Merge pull request #773 from MODSetter/dev

feat: improved permissions and CVE-2025-64712 fix

surfsense_backend/alembic/versions/86_add_document_created_by.py

@@ -83,9 +83,9 @@ def upgrade() -> None:
     # 4. Backfill existing documents with search space owner's user_id
     # Process in batches with progress indicator
     print("Step 4/4: Backfilling created_by_id for existing documents...")
-    
+
     connection = op.get_bind()
-    
+
     # Get total count of documents that need backfilling
     result = connection.execute(
         sa.text("""
@@ -93,19 +93,19 @@ def upgrade() -> None:
         """)
     )
     total_count = result.scalar()
-    
+
     if total_count == 0:
         print("  No documents need backfilling. Skipping.")
         return
-    
+
     print(f"  Total documents to backfill: {total_count:,}")
-    
+
     processed = 0
     batch_num = 0
-    
+
     while processed < total_count:
         batch_num += 1
-        
+
         # Update a batch of documents using a subquery to limit the update
         # We use ctid (tuple identifier) for efficient batching in PostgreSQL
         result = connection.execute(
@@ -121,21 +121,23 @@ def upgrade() -> None:
                     LIMIT :batch_size
                 )
             """),
-            {"batch_size": BATCH_SIZE}
+            {"batch_size": BATCH_SIZE},
         )
-        
+
         rows_updated = result.rowcount
         if rows_updated == 0:
             # No more rows to update
             break
-            
+
         processed += rows_updated
         progress_pct = min(100.0, (processed / total_count) * 100)
-        
+
         # Print progress with carriage return for in-place update
-        sys.stdout.write(f"\r  Progress: {processed:,}/{total_count:,} documents ({progress_pct:.1f}%) - Batch {batch_num}")
+        sys.stdout.write(
+            f"\r  Progress: {processed:,}/{total_count:,} documents ({progress_pct:.1f}%) - Batch {batch_num}"
+        )
         sys.stdout.flush()
-    
+
     # Final newline after progress
     print()
     print(f"  Done: Backfilled {processed:,} documents.")

surfsense_backend/alembic/versions/90_add_public_sharing_permissions_to_roles.py

@@ -0,0 +1,66 @@
+"""Add public_sharing permissions to existing roles
+
+Revision ID: 90
+Revises: 89
+Create Date: 2026-02-02
+
+"""
+
+from sqlalchemy import text
+
+from alembic import op
+
+revision = "90"
+down_revision = "89"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    connection = op.get_bind()
+
+    connection.execute(
+        text(
+            """
+            UPDATE search_space_roles
+            SET permissions = array_append(permissions, 'public_sharing:view')
+            WHERE name IN ('Editor', 'Viewer')
+            AND NOT ('public_sharing:view' = ANY(permissions))
+            """
+        )
+    )
+
+    connection.execute(
+        text(
+            """
+            UPDATE search_space_roles
+            SET permissions = array_append(permissions, 'public_sharing:create')
+            WHERE name = 'Editor'
+            AND NOT ('public_sharing:create' = ANY(permissions))
+            """
+        )
+    )
+
+
+def downgrade():
+    connection = op.get_bind()
+
+    connection.execute(
+        text(
+            """
+            UPDATE search_space_roles
+            SET permissions = array_remove(permissions, 'public_sharing:view')
+            WHERE name IN ('Editor', 'Viewer')
+            """
+        )
+    )
+
+    connection.execute(
+        text(
+            """
+            UPDATE search_space_roles
+            SET permissions = array_remove(permissions, 'public_sharing:create')
+            WHERE name = 'Editor'
+            """
+        )
+    )

surfsense_backend/app/db.py

@@ -257,6 +257,11 @@ class Permission(str, Enum):
     SETTINGS_UPDATE = "settings:update"
     SETTINGS_DELETE = "settings:delete"  # Delete the entire search space
 
+    # Public Sharing
+    PUBLIC_SHARING_VIEW = "public_sharing:view"
+    PUBLIC_SHARING_CREATE = "public_sharing:create"
+    PUBLIC_SHARING_DELETE = "public_sharing:delete"
+
     # Full access wildcard
     FULL_ACCESS = "*"
 
@@ -299,6 +304,9 @@ DEFAULT_ROLE_PERMISSIONS = {
         Permission.ROLES_READ.value,
         # Settings (view only, no update or delete)
         Permission.SETTINGS_VIEW.value,
+        # Public Sharing (can create and view, no delete)
+        Permission.PUBLIC_SHARING_VIEW.value,
+        Permission.PUBLIC_SHARING_CREATE.value,
     ],
     "Viewer": [
         # Documents (read only)
@@ -322,6 +330,8 @@ DEFAULT_ROLE_PERMISSIONS = {
         Permission.ROLES_READ.value,
         # Settings (view only)
         Permission.SETTINGS_VIEW.value,
+        # Public Sharing (view only)
+        Permission.PUBLIC_SHARING_VIEW.value,
     ],
 }
 

surfsense_backend/app/routes/new_chat_routes.py

@@ -45,9 +45,9 @@ from app.schemas.new_chat import (
     NewChatThreadUpdate,
     NewChatThreadVisibilityUpdate,
     NewChatThreadWithMessages,
+    PublicChatSnapshotCreateResponse,
+    PublicChatSnapshotListResponse,
     RegenerateRequest,
-    SnapshotCreateResponse,
-    SnapshotListResponse,
     ThreadHistoryLoadResponse,
     ThreadListItem,
     ThreadListResponse,
@@ -736,10 +736,11 @@ async def update_thread_visibility(
 # =============================================================================
 
 
-@router.post("/threads/{thread_id}/snapshots", response_model=SnapshotCreateResponse)
+@router.post(
+    "/threads/{thread_id}/snapshots", response_model=PublicChatSnapshotCreateResponse
+)
 async def create_thread_snapshot(
     thread_id: int,
-    request: Request,
     session: AsyncSession = Depends(get_async_session),
     user: User = Depends(current_active_user),
 ):
@@ -747,23 +748,21 @@ async def create_thread_snapshot(
     Create a public snapshot of the thread.
 
