Agentic Transfer Protocol

The World’s Default
Agentic Asset Exchange Layer

Built for a future of millions of concurrent agents coordinating asset exchange over one protocol surface.

Policy Enforcement A2A Live Streaming SDK Control Plane Channels + Inboxes Deterministic Error Contracts
Encrypted
Expires in:

Drop your file here

or click to browse — up to 100 GB

You'll get a shareable link instantly

Uploading…
0%
Link is live — your friend can start downloading now

You upload, anyone can download

Agent-to-Agent (A2A) Flow: Bootstrap + Runtime
ultra — agent transfer
Bootstrap: Create Agent Root Key
Authorization
Bearer {sessionId} (human-authenticated session)
agentId
Receiver agent identifier (e.g. agent-receiver)
scopes
Allowed capabilities (e.g. transfer:read, grant:issue)
Request
curl -X POST https://ultra.egomonk.com/api/agent/keys \
  -H "Authorization: Bearer {sessionId}" \
  -H "Content-Type: application/json" \
  -d '{"agentId":"agent-receiver","scopes":["transfer:read","grant:issue"]}'
Response
{"keyId":"{keyId}","agentId":"agent-receiver","scopes":["transfer:read","grant:issue"],"token":"agk_{keyId}.{secret}"}
Runtime: Resolve Protected Share
shareId
Opaque share identifier from sender link
Authorization
Bearer agk_{keyId}.{secret} or aat_{tokenId}.{secret}
Request
curl https://ultra.egomonk.com/api/share/{shareId} \
  -H "Authorization: Bearer aat_{tokenId}.{secret}"
Response
{"id":"{shareId}","type":"file","targetId":"{transferId}","policy":{"mode":"agent","allowedAgentIds":["agent-receiver"]}}
403 — agent not allowed 404 — share expired/not found
Runtime: Mint One-Time Grant
shareId
Share to authorize for one-time fetch
Authorization
Bearer agk_{keyId}.{secret} or aat_{tokenId}.{secret}
Request
curl -X POST https://ultra.egomonk.com/api/agent/grants \
  -H "Authorization: Bearer aat_{tokenId}.{secret}" \
  -H "Content-Type: application/json" \
  -d '{"shareId":"{shareId}"}'
Response
{"accessToken":"agrt_...","tokenType":"Bearer","targetType":"file","targetId":"{transferId}","expiresAt":"..."}
403 — agent not allowed 404 — share expired/not found
Runtime: Fetch with One-Time Grant
transferId
Target transfer id returned via resolve/grant flow
X-Access-Grant
One-time access token agrt_...
Request
curl -OJL https://ultra.egomonk.com/api/dl/{transferId} \
  -H "X-Access-Grant: agrt_..."
Response
Binary File Stream → Saved to Disk
401 — invalid/expired grant 409 — grant already used
Canonical Agent Exchange Flow

3 Steps to Complete Agentic Transfer

STEP 1

Upload with Policy Enforcement

Sender agent uploads with explicit policy (open or agent allow-list) and TTL controls.

STEP 2

Resolve + Grant in Real Time

Receiver agent resolves share, mints a one-time grant, and starts streaming without waiting for full completion.

STEP 3

Fetch with Deterministic Access

Protected fetch enforces policy and grant semantics with machine-branchable error codes.

Why Ultra Becomes the Default

Protocol Guarantees with Operator-Grade UX

< 50ms
Policy-Enforced Exchange

Access is governed by share policy, allow-lists, and server-side invariants instead of ad-hoc conventions.

A2A Live Streaming

Receiver agents can stream assets while sender upload is still in flight, reducing end-to-end cycle time.

SDK + MCP Composability

Use Ultra through SDK primitives or MCP tools without changing protocol semantics across environments.

One-Time Capability Grants

Grant tokens are short-lived and single-use, reducing replay surface for protected A2A retrieval.

30s 120s 300s
Deterministic Error Semantics

Automation can branch cleanly on explicit coded errors for policy rejection, invalid grants, and replay attempts.

Large Payload Support

Move artifacts, logs, model outputs, and media bundles up to 100 GB under one protocol surface.

Human Fallback Ready

Operators can still upload/share from browser when needed, while the default design center remains agentic workflows.

CLI + API First

One command upload/download flows that fit CI, scripts, and autonomous agents.

ultra upload report.pdf --ttl 120
Swarms + Channels + Inboxes

SDK abstractions compose the same primitives into swarm fan-out, channel routing, and inbox pull patterns.

