The OSS Cathedral plan commits to 100% code parity between Glide Cloud and self-hosted instances — with explicit documented exceptions. This file is the source of truth for what’s the same, what’s different, and why.Documentation Index
Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Code parity
The web app, mobile app, MCP gateway, all 21 connectors, all 6 hero skills, the policy engine, the grant wrapper, the schemas, the secrets-manager, the CLI, and the create-glide-app scaffolder all ship under MIT in this repo. There is nopackages/enterprise/ edition. No feature in code is gated by license, tenant tier, or feature flag based on whether you’re on Glide Cloud or self-hosted.
The full list of code surfaces:
apps/web/— Next.js 16 origin app (consumer + admin + agent skill catalog at/skills)apps/mcp/— MCP gateway (22 tools across read/write/treasury endpoints)apps/mobile/— Expo / React Native mobile apppackages/connectors/<slug>/× 21 — vendor adapterspackages/skills/<id>/× 6 — agent skill packages@glideco/policy-engine,@glideco/schemas,@glideco/grant-wrapper,@glideco/secrets-scan— Headless platform@repo/secrets,@repo/cli,create-glide-app— self-host quickstart
GLIDE_USE_MOCK_CONNECTORS=true pnpm --filter web dev.
What Glide Cloud runs that you operate yourself
The differences are operational, not code-level.| Layer | Glide Cloud | Self-Hosted |
|---|---|---|
| Vendor seats | Glide holds umbrella contracts with Privy, Bridge, Noah, Chainalysis, Alchemy, Coinbase, Ory. Hosted users get the whole stack on day one. | You bring your own Privy Multi-tenant tenant + each individual vendor contract you want to use. |
| Managed ops | We run upgrades, security patches, Postgres backups, Redis failover, Inngest scaling, multi-region failover. | You own uptime + backups + scaling. |
| Compliance packaging | Signed audit-log exports, SOC 2 report bundles, vendor compliance artifacts collected in one place. | You assemble your own compliance bundle from per-connector COMPLIANCE.md + your audit-log retention. |
| Support + SLAs | Named support contact, guaranteed response times, incident escalation. | GitHub issues + best-effort. Discord / Slack lands with M5.5+. |
| Mobile distribution | Glide Cloud’s App Store / Play Store binaries point at our backend. | Self-host = self-build. EAS bakes EXPO_PUBLIC_API_URL at build time; you do your own EAS build pointing at your backend. |
| Trusted Partner program | Regulated partners pay to have their connector promoted to verified tier with marketplace placement + co-marketing. The connector code itself is still MIT. | Promotion ladder is identical (community → verified → core), but you administer it for your own tenant. |
Documented parity exceptions
Per the OSS plan §M2 §“Foundational Decisions” + Codex review fix #10, three honest exceptions to “100% code parity”:1. Chainalysis live adapter (counsel-blocked redistribution)
Status: ⚠️ Conditional. As of M2 ship, the Chainalysis adapter ships in OSS atpackages/connectors/chainalysis/ with a prominent DISCLAIMER.md stating users must hold their own Chainalysis contract.
Risk: If Chainalysis counsel objects to OSS-distributed adapters that call their API even with the disclaimer, Glide Cloud would continue shipping the live adapter while OSS would ship a skeleton interface + the existing chainalysis-mock only. We have not received that objection as of this writing; the live adapter is in OSS today.
Mitigation if blocked: OSS users would set SCREENING_PROVIDER=chainalysis-mock (deterministic fixtures) or SCREENING_PROVIDER=permissive (no-op + red banner) until they implement an alternative screening capability (TRM Labs, Elliptic, etc.).
2. Privy Multi-tenant requirement (vendor-only OSS)
OSS is Privy-only in v1. There is noauth-local / Better-Auth fallback. Self-hosters without a Privy Multi-tenant account cannot run Glide today.
Why: Per the M2 OSS plan §11, agent banking’s programmable-signing-policy is Privy-specific. The alternative (Turnkey sub-org per entity) forces regulatory re-analysis the OSS plan doesn’t want to inherit.
Future: If Privy’s Multi-tenant product changes pricing or availability, OSS users are exposed. Acceptable trade-off per the ceremony review; documented prominently in docs/SELF_HOSTING.md.
3. Mobile App Store distribution (platform-controlled)
iOSDCAppAttestService + Android Play Integrity require Apple / Google developer accounts AND attestation service setup. Glide Cloud’s mobile binaries are signed with our developer accounts; self-hosters need their own.
Posture: The AttestationProvider capability ships with three implementations: iOS (Apple PKI), Android (Play Integrity), and none (red admin banner saying attestation is disabled). Self-hosters who don’t run their own EAS build set ATTESTATION=none.
Future: Once App Store / Play Store policies mature for OSS-flavored fork distribution, this exception narrows. Today the platform-attestation requirement IS the gap.
What’s NOT a parity exception
These are sometimes assumed to be exceptions but are NOT:- The Trust Console UI — lands in OSS at M4 once Glide Cloud has soaked Trust Console v1 for 12 weeks. Identical code; identical UI; the gating is “the schemas need to be production-hardened before publication.”
- Agent skills marketplace — already shipped at
apps/web/src/app/(public)/skills/(PR153). Identical render in Glide Cloud + self-hosted. - The MCP gateway —
apps/mcp/ships in OSS. Identical wire format (MCP spec 2025-11-25). Identical 22-tool surface. - Per-connector trust tiers — promotion ladder works identically. The promotion administration differs (we approve verified-tier on Glide Cloud; you approve verified-tier in your own deployment).
Versioning + upgrade contract
Self-hosters should track themain branch tags. Major-version bumps that change schema or break connector contracts will be called out in CHANGELOG.md with explicit migration steps. Migration files under apps/web/drizzle/*.sql are the source of truth (NOT _journal.json); apply via bash scripts/run-agent-platform-migrations.sh per CLAUDE.md.
How we keep this file honest
This file is reviewed every quarter (Glide Cloud release-train) AND on every milestone PR that touchesapps/web or packages/connectors/<vendor>/. If you ever discover a Glide Cloud feature that isn’t in OSS, file an issue — the parity commitment is real.
Reference
docs/SELF_HOSTING.md— operator runbookdocs/agents/SELF_HOSTING.md— agent platform self-hostapps/mcp/COMPLIANCE.md— MCP gateway compliance postureCONTRIBUTING.md— partner-PR flow + trust tiers