     Returns existing snapshot URL if content unchanged (deduplication).
-    Only the thread owner can create snapshots.
     """
     from app.services.public_chat_service import create_snapshot
 
-    base_url = str(request.base_url).rstrip("/")
     return await create_snapshot(
         session=session,
         thread_id=thread_id,
         user=user,
-        base_url=base_url,
     )
 
 
-@router.get("/threads/{thread_id}/snapshots", response_model=SnapshotListResponse)
+@router.get(
+    "/threads/{thread_id}/snapshots", response_model=PublicChatSnapshotListResponse
+)
 async def list_thread_snapshots(
     thread_id: int,
-    request: Request,
     session: AsyncSession = Depends(get_async_session),
     user: User = Depends(current_active_user),
 ):
@@ -774,13 +773,11 @@ async def list_thread_snapshots(
     """
     from app.services.public_chat_service import list_snapshots_for_thread
 
-    base_url = str(request.base_url).rstrip("/")
-    return SnapshotListResponse(
+    return PublicChatSnapshotListResponse(
         snapshots=await list_snapshots_for_thread(
             session=session,
             thread_id=thread_id,
             user=user,
-            base_url=base_url,
         )
     )
 

surfsense_backend/app/routes/search_spaces_routes.py

@@ -501,3 +501,25 @@ async def update_llm_preferences(
         raise HTTPException(
             status_code=500, detail=f"Failed to update LLM preferences: {e!s}"
         ) from e
+
+
+@router.get("/searchspaces/{search_space_id}/snapshots")
+async def list_search_space_snapshots(
+    search_space_id: int,
+    session: AsyncSession = Depends(get_async_session),
+    user: User = Depends(current_active_user),
+):
+    """
+    List all public chat snapshots for a search space.
+
+    Requires PUBLIC_SHARING_VIEW permission.
+    """
+    from app.schemas.new_chat import PublicChatSnapshotsBySpaceResponse
+    from app.services.public_chat_service import list_snapshots_for_search_space
+
+    snapshots = await list_snapshots_for_search_space(
+        session=session,
+        search_space_id=search_space_id,
+        user=user,
+    )
+    return PublicChatSnapshotsBySpaceResponse(snapshots=snapshots)

surfsense_backend/app/schemas/new_chat.py

@@ -211,17 +211,17 @@ class RegenerateRequest(BaseModel):
 # =============================================================================
 
 
-class SnapshotCreateResponse(BaseModel):
-    """Response after creating a public snapshot."""
+class PublicChatSnapshotCreateResponse(BaseModel):
+    """Response after creating a public chat snapshot."""
 
     snapshot_id: int
     share_token: str
     public_url: str
-    is_new: bool  # False if existing snapshot returned (same content)
+    is_new: bool
 
 
-class SnapshotInfo(BaseModel):
-    """Info about a single snapshot."""
+class PublicChatSnapshotInfo(BaseModel):
+    """Info about a single public chat snapshot."""
 
     id: int
     share_token: str
@@ -230,10 +230,28 @@ class SnapshotInfo(BaseModel):
     message_count: int
 
 
-class SnapshotListResponse(BaseModel):
-    """List of snapshots for a thread."""
+class PublicChatSnapshotListResponse(BaseModel):
+    """List of public chat snapshots for a thread."""
 
-    snapshots: list[SnapshotInfo]
+    snapshots: list[PublicChatSnapshotInfo]
+
+
+class PublicChatSnapshotDetail(BaseModel):
+    """Public chat snapshot with thread context."""
+
+    id: int
+    share_token: str
+    public_url: str
+    created_at: datetime
+    message_count: int
+    thread_id: int
+    thread_title: str
+
+
+class PublicChatSnapshotsBySpaceResponse(BaseModel):
+    """List of public chat snapshots for a search space."""
+
+    snapshots: list[PublicChatSnapshotDetail]
 
 
 # =============================================================================

surfsense_backend/app/services/public_chat_service.py

@@ -25,12 +25,14 @@ from app.db import (
     ChatVisibility,
     NewChatMessage,
     NewChatThread,
+    Permission,
     Podcast,
     PodcastStatus,
     PublicChatSnapshot,
     SearchSpaceMembership,
     User,
 )
+from app.utils.rbac import check_permission
 
 UI_TOOLS = {
     "display_image",
@@ -159,7 +161,6 @@ async def create_snapshot(
     session: AsyncSession,
     thread_id: int,
     user: User,
-    base_url: str,
 ) -> dict:
     """
     Create a public snapshot of a chat thread.
@@ -167,6 +168,9 @@ async def create_snapshot(
     Returns existing snapshot if content unchanged (same hash).
     Returns new snapshot with unique URL if content changed.
     """
+    from app.config import config
+
+    frontend_url = (config.NEXT_FRONTEND_URL or "").rstrip("/")
     result = await session.execute(
         select(NewChatThread)
         .options(selectinload(NewChatThread.messages))
@@ -177,11 +181,13 @@ async def create_snapshot(
     if not thread:
         raise HTTPException(status_code=404, detail="Thread not found")
 
-    if thread.created_by_id != user.id:
-        raise HTTPException(
-            status_code=403,
-            detail="Only the creator of this chat can create public snapshots",
-        )
+    await check_permission(
+        session,
+        user,
+        thread.search_space_id,
+        Permission.PUBLIC_SHARING_CREATE.value,
+        "You don't have permission to create public share links",
+    )
 
     # Build snapshot data
     user_cache: dict[UUID, dict] = {}
@@ -246,7 +252,7 @@ async def create_snapshot(
         return {
             "snapshot_id": existing.id,
             "share_token": existing.share_token,
-            "public_url": f"{base_url}/public/{existing.share_token}",
+            "public_url": f"{frontend_url}/public/{existing.share_token}",
             "is_new": False,
         }
 
@@ -279,7 +285,7 @@ async def create_snapshot(
     return {
         "snapshot_id": snapshot.id,
         "share_token": snapshot.share_token,
-        "public_url": f"{base_url}/public/{snapshot.share_token}",
+        "public_url": f"{frontend_url}/public/{snapshot.share_token}",
         "is_new": True,
     }
 
@@ -348,10 +354,10 @@ async def list_snapshots_for_thread(
     session: AsyncSession,
     thread_id: int,
     user: User,
-    base_url: str,
 ) -> list[dict]:
     """List all public snapshots for a thread."""
-    # Verify ownership
+    from app.config import config
+
     result = await session.execute(
         select(NewChatThread).filter(NewChatThread.id == thread_id)
     )
@@ -366,7 +372,6 @@ async def list_snapshots_for_thread(
             detail="Only the creator can view snapshots",
         )
 
-    # Get snapshots
     result = await session.execute(
         select(PublicChatSnapshot)
         .filter(PublicChatSnapshot.thread_id == thread_id)
@@ -374,11 +379,13 @@ async def list_snapshots_for_thread(
     )
     snapshots = result.scalars().all()
 
+    frontend_url = (config.NEXT_FRONTEND_URL or "").rstrip("/")
+
     return [
         {
             "id": s.id,
             "share_token": s.share_token,
-            "public_url": f"{base_url}/public/{s.share_token}",
+            "public_url": f"{frontend_url}/public/{s.share_token}",
             "created_at": s.created_at.isoformat() if s.created_at else None,
             "message_count": len(s.message_ids) if s.message_ids else 0,
         }
@@ -386,6 +393,54 @@ async def list_snapshots_for_thread(
     ]
 
