Tilde.run introduces a transactional, versioned filesystem for AI agents, enabling reversible execution on production data. The tool creates isolated sandboxes that combine code from GitHub, data from S3, and documents from Drive into a single versioned environment. Every agent run operates as an atomic transaction, allowing instant rollback with a single command. Network calls are audited, and unauthorized outbound requests are blocked by default. Critical security features include per-action policies, human approval gates, and full audit trails tracking every file change.

Built on lakeFS's battle-tested versioning foundation, Tilde.run offers a POSIX-compliant filesystem with granular access controls. Developers can mount multiple data sources into a unified `~/sandbox` directory while maintaining version history. The platform supports interactive shells and one-shot executions, with all operations logged in a detailed timeline. Key technical innovation lies in its ability to tie every change to specific agents, humans, or processes, enabling precise accountability.

The CLI interface simplifies sandbox management: `tilde exec` runs agents with immediate commit/rollback options, while `tilde shell` provides interactive access. Example commands demonstrate seamless integration with Python agents analyzing S3 data or reviewing code. Practical applications include safe analysis of sensitive datasets, automated report generation, and secure code review workflows.

Compliance-ready architecture prevents data exfiltration through strict network policies. Audit logs capture every action, including successful and blocked requests like a denied connection to `evil-exfil.io`. The tool positions itself as essential for the AI agent era, combining version control with container-like isolation. Early access is available through a private preview program.