Let AI agents loose on production. Without the risk.
Tilde turns every agent run into a transaction you can roll back. Code from GitHub, data from S3, and documents from Drive show up as a single versioned filesystem. Every outbound call is checked and logged. Autonomous code, finally safe to use against real data.
Free to start · Join the private preview
$ curl -fsSL https://tilde.run/install | sh
Reversible by default Roll back any agent run with one command
One filesystem, all your data GitHub, S3, and Drive as a single ~/sandbox
Contained by default Isolated runs, every network call audited
You stay in control Per-action policies and human approval gates
Versioned Composable Filesystem
A real POSIX filesystem - any tool, any language, no SDKs. Mount code from GitHub, training data from S3, and documents from Google Drive as a single ~/sandbox. Every file is versioned from the first commit, and any agent run can be rolled back instantly.
SOURCES
~/sandbox
github acme/ml-pipeline
s3 acme-data/training
gdrive team-wiki
local output/
├─code
├─data
├─docs
└─output
Safe Serverless Sandboxes
Stop fearing the rogue-agent outcome. Each run is a transaction in a fresh, isolated container - on a clean exit, changes commit atomically; on failure, nothing changes. No backups to restore, no manual cleanup, no infrastructure to manage.
network
filesystem
compute
my-agent.py
python:3.12 512MB 2 CPU
Network Isolation
Stop data exfiltration, credential abuse, and prompt-injected callouts before they leave the box. Cloud metadata, private networks, and unauthorized hosts are blocked by default. Every outbound request is policy-checked and logged against the agent that made it.
12:04:01 GET api.openai.com/v1/completions ALLOW
12:04:03 POST api.anthropic.com/v1/messages ALLOW
12:04:05 GET pypi.org/simple/pandas ALLOW
12:04:07 POST evil-exfil.io/upload DENY
12:04:08 GET 169.254.169.254/metadata DENY
12:04:09 PUT registry.npmjs.org/my-pkg DENY
Time Travel & Audit Trail
Know exactly what happened, who did it, and why - down to the file. Browse the full timeline, inspect diffs, and revert any commit instantly. Every change is tied to the human, process, or agent that produced it.
a1b2
c3d4
e5f6
7890
ab12
cd34
2d ago now
@ 7890a1b2
− secrets/prod-keys.yaml
+ exfil/dump.tar.gz
~ config/network.json
Agent-first RBAC
Agents are first-class citizens, with their own scoped permissions - never your full user access. Allow, deny, or require human approval per agent, per repository, per action. Granular policies in a simple, readable DSL.
A analyst-agent
WRITE /reports/q1.md
APPROVE
analyst-policy
GetObject(path:"/data/*")
?PutObject(path:"/reports/*") # require human approval!
!PutObject(path:"/secrets/*")
## Quickstart
Run commands and interactive shells in sandboxes from your terminal. Built for CI/CD and agentic automation.
Run agents in interactive shells or one-shot sandboxes, stream output, and commit. Done in a few lines of Python.
Tell Claude to spin up a sandbox, run your agent, and atomically commit the results. In plain English.
1 # Install in one line
2 $ curl -fsSL https://tilde.run/install | sh
3
4 # Run an agent in a sandbox
5 $ tilde exec my-team/documents \
6 --image python:3.12 \
7 -- /sandbox/code/agent.py --input /sandbox/data/reports
8 sandbox running...
9 sandbox completed. exit code: 0, commit id: c9d0e1f2
10
11 # Or start an interactive shell
12 $ tilde shell my-team/documents --image python:3.12
13 root@sb-7f3a9c01:/sandbox$ _ 1 import tilde
2
3 repo = tilde.repository("my-team/documents")
4
5 # Run an agent in an interactive sandbox
6 with repo.shell(image="python:3.12") as sh:
7 sh.run("pip install pandas")
8 result = sh.run("python agent.py --input /sandbox/data")
9 print(result.stdout.text())
10
11 # Or one-shot execution
12 result = repo.execute("python agent.py", image="python:3.12")
13 print(result.stdout.text())
14
15 # Full audit trail
16 for commit in repo.timeline():
17 print(commit.id[:8], commit.message)You Analyze the CSV files in our S3 data bucket and write a report to /sandbox/reports
Agent I'll run the analysis on /sandbox/data/inputs/s3/, and commit the results.
tilde exec my-team/documents \
--image analyst:latest \
-- ./code/agent.py --input ./data/inputs/s3 --output ./reportsAnalysis complete. 3 reports generated.
Agent
Sandbox execution complete, approval required
Waiting for approval to commit sandbox results
sandbox sb-7f3a9c01
Generate compliance reports from uploaded contracts
analyst-agent · 2 minutes ago
+ reports/q1-summary.md + reports/q1-metrics.json + charts/revenue-trend.png - staging/raw-export.csv
e5f6a7b8
Code review sandbox: fix auth middleware
code-review-agent · 1 hour ago
c9d0e1f2
Import customer documents from S3
sarah@acme.ai · 3 hours ago
01 setup
Compose Filesystem
Build a versioned repository from GitHub, S3, Drive, and more. Spin up an isolated sandbox with everything your agent needs.
github s3 drive ~/sandbox
02 execute
Run Agent
Your agent runs in isolation. Every file write is staged. The entire run is captured as a transaction -- committed atomically or discarded entirely.
$ tilde exec agent.py
03 decide
Commit or Rollback
Review the results. Approve and commit – or roll back and discard. One command, zero risk.
✓commit or ↺rollback
>
Built by the team behind lakeFS
We built lakeFS - the open-source data versioning layer trusted by some of the world's largest organizations to manage billions of objects. Tilde is built on that same battle-tested versioning foundation, reimagined as the filesystem platform the autonomous AI agent era demands.
~/workspace | my-team/documents ready
$tilde exec acme/docs -- python agent.py
● completed · committed a1b2c3d4
$_
Make agents safe.
Your first transactional, reversible agent run in 60 seconds. Join the private preview.