Show HN: Tilde.run – Agent Sandbox with a Transactional, Versioned Filesystem
Tilde.run introduces a transactional, versioned filesystem for AI agents, aiming to make their deployment in production safe and reversible. It tackles the common pain points of state management, data integrity, and rogue agent behavior, offering atomic commits and rollbacks for agent actions. This innovative approach to agent sandboxing, built on lakeFS, addresses a significant challenge in the evolving AI landscape, making it highly relevant to the HN audience concerned with reliable system operations.
The Lowdown
Tilde.run is presented as a crucial tool for safely deploying AI agents into production environments, emphasizing its ability to mitigate risks through a unique transactional and versioned filesystem. It allows developers to 'let AI agents loose on production. Without the risk.'
- Reversible by Default: Every agent run is treated as a transaction, enabling instant rollbacks with a single command.
- Unified, Versioned Filesystem: Integrates data from sources like GitHub, S3, and Google Drive into a single
~/sandbox, with every file versioned from its first commit. - Safe Serverless Sandboxes: Agents run in isolated containers; changes commit atomically on success or are discarded on failure, eliminating manual cleanup or infrastructure management.
- Network Isolation: Outbound requests are audited and policy-checked, blocking unauthorized access and preventing data exfiltration, credential abuse, or prompt-injected callouts.
- Time Travel & Audit Trail: Provides a full timeline, diff inspection, and instant reversion of changes, linking every modification to its origin (human, process, or agent).
- Agent-First RBAC: Agents have scoped permissions, allowing granular policies and human approval gates for specific actions.
- Built on LakeFS: The underlying technology leverages lakeFS, an open-source data versioning layer, providing scalability and battle-tested reliability.
Tilde.run positions itself as the missing piece for secure and controlled AI agent deployment, offering a robust platform for managing agent interactions with real-world data and systems.
The Gossip
Problem or Panacea Perception
Many commenters expressed relief that Tilde.run addresses the common problem of agent persistence and filesystem management, highlighting how other sandboxes often fall short. However, a significant contingent questioned the overarching problem being solved, likening it to 'a solution desperately looking for a problem' in the crowded agent space and requesting clearer use cases.
External State Stumbles
A recurring concern revolved around the limitations of transactional rollbacks when agents interact with external, stateful systems like databases or financial APIs. While the author clarified that the system applies to the filesystem it manages, commenters pointed out that true 'rollback' on external actions (e.g., placing a stock trade or dropping a DB column) is impossible, implying a need for careful distinction between filesystem changes and broader system impacts.
Fatigue and Feature Focus
Several users voiced a 'fatigue' with the constant stream of new AI agent tools, often characterized by 'AI-made landing page design, lots of animations, lots of words.' They urged Tilde.run to more concisely highlight its unique value proposition and provide clear, hands-on demonstrations, which the author promptly addressed by sharing a demo video.
Technicalities and Transparency
Commenters inquired about the specific technical aspects of the sandboxes, including available compute resources (CPU/RAM/GPU) and the possibility of running local micro-VMs. There was also discussion regarding the product's open-source nature, with the author clarifying that while the service is hosted, its underlying technology, lakeFS, is open source.