Skip to main content
Use read-only mounts when a sandbox needs files but should not write to them. There are two read-only modes:
  • Pinned: resolves a branch, tag, or commit once and never changes.
  • Following: tracks a branch and refreshes as that branch moves.

Pinned Read-only Mount

A pinned mount is best for reproducible builds, evals, benchmarks, and released assets.
$ tl fs mount agent-outputs:9f2a1c8e4d6b1a0f3c7e9d2b8a4f6c1e0d3b7a99 /release --mode ro
Use a commit hash when the input must stay fixed for the lifetime of the sandbox.

Following Read-only Mount

A following mount is best for shared skills, prompts, docs, configs, and dependencies.
$ tl fs mount agent-outputs:main /skills --mode ro
Mounted agent-outputs:main at /skills (workspace 7c2e9f0a1b3d, read-only, follows the branch)
Reading commit 9f2a1c8e4d6b1a0f3c7e9d2b8a4f6c1e0d3b7a99. New commits appear as the followed ref advances.
When main moves, Tensorlake refreshes only the paths that changed. Unchanged files keep their warm cache. For a complete asset distribution workflow, see Distribute Files to Agents.

Choosing Between Them

NeedUse
Every run must see the same filesPinned read-only mount
Many sandboxes should receive updates without image rebuildsFollowing read-only mount
An agent needs to write filesWritable workspace