I've tried to focus more on end-user use-cases in my own product positioning, even though security is absolutely at the top of my list. This was hard to watch because it felt it demonstrated a security feature that is really secondary to the purpose of an agent.
What would be a spin in this AI category that would excite or surprise you?
SlicerVM (est. 2022) is already used for prime time, not "free as in beer" but has pretty reasonable individual plans that include all features. Shares the core code with actuated. (Creator of both speaking here)
Feel free to take a look and see if gives you a little more than the others you mentioned. If not no problems, I realise some folks prefer free stuff.
You might need it open source, the majority of the world doesn't care, like they don't care Windows is closed source, or like AWS is a "cloud" running somewhere else. Both of them are building blocks that made "the world better and more robust".
But this is too vague for me. I'm not seeing my questions answered in the landing page or FAQ either.
E.g.,... what's the pricing?
How does atomic commit really work? E.g., if one write to S3 succeeds but the update to a git repo fails?
Does this use optimistic locking or something else? What happens if I commit changes to a resource that was updated since it was imported?
Where/how is it hosted?
Atomic commits are based on snapshotting done by lakeFS under the hood. Each sandbox run produces a new atomic commit to a hidden "main" branch. Updating that branch is optimistically concurrent, with lakeFS checking for conflicts - multiple writers updating the same object.
Even if some tool makes it impossible for an AI agent to delete things in a way that isn't recoverable, there are other risks such as data exfiltration that need to be managed separately.
Other than that it looks cool!
Imagine an agent dropping a directory with 1m images in it. just figuring out what happened and what got dropped, restoring it one by one, etc. - doable, but ergonomics are a bit lacking.
I had to create my own setup using aws s3 filesystem and docker for this.
Does Tilde solve for this?
That is a single one liner of btrfs subvolume snapshot, in a single hook configuration file, ready to be valued at $10B as quantum agentic versioned sandbox startup.
I have a use case that could use this if it supports handling branching and merging file systems.
From a data structure and file ergonomics perspective, think of it as similar to Unity or UE4 for drug design. We have a huge variety of assets to manage alongside their relationships to each other, and the project files are local on the user's machine (with a collaboration / sync over the network between scientists working on the same project, hence where something like this would come in for us).
Many of those files are fine with a winning side strategy, but some of them might not be that clean. Take a protein structure defined by an `mmcif` file for example, if we clean the file by removing hydrogen atoms and another scientist repairs a side chain on that same file then we'd need a way to reconcile those differences.
On the agent side, our agents will generate small python scripts that manipulate the proteins, then cache and re-use those scripts as tools when possible. So preserving those scripts alongside the mutated asset and conversation history is something we've been working on.
Are you able to set access read only?
I'd never personally use something like this because I don't see what it offers over doing dev in a linux VM, and setting folders to read only with chattr.
Most solutions can be engineered with standard Linux tools.
What I would use it for and why?
It reminds me of a blockchain - where it was a solution desperately looking for a problem. What problem does it solve?
1. to have a human in the loop to approve certain changes 2. rollback changes that end up being incorrect 3. allow reviewing the timeline and history to figure out what changed and how
Glad to see more takes in this space.
Building something for the same problem but more so from the perspective of self-hostable stateful sandboxes, and not just the filesystem (see https://bhatti.sh). What sandbox solution are you using here?
If you look at https://slicervm.com you'll see he's copied our terminal animation from the top of the website. Took out a monthly subscription for 1x month, cloned the majority of the UX/DX and way the guest agent works.
Had people reach out and flag it to me and I'm like "yes there's a reason for that"..
I think this is just par for the course in an AI slop world. Nothing to stop people imitating, copying, cloning with a good prompt and partial source / detailed docs available.
If I understand correctly what Tilde is doing is extending the concept of the sandbox in an operating system - filesystem, to data too.
So this is a sandbox environment someone would use for data heavy agentic workloads, is this correct?
Agents are really good at interacting with files and directories (text in, text out!). This adds a layer for those that allows managing that state in a transactional, versioned way.
Version control and isolation will probably stay useful, though, more for distributed development and workflow reasons than for safety.
The problem is you start getting comfortable and tired of your workflow getting interrupted when the agent needs more/repeated access. Gradually the permission scope increases, or you decide to take the guards off completely. At this point you have a non-deterministic black box with internet access doing things to your computer. Maybe the agent gets confused and force-pushes git, maybe you load load a malicious plugin, or MCP to github and ingest something hostile. The internet isn't getting kinder, it's basically all-out war behind the scenes, and having your agent do online research is an attack vector. Security is layered, and sandboxing is a layer you can add to mitigate some issues and have piece of mind.
TBH I didn't look too closely at the featured product because I have my own solution already, but it sounds like a versioning filesystem is integrated, which can be really handy. Filesystem snapshots are fast and cheap compared to traditional backup/restore operations. Git is a nice layer for text files, but it's slow and not very good for binary stuff, so if you're working with images or 3d models etc, a versioning FS is really useful.
There are lots of agent use cases beyond individual coding. Maybe you're building a multi-tenant product that let's user agents do stuff and you need an undo feature. That's probably a good case for a sandbox with versioning FS. Maybe you have an agent handling contractual transactions that can't afford to oops. LLM agents are an entirely new computing interface, so we should imagine wide variety of use cases, some of which would likely benefit from a sandbox environment that versions data.
Not sure how I feel about it using on your hosted service, while your home page is asking me for analytics data and only the cli and sdk are open source.
I get providing a hosted service, but I don't understand how it makes it easier for agents to consume unless you're hosting an MCP? My understanding is an agent skill and a cli tool is all an agent needs?
Before I invest my time into something like this I'll need to know what it'll end up costing in the end. Perhaps it's just that "private previews" aren't for me. Good luck!
Not sure what else we can do in this world other than tightly control outbound requests and provide enough visibility into those requests for a human|agent to try and undo changes.
Happy to hear your thoughts - what would you like to see us take this?
I'd love to learn more on how egress can be handled securely in sandboxes, and in general also ingress as this has some security impact - as soon as you allow reading from an external system you open up a new threat vector. Curious to understand whether you have any strategy for network access?
This is metadata only as the objects themselves are immutable.
I increasingly feel the impact of landing on the frontpage of HN is not as pronounced as it used to be. The demographic shift of HN is also noted, it has a lot more "reddit" vibe than I remember.
Now I see these things and its more likely than not that it was spit out by an agentic tool with little to no understanding of the code, and hardly learning or effort took place. Feels cheap and a waste of time. Why spend my time looking at something that someone made in a few hours so they could up their fake portfolio?
Its great to find real development out there but these types of posts eg "Show: random agentic tool gibberish" feel cheap and flaccid now. Nothing impressive
GCs, blogs, and small chatrooms are the way.
perhaps the biggest hit is the trust, now people will just jump to conclusion and say your comment is AI and overall the presence that I used to feel from before the AI days is not there.
its no longer rewarding and ironically i've started to engage a lot less and seek human connections outside so perhaps there is an upside.
I also see a lot of people cutting back on instagram and social media use. AI appears to be slowly driving people off the internet and towards analog real human connection but its very subtle and too little to celebrate
That said, using LakeFS is probably a better long term solution and I like this approach.
If it's not a local sandbox, I'm not interested.
We've got enough subscription lock-in from LLM's already.
