysis.mia.aggregate_analysis_input import AggregationType
+    from privacy_guard.attacks.lia_attack import LIAAttack, LIAAttackInput
+
+    params = json.loads(params_json)
+    df = pd.read_csv(StringIO(csv_string))
+    df_calib = pd.read_csv(StringIO(calib_csv_string))
+    df_train = df[df["is_member"] == 1].copy()
+    df_train_calib = df_calib[df_calib["is_member"] == 1].copy()
+
+    attack_input_builder = LIAAttackInput(
+        df_hold_out_train=df_train,
+        df_hold_out_train_calib=df_train_calib,
+        row_aggregation=AggregationType(params.get("row_aggregation", "none")),
+    )
+    prepared_input = attack_input_builder.prepare_attack_input()
+
+    attack = LIAAttack(
+        attack_input=prepared_input,
+        row_aggregation=AggregationType(params.get("row_aggregation", "none")),
+        y1_generation=params.get("y1_generation", "calibration"),
+        num_resampling_times=params.get("num_resampling_times", 100),
+    )
+    analysis_input = attack.run_attack()
+
+    result = {
+        "train_scores": analysis_input.df_train_user["score"].describe().to_dict(),
+        "test_scores": analysis_input.df_test_user["score"].describe().to_dict(),
+        "n_train": len(analysis_input.df_train_user),
+        "n_test": len(analysis_input.df_test_user),
+        "per_sample": pd.concat(
+            [
+                analysis_input.df_train_user.assign(split="train"),
+                analysis_input.df_test_user.assign(split="test"),
+            ]
+        ).to_dict(orient="records"),
+    }
+    return json.dumps(result, default=str)
+
+
+# ---------------------------------------------------------------------------
+# Extraction: Text Inclusion + Edit Similarity
+# ---------------------------------------------------------------------------
+
+
+def run_text_inclusion(jsonl_string: str, params_json: str) -> str:
+    from privacy_guard.analysis.extraction.edit_similarity_node import (
+        EditSimilarityNode,
+    )
+    from privacy_guard.analysis.extraction.text_inclusion_analysis_node import (
+        TextInclusionAnalysisNode,
+    )
+    from privacy_guard.attacks.text_inclusion_attack import TextInclusionAttack
+
+    rows = [
+        json.loads(line) for line in jsonl_string.strip().split("\n") if line.strip()
+    ]
+    df = pd.DataFrame(rows)
+
+    attack = TextInclusionAttack(data=df)
+    analysis_input = attack.run_attack()
+
+    results = {}
+
+    ti_node = TextInclusionAnalysisNode(analysis_input=analysis_input)
+    ti_output = ti_node.run_analysis()
+    results["text_inclusion"] = ti_output.to_dict()
+
+    es_node = EditSimilarityNode(analysis_input=analysis_input)
+    es_output = es_node.run_analysis()
+    results["edit_similarity"] = es_output.to_dict()
+
+    return json.dumps(results, default=str)
+
+
+# ---------------------------------------------------------------------------
+# Extraction: Probabilistic Memorization
+# ---------------------------------------------------------------------------
+
+
+def run_prob_memorization(csv_string: str, params_json: str) -> str:
+    from privacy_guard.analysis.extraction.probabilistic_memorization_analysis_input import (
+        ProbabilisticMemorizationAnalysisInput,
+    )
+    from privacy_guard.analysis.extraction.probabilistic_memorization_analysis_node import (
+        ProbabilisticMemorizationAnalysisNode,
+    )
+
+    params = json.loads(params_json)
+    df = pd.read_csv(StringIO(csv_string))
+
+    if df.empty:
+        return json.dumps({"error": "No data rows found in CSV"})
+
+    # Handle serialised JSON lists in the prediction_logprobs column
+    if isinstance(df["prediction_logprobs"].iloc[0], str):
+        df["prediction_logprobs"] = df["prediction_logprobs"].apply(json.loads)
+
+    analysis_input = ProbabilisticMemorizationAnalysisInput(
+        generation_df=df,
+        prob_threshold=params.get("prob_threshold", 0.5),
+        n_values=params.get("n_values"),
+    )
+    node = ProbabilisticMemorizationAnalysisNode(analysis_input=analysis_input)
+    output = node.run_analysis()
+    return json.dumps(output.to_dict(), default=str)
diff --git a/web/src/pyodide/worker.ts b/web/src/pyodide/worker.ts
new file mode 100644
index 0000000..9ec97af
--- /dev/null
+++ b/web/src/pyodide/worker.ts
@@ -0,0 +1,169 @@
+// privacy_guard/web/src/pyodide/worker.ts
+//
+// Web Worker that loads Pyodide (Python-in-WebAssembly), installs the
+// scientific packages PrivacyGuard depends on, mounts PG modules into
+// Pyodide's virtual filesystem, and exposes a message-based RPC
+// interface for executing Python code from the main thread.
