Sharing an Agent (Snapshots)

You can publish any agent you own as a link that anonymous visitors can use without signing into UpServe. Visitors land in a chat view and talk to your agent directly, while every dollar of LLM and tool usage is billed to your credit balance — never theirs.

The unit of sharing is a snapshot: a frozen, isolated copy of your agent at the moment you publish it. You can keep editing or even delete the original; the snapshot stays untouched.

At a glance

Item	Detail
Unit of sharing	Snapshot (a frozen copy of the agent)
Visitor sign-in	Not required
Who pays	The owner’s credit balance
Link types	`link` (standalone page) · `embed` (iframe widget)
Expiry	No time-based expiry — owner revokes manually, or guardrails revoke automatically
Guardrails	Per-session and per-day credit caps, enable/disable toggle, auto-revoke
Session retention	Free 3 days · Starter 14 days · Pro 90 days (based on owner’s plan)
Attachment retention	Permanently deleted 90 days after upload (counted separately from session retention)

How source · snapshot · link relate


  [Source agent]                                      [Visitor]
   (still editable)                                    No UpServe account
        │
        │ Take snapshot (frozen at this point in time)
        │
        ├─▶ Snapshot A ─┬─ Link 1 ─▶ /share/abc...  ─▶ Anonymous user
        │               │
        │               └─ Link 2 ─▶ /embed/xyz...  ─▶ iframe on your site
        │                      (collected fields / credit caps /
        │                       origin allowlist are per-link)
        │
        └─▶ Snapshot B ─┬─ Link 3 ─▶ /share/def...
                        └─ Link 4 ─▶ ...

   ※ Each snapshot runs in a separate sandbox — visitor activity never touches the source
   ※ Edits to the source do NOT propagate to existing snapshots (issue a new one)

Snapshot creation status

When you click Create snapshot, a row is created immediately in pending state while the actual file copy runs in the background. Once the copy finishes the status changes to ready; if something goes wrong it becomes failed. You can watch the status update live in the UI. Links cannot be issued until the snapshot is ready.

What a snapshot captures (and what it doesn’t)

A snapshot copies your agent into a separate, isolated sandbox at publish time. From that point on, the original and the snapshot evolve independently.

Captured

Agent name, description, avatar, behavior instructions
Enabled tool configuration
The agent’s file system (memory and working folders) — only whitelisted paths are copied into a fresh sandbox

Not captured

The original agent’s chat history
Webhooks, schedules, multi-agent relationships
The original agent’s credit balance or subscription

Memory exposure warning. Your agent’s file system may contain past conversation summaries, notes, and knowledge files that are personal or sensitive. Before creating a snapshot, review the file manifest in the preview screen and use the exclude paths option to omit anything you don’t want to share externally.

File preview. The preview screen shows which files will be copied. You can inspect the content of text files within the whitelisted paths. Binary files are flagged as “binary” — their content is not shown.

Tools available in shared sessions

Shared sessions may only use safe, read-and-respond capabilities. The allowed set includes:

Web search and page fetch
Image generation
File read and file share
Skill search and inspect
Canvas list
Send card (structured UI responses)
Memory recall, history search, source conversation reference

Anything unsafe or meaningless for an anonymous visitor — code execution, browser automation, desktop automation, skill execution, schedule management, team collaboration — is blocked automatically. The ask-user capability is also auto-disabled in snapshot sessions — instead of pausing for a reply, the agent addresses questions naturally within its text response. You can block additional tools per snapshot via the extra disabled tools list at creation time.

Memory and history tools are never shown by name to visitors. The memory recall (memory_scan), history search (history_read, history_search), and source conversation reference (source_chat_read) tools run silently — visitors see only a generic category label such as “recall” rather than the specific tool name. All other permitted tools (web search, image generation, etc.) display their activity labels as usual.

Read-only reference to the original conversation. A snapshot agent can reference original conversation content only within the scope the owner approved at snapshot creation. That reference is frozen at the moment the snapshot was taken — nothing from subsequent conversations is included. Visitors cannot directly search or browse the original conversation through this mechanism.

Open the agent and go to the Snapshot tab (/agents/<agent>/shared).
Accept the terms of service and privacy policy, then click Create snapshot.
- The preview screen lists every file that will be copied. Exclude any file you don’t want visitors to see or that is unnecessary.
- There is a maximum package size, so trim large files you don’t need.
- The snapshot starts in pending state; it changes to ready once the copy completes.
Add a link to the snapshot. Each link has its own configuration:
- Type: link (a standalone external page) or embed (iframe in your own site)
- Collected fields: mark name / email / phone as required, optional, or hidden
- Per-session credit cap (e.g. 0.50 USD)
- Per-day credit cap (e.g. 5.00 USD)
- Allowed origins (for embed links): the domains permitted to embed the iframe
Copy the generated URL and distribute it.
- link type: https://upserve.app/share/<link_key>
- embed type: https://upserve.app/embed/<link_key> — an embed snippet is offered alongside.

A single agent can have many snapshots, and each snapshot can have many links. Splitting links by campaign or channel lets you track usage separately.

