Posted by ozkatz 3 days ago
I’m not seeing a kernel module anywhere..
I've tried to focus more on end-user use-cases in my own product positioning, even though security is absolutely at the top of my list. This was hard to watch because it felt it demonstrated a security feature that is really secondary to the purpose of an agent.
What would be a spin in this AI category that would excite or surprise you?
SlicerVM (est. 2022) is already used for prime time, not "free as in beer" but has pretty reasonable individual plans that include all features. Shares the core code with actuated. (Creator of both speaking here)
Feel free to take a look and see if gives you a little more than the others you mentioned. If not no problems, I realise some folks prefer free stuff.
You might need it open source, the majority of the world doesn't care, like they don't care Windows is closed source, or like AWS is a "cloud" running somewhere else. Both of them are building blocks that made "the world better and more robust".
If you don't care that's fine. You go run the Claude Code "sandbox" and let it put your entire home directory on a public pastebin. Anthropic guarantee it will exfiltrate your data in the most secure way possible.
The rest of us want verifiable sandboxes which we can fix if they are wrong.
But this is too vague for me. I'm not seeing my questions answered in the landing page or FAQ either.
E.g.,... what's the pricing?
How does atomic commit really work? E.g., if one write to S3 succeeds but the update to a git repo fails?
Does this use optimistic locking or something else? What happens if I commit changes to a resource that was updated since it was imported?
Where/how is it hosted?
Atomic commits are based on snapshotting done by lakeFS under the hood. Each sandbox run produces a new atomic commit to a hidden "main" branch. Updating that branch is optimistically concurrent, with lakeFS checking for conflicts - multiple writers updating the same object.
Even if some tool makes it impossible for an AI agent to delete things in a way that isn't recoverable, there are other risks such as data exfiltration that need to be managed separately.
Other than that it looks cool!
Imagine an agent dropping a directory with 1m images in it. just figuring out what happened and what got dropped, restoring it one by one, etc. - doable, but ergonomics are a bit lacking.
I had to create my own setup using aws s3 filesystem and docker for this.
Does Tilde solve for this?
That is a single one liner of btrfs subvolume snapshot, in a single hook configuration file, ready to be valued at $10B as quantum agentic versioned sandbox startup.
I have a use case that could use this if it supports handling branching and merging file systems.
From a data structure and file ergonomics perspective, think of it as similar to Unity or UE4 for drug design. We have a huge variety of assets to manage alongside their relationships to each other, and the project files are local on the user's machine (with a collaboration / sync over the network between scientists working on the same project, hence where something like this would come in for us).
Many of those files are fine with a winning side strategy, but some of them might not be that clean. Take a protein structure defined by an `mmcif` file for example, if we clean the file by removing hydrogen atoms and another scientist repairs a side chain on that same file then we'd need a way to reconcile those differences.
On the agent side, our agents will generate small python scripts that manipulate the proteins, then cache and re-use those scripts as tools when possible. So preserving those scripts alongside the mutated asset and conversation history is something we've been working on.