Tilde.run wraps AI agent runs in transactional, rollback-capable sandboxes that compose GitHub, S3, and Google Drive as a single versioned POSIX filesystem with audited network egress.
Key Takeaways
Every agent execution runs in an isolated container; on clean exit, filesystem changes commit atomically via lakeFS-derived versioning; on failure, nothing persists.
GitHub repos, S3 buckets, and Google Drive mount together as ~/sandbox, fully versioned from first write with one-command rollback.
Network egress is policy-checked per agent: cloud metadata endpoints and unauthorized hosts are blocked by default; every allowed or denied call is logged with timestamp and agent identity.
Agent-first RBAC assigns scoped permissions per agent, per repo, per action using a readable DSL supporting ALLOW, DENY, and human APPROVE gates.
Built on the lakeFS open-source data versioning engine; CLI, Python SDK, and a natural-language Claude interface are all supported entry points.
Hacker News Comment Review
Commenters are skeptical about the production-safety framing: one questioned why a sandbox filesystem copy would actually protect production S3 data unless the agent re-uploads changes, pointing to a gap in the rollback story for external side effects.
Concern was raised that only the CLI and SDK are open source while the core sandbox runs on Tilde’s hosted infrastructure, with the landing page also requesting analytics consent, raising trust questions for security-sensitive use cases.
Notable Comments
@qudat: Questions whether filesystem-level rollback actually prevents production impact if the agent re-uploads files to S3 directly.
