> ## Documentation Index > Fetch the complete documentation index at: https://glide-9da73dea.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # License compatibility > Accept / warn / block matrix for third-party dependencies. MIT/Apache/BSD/ISC pass; MPL/LGPL/AGPL warn; GPL/SSPL/unlicensed block. Glide OSS is MIT-licensed. Contributions land under MIT. Third-party dependencies (npm packages, vendor SDKs) are evaluated against the matrix below. ## Matrix | License | OK to depend on? | OK to redistribute? | Notes | | ------------------------------------- | ---------------------- | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **MIT** | ✅ | ✅ | Glide's own license. Preferred for all dependencies. | | **Apache-2.0** | ✅ | ✅ | Patent grant + attribution requirements. Compatible. | | **BSD-2-Clause / BSD-3-Clause** | ✅ | ✅ | Attribution required. Compatible. | | **ISC** | ✅ | ✅ | Functionally equivalent to MIT. | | **MPL-2.0** | ✅ (with care) | ✅ | File-level copyleft only — touching an MPL file makes that file MPL but not your other files. Avoid for core surface. | | **LGPL-3.0** | ⚠️ (dynamic link only) | ⚠️ | LGPL is acceptable as a dynamically-linked dependency but our build is bundled. Treat as warn; reviewer must confirm linking model. | | **AGPL-3.0** | 🚧 **WARN** | 🚧 | Network-copyleft "infects" hosting obligations for every self-hoster. We don't block AGPL deps but the contributor-PR CI gate **WARNS LOUDLY** on AGPL pulls. Self-hosters carry the AGPL hosting obligation forward. Documented in CI output + this file. | | **GPL-2.0-only / GPL-3.0-only** | ❌ | ❌ | Strong copyleft. Blocks our MIT redistribution. **Hard CI block** on connector / skill PRs that pull GPL deps. | | **SSPL-1.0** (MongoDB-style) | ❌ | ❌ | "Service-source-provider" requirement is incompatible with operator-side commercial use. **Hard CI block.** | | **Commons Clause / "non-commercial"** | ❌ | ❌ | Restricts commercial redistribution. **Hard CI block.** | | **Proprietary / unlicensed** | ❌ | ❌ | No license = all rights reserved. **Hard CI block.** | ## CI behavior The `license-compat-scan` CI gate (lands as a follow-up workflow file in M5.5+) walks every new dependency added in a PR and emits one of three signals: | Signal | Outcome | Examples | | ------ | ------------------------------------------------- | ---------------------------------------------- | | `pass` | Build green | MIT, Apache-2.0, BSD-2/3, ISC | | `warn` | Build green + bot comment requesting reviewer ack | MPL-2.0, LGPL-3.0, AGPL-3.0 | | `fail` | Build red | GPL-2/3-only, SSPL, Commons Clause, unlicensed | The GitHub Actions implementation will use a small TypeScript walker over `pnpm-lock.yaml` + each transitive dependency's `package.json` license field, normalized via the SPDX identifier list. ## What about Privy / Bridge / Noah / Chainalysis SDKs? Vendor SDKs are typically MIT or Apache-2.0 (the standard for client libraries). The vendor's *terms of service* are a separate matter — see each connector's `DISCLAIMER.md` for ToS-redistribution language. License compatibility (this doc) and ToS compatibility (per-connector DISCLAIMER) are orthogonal. ## What if the license is missing? Treat unlicensed packages as proprietary. The CI gate fails on missing license fields. If you need an unlicensed dep, file an issue with the dependency's maintainer to clarify; don't ship it through Glide CI. ## Operator notes If you (the self-hoster) **add** an AGPL-licensed connector or skill to your deployment: * Your deployment falls under the AGPL "interaction over a network" trigger. You owe source disclosure to anyone interacting with the running service. * This includes the AGPL component's source AND the source of "the larger Program," which is interpreted broadly under AGPL. Talk to a lawyer before going live. * Glide does not redistribute AGPL packages by default. The CI warn gate is your reminder. ## Where this lives * This file: human-readable matrix. * `.github/workflows/license-compat-scan.yml`: the CI implementation (lands in a follow-up). * `CONTRIBUTING.md`: pre-PR checklist that points contributors here.