+
+// Web Worker globals not in the default DOM lib
+declare function importScripts(...urls: string[]): void;
+declare function loadPyodide(config?: Record<string, unknown>): Promise<any>;
+
+let pyodide: any = null;
+
+// ---------------------------------------------------------------------------
+// Initialisation
+// ---------------------------------------------------------------------------
+
+async function initPyodide(): Promise<void> {
+  // Import Pyodide from CDN
+  importScripts("https://cdn.jsdelivr.net/pyodide/v0.27.0/full/pyodide.js");
+
+  pyodide = await loadPyodide();
+
+  // Load core scientific packages (built into Pyodide)
+  await pyodide.loadPackage(["pandas", "numpy", "scipy", "scikit-learn"]);
+
+  // Install pure-Python packages via micropip
+  await pyodide.loadPackage("micropip");
+  const micropip = pyodide.pyimport("micropip");
+  await micropip.install("textdistance");
+
+  // Mount PrivacyGuard modules into Pyodide's virtual filesystem
+  await loadPGModules();
+
+  // Load the runners helper module
+  await loadRunners();
+
+  self.postMessage({ type: "ready" });
+}
+
+// ---------------------------------------------------------------------------
+// PrivacyGuard module loader
+// ---------------------------------------------------------------------------
+
+async function loadPGModules(): Promise<void> {
+  // Create directory structure in Pyodide's virtual filesystem
+  pyodide.FS.mkdirTree("/pg_modules/privacy_guard/attacks");
+  pyodide.FS.mkdirTree("/pg_modules/privacy_guard/analysis/mia");
+  pyodide.FS.mkdirTree("/pg_modules/privacy_guard/analysis/extraction");
+  pyodide.FS.mkdirTree("/pg_modules/privacy_guard/analysis/lia");
+
+  const encoder = new TextEncoder();
+
+  // Write package __init__.py files
+  const initDirs = [
+    "/pg_modules/privacy_guard",
+    "/pg_modules/privacy_guard/attacks",
+    "/pg_modules/privacy_guard/analysis",
+    "/pg_modules/privacy_guard/analysis/mia",
+    "/pg_modules/privacy_guard/analysis/extraction",
+    "/pg_modules/privacy_guard/analysis/lia",
+  ];
+  for (const dir of initDirs) {
+    pyodide.FS.writeFile(`${dir}/__init__.py`, encoder.encode(""));
+  }
+
+  // Manifest of PrivacyGuard .py files needed for Stage 1
+  const PG_MODULES: string[] = [
+    "attacks/base_attack.py",
+    "attacks/lira_attack.py",
+    "attacks/rmia_attack.py",
+    "attacks/calib_attack.py",
+    "attacks/lia_attack.py",
+    "attacks/text_inclusion_attack.py",
+    "analysis/base_analysis_input.py",
+    "analysis/base_analysis_output.py",
+    "analysis/base_analysis_node.py",
+    "analysis/mia/aggregate_analysis_input.py",
+    "analysis/mia/fdp_analysis_node.py",
+    "analysis/mia/balanced_analysis_node.py",
+    "analysis/mia/score_analysis_node.py",
+    "analysis/extraction/text_inclusion_analysis_input.py",
+    "analysis/extraction/text_inclusion_analysis_node.py",
+    "analysis/extraction/edit_similarity_node.py",
+    "analysis/extraction/probabilistic_memorization_analysis_input.py",
+    "analysis/extraction/probabilistic_memorization_analysis_node.py",
+  ];
+
+  // PG modules are copied into public/pg_modules/ at build time by
+  // vite.config.ts and served as static assets under the base URL.
+  const baseUrl = new URL("/PrivacyGuard/pg_modules/", self.location.origin).href;
+
+  for (const modulePath of PG_MODULES) {
+    try {
+      const url = `${baseUrl}${modulePath}`;
+      const response = await fetch(url);
+      if (!response.ok) {
+        console.warn(`Failed to fetch ${url}: ${response.status}`);
+        continue;
+      }
+      const content = await response.text();
+      pyodide.FS.writeFile(
+        `/pg_modules/privacy_guard/${modulePath}`,
+        encoder.encode(content),
+      );
+    } catch (err) {
+      console.warn(`Error loading ${modulePath}:`, err);
+    }
+  }
+
+  // Add /pg_modules to Python path so `import privacy_guard.*` works
+  await pyodide.runPythonAsync(`
+import sys
+if "/pg_modules" not in sys.path:
+    sys.path.insert(0, "/pg_modules")
+  `);
+}
+
+// ---------------------------------------------------------------------------
+// Runners loader — makes `import runners` available in Pyodide
+// ---------------------------------------------------------------------------
+
+async function loadRunners(): Promise<void> {
+  const encoder = new TextEncoder();
+
+  // runners.py is copied into public/pg_modules/ at build time by vite.config.ts
+  const runnersUrl = new URL("/PrivacyGuard/pg_modules/runners.py", self.location.origin).href;
+  try {
+    const response = await fetch(runnersUrl);
+    if (!response.ok) {
+      console.warn(
+        `Failed to fetch runners.py from ${runnersUrl}: ${response.status}`,
+      );
+      return;
+    }
+    const content = await response.text();
+    pyodide.FS.writeFile("/pg_modules/runners.py", encoder.encode(content));
+  } catch (err) {
+    console.warn("Error loading runners.py:", err);
+  }
+}
+
+// ---------------------------------------------------------------------------
+// Message handler — RPC from the main thread
+// ---------------------------------------------------------------------------
+
+self.onmessage = async (event: MessageEvent) => {
+  const { id, type, payload } = event.data;
+
+  if (type === "run") {
+    try {
+      const result = await pyodide.runPythonAsync(payload.code);
+      self.postMessage({ id, type: "result", payload: result });
+    } catch (error: any) {
+      self.postMessage({ id, type: "error", payload: error.message });
+    }
+  }
+};
+
+// ---------------------------------------------------------------------------
+// Auto-initialise on worker start
+// ---------------------------------------------------------------------------
+
+initPyodide().catch((err: any) => {
+  self.postMessage({
+    type: "error",
+    payload: `Pyodide init failed: ${err.message}`,
+  });
+});
diff --git a/web/src/tabs/CodeSimilarityTab.tsx b/web/src/tabs/CodeSimilarityTab.tsx
new file mode 100644
index 0000000..dcc717e
--- /dev/null
+++ b/web/src/tabs/CodeSimilarityTab.tsx
@@ -0,0 +1,52 @@
+function CodeSimilarityTab() {
+  return (
+    <div className="tab-content">
+      <h2>Code Similarity Analysis</h2>
+      <p>
+        Analyze code memorization using AST-based tree edit distance and CodeBLEU metrics.
+        These methods parse source code into abstract syntax trees and measure structural
+        similarity, providing more meaningful comparisons than raw text matching.
+      </p>
+
+      <div className="results-card coming-soon">
+        <h3>Coming Soon</h3>
+        <p>
+          Browser-based code similarity analysis requires tree-sitter WebAssembly support,
+          which is currently under development. In the meantime, you can use the full
+          PrivacyGuard library locally for code similarity analysis.