`link` vs `embed`

Item	`link`	`embed`
Entry context	Standalone page	Inside an iframe
Loading inside an iframe	Blocked (security)	Allowed
Header / background	Visible	Hidden / transparent
Parent-page messaging	None	`postMessage` for user context and auto-resize
Origin allowlist	Not used	Only listed domains may embed and exchange messages

Embed snippet


<iframe
  src="https://upserve.app/embed/<link_key>"
  style="width: 100%; height: 600px; border: 0; border-radius: 12px;"
  allow="clipboard-write"
></iframe>

For automatic height, listen on the parent for { type: 'resize', height } postMessage events and update iframe.style.height accordingly.

If your parent page already knows who the visitor is, you can post { type: 'user-context', data: { name, email, phone } } into the iframe to skip the entry form. The phone field is optional. This is only honored when the message originates from an allowed origin.

What the visitor sees

After opening the link, the visitor sees the agent’s name and description with an entry form.
They fill in name / email / phone according to the link’s collection policy.
They check the terms of service / privacy policy consent box — required before the session begins.
The chat view opens and replies stream in real time.

Cost and guardrails

Every LLM call and tool invocation in a shared session is billed to the owner’s credits. Visitors pay nothing. That makes the guardrails essential.

Guardrail	Behavior
Per-session credit cap	Once a single session crosses the cap, it is blocked and rejects further messages
Per-day credit cap	Once the link’s daily total crosses the cap, new sessions are refused (resets next day)
Auto-revoke	If the owner’s credits are exhausted (`credit_exhausted`) or the owner’s account is deleted (`account_deleted`), the link is auto-disabled
Link toggle	The owner can disable or delete a link at any time (`owner_revoked`)
Rate limit	Metadata reads: 30/min · Session creation: 10/min and 60/hour (per IP)

Disabling or deleting a link immediately ends any active sessions on it. Visitors see the termination reason in the UI.


  [Visitor]                                       [Owner account]
   Anonymous                                       Credit balance
        │                                                ▲
        │ Send message                                   │
        ▼                                                │ debit
   ┌──────────────────────────┐                          │
   │  Snapshot sandbox        │ ── LLM / tool call ──────┘
   │  (isolated environment)  │
   └──────────────────────────┘
        │
        │ Guardrails (all must pass)
        ▼
   ┌────────────────────────────────────────────────────┐
   │  ⛔ Per-session cap exceeded → session blocked     │
   │  ⛔ Per-day cap exceeded     → new sessions denied │
   │  ⛔ Owner credits hit 0      → link auto-revoked   │
   │  ⛔ Owner disables manually  → sessions ended now  │
   └────────────────────────────────────────────────────┘

Operating and monitoring

The owner-facing dashboard at /agents/<agent>/shared exposes:

Sessions: per-session visitor info, credits consumed, last activity, blocked state
Message log: full transcripts per session (owner-only)
Audit log: every link create / update / revoke / CSV export action
CSV export: four files — sessions.csv (session list), messages.csv (message detail), usage.csv (credit usage aggregation), audit-logs.csv (audit log)

Using visitor feedback to improve. Once you have published at least one snapshot, the original agent gains access to an inbox of visitor transcripts from all its derived snapshots. Use these to understand what questions visitors ask, where they get stuck, and what to improve in the next snapshot.

Security and privacy

Sharing involves third-party personal data, so the following rules apply.

Data controller: the snapshot owner is the data controller for visitor data. UpServe is the infrastructure processor.
Collected fields: name / email / phone (when the visitor enters them), an anonymous session identifier, IP, User-Agent.
Session retention: sessions are automatically purged based on the owner’s plan — Free 3 days, Starter 14 days, Pro 90 days. Downgrading triggers a grace period before the shorter retention applies.
Attachments: permanently deleted 90 days after upload (counted separately from session retention).
Transcripts: retained until the snapshot is deleted.
Application logs: 90 days.
Audit log: retained indefinitely (for legal and security compliance).
Visitor data deletion: the owner can delete the personal information (name, email, phone) for any individual session from the owner dashboard.

For the public-facing wording shown to visitors, see the Shared Agent Terms and Shared Agent Privacy Policy .

FAQ

Q. If I update the original agent, do existing share links pick up the changes?

No. Snapshots are frozen at creation time. To roll out an update you need to create a new snapshot and issue a new link (or move an existing link to the new snapshot).

Q. Can a visitor permanently change my agent’s memory files or notes?

No. Snapshots run in their own sandbox, fully isolated from the original. Visitor activity stays inside that snapshot’s sandbox and never touches the source agent.

Q. Can visitors upload files or generate images?

Yes by default (file sharing and image generation are allowed). If cost containment is a concern, add them to the snapshot’s extra-disabled-tools list.

Q. Are password protection and expiry dates supported?

Not currently. To cut access immediately, disable or delete the link; to limit exposure over time, set per-session and per-day credit caps.

Q. Are there limits on how many snapshots or links a single agent can have?

There are no hard product limits on counts. Each snapshot does provision its own sandbox, though, so prune snapshots you no longer use.

Learn more

Equipping Tools — decide which tools to enable before sharing
Skills & the Autonomous Skill System — review the skills your visitors will rely on
Shared Agent Terms
Shared Agent Privacy Policy