 
+async def list_snapshots_for_search_space(
+    session: AsyncSession,
+    search_space_id: int,
+    user: User,
+) -> list[dict]:
+    """List all public snapshots for a search space."""
+    from app.config import config
+
+    await check_permission(
+        session,
+        user,
+        search_space_id,
+        Permission.PUBLIC_SHARING_VIEW.value,
+        "You don't have permission to view public share links",
+    )
+
+    result = await session.execute(
+        select(PublicChatSnapshot)
+        .join(NewChatThread, PublicChatSnapshot.thread_id == NewChatThread.id)
+        .filter(NewChatThread.search_space_id == search_space_id)
+        .order_by(PublicChatSnapshot.created_at.desc())
+    )
+    snapshots = result.scalars().all()
+
+    snapshot_thread_ids = [s.thread_id for s in snapshots]
+    thread_result = await session.execute(
+        select(NewChatThread.id, NewChatThread.title).filter(
+            NewChatThread.id.in_(snapshot_thread_ids)
+        )
+    )
+    thread_titles = {row[0]: row[1] for row in thread_result.fetchall()}
+
+    frontend_url = (config.NEXT_FRONTEND_URL or "").rstrip("/")
+
+    return [
+        {
+            "id": s.id,
+            "share_token": s.share_token,
+            "public_url": f"{frontend_url}/public/{s.share_token}",
+            "created_at": s.created_at.isoformat() if s.created_at else None,
+            "message_count": len(s.message_ids) if s.message_ids else 0,
+            "thread_id": s.thread_id,
+            "thread_title": thread_titles.get(s.thread_id, "Untitled"),
+        }
+        for s in snapshots
+    ]
+
+
 # =============================================================================
 # Snapshot Deletion
 # =============================================================================
@@ -412,11 +467,13 @@ async def delete_snapshot(
     if not snapshot:
         raise HTTPException(status_code=404, detail="Snapshot not found")
 
-    if snapshot.thread.created_by_id != user.id:
-        raise HTTPException(
-            status_code=403,
-            detail="Only the creator can delete snapshots",
-        )
+    await check_permission(
+        session,
+        user,
+        snapshot.thread.search_space_id,
+        Permission.PUBLIC_SHARING_DELETE.value,
+        "You don't have permission to delete public share links",
+    )
 
     await session.delete(snapshot)
     await session.commit()

surfsense_backend/pyproject.toml

@@ -32,8 +32,6 @@ dependencies = [
     "en-core-web-sm@https://github.com/explosion/spacy-models/releases/download/en_core_web_sm-3.8.0/en_core_web_sm-3.8.0-py3-none-any.whl",
     "static-ffmpeg>=2.13",
     "tavily-python>=0.3.2",
-    "unstructured-client>=0.30.0",
-    "unstructured[all-docs]>=0.16.25",
     "uvicorn[standard]>=0.34.0",
     "validators>=0.34.0",
     "youtube-transcript-api>=1.0.3",
@@ -45,7 +43,6 @@ dependencies = [
     "firecrawl-py>=4.9.0",
     "boto3>=1.35.0",
     "langchain-community>=0.3.31",
-    "langchain-unstructured>=1.0.0",
     "litellm>=1.80.10",
     "langchain-litellm>=0.3.5",
     "fake-useragent>=2.2.0",
@@ -62,6 +59,9 @@ dependencies = [
     "deepagents>=0.3.8",
     "langchain>=1.2.6",
     "langgraph>=1.0.5",
+    "unstructured[all-docs]>=0.18.31",
+    "unstructured-client>=0.42.3",
+    "langchain-unstructured>=1.0.1",
 ]
 
 [dependency-groups]

surfsense_web/app/dashboard/[search_space_id]/settings/page.tsx

@@ -6,6 +6,7 @@ import {
 	Brain,
 	ChevronRight,
 	FileText,
+	Globe,
 	type LucideIcon,
 	Menu,
 	MessageSquare,
@@ -16,6 +17,7 @@ import { AnimatePresence, motion } from "motion/react";
 import { useParams, useRouter } from "next/navigation";
 import { useTranslations } from "next-intl";
 import { useCallback, useEffect, useState } from "react";
+import { PublicChatSnapshotsManager } from "@/components/public-chat-snapshots/public-chat-snapshots-manager";
 import { GeneralSettingsManager } from "@/components/settings/general-settings-manager";
 import { LLMRoleManager } from "@/components/settings/llm-role-manager";
 import { ModelConfigManager } from "@/components/settings/model-config-manager";
@@ -56,6 +58,12 @@ const settingsNavItems: SettingsNavItem[] = [
 		descriptionKey: "nav_system_instructions_desc",
 		icon: MessageSquare,
 	},
+	{
+		id: "public-links",
+		labelKey: "nav_public_links",
+		descriptionKey: "nav_public_links_desc",
+		icon: Globe,
+	},
 ];
 
 function SettingsSidebar({
@@ -276,6 +284,9 @@ function SettingsContent({
 							{activeSection === "models" && <ModelConfigManager searchSpaceId={searchSpaceId} />}
 							{activeSection === "roles" && <LLMRoleManager searchSpaceId={searchSpaceId} />}
 							{activeSection === "prompts" && <PromptConfigManager searchSpaceId={searchSpaceId} />}
+							{activeSection === "public-links" && (
+								<PublicChatSnapshotsManager searchSpaceId={searchSpaceId} />
+							)}
 						</motion.div>
 					</AnimatePresence>
 				</div>

surfsense_web/app/dashboard/[search_space_id]/team/page.tsx

@@ -11,6 +11,7 @@ import {
 	Crown,
 	Edit2,
 	FileText,
+	Globe,
 	Hash,
 	Link2,
 	LinkIcon,
@@ -206,7 +207,15 @@ export default function TeamManagementPage() {
 	);
 
 	const handleUpdateRole = useCallback(
-		async (roleId: number, data: { name?: string; description?: string | null; permissions?: string[]; is_default?: boolean }): Promise<Role> => {
+		async (
+			roleId: number,
+			data: {
+				name?: string;
+				description?: string | null;
+				permissions?: string[];
+				is_default?: boolean;
+			}
+		): Promise<Role> => {
 			const request: UpdateRoleRequest = {
 				search_space_id: searchSpaceId,
 				role_id: roleId,
@@ -827,6 +836,12 @@ const CATEGORY_CONFIG: Record<
 		description: "Manage search space settings",
 		order: 10,
 	},
+	public_sharing: {
+		label: "Public Chat Sharing",
+		icon: Globe,
+		description: "Share chats publicly via links",
+		order: 11,
+	},
 };
 
 const ACTION_LABELS: Record<string, string> = {
@@ -954,7 +969,15 @@ function RolesTab({
 	roles: Role[];
 	groupedPermissions: Record<string, PermissionWithDescription[]>;
 	loading: boolean;
-	onUpdateRole: (roleId: number, data: { name?: string; description?: string | null; permissions?: string[]; is_default?: boolean }) => Promise<Role>;
+	onUpdateRole: (
+		roleId: number,
+		data: {
+			name?: string;
+			description?: string | null;
+			permissions?: string[];
+			is_default?: boolean;
+		}
+	) => Promise<Role>;
 	onDeleteRole: (roleId: number) => Promise<boolean>;
 	onCreateRole: (data: CreateRoleRequest["data"]) => Promise<Role>;
 	canUpdate: boolean;
@@ -999,18 +1022,19 @@ function RolesTab({
 			)}
 
