Declarative
“Tell Surflet what to render.”
Your agent sends a structured JSON payload. Surflet picks a template and renders a hosted, interactive page — zero frontend engineering. The best path for approvals, briefings, forms, and dashboards.
01 The gap
Your agent decided. Now where does it go?
Agents produce briefings, approvals, forms, dashboards, decisions. But to reach a human they get dumped into chat, or someone hand-builds a one-off UI, or the output leaks with no access rules and no record of who saw it.
Surflet is the missing layer: every agent output becomes a governed, addressable page — shareable, interactive, and accountable from the moment it's born.
02 Two delivery modes
One governance shell. Two ways in.
Both modes share the same outer shell — access control, identity, distribution, callbacks, audit. They differ only in where the content comes from. Start with zero-cost Transparent, migrate high-value flows to Declarative when you want structure.
Transparent
“Point Surflet at what you already run.”
Already serving your own web UI? Publish it under a Surflet URL with one command — and Surflet transparently wraps identity, access control, distribution, callbacks, and audit around it. No block schema to learn.
03 Core principle
The page is the agent's senses. The brain stays with the agent.
A Surflet page renders what the agent wants seen, and listens for what the user means. Every action — a sort, a filter, a form, a button, a free-text instruction — flows back to the agent as an intent event. The agent decides what happens next.
Users never drive the agent's internal logic directly. That single invariant keeps pages cheap to host, easy to audit, and stable to render — and is the foundation of the compliance moat underneath.
04 What's in the shell
Governance, built in — not bolted on.
Access controlSix modes, composable. From open links to authenticated, identity-matched access — set per page, enforced at the edge whichever mode delivered the content.
Action callbacksIntent, streamed back. Clicks, edits, approvals, and commands return to your agent as structured events over a webhook.
DistributionOne URL, everywhere. Each page is addressable and shareable across channels, with an inbox, dashboard, and in-channel quick actions.
Audit & historyNothing happens off the record. Immutable access logs and history snapshots — who opened it, when, from where — for every page.
ApprovalsMulti-step & delegated. Compose approval chains, delegation, and conditional branching from simple primitives.
White-labelYour brand, your domain. Custom domains and theming, plus a full sandbox and test mode before anything ships.
access
public
access one_time
access n_views
access time_limited
access password
access authenticated
05 Declarative, by example
A governed approval page, in one payload.
Send JSON. Get a hosted, access-controlled, audited page back — and the user's decision delivered to your webhook.
{
"template": "approval",
"title": "Q2 vendor renewal — needs sign-off",
"blocks": [
{ "type": "summary", "text": "Renew Acme at $48k/yr (+6%)." },
{ "type": "decision", "options": ["approve", "reject", "defer"] }
],
"access": {
"mode": "authenticated", // SSO / OAuth / magic link
"allow": ["[email protected]"],
"expires_at": "2026-07-01T00:00:00Z"
},
"on_action": "https://agent.acme.com/hooks/surflet" // intent events
}
06 The loop
How a Surflet moves.
01
Agent
Emits a payload, or points at a service it already runs.
02
Surflet
Wraps it in access control, identity, and audit — returns a URL.
03
Human
Opens the governed page, reads, and acts on it.
04
Intent
Every action streams back to the agent as a structured event.
07 Early access
Get a surface for your agent.
Surflet is in private beta. Tell us what your agent needs to deliver and we'll get you in.
Request access →