+        </p>
+
+        <h4>Local Usage</h4>
+        <pre style={{ background: "var(--color-bg)", padding: "1rem", borderRadius: "var(--radius)", overflow: "auto" }}>
+{`pip install privacyguard
+
+from privacyguard.attacks.code_similarity import CodeSimilarityAttack
+from privacyguard.analysis.code_similarity import TreeEditDistanceNode
+
+attack = CodeSimilarityAttack(
+    reference_code=reference_snippets,
+    generated_code=generated_snippets,
+    language="python",
+)
+result = attack.run_attack()
+
+analysis = TreeEditDistanceNode()
+output = analysis.run_analysis(result)`}
+        </pre>
+
+        <p style={{ marginTop: "1rem" }}>
+          See the full documentation on{" "}
+          <a
+            href="https://github.com/facebookresearch/privacyguard"
+            target="_blank"
+            rel="noopener noreferrer"
+          >
+            GitHub
+          </a>.
+        </p>
+      </div>
+    </div>
+  );
+}
+
+export default CodeSimilarityTab;
diff --git a/web/src/tabs/FDPCalculatorTab.tsx b/web/src/tabs/FDPCalculatorTab.tsx
new file mode 100644
index 0000000..61b7bcf
--- /dev/null
+++ b/web/src/tabs/FDPCalculatorTab.tsx
@@ -0,0 +1,133 @@
+import { useState } from "react";
+import { pyodide } from "../pyodide/bridge";
+import ResultsCard from "../components/ResultsCard";
+
+function FDPCalculatorTab() {
+  // Required parameters
+  const [m, setM] = useState<string>("100");
+  const [c, setC] = useState<string>("10");
+  const [cCap, setCCap] = useState<string>("5");
+
+  // Advanced parameters
+  const [targetNoise, setTargetNoise] = useState<string>("0.001");
+  const [threshold, setThreshold] = useState<string>("0.05");
+  const [k, setK] = useState<string>("2");
+  const [delta, setDelta] = useState<string>("1e-6");
+
+  // State
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [results, setResults] = useState<any>(null);
+
+  const handleCalculate = async () => {
+    setLoading(true);
+    setError(null);
+    setResults(null);
+
+    try {
+      const code = `import runners
+runners.run_fdp(m=${m}, c=${c}, c_cap=${cCap}, target_noise=${targetNoise}, threshold=${threshold}, k=${k}, delta=${delta})`;
+
+      const raw = await pyodide.runPython(code);
+      const parsed = typeof raw === "string" ? JSON.parse(raw) : raw;
+      setResults(parsed);
+    } catch (err: any) {
+      setError(err.message || "Computation failed");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <div className="tab-content">
+      <h2>f-DP Calculator</h2>
+      <p>
+        Compute epsilon using the f-DP (functional Differential Privacy) canary
+        analysis. Provide the canary counts below and click Calculate.
+      </p>
+
+      <div className="param-grid">
+        <label>
+          m (total canaries inserted)
+          <input
+            type="number"
+            value={m}
+            onChange={(e) => setM(e.target.value)}
+            min={1}
+          />
+        </label>
+        <label>
+          c (canaries detected in output)
+          <input
+            type="number"
+            value={c}
+            onChange={(e) => setC(e.target.value)}
+            min={0}
+          />
+        </label>
+        <label>
+          c_cap (canaries detected in control)
+          <input
+            type="number"
+            value={cCap}
+            onChange={(e) => setCCap(e.target.value)}
+            min={0}
+          />
+        </label>
+      </div>
+
+      <details>
+        <summary>Advanced parameters</summary>
+        <div className="param-grid">
+          <label>
+            target_noise
+            <input
+              type="number"
+              value={targetNoise}
+              onChange={(e) => setTargetNoise(e.target.value)}
+              step="0.001"
+            />
+          </label>
+          <label>
+            threshold
+            <input
+              type="number"
+              value={threshold}
+              onChange={(e) => setThreshold(e.target.value)}
+              step="0.01"
+            />
+          </label>
+          <label>
+            k
+            <input
+              type="number"
+              value={k}
+              onChange={(e) => setK(e.target.value)}
+              min={1}
+            />
+          </label>
+          <label>
+            delta
+            <input
+              type="text"
+              value={delta}
+              onChange={(e) => setDelta(e.target.value)}
+            />
+          </label>
+        </div>
+      </details>
+
+      <button onClick={handleCalculate} disabled={loading}>
+        {loading ? "Calculating..." : "Calculate Epsilon"}
+      </button>
+
+      {loading && <div className="loading">Running f-DP analysis...</div>}
+
+      {error && <div className="error">{error}</div>}
+
+      {results && <ResultsCard data={results} type="fdp" />}
+    </div>
+  );
+}
+
+export default FDPCalculatorTab;
diff --git a/web/src/tabs/LIATab.tsx b/web/src/tabs/LIATab.tsx
new file mode 100644
index 0000000..fc2a24b
--- /dev/null
+++ b/web/src/tabs/LIATab.tsx
@@ -0,0 +1,167 @@
+import { useState } from "react";
+import { pyodide } from "../pyodide/bridge";
+import DataInput from "../components/DataInput";
+import ResultsCard from "../components/ResultsCard";
+import ParameterForm, { ParamField } from "../components/ParameterForm";
+
+// ---------------------------------------------------------------------------
+// Parameter field definitions
+// ---------------------------------------------------------------------------
+
+const LIA_FIELDS: ParamField[] = [
+  {
+    name: "y1_generation",
+    label: "Y1 Generation",
+    type: "select",
+    default: "calibration",
+    options: [
+      { label: "Calibration", value: "calibration" },
+      { label: "Uniform", value: "uniform" },
+    ],
+  },
+  {
+    name: "num_resampling_times",
+    label: "Num Resampling Times",
