I had to create my own setup using aws s3 filesystem and docker for this.
Does Tilde solve for this?
That is a single one liner of btrfs subvolume snapshot, in a single hook configuration file, ready to be valued at $10B as quantum agentic versioned sandbox startup.
I've tried to focus more on end-user use-cases in my own product positioning, even though security is absolutely at the top of my list. This was hard to watch because it felt it demonstrated a security feature that is really secondary to the purpose of an agent.
What would be a spin in this AI category that would excite or surprise you?
SlicerVM (est. 2022) is already used for prime time, not "free as in beer" but has pretty reasonable individual plans that include all features. Shares the core code with actuated. (Creator of both speaking here)
Feel free to take a look and see if gives you a little more than the others you mentioned. If not no problems, I realise some folks prefer free stuff.
I increasingly feel the impact of landing on the frontpage of HN is not as pronounced as it used to be. The demographic shift of HN is also noted, it has a lot more "reddit" vibe than I remember.
Now I see these things and its more likely than not that it was spit out by an agentic tool with little to no understanding of the code, and hardly learning or effort took place. Feels cheap and a waste of time. Why spend my time looking at something that someone made in a few hours so they could up their fake portfolio?
Its great to find real development out there but these types of posts eg "Show: random agentic tool gibberish" feel cheap and flaccid now. Nothing impressive
GCs, blogs, and small chatrooms are the way.
Other than that it looks cool!
Imagine an agent dropping a directory with 1m images in it. just figuring out what happened and what got dropped, restoring it one by one, etc. - doable, but ergonomics are a bit lacking.
1. to have a human in the loop to approve certain changes 2. rollback changes that end up being incorrect 3. allow reviewing the timeline and history to figure out what changed and how
Version control and isolation will probably stay useful, though, more for distributed development and workflow reasons than for safety.
That said, using LakeFS is probably a better long term solution and I like this approach.
I have a use case that could use this if it supports handling branching and merging file systems.
From a data structure and file ergonomics perspective, think of it as similar to Unity or UE4 for drug design. We have a huge variety of assets to manage alongside their relationships to each other, and the project files are local on the user's machine (with a collaboration / sync over the network between scientists working on the same project, hence where something like this would come in for us).
Many of those files are fine with a winning side strategy, but some of them might not be that clean. Take a protein structure defined by an `mmcif` file for example, if we clean the file by removing hydrogen atoms and another scientist repairs a side chain on that same file then we'd need a way to reconcile those differences.
On the agent side, our agents will generate small python scripts that manipulate the proteins, then cache and re-use those scripts as tools when possible. So preserving those scripts alongside the mutated asset and conversation history is something we've been working on.
Building something for the same problem but more so from the perspective of self-hostable stateful sandboxes, and not just the filesystem (see https://bhatti.sh). What sandbox solution are you using here?
If you look at https://slicervm.com you'll see he's copied our terminal animation from the top of the website. Took out a monthly subscription for 1x month, cloned the majority of the UX/DX and way the guest agent works.
Had people reach out and flag it to me and I'm like "yes there's a reason for that"..
I think this is just par for the course in an AI slop world. Nothing to stop people imitating, copying, cloning with a good prompt and partial source / detailed docs available.
Not sure how I feel about it using on your hosted service, while your home page is asking me for analytics data and only the cli and sdk are open source.
I get providing a hosted service, but I don't understand how it makes it easier for agents to consume unless you're hosting an MCP? My understanding is an agent skill and a cli tool is all an agent needs?
Not sure what else we can do in this world other than tightly control outbound requests and provide enough visibility into those requests for a human|agent to try and undo changes.
Happy to hear your thoughts - what would you like to see us take this?
I'd love to learn more on how egress can be handled securely in sandboxes, and in general also ingress as this has some security impact - as soon as you allow reading from an external system you open up a new threat vector. Curious to understand whether you have any strategy for network access?
This is metadata only as the objects themselves are immutable.
But this is too vague for me. I'm not seeing my questions answered in the landing page or FAQ either.
E.g.,... what's the pricing?
How does atomic commit really work? E.g., if one write to S3 succeeds but the update to a git repo fails?
Does this use optimistic locking or something else? What happens if I commit changes to a resource that was updated since it was imported?
Where/how is it hosted?
Atomic commits are based on snapshotting done by lakeFS under the hood. Each sandbox run produces a new atomic commit to a hidden "main" branch. Updating that branch is optimistically concurrent, with lakeFS checking for conflicts - multiple writers updating the same object.
Are you able to set access read only?
I'd never personally use something like this because I don't see what it offers over doing dev in a linux VM, and setting folders to read only with chattr.
Most solutions can be engineered with standard Linux tools.
There are of course some projects where it can be useful, assuming it works properly and that's not a given either when it's vibecoded.
If I understand correctly what Tilde is doing is extending the concept of the sandbox in an operating system - filesystem, to data too.
So this is a sandbox environment someone would use for data heavy agentic workloads, is this correct?
Agents are really good at interacting with files and directories (text in, text out!). This adds a layer for those that allows managing that state in a transactional, versioned way.
Even if some tool makes it impossible for an AI agent to delete things in a way that isn't recoverable, there are other risks such as data exfiltration that need to be managed separately.
What I would use it for and why?
It reminds me of a blockchain - where it was a solution desperately looking for a problem. What problem does it solve?
Glad to see more takes in this space.
Before I invest my time into something like this I'll need to know what it'll end up costing in the end. Perhaps it's just that "private previews" aren't for me. Good luck!
If it's not a local sandbox, I'm not interested.
We've got enough subscription lock-in from LLM's already.