 			{/* Edit Role Form */}
-			{editingRoleId !== null && (() => {
-				const roleToEdit = roles.find((r) => r.id === editingRoleId);
-				if (!roleToEdit) return null;
-				return (
-					<EditRoleSection
-						role={roleToEdit}
-						groupedPermissions={groupedPermissions}
-						onUpdateRole={onUpdateRole}
-						onCancel={() => setEditingRoleId(null)}
-					/>
-				);
-			})()}
+			{editingRoleId !== null &&
+				(() => {
+					const roleToEdit = roles.find((r) => r.id === editingRoleId);
+					if (!roleToEdit) return null;
+					return (
+						<EditRoleSection
+							role={roleToEdit}
+							groupedPermissions={groupedPermissions}
+							onUpdateRole={onUpdateRole}
+							onCancel={() => setEditingRoleId(null)}
+						/>
+					);
+				})()}
 
 			{/* Roles Grid */}
 			<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
@@ -1070,14 +1094,9 @@ function RolesTab({
 													<MoreHorizontal className="h-4 w-4" />
 												</Button>
 											</DropdownMenuTrigger>
-											<DropdownMenuContent
-												align="end"
-												onCloseAutoFocus={(e) => e.preventDefault()}
-											>
+											<DropdownMenuContent align="end" onCloseAutoFocus={(e) => e.preventDefault()}>
 												{canUpdate && (
-													<DropdownMenuItem
-														onClick={() => setEditingRoleId(role.id)}
-													>
+													<DropdownMenuItem onClick={() => setEditingRoleId(role.id)}>
 														<Edit2 className="h-4 w-4 mr-2" />
 														Edit Role
 													</DropdownMenuItem>
@@ -2051,7 +2070,15 @@ function EditRoleSection({
 }: {
 	role: Role;
 	groupedPermissions: Record<string, PermissionWithDescription[]>;
-	onUpdateRole: (roleId: number, data: { name?: string; description?: string | null; permissions?: string[]; is_default?: boolean }) => Promise<Role>;
+	onUpdateRole: (
+		roleId: number,
+		data: {
+			name?: string;
+			description?: string | null;
+			permissions?: string[];
+			is_default?: boolean;
+		}
+	) => Promise<Role>;
 	onCancel: () => void;
 }) {
 	const [saving, setSaving] = useState(false);

surfsense_web/atoms/chat/chat-thread-mutation.atoms.ts

@@ -1,31 +0,0 @@
-import { atomWithMutation } from "jotai-tanstack-query";
-import { toast } from "sonner";
-import type {
-	CreateSnapshotRequest,
-	CreateSnapshotResponse,
-} from "@/contracts/types/chat-threads.types";
-import { chatThreadsApiService } from "@/lib/apis/chat-threads-api.service";
-
-export const createSnapshotMutationAtom = atomWithMutation(() => ({
-	mutationFn: async (request: CreateSnapshotRequest) => {
-		return chatThreadsApiService.createSnapshot(request);
-	},
-	onSuccess: (response: CreateSnapshotResponse) => {
-		// Construct URL using frontend origin (backend returns its own URL which differs)
-		const publicUrl = `${window.location.origin}/public/${response.share_token}`;
-		navigator.clipboard.writeText(publicUrl);
-		if (response.is_new) {
-			toast.success("Public link created and copied to clipboard", {
-				description: "Anyone with this link can view a snapshot of this chat",
-			});
-		} else {
-			toast.success("Public link copied to clipboard", {
-				description: "This snapshot already exists",
-			});
-		}
-	},
-	onError: (error: Error) => {
-		console.error("Failed to create snapshot:", error);
-		toast.error("Failed to create public link");
-	},
-}));

surfsense_web/atoms/public-chat-snapshots/public-chat-snapshots-mutation.atoms.ts

@@ -0,0 +1,53 @@
+import { atomWithMutation } from "jotai-tanstack-query";
+import { toast } from "sonner";
+import type {
+	PublicChatSnapshotCreateRequest,
+	PublicChatSnapshotCreateResponse,
+	PublicChatSnapshotDeleteRequest,
+} from "@/contracts/types/chat-threads.types";
+import { chatThreadsApiService } from "@/lib/apis/chat-threads-api.service";
+import { cacheKeys } from "@/lib/query-client/cache-keys";
+import { queryClient } from "@/lib/query-client/client";
+
+export const createPublicChatSnapshotMutationAtom = atomWithMutation(() => ({
+	mutationFn: async (request: PublicChatSnapshotCreateRequest) => {
+		return chatThreadsApiService.createPublicChatSnapshot(request);
+	},
+	onSuccess: (response: PublicChatSnapshotCreateResponse) => {
+		queryClient.invalidateQueries({
+			queryKey: cacheKeys.publicChatSnapshots.all,
+		});
+
+		const publicUrl = `${window.location.origin}/public/${response.share_token}`;
+		navigator.clipboard.writeText(publicUrl);
+		if (response.is_new) {
+			toast.success("Public link created and copied to clipboard", {
+				description: "Anyone with this link can view a snapshot of this chat",
+			});
+		} else {
+			toast.success("Public link copied to clipboard", {
+				description: "This snapshot already exists",
+			});
+		}
+	},
+	onError: (error: Error) => {
+		console.error("Failed to create snapshot:", error);
+		toast.error("Failed to create public link");
+	},
+}));
+
+export const deletePublicChatSnapshotMutationAtom = atomWithMutation(() => ({
+	mutationFn: async (request: PublicChatSnapshotDeleteRequest) => {
+		return chatThreadsApiService.deletePublicChatSnapshot(request);
+	},
+	onSuccess: () => {
+		queryClient.invalidateQueries({
+			queryKey: cacheKeys.publicChatSnapshots.all,
+		});
+		toast.success("Public link deleted");
+	},
+	onError: (error: Error) => {
+		console.error("Failed to delete public chat link:", error);
+		toast.error("Failed to delete public link");
+	},
+}));

surfsense_web/atoms/public-chat-snapshots/public-chat-snapshots-query.atoms.ts

@@ -0,0 +1,22 @@
+import { atomWithQuery } from "jotai-tanstack-query";
+import { activeSearchSpaceIdAtom } from "@/atoms/search-spaces/search-space-query.atoms";
+import { chatThreadsApiService } from "@/lib/apis/chat-threads-api.service";
+import { cacheKeys } from "@/lib/query-client/cache-keys";
+
+export const publicChatSnapshotsAtom = atomWithQuery((get) => {
+	const searchSpaceId = get(activeSearchSpaceIdAtom);
+
+	return {
+		queryKey: cacheKeys.publicChatSnapshots.bySearchSpace(Number(searchSpaceId) || 0),
+		enabled: !!searchSpaceId,
+		staleTime: 5 * 60 * 1000,
+		queryFn: async () => {
+			if (!searchSpaceId) {
+				return { snapshots: [] };
+			}
+			return chatThreadsApiService.listPublicChatSnapshotsForSearchSpace({
+				search_space_id: Number(searchSpaceId),
+			});
+		},
+	};
+});

surfsense_web/components/new-chat/chat-share-button.tsx

@@ -3,10 +3,11 @@
 import { useQueryClient } from "@tanstack/react-query";
 import { useAtomValue, useSetAtom } from "jotai";
 import { Globe, User, Users } from "lucide-react";
-import { useCallback, useState } from "react";
+import { useCallback, useMemo, useState } from "react";
 import { toast } from "sonner";
-import { createSnapshotMutationAtom } from "@/atoms/chat/chat-thread-mutation.atoms";
 import { currentThreadAtom, setThreadVisibilityAtom } from "@/atoms/chat/current-thread.atom";
+import { myAccessAtom } from "@/atoms/members/members-query.atoms";
+import { createPublicChatSnapshotMutationAtom } from "@/atoms/public-chat-snapshots/public-chat-snapshots-mutation.atoms";
 import { Button } from "@/components/ui/button";
 import { Popover, PopoverContent, PopoverTrigger } from "@/components/ui/popover";
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip";
@@ -53,9 +54,17 @@ export function ChatShareButton({ thread, onVisibilityChange, className }: ChatS
 