+    type: "number",
+    default: 100,
+    advanced: true,
+  },
+];
+
+// ---------------------------------------------------------------------------
+// Placeholder CSV strings
+// ---------------------------------------------------------------------------
+
+const TARGET_PLACEHOLDER = `is_member,predictions,label
+1,"[0.85, 0.15]",0
+0,"[0.30, 0.70]",1
+1,"[0.10, 0.90]",1
+0,"[0.60, 0.40]",0`;
+
+const CALIB_PLACEHOLDER = `is_member,predictions
+1,"[0.80, 0.20]"
+0,"[0.25, 0.75]"
+1,"[0.15, 0.85]"
+0,"[0.55, 0.45]"`;
+
+// ---------------------------------------------------------------------------
+// Helper: build default values from field definitions
+// ---------------------------------------------------------------------------
+
+function defaults(fields: ParamField[]): Record<string, any> {
+  const out: Record<string, any> = {};
+  for (const f of fields) {
+    out[f.name] = f.default;
+  }
+  return out;
+}
+
+// ---------------------------------------------------------------------------
+// Component
+// ---------------------------------------------------------------------------
+
+function LIATab() {
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [results, setResults] = useState<any>(null);
+
+  const [params, setParams] = useState<Record<string, any>>(
+    defaults(LIA_FIELDS),
+  );
+
+  const [calibData, setCalibData] = useState<string | null>(null);
+
+  // ---- Run LIA -------------------------------------------------------------
+
+  const handleTarget = async (data: string) => {
+    if (!calibData) {
+      setError(
+        "Please load calibration model predictions before running the LIA.",
+      );
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    setResults(null);
+    try {
+      const code = `import runners
+runners.run_lia(${JSON.stringify(data)}, ${JSON.stringify(calibData)}, ${JSON.stringify(JSON.stringify(params))})`;
+      const raw = await pyodide.runPython(code);
+      setResults(typeof raw === "string" ? JSON.parse(raw) : raw);
+    } catch (err: any) {
+      setError(err.message || "LIA analysis failed");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // ---- Render ---------------------------------------------------------------
+
+  return (
+    <div className="tab-content">
+      <h2>Label Inference Attack (LIA)</h2>
+      <p>
+        Test whether a model leaks information about training labels through its
+        predictions.
+      </p>
+
+      <details>
+        <summary>Getting your inputs</summary>
+        <p>
+          You need two CSVs: one with <strong>target model predictions</strong>{" "}
+          and one with <strong>calibration model predictions</strong>. The target
+          CSV must include <code>is_member</code>, <code>predictions</code>, and{" "}
+          <code>label</code> columns. The calibration CSV must include{" "}
+          <code>is_member</code> and <code>predictions</code> columns. See the{" "}
+          <a
+            href="https://github.com/facebookresearch/PrivacyGuard"
+            target="_blank"
+            rel="noopener noreferrer"
+          >
+            PrivacyGuard documentation
+          </a>{" "}
+          for details on generating these inputs.
+        </p>
+      </details>
+
+      <ParameterForm
+        fields={LIA_FIELDS}
+        values={params}
+        onChange={setParams}
+      />
+
+      <h4>Calibration Model Predictions</h4>
+      <DataInput
+        format="csv"
+        requiredColumns={["is_member", "predictions"]}
+        placeholder={CALIB_PLACEHOLDER}
+        onData={(data) => {
+          setCalibData(data);
+          setError(null);
+        }}
+      />
+      {calibData && (
+        <div className="hint" style={{ marginBottom: "1rem" }}>
+          Calibration data loaded.
+        </div>
+      )}
+
+      <h4>Target Model Predictions</h4>
+      <DataInput
+        format="csv"
+        requiredColumns={["is_member", "predictions", "label"]}
+        placeholder={TARGET_PLACEHOLDER}
+        onData={handleTarget}
+      />
+
+      {/* ---- Loading / error / results -------------------------------------- */}
+      {loading && <div className="loading">Running LIA analysis...</div>}
+
+      {error && <div className="error">{error}</div>}
+
+      {results && <ResultsCard data={results} type="mia" />}
+    </div>
+  );
+}
+
+export default LIATab;
diff --git a/web/src/tabs/Landing.tsx b/web/src/tabs/Landing.tsx
new file mode 100644
index 0000000..9f51ce9
--- /dev/null
+++ b/web/src/tabs/Landing.tsx
@@ -0,0 +1,67 @@
+import { Link } from "react-router-dom";
+
+const attacks = [
+  {
+    title: "Membership Inference (MIA)",
+    path: "/mia",
+    description:
+      "Test if a model memorized specific training examples using LiRA, RMIA, or Calibrated attacks.",
+  },
+  {
+    title: "Label Inference (LIA)",
+    path: "/lia",
+    description:
+      "Detect whether model predictions leak training label information.",
+  },
+  {
+    title: "Text Similarity",
+    path: "/text-similarity",
+    description:
+      "Measure text memorization via exact match, LCS, edit distance, and probabilistic memorization.",
+  },
+  {
+    title: "Code Similarity",
+    path: "/code-similarity",
+    description:
+      "AST-based tree edit distance and CodeBLEU for code memorization analysis.",
+    comingSoon: true,
+  },
+  {
+    title: "f-DP Calculator",
+    path: "/fdp",
+    description:
+      "Compute empirical privacy epsilon from canary insertion experiments.",
+  },
+];
+
+function Landing() {
+  return (
+    <div className="landing">
+      <div className="hero">
+        <h1>PrivacyGuard Playground</h1>
+        <p className="tagline">Audit ML model privacy in your browser</p>
+        <p className="privacy-note">
+          All computation runs locally in your browser via WebAssembly. Your data never leaves this page.
