Tilde wraps AI agent runs in atomic, rollback-able transactions on a POSIX filesystem that mounts GitHub, S3, and Google Drive as a single ~/sandbox.
Key Takeaways
Every sandbox run is an isolated container; on clean exit, file changes commit atomically via lakeFS snapshotting; on failure, nothing persists.
Network egress is policy-checked per request: cloud metadata endpoints, private nets, and unauthorized hosts are blocked and logged by default.
Agent-first RBAC gives agents scoped permissions with per-repository, per-action ALLOW / APPROVE / DENY policies in a readable DSL, separate from user credentials.
CLI, Python SDK, and Claude MCP interfaces are supported; one-shot and interactive shell modes both produce auditable commit IDs.
Built on lakeFS, the open-source data versioning layer used to manage billions of objects at scale.
Hacker News Comment Review
Commenters flagged that Tilde is a SaaS product, not a local open-source tool, and several pointed to Apache 2 OSS alternatives (smolmachines, microsandbox, boxlite) reaching maturity.
Founders confirmed atomic commits use optimistic concurrency via lakeFS, checking for conflicts when multiple writes touch the same resource, but pricing is not yet set.
Technical gaps noted: no public clarity on cross-source conflict resolution (e.g., one S3 write succeeds, a linked Git update fails), and no stated support for multi-agent branching/merging workflows.
Notable Comments
@jFriedensreich: “no one needs a non opensource sandbox” – lists three Apache 2 OSS sandbox projects as near-ready alternatives.
@seamossfet: asks whether multi-agent branching and merge conflict resolution are supported, a use case not addressed in the landing page.
@pdp: questions the novelty given Git is already versioned and S3 supports versioning natively, noting files copied into the sandbox are just copies.