 	// Snapshot creation mutation
 	const { mutateAsync: createSnapshot, isPending: isCreatingSnapshot } = useAtomValue(
-		createSnapshotMutationAtom
+		createPublicChatSnapshotMutationAtom
 	);
 
+	// Permission check for public sharing
+	const { data: access } = useAtomValue(myAccessAtom);
+	const canCreatePublicLink = useMemo(() => {
+		if (!access) return false;
+		if (access.is_owner) return true;
+		return access.permissions?.includes("public_sharing:create") ?? false;
+	}, [access]);
+
 	// Use Jotai visibility if available (synced from chat page), otherwise fall back to thread prop
 	const currentVisibility = currentThreadState.visibility ?? thread?.visibility ?? "PRIVATE";
 
@@ -183,35 +192,39 @@ export function ChatShareButton({ thread, onVisibilityChange, className }: ChatS
 						);
 					})}
 
-					{/* Divider */}
-					<div className="border-t border-border my-1" />
+					{canCreatePublicLink && (
+						<>
+							{/* Divider */}
+							<div className="border-t border-border my-1" />
 
-					{/* Public Link Option */}
-					<button
-						type="button"
-						onClick={handleCreatePublicLink}
-						disabled={isCreatingSnapshot}
-						className={cn(
-							"w-full flex items-center gap-2.5 px-2.5 py-2 rounded-md transition-all",
-							"hover:bg-accent/50 cursor-pointer",
-							"focus:outline-none",
-							"disabled:opacity-50 disabled:cursor-not-allowed"
-						)}
-					>
-						<div className="size-7 rounded-md shrink-0 grid place-items-center bg-muted">
-							<Globe className="size-4 block text-muted-foreground" />
-						</div>
-						<div className="flex-1 text-left min-w-0">
-							<div className="flex items-center gap-1.5">
-								<span className="text-sm font-medium">
-									{isCreatingSnapshot ? "Creating link..." : "Create public link"}
-								</span>
-							</div>
-							<p className="text-xs text-muted-foreground mt-0.5 leading-snug">
-								Creates a shareable snapshot of this chat
-							</p>
-						</div>
-					</button>
+							{/* Public Link Option */}
+							<button
+								type="button"
+								onClick={handleCreatePublicLink}
+								disabled={isCreatingSnapshot}
+								className={cn(
+									"w-full flex items-center gap-2.5 px-2.5 py-2 rounded-md transition-all",
+									"hover:bg-accent/50 cursor-pointer",
+									"focus:outline-none",
+									"disabled:opacity-50 disabled:cursor-not-allowed"
+								)}
+							>
+								<div className="size-7 rounded-md shrink-0 grid place-items-center bg-muted">
+									<Globe className="size-4 block text-muted-foreground" />
+								</div>
+								<div className="flex-1 text-left min-w-0">
+									<div className="flex items-center gap-1.5">
+										<span className="text-sm font-medium">
+											{isCreatingSnapshot ? "Creating link..." : "Create public link"}
+										</span>
+									</div>
+									<p className="text-xs text-muted-foreground mt-0.5 leading-snug">
+										Creates a shareable snapshot of this chat
+									</p>
+								</div>
+							</button>
+						</>
+					)}
 				</div>
 			</PopoverContent>
 		</Popover>

surfsense_web/components/public-chat-snapshots/public-chat-snapshot-row.tsx

@@ -0,0 +1,67 @@
+"use client";
+
+import { Copy, MessageSquare, Trash2 } from "lucide-react";
+import { Button } from "@/components/ui/button";
+import type { PublicChatSnapshotDetail } from "@/contracts/types/chat-threads.types";
+
+interface PublicChatSnapshotRowProps {
+	snapshot: PublicChatSnapshotDetail;
+	canDelete: boolean;
+	onCopy: (snapshot: PublicChatSnapshotDetail) => void;
+	onDelete: (snapshot: PublicChatSnapshotDetail) => void;
+	isDeleting?: boolean;
+}
+
+export function PublicChatSnapshotRow({
+	snapshot,
+	canDelete,
+	onCopy,
+	onDelete,
+	isDeleting = false,
+}: PublicChatSnapshotRowProps) {
+	const formattedDate = new Date(snapshot.created_at).toLocaleDateString(undefined, {
+		year: "numeric",
+		month: "short",
+		day: "numeric",
+	});
+
+	return (
+		<div className="flex items-center justify-between py-3 px-4 border-b last:border-b-0 hover:bg-muted/50 transition-colors">
+			<div className="flex-1 min-w-0 mr-4">
+				<h4 className="text-sm font-medium truncate" title={snapshot.thread_title}>
+					{snapshot.thread_title}
+				</h4>
+				<div className="flex items-center gap-3 mt-1 text-xs text-muted-foreground">
+					<span>{formattedDate}</span>
+					<span className="flex items-center gap-1">
+						<MessageSquare className="h-3 w-3" />
+						{snapshot.message_count}
+					</span>
+				</div>
+			</div>
+			<div className="flex items-center gap-2">
+				<Button
+					variant="ghost"
+					size="sm"
+					onClick={() => onCopy(snapshot)}
+					className="h-8 px-2"
+					title="Copy link"
+				>
+					<Copy className="h-4 w-4" />
+				</Button>
+				{canDelete && (
+					<Button
+						variant="ghost"
+						size="sm"
+						onClick={() => onDelete(snapshot)}
+						disabled={isDeleting}
+						className="h-8 px-2 text-destructive hover:text-destructive hover:bg-destructive/10"
+						title="Delete link"
+					>
+						<Trash2 className="h-4 w-4" />
+					</Button>
+				)}
+			</div>
+		</div>
+	);
+}

surfsense_web/components/public-chat-snapshots/public-chat-snapshots-empty-state.tsx