+        </p>
+      </div>
+
+      <div className="attack-cards">
+        {attacks.map((attack) => (
+          <Link
+            key={attack.path}
+            to={attack.path}
+            className={`attack-card${attack.comingSoon ? " coming-soon" : ""}`}
+          >
+            <h3>
+              {attack.title}
+              {attack.comingSoon && <span className="badge">Coming Soon</span>}
+            </h3>
+            <p>{attack.description}</p>
+          </Link>
+        ))}
+      </div>
+    </div>
+  );
+}
+
+export default Landing;
diff --git a/web/src/tabs/MIATab.tsx b/web/src/tabs/MIATab.tsx
new file mode 100644
index 0000000..4eabc87
--- /dev/null
+++ b/web/src/tabs/MIATab.tsx
@@ -0,0 +1,379 @@
+import { useState } from "react";
+import { pyodide } from "../pyodide/bridge";
+import DataInput from "../components/DataInput";
+import ResultsCard from "../components/ResultsCard";
+import ParameterForm, { ParamField } from "../components/ParameterForm";
+
+type SubTab = "lira" | "rmia" | "calib";
+
+// ---------------------------------------------------------------------------
+// Parameter field definitions
+// ---------------------------------------------------------------------------
+
+const LIRA_FIELDS: ParamField[] = [
+  {
+    name: "std_dev_type",
+    label: "Std Dev Type",
+    type: "select",
+    default: "global",
+    options: [
+      { label: "Global", value: "global" },
+      { label: "Shadows In", value: "shadows_in" },
+      { label: "Shadows Out", value: "shadows_out" },
+      { label: "Mix", value: "mix" },
+    ],
+  },
+  {
+    name: "online_attack",
+    label: "Online Attack",
+    type: "checkbox",
+    default: false,
+    advanced: true,
+  },
+];
+
+const RMIA_FIELDS: ParamField[] = [
+  {
+    name: "alpha_coefficient",
+    label: "Alpha Coefficient",
+    type: "number",
+    default: 0.3,
+    step: 0.05,
+  },
+];
+
+const CALIB_FIELDS: ParamField[] = [
+  {
+    name: "score_type",
+    label: "Score Type",
+    type: "select",
+    default: "loss",
+    options: [
+      { label: "Loss", value: "loss" },
+      { label: "Entropy", value: "entropy" },
+      { label: "Confidence", value: "confidence" },
+    ],
+  },
+  {
+    name: "should_calibrate_scores",
+    label: "Calibrate Scores",
+    type: "checkbox",
+    default: true,
+  },
+];
+
+// ---------------------------------------------------------------------------
+// Placeholder CSV strings
+// ---------------------------------------------------------------------------
+
+const LIRA_PLACEHOLDER = `is_member,score_orig,score_mean,score_std
+1,0.85,0.72,0.05
+0,0.45,0.68,0.06
+1,0.91,0.74,0.04
+0,0.32,0.65,0.07`;
+
+const RMIA_MEMBER_PLACEHOLDER = `is_member,score_orig,score_ref_0,score_ref_1
+1,0.85,0.72,0.69
+0,0.45,0.68,0.71
+1,0.91,0.74,0.73
+0,0.32,0.65,0.60`;
+
+const RMIA_POP_PLACEHOLDER = `score_orig,score_ref_0,score_ref_1
+0.55,0.60,0.58
+0.62,0.64,0.61
+0.48,0.51,0.49`;
+
+const CALIB_TARGET_PLACEHOLDER = `is_member,label,predictions
+1,0,"[0.85, 0.15]"
+0,1,"[0.30, 0.70]"
+1,1,"[0.10, 0.90]"
+0,0,"[0.60, 0.40]"`;
+
+const CALIB_CALIB_PLACEHOLDER = `is_member,label,predictions
+1,0,"[0.80, 0.20]"
+0,1,"[0.25, 0.75]"
+1,1,"[0.15, 0.85]"
+0,0,"[0.55, 0.45]"`;
+
+// ---------------------------------------------------------------------------
+// Helper: build default values from field definitions
+// ---------------------------------------------------------------------------
+
+function defaults(fields: ParamField[]): Record<string, any> {
+  const out: Record<string, any> = {};
+  for (const f of fields) {
+    out[f.name] = f.default;
+  }
+  return out;
+}
+
+// ---------------------------------------------------------------------------
+// Component
+// ---------------------------------------------------------------------------
+
+function MIATab() {
+  const [activeSubTab, setActiveSubTab] = useState<SubTab>("lira");
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [results, setResults] = useState<any>(null);
+
+  // Parameter state per sub-tab
+  const [liraParams, setLiraParams] = useState<Record<string, any>>(
+    defaults(LIRA_FIELDS),
+  );
+  const [rmiaParams, setRmiaParams] = useState<Record<string, any>>(
+    defaults(RMIA_FIELDS),
+  );
+  const [calibParams, setCalibParams] = useState<Record<string, any>>(
+    defaults(CALIB_FIELDS),
+  );
+
+  // Secondary data state for two-input attacks
+  const [rmiaPopData, setRmiaPopData] = useState<string | null>(null);
+  const [calibCalibData, setCalibCalibData] = useState<string | null>(null);
+
+  // ---- LiRA ---------------------------------------------------------------
+
+  const handleLira = async (data: string) => {
+    setLoading(true);
+    setError(null);
+    setResults(null);
+    try {
+      const code = `import runners
+runners.run_lira(${JSON.stringify(data)}, ${JSON.stringify(JSON.stringify(liraParams))})`;
+      const raw = await pyodide.runPython(code);
+      setResults(typeof raw === "string" ? JSON.parse(raw) : raw);
+    } catch (err: any) {
+      setError(err.message || "LiRA analysis failed");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // ---- RMIA ---------------------------------------------------------------
+
+  const handleRmia = async (data: string) => {
+    if (!rmiaPopData) {
+      setError("Please load population data before running RMIA.");
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    setResults(null);
+    try {
+      const code = `import runners
+runners.run_rmia(${JSON.stringify(data)}, ${JSON.stringify(rmiaPopData)}, ${JSON.stringify(JSON.stringify(rmiaParams))})`;
+      const raw = await pyodide.runPython(code);
+      setResults(typeof raw === "string" ? JSON.parse(raw) : raw);
+    } catch (err: any) {
+      setError(err.message || "RMIA analysis failed");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // ---- Calib --------------------------------------------------------------
+
+  const handleCalib = async (data: string) => {
+    if (!calibCalibData) {
+      setError(
+        "Please load calibration model predictions before running the calibrated attack.",
+      );
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    setResults(null);
+    try {
+      const code = `import runners
+runners.run_calib(${JSON.stringify(data)}, ${JSON.stringify(calibCalibData)}, ${JSON.stringify(JSON.stringify(calibParams))})`;
+      const raw = await pyodide.runPython(code);
+      setResults(typeof raw === "string" ? JSON.parse(raw) : raw);
+    } catch (err: any) {
+      setError(err.message || "Calibrated attack analysis failed");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  // ---- Render -------------------------------------------------------------
+
+  return (
+    <div className="tab-content">
+      <h2>Membership Inference Attacks</h2>
+
+      <div className="sub-tabs">
+        <button
+          className={activeSubTab === "lira" ? "active" : ""}
+          onClick={() => setActiveSubTab("lira")}
+        >
+          LiRA
+        </button>
+        <button
+          className={activeSubTab === "rmia" ? "active" : ""}
+          onClick={() => setActiveSubTab("rmia")}
+        >
+          RMIA
+        </button>
+        <button
+          className={activeSubTab === "calib" ? "active" : ""}
+          onClick={() => setActiveSubTab("calib")}
+        >
+          Calibrated
+        </button>
+      </div>
+
+      {/* ---- LiRA -------------------------------------------------------- */}
+      {activeSubTab === "lira" && (
+        <div className="sub-tab-content">
+          <h3>Likelihood Ratio Attack (LiRA)</h3>
+          <p>
+            State-of-the-art MIA using shadow model statistics. Computes
+            likelihood ratios from pre-computed shadow model scores.
