Show HN: Tilde.run – Agent sandbox with a transactional, versioned filesystem

Posted by ozkatz 3 days ago

Show HN: Tilde.run – Agent sandbox with a transactional, versioned filesystem(tilde.run)

199 points | 132 commentspage 2

redwood 3 days ago|

How does the scale? For example if I were to have hundreds or thousands of concurrent agents running with some parts of their data pulled out of shared state and other parts custom to that particular agent run and I wanted all of this to be preserved for future collective or individual agent use later, is this a reasonable primitive for that problem space? Or is this more for a situation what you have one or a small number of productivity assistance agents that need a sandbox but low data mutation throughput and low amount of concurrent access across different agents?

ozkatz 3 days ago|

it should absolutely scale to that. The filesystem is backed by lakeFS, where every sandbox automatically branches out, and mounts that branch. so you get isolation from lakeFS and the scale of an underlying object store (S3, in Tilde).

binyu 1 day ago||

Very cool. Was this inspired by Cloudflare Artifacts? I'm working on a similar system as the backend for an upcoming agentic coding platform.

tim-projects 2 days ago||

This is good and all, but it doesn't stop the agent from deleting you remote github branches, s3 data or potentially gdrive data.

Are you able to set access read only?

I'd never personally use something like this because I don't see what it offers over doing dev in a linux VM, and setting folders to read only with chattr.

Most solutions can be engineered with standard Linux tools.

k4rli 2 days ago|

Exactly. Having just snapshots of db state isn't that useful, if running ai-slop queries has already triggered actions to external services (example: credit card issuer), warehouse processes (example: shipments, product lines...) , or similar.

There are of course some projects where it can be useful, assuming it works properly and that's not a given either when it's vibecoded.

MicBook56 2 days ago||

It's funny how everyone is converging on similar ideas with AI tools. I did something similar to offload work to cheaper models from claude code when anthropic started squeezing the subscription quota https://github.com/smidy/forger

varispeed 3 days ago||

All these agent offering are missing a use case.

What I would use it for and why?

It reminds me of a blockchain - where it was a solution desperately looking for a problem. What problem does it solve?

esafak 3 days ago||

I do not get it. If the agent is not mutating state the change can be checked in. If it is mutating external state, version control won't save you.

ozkatz 3 days ago|

the repo acts as a source of truth for agents. think memory, data & code. If an agent decides to change any of those, version control allows:

1. to have a human in the loop to approve certain changes 2. rollback changes that end up being incorrect 3. allow reviewing the timeline and history to figure out what changed and how

esafak 3 days ago|||

2. is false. You can't roll back everything an agent does. If you told it to place a trade in the stock market, for example, you can not undo that. That is what I mean by external state. Everything else is covered by existing version control, is it not? What does this buy over that?

ozkatz 3 days ago||

indeed - this only applies to the filesystem managed by tilde. Existing version control is fine if you're only managing code. For data (Think large parquet files, millions json files, images and videos, etc), git doesn't scale well for that.

bossyTeacher 3 days ago|||

Re 2: how do you rollback the (erroneous) action of removing a db table column and the subsequent data loss from the removed column?

egorfine 2 days ago||

I glanced through the whole documentation, the homepage and the github readmes and still couldn't figure out which OS do they support and how. And this is especially important to know because sandboxing in macOS and Linux have nothing in common.

verdverm 3 days ago||

I implemented something like this in ADK with Dagger, but it misses some important features b/c of BuildKit underneath. The OCI foundations make saving each step as a layer, diff, clone/fork, and time travel easy. The hard parts are security and resource limits.

Glad to see more takes in this space.

sahil-shubham 3 days ago||

Nice work on the website!

Building something for the same problem but more so from the perspective of self-hostable stateful sandboxes, and not just the filesystem (see https://bhatti.sh). What sandbox solution are you using here?

arm32 2 days ago|

Your landing page looks very similar to OP's! I thought it was the same site!

alexellisuk 2 days ago||

Not a surprise at all.

If you look at https://slicervm.com you'll see he's copied our terminal animation from the top of the website. Took out a monthly subscription for 1x month, cloned the majority of the UX/DX and way the guest agent works.

Had people reach out and flag it to me and I'm like "yes there's a reason for that"..

I think this is just par for the course in an AI slop world. Nothing to stop people imitating, copying, cloning with a good prompt and partial source / detailed docs available.

sahil-shubham 2 days ago||

[dead]

cpard 3 days ago|

It was a nice surprise seeing your post on the first page of HN Oz, congrats!

If I understand correctly what Tilde is doing is extending the concept of the sandbox in an operating system - filesystem, to data too.

So this is a sandbox environment someone would use for data heavy agentic workloads, is this correct?

ozkatz 3 days ago|

Hey! It doesn't necessarily have to be "data heavy", but any form of state (from code to binary files) that an agent might use for automation.

Agents are really good at interacting with files and directories (text in, text out!). This adds a layer for those that allows managing that state in a transactional, versioned way.

More comments...