@@ -0,0 +1,23 @@
+"use client";
+
+import { Link2Off } from "lucide-react";
+
+interface PublicChatSnapshotsEmptyStateProps {
+	title?: string;
+	description?: string;
+}
+
+export function PublicChatSnapshotsEmptyState({
+	title = "No public chat links",
+	description = "When you create public links to share chats, they will appear here.",
+}: PublicChatSnapshotsEmptyStateProps) {
+	return (
+		<div className="flex flex-col items-center justify-center py-12 text-center">
+			<div className="rounded-full bg-muted p-3 mb-4">
+				<Link2Off className="h-6 w-6 text-muted-foreground" />
+			</div>
+			<h3 className="text-sm font-medium text-foreground mb-1">{title}</h3>
+			<p className="text-xs text-muted-foreground max-w-sm">{description}</p>
+		</div>
+	);
+}

surfsense_web/components/public-chat-snapshots/public-chat-snapshots-list.tsx

@@ -0,0 +1,40 @@
+"use client";
+
+import type { PublicChatSnapshotDetail } from "@/contracts/types/chat-threads.types";
+import { PublicChatSnapshotRow } from "./public-chat-snapshot-row";
+import { PublicChatSnapshotsEmptyState } from "./public-chat-snapshots-empty-state";
+
+interface PublicChatSnapshotsListProps {
+	snapshots: PublicChatSnapshotDetail[];
+	canDelete: boolean;
+	onCopy: (snapshot: PublicChatSnapshotDetail) => void;
+	onDelete: (snapshot: PublicChatSnapshotDetail) => void;
+	deletingId?: number;
+}
+
+export function PublicChatSnapshotsList({
+	snapshots,
+	canDelete,
+	onCopy,
+	onDelete,
+	deletingId,
+}: PublicChatSnapshotsListProps) {
+	if (snapshots.length === 0) {
+		return <PublicChatSnapshotsEmptyState />;
+	}
+
+	return (
+		<div className="border rounded-md divide-y">
+			{snapshots.map((snapshot) => (
+				<PublicChatSnapshotRow
+					key={snapshot.id}
+					snapshot={snapshot}
+					canDelete={canDelete}
+					onCopy={onCopy}
+					onDelete={onDelete}
+					isDeleting={deletingId === snapshot.id}
+				/>
+			))}
+		</div>
+	);
+}

surfsense_web/components/public-chat-snapshots/public-chat-snapshots-manager.tsx

@@ -0,0 +1,144 @@
+"use client";
+
+import { useAtomValue } from "jotai";
+import { AlertCircle, Globe, Info } from "lucide-react";
+import { useCallback, useMemo, useState } from "react";
+import { toast } from "sonner";
+import { myAccessAtom } from "@/atoms/members/members-query.atoms";
+import { deletePublicChatSnapshotMutationAtom } from "@/atoms/public-chat-snapshots/public-chat-snapshots-mutation.atoms";
+import { publicChatSnapshotsAtom } from "@/atoms/public-chat-snapshots/public-chat-snapshots-query.atoms";
+import { Alert, AlertDescription } from "@/components/ui/alert";
+import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card";
+import { Skeleton } from "@/components/ui/skeleton";
+import type { PublicChatSnapshotDetail } from "@/contracts/types/chat-threads.types";
+import { PublicChatSnapshotsList } from "./public-chat-snapshots-list";
+
+interface PublicChatSnapshotsManagerProps {
+	searchSpaceId: number;
+}
+
+export function PublicChatSnapshotsManager({
+	searchSpaceId: _searchSpaceId,
+}: PublicChatSnapshotsManagerProps) {
+	const [deletingId, setDeletingId] = useState<number | undefined>();
+
+	// Data fetching
+	const { data: snapshotsData, isLoading, isError } = useAtomValue(publicChatSnapshotsAtom);
+
+	// Permissions
+	const { data: access } = useAtomValue(myAccessAtom);
+	const canView = useMemo(() => {
+		if (!access) return false;
+		if (access.is_owner) return true;
+		return access.permissions?.includes("public_sharing:view") ?? false;
+	}, [access]);
+
+	const canDelete = useMemo(() => {
+		if (!access) return false;
+		if (access.is_owner) return true;
+		return access.permissions?.includes("public_sharing:delete") ?? false;
+	}, [access]);
+
+	// Mutations
+	const { mutateAsync: deleteSnapshot } = useAtomValue(deletePublicChatSnapshotMutationAtom);
+
+	// Handlers
+	const handleCopy = useCallback((snapshot: PublicChatSnapshotDetail) => {
+		const publicUrl = `${window.location.origin}/public/${snapshot.share_token}`;
+		navigator.clipboard.writeText(publicUrl);
+		toast.success("Link copied to clipboard");
+	}, []);
+
+	const handleDelete = useCallback(
+		async (snapshot: PublicChatSnapshotDetail) => {
+			try {
+				setDeletingId(snapshot.id);
+				await deleteSnapshot({
+					thread_id: snapshot.thread_id,
+					snapshot_id: snapshot.id,
+				});
+			} catch (error) {
+				console.error("Failed to delete snapshot:", error);
+			} finally {
+				setDeletingId(undefined);
+			}
+		},
+		[deleteSnapshot]
+	);
+
+	// Loading state
+	if (isLoading) {
+		return (
+			<div className="space-y-4 md:space-y-6">
+				<Card>
+					<CardHeader className="px-3 md:px-6 pt-3 md:pt-6 pb-2 md:pb-3">
+						<Skeleton className="h-5 md:h-6 w-36 md:w-48" />
+						<Skeleton className="h-3 md:h-4 w-full max-w-md mt-2" />
+					</CardHeader>
+					<CardContent className="px-3 md:px-6 pb-3 md:pb-6">
+						<Skeleton className="h-24 w-full" />
+					</CardContent>
+				</Card>
+			</div>
+		);
+	}
+
+	// Error state
+	if (isError) {
+		return (
+			<Alert variant="destructive">
+				<AlertCircle className="h-4 w-4" />
+				<AlertDescription>
+					Failed to load public chat links. Please try again later.
+				</AlertDescription>
+			</Alert>
+		);
+	}
+
+	// Permission denied
+	if (!canView) {
+		return (
+			<Alert variant="destructive">
+				<Info className="h-4 w-4" />
+				<AlertDescription>
+					You don't have permission to view public chat links in this search space.
+				</AlertDescription>
+			</Alert>
+		);
+	}
+
+	const snapshots = snapshotsData?.snapshots ?? [];
+
+	return (
+		<div className="space-y-4 md:space-y-6">
+			<Alert className="py-3 md:py-4">
+				<Globe className="h-3 w-3 md:h-4 md:w-4 shrink-0" />
+				<AlertDescription className="text-xs md:text-sm">
+					Public chat links allow anyone with the URL to view a snapshot of a chat. These links do
+					not update when the original chat changes.
+				</AlertDescription>
+			</Alert>
+
+			<Card>
+				<CardHeader className="px-3 md:px-6 pt-3 md:pt-6 pb-2 md:pb-3">
+					<CardTitle className="text-base md:text-lg flex items-center gap-2">
+						<Globe className="h-4 w-4 md:h-5 md:w-5" />
+						Public Chat Links
+					</CardTitle>
+					<CardDescription className="text-xs md:text-sm">
+						Manage public links to chats in this search space.
+					</CardDescription>
+				</CardHeader>
+				<CardContent className="px-3 md:px-6 pb-3 md:pb-6">
+					<PublicChatSnapshotsList
+						snapshots={snapshots}
+						canDelete={canDelete}
+						onCopy={handleCopy}
+						onDelete={handleDelete}
+						deletingId={deletingId}
+					/>
+				</CardContent>
+			</Card>
+		</div>
+	);
+}

