Get the top HN stories in your inbox every day.
docheinestages
Just my two cents: less is more and the first impression matters a lot. I'm saying this because we see a new agent sandbox tool on the front-page almost every day. Most of them have an AI-made landing page design, lots of animations, lots of words. This has become a bad sign for me. I can tell that you put time into it, made a video, and everything, but I guess I'm suffering from some kind of fatigue of having to go through all these tools. So, the less I have to process to get to the meat of exactly what I'm looking at, what sets this apart from others, why and when I would need to use it, then the more likely I am to actually engage with the product.
ozkatz
That's fair. What makes this unique is the versioned, composable filesystem. It's built on top of lakeFS (https://github.com/treeverse/lakeFS) so it scales really well, unlike other solutions that try and do this with Git directly.
hamandcheese
Is lakeFS an FS....? Zero mention of FUSE or a kernel module at all in the README.
rendaw
The title says it's a new filesystem, you either need to use fuse or a kernel module.
doctorpangloss
LLM authored comments are against the rules. I don't think file versioning is differentiated anyway.
nateb2022
OP is actually one of the co-creators of lakeFS, for context.
debarshri
Anthropic is probably looking at this trend and building something. When released will kill couple of startups.
messh
Sadly this is what sells. Standing out in this regard checkout https://shellbox.dev maybe swinging too far though?
dev360
As someone who is building an AI tool in this category, can you give examples? :)
I've tried to focus more on end-user use-cases in my own product positioning, even though security is absolutely at the top of my list. This was hard to watch because it felt it demonstrated a security feature that is really secondary to the purpose of an agent.
What would be a spin in this AI category that would excite or surprise you?
whalesalad
Agreed. All of these tools promise the world and are so incredibly vague. Actually show me what I can do with it, like hands on.
ozkatz
https://www.youtube.com/watch?v=fDR8tmes020 - a 2 minute hands-on demo!
lifty
I see a lot of negative feedback here, but I don't agree with it. This is really fantastic what you have built, especially for longer running agents that are used repeatedly, in which case the initial investment of giving only the permissions it needs is worth the effort. To that end, ability to combine several agents which have different roles, which are narrowly scoped in terms of permissions, would be a very useful feature. Perhaps you could even have an agent or UI overlay driven by AI, which can quickly scope the permissions for a new agent, so that users don't need to do it manually.
whalesalad
Being brutally honest - terrible demo. 80% of this is baseline stuff, setting up permissions (annoying), and the last few seconds we see a file was deleted and we can approve it. This is not selling your product.
jFriedensreich
I had to dig hard to find this is a SAAS sandbox offering not an actual sandbox (the software i can use locally). Its just wasting peoples time, no one needs a non opensource sandbox. There are now at least 3 apache 2 projects (smolmachines, microsandbox, boxlite) working on sandboxes and at least one of them should be ready for primetime soon.
HatchedLake721
It’s like saying no one needs Dropbox because rsync exists, or no one needs HubSpot because Salesforce exists.
alexellisuk
It's interesting to see this one launch (yes yet another sandbox.. I was getting worried we'd not seen one for a few days)
SlicerVM (est. 2022) is already used for prime time, not "free as in beer" but has pretty reasonable individual plans that include all features. Shares the core code with actuated. (Creator of both speaking here)
Feel free to take a look and see if gives you a little more than the others you mentioned. If not no problems, I realise some folks prefer free stuff.
skeledrew
I made something pretty similar to this a couple months ago, when I was just getting into using coding agents. Has 2 parts that work individually but are better together: a change tracking FS and an agent sandbox. Haven't really used it though as it's a pain to get Claude Code working in that - Docker-based - sandbox without baking it in, and I really want something that's fully configurable. And then I didn't really need it to because I'm a very interactive user; I'm almost constantly watching the agent and never use YOLO... except for 1 codebase where it's frustratingly failing to fix a single particular bug and I really don't want to deal with it myself.
jmull
This is an excellent idea who's time has come.
But this is too vague for me. I'm not seeing my questions answered in the landing page or FAQ either.
E.g.,... what's the pricing?
How does atomic commit really work? E.g., if one write to S3 succeeds but the update to a git repo fails?
Does this use optimistic locking or something else? What happens if I commit changes to a resource that was updated since it was imported?
Where/how is it hosted?
ozkatz
Regarding pricing - that's indeed a great question and we don't have an answer yet. It will very likely be based on consumption and should be competitive to similar solutions.
Atomic commits are based on snapshotting done by lakeFS under the hood. Each sandbox run produces a new atomic commit to a hidden "main" branch. Updating that branch is optimistically concurrent, with lakeFS checking for conflicts - multiple writers updating the same object.
_pdp_
Git is already versioned, S3 support versioning and any file copied into the sandbox, is well a copy, so I am not sure what is the angle here.
Other than that it looks cool!
gatvol
Doesn't s3 now have versioning + POSIX mounts?
ozkatz
S3 offers versioning at the single file level.
