Skip to main content

Documentation Index

Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

This is the agent-platform-specific quickstart. For the broader Glide bring-up (web app + data layer), see the main quickstart.

Prerequisites

  • Glide running locally per the main quickstart (Postgres on localhost:5435, Redis on localhost:6381, Inngest dev on localhost:8288, web on localhost:3000).
  • Privy Multi-tenant tenant with NEXT_PUBLIC_PRIVY_APP_ID + PRIVY_APP_SECRET set.
  • Node 22+, pnpm.

Boot apps/mcp

# In the axtior-neobank repo
pnpm --filter mcp dev
This boots the MCP gateway on localhost:8787 with HMAC-SHA256 dev verifier. The dev secret is read from MCP_TOKEN_VERIFIER_DEV_SECRET in your .env.local. Set a 32-byte hex secret if you haven’t already: 
echo "MCP_TOKEN_VERIFIER_DEV_SECRET=$(openssl rand -hex 32)" >> apps/web/.env.local

Sanity-check the gateway

curl http://localhost:8787/mcp/manifest

Connect an agent runtime

The MCP gateway speaks MCP spec 2025-11-25. Any MCP-compliant runtime works. Glide ships partner pack drafts for the five hero runtimes — see Partner registries.

Claude Desktop

Add to your claude_desktop_config.json: 
{
  "mcpServers": {
    "glide-local": {
      "url": "http://localhost:8787/mcp/read",
      "headers": {
        "Authorization": "Bearer <hmac-signed-jwt>"
      }
    }
  }
}
For local dev, generate an HMAC-signed JWT against your dev secret. For production, you’d issue this through your Ory Hydra deployment per the OAuth flow.

ChatGPT Apps

Submit through the Partner registry submission flow once you’ve stood up auth.<your-domain> + verified mcp.<your-domain>.

Google Vertex / OpenClaw / Hermes

Same submission flow. Each pack has a connector-manifest.json template at docs/designs/agent-distribution-partner-packs/<runtime>/.

Three confused-deputy-isolated endpoints

EndpointToolsTrust scope
/mcp/readaccounts, balances, transactions, agents, skills, audit streamRead-only — no money movement
/mcp/writepayments, cards, transfers, beneficiaries, x402 pay/receive, yield allocateMoney-touching; envelope-bound
/mcp/treasurygrant issuance, signer rotation, kill-switchAdmin-only; principal explicit
Confused-deputy guard: a read token cannot call write or treasury tools. The check fires BEFORE auth so a sniffed token from one endpoint can’t probe the others.

Step-up via URL-mode elicitation

Tools that cross the policy envelope return JSON-RPC -32003 with a step_up_url. The client surfaces that URL; the principal biometric-approves on the Glide web sheet at localhost:3000/step-up/[sigil]; the client retries the tool call with the returned step_up_sigil. Sigils are CAS-claimed first-use-only (F7 IRON RULE).

Where to next