surfsense_web/components/public-chat/public-chat-not-found.tsx

@@ -0,0 +1,30 @@
+"use client";
+
+import { Link2Off } from "lucide-react";
+import Link from "next/link";
+import { useTranslations } from "next-intl";
+import { Navbar } from "@/components/homepage/navbar";
+
+export function PublicChatNotFound() {
+	const t = useTranslations("public_chat");
+
+	return (
+		<main className="min-h-screen bg-linear-to-b from-gray-50 to-gray-100 text-gray-900 dark:from-black dark:to-gray-900 dark:text-white overflow-x-hidden">
+			<Navbar />
+			<div className="flex h-screen flex-col items-center justify-center gap-6 px-4 text-center">
+				<div className="flex h-16 w-16 items-center justify-center rounded-full bg-muted">
+					<Link2Off className="h-8 w-8 text-muted-foreground" />
+				</div>
+				<div className="flex flex-col gap-2">
+					<h1 className="text-2xl font-semibold">{t("not_found_title")}</h1>
+					<p className="text-muted-foreground">
+						<Link href="/login" className="text-primary underline hover:text-primary/80">
+							{t("click_here")}
+						</Link>{" "}
+						{t("sign_in_prompt")}
+					</p>
+				</div>
+			</div>
+		</main>
+	);
+}

surfsense_web/components/public-chat/public-chat-view.tsx

@@ -10,6 +10,7 @@ import { ScrapeWebpageToolUI } from "@/components/tool-ui/scrape-webpage";
 import { usePublicChat } from "@/hooks/use-public-chat";
 import { usePublicChatRuntime } from "@/hooks/use-public-chat-runtime";
 import { PublicChatFooter } from "./public-chat-footer";
+import { PublicChatNotFound } from "./public-chat-not-found";
 import { PublicThread } from "./public-thread";
 
 interface PublicChatViewProps {
@@ -32,17 +33,7 @@ export function PublicChatView({ shareToken }: PublicChatViewProps) {
 	}
 
 	if (error || !data) {
-		return (
-			<main className="min-h-screen bg-linear-to-b from-gray-50 to-gray-100 text-gray-900 dark:from-black dark:to-gray-900 dark:text-white overflow-x-hidden">
-				<Navbar />
-				<div className="flex h-screen flex-col items-center justify-center gap-4 px-4 text-center">
-					<h1 className="text-2xl font-semibold">Chat not found</h1>
-					<p className="text-muted-foreground">
-						This chat may have been removed or is no longer public.
-					</p>
-				</div>
-			</main>
-		);
+		return <PublicChatNotFound />;
 	}
 
 	return (

surfsense_web/contracts/types/chat-threads.types.ts

@@ -1,9 +1,9 @@
 import { z } from "zod";
 
 /**
- * Snapshot info
+ * Public chat snapshot info
  */
-export const snapshotInfo = z.object({
+export const publicChatSnapshotInfo = z.object({
 	id: z.number(),
 	share_token: z.string(),
 	public_url: z.string(),
@@ -12,13 +12,13 @@ export const snapshotInfo = z.object({
 });
 
 /**
- * Create snapshot
+ * Create public chat snapshot
  */
-export const createSnapshotRequest = z.object({
+export const publicChatSnapshotCreateRequest = z.object({
 	thread_id: z.number(),
 });
 
-export const createSnapshotResponse = z.object({
+export const publicChatSnapshotCreateResponse = z.object({
 	snapshot_id: z.number(),
 	share_token: z.string(),
 	public_url: z.string(),
@@ -26,28 +26,55 @@ export const createSnapshotResponse = z.object({
 });
 
 /**
- * List snapshots
+ * List public chat snapshots for thread
  */
-export const listSnapshotsRequest = z.object({
+export const publicChatSnapshotListRequest = z.object({
 	thread_id: z.number(),
 });
 
-export const listSnapshotsResponse = z.object({
-	snapshots: z.array(snapshotInfo),
+export const publicChatSnapshotListResponse = z.object({
+	snapshots: z.array(publicChatSnapshotInfo),
 });
 
 /**
- * Delete snapshot
+ * Delete public chat snapshot
  */
-export const deleteSnapshotRequest = z.object({
+export const publicChatSnapshotDeleteRequest = z.object({
 	thread_id: z.number(),
 	snapshot_id: z.number(),
 });
 
+/**
+ * Public chat snapshot with thread context
+ */
+export const publicChatSnapshotDetail = z.object({
+	id: z.number(),
+	share_token: z.string(),
+	public_url: z.string(),
+	created_at: z.string(),
+	message_count: z.number(),
+	thread_id: z.number(),
+	thread_title: z.string(),
+});
+
+/**
+ * List public chat snapshots for search space
+ */
+export const publicChatSnapshotsBySpaceRequest = z.object({
+	search_space_id: z.number(),
+});
+
+export const publicChatSnapshotsBySpaceResponse = z.object({
+	snapshots: z.array(publicChatSnapshotDetail),
+});
+
 // Type exports
-export type SnapshotInfo = z.infer<typeof snapshotInfo>;
-export type CreateSnapshotRequest = z.infer<typeof createSnapshotRequest>;
-export type CreateSnapshotResponse = z.infer<typeof createSnapshotResponse>;
-export type ListSnapshotsRequest = z.infer<typeof listSnapshotsRequest>;
-export type ListSnapshotsResponse = z.infer<typeof listSnapshotsResponse>;
-export type DeleteSnapshotRequest = z.infer<typeof deleteSnapshotRequest>;
+export type PublicChatSnapshotInfo = z.infer<typeof publicChatSnapshotInfo>;
+export type PublicChatSnapshotCreateRequest = z.infer<typeof publicChatSnapshotCreateRequest>;
+export type PublicChatSnapshotCreateResponse = z.infer<typeof publicChatSnapshotCreateResponse>;
+export type PublicChatSnapshotListRequest = z.infer<typeof publicChatSnapshotListRequest>;
+export type PublicChatSnapshotListResponse = z.infer<typeof publicChatSnapshotListResponse>;
+export type PublicChatSnapshotDeleteRequest = z.infer<typeof publicChatSnapshotDeleteRequest>;
+export type PublicChatSnapshotDetail = z.infer<typeof publicChatSnapshotDetail>;
+export type PublicChatSnapshotsBySpaceRequest = z.infer<typeof publicChatSnapshotsBySpaceRequest>;
+export type PublicChatSnapshotsBySpaceResponse = z.infer<typeof publicChatSnapshotsBySpaceResponse>;