+          </p>
+
+          <details>
+            <summary>Getting your inputs</summary>
+            <p>
+              Follow the{" "}
+              <a
+                href="https://github.com/facebookresearch/PrivacyGuard/blob/main/tutorial_notebooks/lira_tutorial.ipynb"
+                target="_blank"
+                rel="noopener noreferrer"
+              >
+                LiRA tutorial notebook
+              </a>{" "}
+              to generate shadow model scores. The output CSV should contain{" "}
+              <code>is_member</code>, <code>score_orig</code>,{" "}
+              <code>score_mean</code>, and <code>score_std</code> columns.
+            </p>
+          </details>
+
+          <ParameterForm
+            fields={LIRA_FIELDS}
+            values={liraParams}
+            onChange={setLiraParams}
+          />
+
+          <DataInput
+            format="csv"
+            requiredColumns={[
+              "is_member",
+              "score_orig",
+              "score_mean",
+              "score_std",
+            ]}
+            placeholder={LIRA_PLACEHOLDER}
+            onData={handleLira}
+          />
+        </div>
+      )}
+
+      {/* ---- RMIA -------------------------------------------------------- */}
+      {activeSubTab === "rmia" && (
+        <div className="sub-tab-content">
+          <h3>Reference Model MIA (RMIA)</h3>
+          <p>
+            Higher-power attack using fewer shadow models via reference model
+            comparison.
+          </p>
+
+          <details>
+            <summary>Getting your inputs</summary>
+            <p>
+              Follow the{" "}
+              <a
+                href="https://github.com/facebookresearch/PrivacyGuard/blob/main/tutorial_notebooks/rmia_tutorial.ipynb"
+                target="_blank"
+                rel="noopener noreferrer"
+              >
+                RMIA tutorial notebook
+              </a>{" "}
+              to generate reference model scores. You will need two CSVs: one
+              with member/holdout data and one with population data.
+            </p>
+          </details>
+
+          <ParameterForm
+            fields={RMIA_FIELDS}
+            values={rmiaParams}
+            onChange={setRmiaParams}
+          />
+
+          <h4>Population Data</h4>
+          <DataInput
+            format="csv"
+            requiredColumns={["score_orig"]}
+            placeholder={RMIA_POP_PLACEHOLDER}
+            onData={(data) => {
+              setRmiaPopData(data);
+              setError(null);
+            }}
+          />
+          {rmiaPopData && (
+            <div className="hint" style={{ marginBottom: "1rem" }}>
+              Population data loaded.
+            </div>
+          )}
+
+          <h4>Member/Holdout Data</h4>
+          <DataInput
+            format="csv"
+            requiredColumns={["is_member", "score_orig"]}
+            placeholder={RMIA_MEMBER_PLACEHOLDER}
+            onData={handleRmia}
+          />
+        </div>
+      )}
+
+      {/* ---- Calib ------------------------------------------------------- */}
+      {activeSubTab === "calib" && (
+        <div className="sub-tab-content">
+          <h3>Calibrated Attack</h3>
+          <p>
+            Baseline MIA using calibrated prediction confidence scores.
+          </p>
+
+          <ParameterForm
+            fields={CALIB_FIELDS}
+            values={calibParams}
+            onChange={setCalibParams}
+          />
+
+          <h4>Calibration Model Predictions</h4>
+          <DataInput
+            format="csv"
+            requiredColumns={["is_member", "label", "predictions"]}
+            placeholder={CALIB_CALIB_PLACEHOLDER}
+            onData={(data) => {
+              setCalibCalibData(data);
+              setError(null);
+            }}
+          />
+          {calibCalibData && (
+            <div className="hint" style={{ marginBottom: "1rem" }}>
+              Calibration data loaded.