SDK Control Plane

Compose Swarms, Channels and Inboxes

A split-screen view of raw protocol plumbing vs @ultra/sdk abstractions.

Raw HTTP 14 lines 

        

        
        

          

            @ultra/sdk
            3 lines
          

          

        

      

      

        
14
HTTP lines

        
3
SDK lines

        
79%
Reduction

      

      
Open SDK Guide →

    

  


  
  

    

      
Agent API

      
A2A-Ready HTTP Surface for Automation

      
Four verbs. One flow: Upload → Resolve → Grant → Fetch.

    

    

      

        
        
        
        
      


      

        
/api/upload + auth_mode

        
Create open or agent-gated shares. Use auth_mode=agent for A2A protected delivery.

        

          
file
The file to upload (up to 100 GB)

          
ttl
Time-to-live in seconds (30–300 for agents)

          
auth_mode
agent for protected, omit for open

          
allowed_agent_ids
Comma-separated list of permitted agent IDs

        

        
Request

        
curl -F "file=@report.pdf" \
  -F "ttl=120" \
  -F "auth_mode=agent" \
  -F "allowed_agent_ids=agent-receiver" \
  https://ultra.egomonk.com/api/upload

        
Response
{"id":"trf_...","shareId":"sh_k9x2","shareUrl":"https://ultra.egomonk.com/s/sh_k9x2","downloadUrl":"https://ultra.egomonk.com/api/dl/trf_...","expiresAt":"..."}

        
403 — unauthorized agent413 — file too large


        

          
Agent TTL Presets

          

            
30s
Urgent Handoff
Fire-and-forget

            
120s
Standard
Default for A2A

            
300s
Collaboration
Receiver needs time

          

          
Custom values 30–300 accepted. Short TTLs require agent auth. Unauthenticated uploads use UI windows (30 min–1 week).

        

      


      

        
/api/share/{shareId}

        
Resolve a share into policy + target metadata before grant/fetch. This is the control point for protected A2A routing.

        

          
shareId
Opaque share identifier returned from upload

          
Authorization
Agent credential (agk_... or short-lived aat_...)

        

        
Request

        
curl https://ultra.egomonk.com/api/share/{shareId} \
  -H "Authorization: Bearer aat_{tokenId}.{secret}"

        
Response
{"id":"shr_...","type":"file","targetId":"trf_...","policy":{"mode":"agent","allowedAgentIds":["agent-receiver"]}}

        
403 — policy denied404 — share expired/not found

      


      

        
/api/agent/grants

        
Mint a one-time access grant after resolving a protected share.

        

          
shareId
The share to grant access to

          
Authorization
Agent credential (agk_... or short-lived aat_...)

        

        
Request

        
curl -X POST https://ultra.egomonk.com/api/agent/grants \
  -H "Authorization: Bearer aat_{tokenId}.{secret}" \
  -H "Content-Type: application/json" \
  -d '{"shareId":"{shareId}"}'

        
Response
{"accessToken":"agrt_...","tokenType":"Bearer","targetId":"{transferId}","targetType":"file","expiresAt":"..."}

        
403 — agent not allowed404 — share expired

      


      

        
/api/dl/{transferId}

        
Stream the protected file to disk using a one-time grant token.

        

          
transferId
The transfer ID from the grant response

          
X-Access-Grant
One-time grant token (agrt_...)

        

        
Request

        
curl -OJL https://ultra.egomonk.com/api/dl/{transferId} \
  -H "X-Access-Grant: agrt_..."

        
Response
Binary File Stream → Saved to Disk

        
401 — invalid/expired grant409 — grant already used

      

    

    

      

        Read the Docs →
        
Human guides live under /docs

      

      

        Ingest the Full API Spec →
        
llm.md is the machine-facing protocol contract

      

    

  


  
  

    

      
MCP Integration

      
Connect Claude and other MCP clients

      
Give your agents first-class asset exchange tools with minimal setup.

    

    

      

        upload_file
        download_file
        upload_text
      

      
MCP upload tools accept ttl_seconds and can participate in the same agent-gated resolve → grant → fetch flow.

      

        
# Quick setup

        
pip install "mcp[cli]"

        
claude mcp add ultra python3 /path/to/server.py

        
# Example

        
upload_file(file_path="/tmp/artifact.zip", ttl_seconds=60)

        
# For agent-gated shares, resolve + grant before download

      

    

    
Open MCP Guide →

  














  

    
    
Sign in

    
Enter your email — we'll send a magic link.