surfsense_web/lib/apis/chat-threads-api.service.ts

@@ -1,24 +1,30 @@
 import {
-	type CreateSnapshotRequest,
-	type CreateSnapshotResponse,
-	createSnapshotRequest,
-	createSnapshotResponse,
-	type DeleteSnapshotRequest,
-	deleteSnapshotRequest,
-	type ListSnapshotsRequest,
-	type ListSnapshotsResponse,
-	listSnapshotsRequest,
-	listSnapshotsResponse,
+	type PublicChatSnapshotCreateRequest,
+	type PublicChatSnapshotCreateResponse,
+	type PublicChatSnapshotDeleteRequest,
+	type PublicChatSnapshotListRequest,
+	type PublicChatSnapshotListResponse,
+	type PublicChatSnapshotsBySpaceRequest,
+	type PublicChatSnapshotsBySpaceResponse,
+	publicChatSnapshotCreateRequest,
+	publicChatSnapshotCreateResponse,
+	publicChatSnapshotDeleteRequest,
+	publicChatSnapshotListRequest,
+	publicChatSnapshotListResponse,
+	publicChatSnapshotsBySpaceRequest,
+	publicChatSnapshotsBySpaceResponse,
 } from "@/contracts/types/chat-threads.types";
 import { ValidationError } from "../error";
 import { baseApiService } from "./base-api.service";
 
 class ChatThreadsApiService {
 	/**
-	 * Create a public snapshot for a thread.
+	 * Create a public chat snapshot for a thread.
 	 */
-	createSnapshot = async (request: CreateSnapshotRequest): Promise<CreateSnapshotResponse> => {
-		const parsed = createSnapshotRequest.safeParse(request);
+	createPublicChatSnapshot = async (
+		request: PublicChatSnapshotCreateRequest
+	): Promise<PublicChatSnapshotCreateResponse> => {
+		const parsed = publicChatSnapshotCreateRequest.safeParse(request);
 
 		if (!parsed.success) {
 			const errorMessage = parsed.error.issues.map((issue) => issue.message).join(", ");
@@ -27,15 +33,17 @@ class ChatThreadsApiService {
 
 		return baseApiService.post(
 			`/api/v1/threads/${parsed.data.thread_id}/snapshots`,
-			createSnapshotResponse
+			publicChatSnapshotCreateResponse
 		);
 	};
 
 	/**
-	 * List all snapshots for a thread.
+	 * List all public chat snapshots for a thread.
 	 */
-	listSnapshots = async (request: ListSnapshotsRequest): Promise<ListSnapshotsResponse> => {
-		const parsed = listSnapshotsRequest.safeParse(request);
+	listPublicChatSnapshots = async (
+		request: PublicChatSnapshotListRequest
+	): Promise<PublicChatSnapshotListResponse> => {
+		const parsed = publicChatSnapshotListRequest.safeParse(request);
 
 		if (!parsed.success) {
 			const errorMessage = parsed.error.issues.map((issue) => issue.message).join(", ");
@@ -44,15 +52,15 @@ class ChatThreadsApiService {
 
 		return baseApiService.get(
 			`/api/v1/threads/${parsed.data.thread_id}/snapshots`,
-			listSnapshotsResponse
+			publicChatSnapshotListResponse
 		);
 	};
 
 	/**
-	 * Delete a specific snapshot.
+	 * Delete a public chat snapshot.
 	 */
-	deleteSnapshot = async (request: DeleteSnapshotRequest): Promise<void> => {
-		const parsed = deleteSnapshotRequest.safeParse(request);
+	deletePublicChatSnapshot = async (request: PublicChatSnapshotDeleteRequest): Promise<void> => {
+		const parsed = publicChatSnapshotDeleteRequest.safeParse(request);
 
 		if (!parsed.success) {
 			const errorMessage = parsed.error.issues.map((issue) => issue.message).join(", ");
@@ -63,6 +71,25 @@ class ChatThreadsApiService {
 			`/api/v1/threads/${parsed.data.thread_id}/snapshots/${parsed.data.snapshot_id}`
 		);
 	};
+
+	/**
+	 * List all public chat snapshots for a search space.
+	 */
+	listPublicChatSnapshotsForSearchSpace = async (
+		request: PublicChatSnapshotsBySpaceRequest
+	): Promise<PublicChatSnapshotsBySpaceResponse> => {
+		const parsed = publicChatSnapshotsBySpaceRequest.safeParse(request);
+
+		if (!parsed.success) {
+			const errorMessage = parsed.error.issues.map((issue) => issue.message).join(", ");
+			throw new ValidationError(`Invalid request: ${errorMessage}`);
+		}
+
+		return baseApiService.get(
+			`/api/v1/searchspaces/${parsed.data.search_space_id}/snapshots`,
+			publicChatSnapshotsBySpaceResponse
+		);
+	};
 }
 
 export const chatThreadsApiService = new ChatThreadsApiService();

surfsense_web/lib/query-client/cache-keys.ts

@@ -82,4 +82,9 @@ export const cacheKeys = {
 	publicChat: {
 		byToken: (shareToken: string) => ["public-chat", shareToken] as const,
 	},
+	publicChatSnapshots: {
+		all: ["public-chat-snapshots"] as const,
+		bySearchSpace: (searchSpaceId: number) =>
+			["public-chat-snapshots", "search-space", searchSpaceId] as const,
+	},
 };

surfsense_web/messages/en.json

@@ -731,6 +731,8 @@
 		"nav_role_assignments_desc": "Assign configs to agent roles",
 		"nav_system_instructions": "System Instructions",
 		"nav_system_instructions_desc": "SearchSpace-wide AI instructions",
+		"nav_public_links": "Public Chat Links",
+		"nav_public_links_desc": "Manage publicly shared chat links",
 		"general_name_label": "Name",
 		"general_name_placeholder": "Enter search space name",
 		"general_name_description": "A unique name for your search space.",
@@ -794,5 +796,10 @@
 			"comments": "comments",
 			"example_comment": "Let's discuss this tomorrow!"
 		}
+	},
+	"public_chat": {
+		"not_found_title": "This chat has been deleted.",
+		"click_here": "Click here",
+		"sign_in_prompt": "to log in to SurfSense and start your own."
 	}
 }

surfsense_web/messages/zh.json

@@ -716,6 +716,8 @@
 		"nav_role_assignments_desc": "为代理角色分配配置",
 		"nav_system_instructions": "系统指令",
 		"nav_system_instructions_desc": "搜索空间级别的 AI 指令",
+		"nav_public_links": "公开聊天链接",
+		"nav_public_links_desc": "管理公开分享的聊天链接",
 		"general_name_label": "名称",
 		"general_name_placeholder": "输入搜索空间名称",
 		"general_name_description": "您的搜索空间的唯一名称。",
@@ -779,5 +781,10 @@
 			"comments": "评论",
 			"example_comment": "我们明天讨论这个！"
 		}
+	},
+	"public_chat": {
+		"not_found_title": "此对话已被删除。",
+		"click_here": "点击这里",
+		"sign_in_prompt": "登录 SurfSense 开始您自己的对话。"
 	}
 }