Imagine an agent dropping a directory with 1m images in it. just figuring out what happened and what got dropped, restoring it one by one, etc. - doable, but ergonomics are a bit lacking.
kushalpatil07
I was trying to build an agent. None of the sandboxes out there had solved the filesystem problem. I want my agent to have a persistent storage, and that stays forever. Like a human with a computer. When the agent spins up again, it has access to the computer with the same files.
I had to create my own setup using aws s3 filesystem and docker for this.
Does Tilde solve for this?
thepoet
Hey, this is exactly what we do at https://instavm.io Agents get persistent storage that outlive the sandbox and when the agent spins up again you get access to the computer with same files.
Galanwe
Snapshotting a filesystem is trivial with e.g. btrfs. You can hook snapshot creation in your agent.
That is a single one liner of btrfs subvolume snapshot, in a single hook configuration file, ready to be valued at $10B as quantum agentic versioned sandbox startup.
ozkatz
Part of the appeal (subjective, I know) of versioning is stuff like human-in-the-loop approvals. Think of a pull request: a change is requested by an agent, a human approves, changes get merged atomically. Even if other changes were applied since creation.
gitaarik
Isn't that like working on a codebase with an agent?
gavmor
Nanoclaw mounts each agent's folder to the ephemeral container.
zuzululu
just get a $5 VPS or hetzner and you are good.
keepamovin
Just run it on your GitHub actions minutes
stronglikedan
infosec would like a word...
zuzululu
which is the bare minimum that I hope people are doing , nothing about trusting a third party is any less or more secure.
ozkatz
Exactly that!
seamossfet
Does this provide gitflow to handle conflicts from multiple agents touching the same file system or is it purely for single-branch sequential iterations on the filesystem?
I have a use case that could use this if it supports handling branching and merging file systems.
ozkatz
It uses lakeFS under the hood, so the unit of conflict would be a single file (object, under the hood). Resolving conflicts requires "picking" a winning side, or rerunning a conflicting job. Would you see a use case for merging changes into the same file? Interested to hear about your use case!
seamossfet
We're building a CAD for drug design, we often have to handle large and highly varied file formats. Protein structures, compounds, python scripts, lab notebook entries, instrumentation data, etc.
From a data structure and file ergonomics perspective, think of it as similar to Unity or UE4 for drug design. We have a huge variety of assets to manage alongside their relationships to each other, and the project files are local on the user's machine (with a collaboration / sync over the network between scientists working on the same project, hence where something like this would come in for us).
Many of those files are fine with a winning side strategy, but some of them might not be that clean. Take a protein structure defined by an `mmcif` file for example, if we clean the file by removing hydrogen atoms and another scientist repairs a side chain on that same file then we'd need a way to reconcile those differences.
On the agent side, our agents will generate small python scripts that manipulate the proteins, then cache and re-use those scripts as tools when possible. So preserving those scripts alongside the mutated asset and conversation history is something we've been working on.
anonymousiam
Back in the 1970's when versioned filesystems were invented, they provided a recovery path for when a file was improperly changed or deleted. Now, in the age of LLMs that go rouge, I can see why they would become popular again.
ozkatz
Oh VMS, How I miss thee
sahil-shubham
Nice work on the website!
Building something for the same problem but more so from the perspective of self-hostable stateful sandboxes, and not just the filesystem (see https://bhatti.sh). What sandbox solution are you using here?
arm32
Your landing page looks very similar to OP's! I thought it was the same site!
alexellisuk
Not a surprise at all.
If you look at https://slicervm.com you'll see he's copied our terminal animation from the top of the website. Took out a monthly subscription for 1x month, cloned the majority of the UX/DX and way the guest agent works.
Had people reach out and flag it to me and I'm like "yes there's a reason for that"..
I think this is just par for the course in an AI slop world. Nothing to stop people imitating, copying, cloning with a good prompt and partial source / detailed docs available.
sahil-shubham
[dead]
cpard
It was a nice surprise seeing your post on the first page of HN Oz, congrats!
If I understand correctly what Tilde is doing is extending the concept of the sandbox in an operating system - filesystem, to data too.
So this is a sandbox environment someone would use for data heavy agentic workloads, is this correct?
ozkatz
Hey! It doesn't necessarily have to be "data heavy", but any form of state (from code to binary files) that an agent might use for automation.
Agents are really good at interacting with files and directories (text in, text out!). This adds a layer for those that allows managing that state in a transactional, versioned way.
digitaltrees
Interesting project. I am building an IDE for my phone and browser (www.propelcode.app) and have evaluated a few container architectures and providers. It was quite painful to get a prototype working. I will try your platform and would be happy to give feedback.
ozkatz
Much appreciated! and good luck with your project
digitaltrees
What’s the best way to give you user feedback? What would be most helpful? What’s your ideal customer profile?
ozkatz
oz dot katz at treeverse.io would be best. ICP is SMB/mid-sized ISVs.
Get the top HN stories in your inbox every day.
I glanced through the whole documentation, the homepage and the github readmes and still couldn't figure out which OS do they support and how. And this is especially important to know because sandboxing in macOS and Linux have nothing in common.