All articlesField notes

Versioned filesystems for agent sandboxes: a quick note on Tilde.run

Tilde.run posted a sandbox environment with a versioned, transaction-style filesystem aimed at agents. It's a small piece of infrastructure that addresses a real production problem.

May 7, 2026 1 min read
agent-sandboxfilesystemproduction-infrastructuretool-use

Quick field note. Tilde.run popped up on Hacker News this week with a sandbox environment for agents that exposes a versioned, transaction-style filesystem. The pitch: every file operation an agent makes is tracked, and the sandbox can roll back to any prior state. (I'd verify the exact feature surface against their docs before treating any specific claim as gospel — the project is new and the marketing copy is moving fast.)

The reason this is worth a note: the gap between agent demos and agent production is mostly state, and most agent frameworks treat file writes as unrecoverable side effects. An agent edits a config, breaks something three steps later, and the original state is gone. Recovery is manual. We've watched this happen on our own deployments — an agent overwriting an environment file during a failed change, and the only path back being a backup snapshot and a manual replay.

A versioned filesystem at the sandbox layer turns that into a transaction. The agent proposes a sequence of operations. The sandbox runs them. If validation passes, commit. If not, roll back. This matches how agents actually reason: try, observe, backtrack, retry. Traditional filesystems don't let them backtrack, so you either constrain what they can touch (and lose capability) or wrap every operation in custom plumbing (and lose iteration speed).

You don't need Tilde.run specifically to get the pattern. Git checkpoints, btrfs snapshots, ephemeral container layers — the building blocks have existed for years. The interesting move is packaging it as a primitive at the agent-sandbox layer, where the cost of a rollback is one API call instead of a custom orchestration pass.

Whether this particular product survives is an open question. The category — sandboxes designed around how agents actually behave, not retrofitted from VM tooling — is real and is going to keep producing entrants for a while. Worth bookmarking, worth reading the discussion, not yet worth depending on.

Previous

Anthropic's Claude Code team just published a case for HTML over Markdown — here's why it matters for production tooling

ReadNext

Anthropic launched a finance-agent suite. What does it actually mean?

Read
/ 06 — Start hereOne business day response

Tell us what you'd like built.

Send us a paragraph about the workflow, phone line, or tool you want built. We'll reply within one business day with a one-page plan, a fixed price, and a delivery date you can put on a calendar.

Email Juan directlyBrowse 8 case studies
  • 30-min scoping call, free
  • Written proposal within 48 hours
  • Fixed price before we start
  • Most builds delivered in 2–8 weeks