The problem is you start getting comfortable and tired of your workflow getting interrupted when the agent needs more/repeated access. Gradually the permission scope increases, or you decide to take the guards off completely. At this point you have a non-deterministic black box with internet access doing things to your computer. Maybe the agent gets confused and force-pushes git, maybe you load load a malicious plugin, or MCP to github and ingest something hostile. The internet isn't getting kinder, it's basically all-out war behind the scenes, and having your agent do online research is an attack vector. Security is layered, and sandboxing is a layer you can add to mitigate some issues and have piece of mind.

TBH I didn't look too closely at the featured product because I have my own solution already, but it sounds like a versioning filesystem is integrated, which can be really handy. Filesystem snapshots are fast and cheap compared to traditional backup/restore operations. Git is a nice layer for text files, but it's slow and not very good for binary stuff, so if you're working with images or 3d models etc, a versioning FS is really useful.

There are lots of agent use cases beyond individual coding. Maybe you're building a multi-tenant product that let's user agents do stuff and you need an undo feature. That's probably a good case for a sandbox with versioning FS. Maybe you have an agent handling contractual transactions that can't afford to oops. LLM agents are an entirely new computing interface, so we should imagine wide variety of use cases, some of which would likely benefit from a sandbox environment that versions data.