+            </div>
+          )}
+
+          <h4>Target Model Predictions</h4>
+          <DataInput
+            format="csv"
+            requiredColumns={["is_member", "label", "predictions"]}
+            placeholder={CALIB_TARGET_PLACEHOLDER}
+            onData={handleCalib}
+          />
+        </div>
+      )}
+
+      {/* ---- Shared loading / error / results ---------------------------- */}
+      {loading && <div className="loading">Running attack analysis...</div>}
+
+      {error && <div className="error">{error}</div>}
+
+      {results && <ResultsCard data={results} type="mia" />}
+    </div>
+  );
+}
+
+export default MIATab;
diff --git a/web/src/tabs/TextSimilarityTab.tsx b/web/src/tabs/TextSimilarityTab.tsx
new file mode 100644
index 0000000..ac7ce47
--- /dev/null
+++ b/web/src/tabs/TextSimilarityTab.tsx
@@ -0,0 +1,224 @@
+import { useState } from "react";
+import { pyodide } from "../pyodide/bridge";
+import DataInput from "../components/DataInput";
+import ResultsCard from "../components/ResultsCard";
+
+type SubTab = "text_inclusion" | "prob_memorization";
+
+const EXAMPLE_PROMPT = `def fibonacci(n):`;
+const EXAMPLE_TARGET = `def fibonacci(n):
+    if n <= 1:
+        return n
+    return fibonacci(n-1) + fibonacci(n-2)`;
+const EXAMPLE_PREDICTION = `def fibonacci(n):
+    if n <= 1:
+        return n
+    return fibonacci(n-1) + fibonacci(n-2)`;
+
+const PROB_MEM_PLACEHOLDER = `prediction_logprobs
+"[-0.5, -1.2, -0.3, -0.8, -0.1, -2.1, -0.4]"
+"[-0.9, -0.2, -0.6, -1.5, -0.3, -0.7, -0.1]"`;
+
+const PROB_MEM_SNIPPET = `import torch
+from transformers import AutoModelForCausalLM, AutoTokenizer
+import csv
+
+model = AutoModelForCausalLM.from_pretrained("bigcode/starcoder2-3b")
+tokenizer = AutoTokenizer.from_pretrained("bigcode/starcoder2-3b")
+
+texts = ["def fibonacci(n):", "class LinkedList:"]
+
+with open("logprobs.csv", "w", newline="") as f:
+    writer = csv.writer(f)
+    writer.writerow(["prediction_logprobs"])
+    for text in texts:
+        inputs = tokenizer(text, return_tensors="pt")
+        with torch.no_grad():
+            outputs = model(**inputs)
+        logprobs = torch.log_softmax(outputs.logits, dim=-1)
+        # Gather the logprob for each actual token
+        token_ids = inputs["input_ids"][0, 1:]  # shift by 1
+        token_logprobs = logprobs[0, :-1].gather(1, token_ids.unsqueeze(1)).squeeze()
+        writer.writerow([token_logprobs.tolist()])`;
+
+function TextSimilarityTab() {
+  const [activeSubTab, setActiveSubTab] = useState<SubTab>("text_inclusion");
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState<string | null>(null);
+  const [results, setResults] = useState<any>(null);
+  const [resultsType, setResultsType] = useState<
+    "text_similarity" | "prob_memorization"
+  >("text_similarity");
+
+  // Text inclusion fields
+  const [prompt, setPrompt] = useState("");
+  const [target, setTarget] = useState("");
+  const [prediction, setPrediction] = useState("");
+
+  const loadExample = () => {
+    setPrompt(EXAMPLE_PROMPT);
+    setTarget(EXAMPLE_TARGET);
+    setPrediction(EXAMPLE_PREDICTION);
+  };
+
+  const handleTextInclusion = async () => {
+    if (!prompt.trim() || !target.trim() || !prediction.trim()) {
+      setError("Please fill in all three fields (prompt, target, and prediction).");
+      return;
+    }
+
+    setLoading(true);
+    setError(null);
+    setResults(null);
+
+    try {
+      const row = { prompt: prompt.trim(), targets: target.trim(), prediction: prediction.trim() };
+      const jsonlString = JSON.stringify(row);
+
+      const code = `import runners
+runners.run_text_inclusion(${JSON.stringify(jsonlString)}, '{}')`;
+
+      const raw = await pyodide.runPython(code);
+      const parsed = typeof raw === "string" ? JSON.parse(raw) : raw;
+      setResultsType("text_similarity");
+      setResults(parsed);
+    } catch (err: any) {
+      setError(err.message || "Text inclusion analysis failed");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  const handleProbMemorization = async (data: string) => {
+    setLoading(true);
+    setError(null);
+    setResults(null);
+
+    try {
+      const code = `import runners
+runners.run_prob_memorization(${JSON.stringify(data)}, '{"prob_threshold": 0.5}')`;
+
+      const raw = await pyodide.runPython(code);
+      const parsed = typeof raw === "string" ? JSON.parse(raw) : raw;
+      setResultsType("prob_memorization");
+      setResults(parsed);
+    } catch (err: any) {
+      setError(err.message || "Probabilistic memorization analysis failed");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  return (
+    <div className="tab-content">
+      <h2>Text Similarity Analysis</h2>
+
+      <div className="sub-tabs">
+        <button
+          className={activeSubTab === "text_inclusion" ? "active" : ""}
+          onClick={() => setActiveSubTab("text_inclusion")}
+        >
+          Text Inclusion + Edit Similarity
+        </button>
+        <button
+          className={activeSubTab === "prob_memorization" ? "active" : ""}
+          onClick={() => setActiveSubTab("prob_memorization")}
+        >
+          Probabilistic Memorization
+        </button>
+      </div>
+
+      {activeSubTab === "text_inclusion" && (
+        <div className="sub-tab-content">
+          <p>
+            Computes exact match, longest common subsequence (word/char), and
+            edit distance between model generations and target text.
+          </p>
+
+          <div style={{ display: "flex", justifyContent: "flex-end", marginBottom: "0.5rem" }}>
+            <button type="button" className="secondary" onClick={loadExample}>
+              Load Example
+            </button>
+          </div>
+
+          <div className="text-input-group">
+            <label>
+              Prompt
+              <textarea
+                value={prompt}
+                onChange={(e) => setPrompt(e.target.value)}
+                placeholder="Enter the prompt given to the model..."
+                rows={3}
+                spellCheck={false}
+              />
+            </label>
+
+            <label>
+              Target (reference text)
+              <textarea
+                value={target}
+                onChange={(e) => setTarget(e.target.value)}
+                placeholder="Enter the original/reference text you want to check against..."
+                rows={5}
+                spellCheck={false}
+              />
+            </label>
+
+            <label>
+              Prediction (model output)
+              <textarea
+                value={prediction}
+                onChange={(e) => setPrediction(e.target.value)}
+                placeholder="Enter the model's generated output..."
