Tilde.run: An Agent Sandbox with a Transactional, Versioned Filesystem
Tilde.run is a sandbox for AI agents that turns every agent run into a reversible transaction. It creates a single versioned filesystem from multiple data sources — GitHub, S3, and Google Drive are mounted as a single ~/sandbox directory. Every file is versioned from the first commit, and any agent run can be rolled back instantly with one command.
Key Features
Versioned Composable Filesystem
A real POSIX filesystem—any tool, any language, no SDKs. Mount code from GitHub, training data from S3, and documents from Google Drive as a single ~/sandbox. Example mounts:
4 mounts
~/sandbox
├── code github acme/ml-pipeline
├── data s3 acme-data/training
├── docs gdrive team-wiki
└── output localAll versioned, all reversible.
Safe Serverless Sandboxes
Each run is a transaction in a fresh, isolated container. On clean exit, changes commit atomically; on failure, nothing changes. No backups to restore, no manual cleanup.
Network Isolation
Cloud metadata, private networks, and unauthorized hosts are blocked by default. Every outbound request is policy-checked and logged. Example egress log:
12:04:01 GET api.openai.com /v1/completions ALLOW
12:04:03 POST api.anthropic.com /v1/messages ALLOW
12:04:05 GET pypi.org /simple/pandas ALLOW
12:04:07 POST evil-exfil.io /upload DENY
12:04:08 GET 169.254.169.254 /metadata DENY
12:04:09 PUT registry.npmjs.org /my-pkg DENYTime Travel & Audit Trail
Browse the full timeline, inspect diffs, and revert any commit instantly. Every change is tied to the human, process, or agent that produced it.
Agent-first RBAC
Agents have scoped permissions—never full user access. Granular policies in a simple DSL. Example policy:
analyst-policy
GetObject (path: "/data/*") ?
PutObject (path: "/reports/*") # require human approval!
! PutObject (path: "/secrets/*")Quickstart
Install in one line:
$ curl -fsSL https://tilde.run/install | shRun an agent in a sandbox:
$ tilde exec my-team/documents \
--image python:3.12 \
-- /sandbox/code/agent.py --input /sandbox/data/reports
sandbox running...
sandbox completed. exit code: 0, commit id: c9d0e1f2Or start an interactive shell:
$ tilde shell my-team/documents --image python:3.12
root@sb-7f3a9c01:/sandbox$ _Python SDK:
import tilde
repo = tilde.repository("my-team/documents")
with repo.shell(image="python:3.12") as sh:
sh.run("pip install pandas")
result = sh.run("python agent.py --input /sandbox/data")
print(result.stdout.text())
Integrates with Claude, AWS S3, LangGraph, Google Drive, and Hugging Face.
📖 Read the full source: HN AI Agents
👀 See Also
My OpenClaw Got a Physical Body: Robot Dog with Eyes, Legs, and Voice
HolyCode: Docker Container for Persistent AI Coding Agent Environments
HolyCode is a Docker container that provides a persistent development environment for AI coding agents, keeping sessions, settings, and plugins across rebuilds. It includes preconfigured browser tooling for agent workflows and supports Claude, OpenAI, Gemini, and other providers through OpenCode.
OpenClaw Budget Guard Plugin Prevents Concurrent Budget Overspend
A new OpenClaw plugin called @runcycles/openclaw-budget-guard solves concurrent budget overspend by implementing atomic balance checks, reservation before execution, and idempotent retries. It requires a Cycles server with Redis and can be installed via bash command.
Claude's 171 Internal Emotion Vectors Influence Output: Toolkit Based on Anthropic Research
Anthropic's research paper reveals Claude has 171 internal activation patterns that function like emotion vectors, causally driving its behavior before it writes. A developer created a toolkit with 7 practical prompting principles and system prompts based on these findings.