Glide writes a receipt to your audit log after every successful agent tool call. The log is append-only at the database layer — rows can’t be modified or deleted outside a strict DSAR redaction flow. Every receipt carries a cryptographic chain back to the OAuth grant that authorized the call.Documentation Index
Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
What a receipt looks like
Every receipt has:eventType— what kind of event (tool_call,step_up_completed,policy_change,kill_switch).timestamp— UTC instant.agentId— which agent acted.vaultId— which scoped sub-vault was touched.toolName— e.g.,payments.initiate,treasury.allocate.endpoint—read,write, ortreasury(the isolation tier).riskVerdict—pass,flag, orblock.policyVersion— the envelope version that was in force.grantId— the OAuth grant the agent presented.latencyMs— how long the call took end-to-end.onChainTxHash— for on-chain settlements, the canonical transaction hash (sourced from the chain itself, not from any third-party receipt).
Live activity feed
From your dashboard, Agents → Activity feed. The feed streams new receipts via Server-Sent Events; you see new rows the moment they land. On mobile, the feed polls every few seconds. Each row shows:- The agent and tool that fired.
- The amount and counterparty (or
[REDACTED]for redacted fields). - A natural-language summary — the same LLM narrator that powers step-up prompts, condensed for the feed.
- The risk verdict, color-coded (green pass, amber flag, red block).
- A replay affordance for jumping into the full receipt detail.
Replay a receipt
Tap any row to open the full detail view. You’ll see:- The complete receipt fields.
- The diff — before/after state for any tool that changes something.
- The full policy envelope that was in force at the time (versioned).
- The OAuth grant that was used (with redacted bearer; you can see the
jtifor tracing). - The on-chain hash if the call settled on-chain, with a deep-link to a block explorer.
- Compliance review. “Show me every payment over $10k in March.”
- Debugging. “Why did the agent stop after this call?”
- Trust verification. “Did the policy actually evaluate the way I expected?”
Search and filter
The feed has filters for:- Agent — pick a specific agent.
- Tool — pick a specific tool name.
- Verdict — pass / flag / block.
- Time window — last hour, day, week, month, custom range.
- Amount range — minimum and maximum.
- Counterparty — specific beneficiary.
Compliance export
For accountants, auditors, and tax filings, export your audit log:- JSON — sync export, available immediately.
- PDF — async export with a queue; takes seconds for small ranges, minutes for year-long ranges. Cryptographically signed by Glide.
Tamper-evidence
The audit log is append-only at the Postgres layer. A database trigger denies UPDATE, DELETE, and TRUNCATE on the receipts table. The only allowed mutation is a DSAR redaction — an admin-gated flow that nulls specific fields and sets aredactedFieldsBitmap. The replay UI renders redacted fields with a [REDACTED] watermark; the row’s existence is preserved.
Even the on-chain transaction hash is verified server-side at write time — we re-fetch it from the chain itself, never trust a value claimed by the agent or a facilitator. If the hash doesn’t match, the receipt isn’t written and the call is rolled back.
Privacy mode for receipts
If you’ve enabled the strictest push privacy mode, receipts in the activity feed render in a compact form by default — just “agent activity” with a tap-to-expand. Doesn’t change what’s stored; just changes what shows on screen by default.Retention
| Tier | Range | Where | Latency to read |
|---|---|---|---|
| Hot | 0–7 days | Postgres | <10ms |
| Warm | 7–90 days | TimescaleDB-compressed | <100ms |
| Cold | 90 days–1 year | S3 Glacier-Instant | seconds |
| Regulatory | 1–7 years | S3 Glacier-Deep | hours, on-request |