+                rows={5}
+                spellCheck={false}
+              />
+            </label>
+          </div>
+
+          <button
+            onClick={handleTextInclusion}
+            disabled={loading || (!prompt.trim() && !target.trim() && !prediction.trim())}
+          >
+            {loading ? "Analyzing..." : "Run Analysis"}
+          </button>
+        </div>
+      )}
+
+      {activeSubTab === "prob_memorization" && (
+        <div className="sub-tab-content">
+          <p>
+            Estimates the probability that a model has memorized specific
+            content, based on per-token log-probabilities.
+          </p>
+
+          <details>
+            <summary>How to get your inputs</summary>
+            <p>
+              Extract per-token log-probabilities from a HuggingFace model and
+              save as CSV with a <code>prediction_logprobs</code> column:
+            </p>
+            <pre>
+              <code>{PROB_MEM_SNIPPET}</code>
+            </pre>
+          </details>
+
+          <DataInput
+            format="csv"
+            requiredColumns={["prediction_logprobs"]}
+            placeholder={PROB_MEM_PLACEHOLDER}
+            onData={handleProbMemorization}
+          />
+        </div>
+      )}
+
+      {loading && <div className="loading">Running analysis...</div>}
+
+      {error && <div className="error">{error}</div>}
+
+      {results && <ResultsCard data={results} type={resultsType} />}
+    </div>
+  );
+}
+
+export default TextSimilarityTab;
diff --git a/web/src/utils/export.ts b/web/src/utils/export.ts
new file mode 100644
index 0000000..4e95b6f
--- /dev/null
+++ b/web/src/utils/export.ts
@@ -0,0 +1,24 @@
+export function downloadJSON(data: any, filename: string) {
+  const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
+  downloadBlob(blob, `${filename}.json`);
+}
+
+export function downloadCSV(records: any[], filename: string) {
+  if (!records.length) return;
+  const headers = Object.keys(records[0]);
+  const csv = [
+    headers.join(","),
+    ...records.map((r) => headers.map((h) => JSON.stringify(r[h] ?? "")).join(",")),
+  ].join("\n");
+  const blob = new Blob([csv], { type: "text/csv" });
+  downloadBlob(blob, `${filename}.csv`);
+}
+
+function downloadBlob(blob: Blob, filename: string) {
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement("a");
+  a.href = url;
+  a.download = filename;
+  a.click();
+  URL.revokeObjectURL(url);
+}
diff --git a/web/src/vite-env.d.ts b/web/src/vite-env.d.ts
new file mode 100644
index 0000000..11f02fe
--- /dev/null
+++ b/web/src/vite-env.d.ts
@@ -0,0 +1 @@
+/// <reference types="vite/client" />
diff --git a/web/tsconfig.app.json b/web/tsconfig.app.json
new file mode 100644
index 0000000..df2545f
--- /dev/null
+++ b/web/tsconfig.app.json
@@ -0,0 +1,25 @@
+{
+  "compilerOptions": {
+    "target": "ES2020",
+    "useDefineForClassFields": true,
+    "lib": ["ES2020", "DOM", "DOM.Iterable"],
+    "module": "ESNext",
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "isolatedModules": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+    "jsx": "react-jsx",
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["src"]
+}
diff --git a/web/tsconfig.json b/web/tsconfig.json
new file mode 100644
index 0000000..1ffef60
--- /dev/null
+++ b/web/tsconfig.json
@@ -0,0 +1,7 @@
+{
+  "files": [],
+  "references": [
+    { "path": "./tsconfig.app.json" },
+    { "path": "./tsconfig.node.json" }
+  ]
+}
diff --git a/web/tsconfig.node.json b/web/tsconfig.node.json
new file mode 100644
index 0000000..1752cb6
--- /dev/null
+++ b/web/tsconfig.node.json
@@ -0,0 +1,24 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "types": ["node"],
+    "lib": ["ES2023"],
+    "module": "ESNext",
+    "skipLibCheck": true,
+
+    /* Bundler mode */
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "isolatedModules": true,
+    "moduleDetection": "force",
+    "noEmit": true,
+
+    /* Linting */
+    "strict": true,
+    "noUnusedLocals": true,
+    "noUnusedParameters": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedSideEffectImports": true
+  },
+  "include": ["vite.config.ts"]
+}
diff --git a/web/vite.config.ts b/web/vite.config.ts
new file mode 100644
index 0000000..23de77b
--- /dev/null
+++ b/web/vite.config.ts
@@ -0,0 +1,58 @@
+import { defineConfig } from "vite";
+import react from "@vitejs/plugin-react";
+import path from "path";
+import { copyFileSync, mkdirSync, readdirSync } from "fs";
+import { fileURLToPath } from "url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+
+// Copy PrivacyGuard .py modules into public/pg_modules/ before build
+// so they are served as static assets and fetchable by the Pyodide worker.
+function copyPGModules() {
+  const repoRoot = path.resolve(__dirname, "..");
+  const dest = path.resolve(__dirname, "public", "pg_modules");
+
+  const dirs = [
+    "attacks",
+    "analysis",
+    "analysis/mia",
+    "analysis/extraction",
+    "analysis/lia",
+  ];
+
+  for (const dir of dirs) {
+    mkdirSync(path.join(dest, dir), { recursive: true });
+    const srcDir = path.join(repoRoot, dir);
+    try {
+      for (const file of readdirSync(srcDir)) {
+        if (file.endsWith(".py")) {
+          copyFileSync(path.join(srcDir, file), path.join(dest, dir, file));
+        }
+      }
+    } catch {
+      // Directory may not exist in some setups
+    }
+  }
+}
+
+copyPGModules();
+
+// Copy runners.py into public/pg_modules/ so it's fetchable as a static asset.
+const runnersSrc = path.resolve(__dirname, "src", "pyodide", "python", "runners.py");
+const runnersDest = path.resolve(__dirname, "public", "pg_modules", "runners.py");
+try {
+  mkdirSync(path.dirname(runnersDest), { recursive: true });
+  copyFileSync(runnersSrc, runnersDest);
+} catch {
+  // runners.py may not exist in CI/OSS setups
+}
+
+export default defineConfig({
+  plugins: [react()],
+  base: "/PrivacyGuard/",
+  server: {
+    fs: {
+      allow: [path.resolve(__dirname, "..")],
+    },
+  },
+});