Show HN: Tilde.run - 具备事务性和版本控制文件系统的代理沙箱
Agent 沙箱里的文件操作终于有了事务和版本回滚,对自动化链路调试是个实在的改进,搞 LLM 工具调用的可以试试。
Tilde.run 发布了一款代理沙箱,其核心特点是具备事务性和版本控制功能的文件系统。该系统支持事务操作,确保文件更改的原子性,同时提供完整的版本历史记录。该工具旨在为开发者提供一个安全、可回溯的代码执行环境,适用于需要高可靠性的自动化代理或脚本测试场景。目前该项目已在 Hacker News 上获得 102 点关注度。
~tilde.run
Let AI agents loose on production. Without the risk.
Tilde turns every agent run into a transaction you can roll back. Code from GitHub, data from S3, and documents from Drive show up as a single versioned filesystem. Every outbound call is checked and logged. Autonomous code, finally safe to use against real data.
Free to start · Join the private preview
$ curl -fsSL https://tilde.run/install | sh Plugs into the stack you already use
## Features
Three guarantees that make autonomous code safe to run on real data: reversibility, isolation, and audit. Useful on their own. Decisive together.
Versioned Composable Filesystem
A real POSIX filesystem - any tool, any language, no SDKs. Mount code from GitHub, training data from S3, and documents from Google Drive as a single ~/sandbox. Every file is versioned from the first commit, and any agent run can be rolled back instantly.
Safe Serverless Sandboxes
Stop fearing the rogue-agent outcome. Each run is a transaction in a fresh, isolated container - on a clean exit, changes commit atomically; on failure, nothing changes. No backups to restore, no manual cleanup, no infrastructure to manage.
Network Isolation
Stop data exfiltration, credential abuse, and prompt-injected callouts before they leave the box. Cloud metadata, private networks, and unauthorized hosts are blocked by default. Every outbound request is policy-checked and logged against the agent that made it.
Time Travel & Audit Trail
Know exactly what happened, who did it, and why - down to the file. Browse the full timeline, inspect diffs, and revert any commit instantly. Every change is tied to the human, process, or agent that produced it.
Agent-first RBAC
Agents are first-class citizens, with their own scoped permissions - never your full user access. Allow, deny, or require human approval per agent, per repository, per action. Granular policies in a simple, readable DSL.
## Quickstart
Run commands and interactive shells in sandboxes from your terminal. Built for CI/CD and agentic automation.
Run agents in interactive shells or one-shot sandboxes, stream output, and commit. Done in a few lines of Python.
Tell Claude to spin up a sandbox, run your agent, and atomically commit the results. In plain English.
1 # Install in one line
2 $ curl -fsSL https://tilde.run/install | sh
3
4 # Run an agent in a sandbox
5 $ tilde exec my-team/documents \
6 --image python:3.12 \
7 -- /sandbox/code/agent.py --input /sandbox/data/reports
8 sandbox running...
9 sandbox completed. exit code: 0, commit id: c9d0e1f2
10
11 # Or start an interactive shell
12 $ tilde shell my-team/documents --image python:3.12
13 root@sb-7f3a9c01:/sandbox$ _ 1 import tilde
2
3 repo = tilde.repository("my-team/documents")
4
5 # Run an agent in an interactive sandbox
6 with repo.shell(image="python:3.12") as sh:
7 sh.run("pip install pandas")
8 result = sh.run("python agent.py --input /sandbox/data")
9 print(result.stdout.text())
10
11 # Or one-shot execution
12 result = repo.execute("python agent.py", image="python:3.12")
13 print(result.stdout.text())
14
15 # Full audit trail
16 for commit in repo.timeline():
17 print(commit.id[:8], commit.message)tilde exec my-team/documents \
--image analyst:latest \
-- ./code/agent.py --input ./data/inputs/s3 --output ./reportsSandbox execution complete, approval required ## How It Works
Every agent run is a transaction. Compose your filesystem, run your code, then decide: commit the changes or roll back like it never happened.
Generate compliance reports from uploaded contracts
analyst-agent · 2 minutes agoCode review sandbox: fix auth middleware
code-review-agent · 1 hour agoImport customer documents from S3
sarah@acme.ai · 3 hours agoCompose Filesystem
Build a versioned repository from GitHub, S3, Drive, and more. Spin up an isolated sandbox with everything your agent needs.
Run Agent
Your agent runs in isolation. Every file write is staged. The entire run is captured as a transaction -- committed atomically or discarded entirely.
Commit or Rollback
Review the results. Approve and commit – or roll back and discard. One command, zero risk.
Built by the team behind lakeFS
We built lakeFS - the open-source data versioning layer trusted by some of the world's largest organizations to manage billions of objects. Tilde is built on that same battle-tested versioning foundation, reimagined as the filesystem platform the autonomous AI agent era demands.
Make agents safe.
Your first transactional, reversible agent run in 60 seconds. Join the private preview.