Glide OSS is the open-source orchestration shell behind glide.co — a MIT-licensed full-stack codebase covering the web app, mobile app, MCP gateway, agent skills library, and trust console. Self-hosters bring their own vendor relationships (Privy, Bridge, Chainalysis, Coinbase x402, etc.); the code orchestrates them. This is not a fully self-hostable bank stack. It is a self-hostable orchestration shell with explicit vendor dependencies. The honest framing matters because calling OSS a “money OS” without the vendor-dependency layer creates trust debt.Documentation Index
Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
What you can do with Glide OSS
Self-host
Run your own Glide instance. Bring your own Privy tenant, Bridge contract, optional Chainalysis.
npx create-glide-app to localhost in 90s.Contribute a connector
Add a vendor adapter to the catalog. Manifest + capability impls + contract tests + 8-gate CI.
Author an agent skill
Package an MCP-callable agent capability. Manifest + policy template + consent flow + Trusted Skill Agreement at verified tier.
Cite the standards
Public draft schemas for connector manifests, agent policy envelopes, scoped grant claims, receipts, skill manifests, trust tiers.
Architecture at a glance
Orchestration shell
What’s actually OSS vs what’s a vendor dependency.
Hosted vs self-hosted
100% code parity target with explicit exceptions table.
Money-safety contracts
F1–F7 architectural commitments enforced at every money-touching path.
Headless MCP
The agent gateway:
apps/mcp with 21 tools, OAuth 2.1, policy engine, append-only audit log.License + governance
- MIT everywhere. Web, mobile, MCP, every connector, every skill, the CLI. No copyleft anywhere in-tree.
- DCO sign-off on every commit (one-line Signed-off-by trailer,
git commit --signoff). - BDFL at launch. Single maintainer. Governance formalizes when community volume requires it.
- CODEOWNERS-protected changes for
_base/interfaces, trust tier promotions, and money-safety architecture.
Trust tiers (quality, not licensing)
| Tier | When | Off by default? |
|---|---|---|
community | Any first PR | Yes — opt-in via env + red banner |
verified | Signed Trusted Partner / Skill Agreement + checklist review | No — per-tenant opt-in |
core | Glide-maintained reference implementations | No — ships enabled |
Money-safety F-rules
Every money-touching tool path observes seven IRON-RULE contracts:| Rule | What it enforces |
|---|---|
| F1 | Server-side RPC verify of on-chain settlement. Persisted hash from RPC, never from facilitator receipt. |
| F2 | CAS-claim before broadcast. Inngest re-fires never double-broadcast. |
| F3 | Fresh-read tenant verification on every tool invocation. Cached grant alone never authorizes. |
| F4 | Append-only audit log via Postgres trigger. UPDATE/DELETE rejected unless DSAR session var set. |
| F5 | Atomic policy_version bump on signer rotation. No in-flight tool call signs against rotated-out signer. |
| F7 | Sigil first-use-only for URL-mode step-up. CAS-claimed; race losers reject. |
Where to start
- Self-hoster → Quickstart → Self-hosting
- Connector author → Connector catalog → Adding a connector
- Skill author → Skill catalog → Authoring a skill
- Agent integrator → Headless MCP → OAuth flow → Tool reference
- Standards reader → Standards
- Security reviewer → Threat model → License compatibility