~tilde.run

Let AI agents loose on production. Without the risk.

Tilde turns every agent run into a transaction you can roll back. Code from GitHub, data from S3, and documents from Drive show up as a single versioned filesystem. Every outbound call is checked and logged. Autonomous code, finally safe to use against real data.

Start Now → Read the Docs →

Free to start · Join the private preview

my-team/documents | main LIVE analyst python:3.12 64% doc-writer node:22 41% /code github acme/ml-pipeline /data s3 847 objects · 12 GB /docs gdrive team-wiki /output local +4~1 5 files staged all versioned · any commit revertible $ curl -fsSL https://tilde.run/install | shcopy Reversible by default Roll back any agent run with one command One filesystem, all your data GitHub, S3, and Drive as a single ~/sandbox Contained by default Isolated runs, every network call audited You stay in control Per-action policies and human approval gates Hugging Face Claude AWS S3 LangGraph Google Drive Hugging Face Claude AWS S3 LangGraph Google Drive

Versioned Composable Filesystem

A real POSIX filesystem - any tool, any language, no SDKs. Mount code from GitHub, training data from S3, and documents from Google Drive as a single ~/sandbox. Every file is versioned from the first commit, and any agent run can be rolled back instantly.

github acme/ml-pipeline s3 acme-data/training gdrive team-wiki local output/ ├─code ├─data ├─docs └─output all versioned · all reversible

Safe Serverless Sandboxes

Stop fearing the rogue-agent outcome. Each run is a transaction in a fresh, isolated container - on a clean exit, changes commit atomically; on failure, nothing changes. No backups to restore, no manual cleanup, no infrastructure to manage.

network filesystem compute my-agent.py python:3.12 512MB 2 CPU ✓commit ↺rollback

Network Isolation

Stop data exfiltration, credential abuse, and prompt-injected callouts before they leave the box. Cloud metadata, private networks, and unauthorized hosts are blocked by default. Every outbound request is policy-checked and logged against the agent that made it.

12:04:01 GET api.openai.com/v1/completions ALLOW 12:04:03 POST api.anthropic.com/v1/messages ALLOW 12:04:05 GET pypi.org/simple/pandas ALLOW 12:04:07 POST evil-exfil.io/upload DENY 12:04:08 GET 169.254.169.254/metadata DENY 12:04:09 PUT registry.npmjs.org/my-pkg DENY 3 allowed 3 blocked

Time Travel & Audit Trail

Know exactly what happened, who did it, and why - down to the file. Browse the full timeline, inspect diffs, and revert any commit instantly. Every change is tied to the human, process, or agent that produced it.

a1b2 c3d4 e5f6 ab12 cd34 2d ago now − secrets/prod-keys.yaml ~ config/network.json ↺revert this commit

Agent-first RBAC

Agents are first-class citizens, with their own scoped permissions - never your full user access. Allow, deny, or require human approval per agent, per repository, per action. Granular policies in a simple, readable DSL.

A analyst-agent ALLOW APPROVE DENY analyst-policy GetObject(path:"/data/*") ?PutObject(path:"/reports/*") # require human approval! !PutObject(path:"/secrets/*")

## Quickstart

CLI Python Claude Code CLI copy

 1  import tilde
 2
 3  repo = tilde.repository("my-team/documents")
 4
 5  # Run an agent in an interactive sandbox
 6  with repo.shell(image="python:3.12") as sh:
 7      sh.run("pip install pandas")
 8      result = sh.run("python agent.py --input /sandbox/data")
 9      print(result.stdout.text())
10
11  # Or one-shot execution
12  result = repo.execute("python agent.py", image="python:3.12")
13  print(result.stdout.text())
14
15  # Full audit trail
16  for commit in repo.timeline():
17      print(commit.id[:8], commit.message)

You Analyze the CSV files in our S3 data bucket and write a report to /sandbox/reports Agent I'll run the analysis on /sandbox/data/inputs/s3/, and commit the results.

tilde exec my-team/documents \
    --image analyst:latest \
    -- ./code/agent.py --input ./data/inputs/s3 --output ./reports

Analysis complete. 3 reports generated. Agent Sandbox execution complete, approval required Waiting for approval to commit sandbox results Python SDK Reference → REST API Documentation → Agent Sandbox Guide → Agent Skill Guide → sandbox sb-7f3a9c01

Generate compliance reports from uploaded contracts

analyst-agent · 2 minutes ago + reports/q1-summary.md + reports/q1-metrics.json + charts/revenue-trend.png - staging/raw-export.csv e5f6a7b8

Code review sandbox: fix auth middleware

code-review-agent · 1 hour ago c9d0e1f2

Import customer documents from S3

sarah@acme.ai · 3 hours ago

Compose Filesystem

Build a versioned repository from GitHub, S3, Drive, and more. Spin up an isolated sandbox with everything your agent needs.

github s3 drive ~/sandbox

Run Agent

Your agent runs in isolation. Every file write is staged. The entire run is captured as a transaction -- committed atomically or discarded entirely.

$ tilde exec agent.py

Commit or Rollback

Review the results. Approve and commit – or roll back and discard. One command, zero risk.

✓commit or ↺rollback >

Built by the team behind lakeFS

We built lakeFS - the open-source data versioning layer trusted by some of the world's largest organizations to manage billions of objects. Tilde is built on that same battle-tested versioning foundation, reimagined as the filesystem platform the autonomous AI agent era demands.

~/workspace | my-team/documents ready $tilde exec acme/docs -- python agent.py ● completed · committed a1b2c3d4 $_

Make agents safe.

Your first transactional, reversible agent run in 60 seconds. Join the private preview.

Get Started → Read the Docs →