Skip to main content
Glide Headless exposes its tools through three MCP endpoints:
  • /mcp/read — non-mutating queries (tools/list, balances, etc.)
  • /mcp/write — mutating actions (issue grants, run payroll, freeze cards)
  • /mcp/treasury — high-privilege treasury actions (kill switch, signer rotation)
Each tool below shows its required scope, annotations, and exact input/output JSON Schemas. Schemas are auto-generated from the source-of-truth Zod definitions in apps/mcp/src/tools/.

Base URL

Three category-specific JSON-RPC endpoints:
  • https://mcp.glide.co/mcp/read — non-mutating tools (accounts.balance, accounts.list, agents.list, audit.stream, payments.simulate, skills.list, transactions.list, x402.receive)
  • https://mcp.glide.co/mcp/write — mutating tools (beneficiary.add, cards.freeze, cards.issue, payments.initiate, payroll.run, transfer.schedule, x402.pay)
  • https://mcp.glide.co/mcp/treasury — high-privilege tools (agent.budget.create, agent.budget.revoke, agent.grant.issue, agent.grant.refresh, killSwitch.all, vault.rotateSigner, yield.allocate)
Tools are namespaced; calling a write tool on /mcp/read returns a confused-deputy error.

Auth

Every call must carry a Glide-issued grant JWT in the Authorization header: 
Authorization: Bearer <grant_token>
Grants are scoped (e.g. accounts:read, payments:initiate), tied to a specific principal + agent + entity, and have a short TTL. The MCP server performs a fresh database read on every call so a revoked grant fails closed immediately. To obtain a grant, complete the OAuth flow with your agent’s client_credentials.

Quick example

curl
curl -X POST https://mcp.glide.co/mcp/read \
  -H "Authorization: Bearer $GLIDE_GRANT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "accounts.list",
    "params": {}
  }'
For curl, TypeScript, and Python wrapper implementations that make every per-tool example on this site runnable as-is, see Clients (curl, TypeScript, Python).

All 22 tools

ToolScopeCategoryStep-upDescription
accounts.balanceaccounts:readreadnoPer-chain, per-token balance of the agent vault.
accounts.listaccounts:readreadnoList the accounts this agent can operate on.
agents.listagents:readreadnoList sibling agents under the same principal/entity.
audit.streamaudit:streamreadnoMint a cursor for subscribing to this agent’s event stream over SSE.
payments.simulatepayments:simulatereadnoRun policy evaluation against a proposed payment without side effects.
skills.listaccounts:readreadnoCatalog of installable skills from glide.co/skills.
transactions.listaccounts:readreadnoPaginated list of this agent’s transactions.
x402.receivex402:receivereadnoReturn this agent’s x402 receive endpoints.
beneficiary.addbeneficiary:writewritenoPropose adding a counterparty to the agent’s envelope allowlist.
cards.freezecards:managewritenoFreeze a previously issued card.
cards.issuecards:managewritenoIssue a scoped virtual card against the agent sub-vault.
payments.initiatepayments:initiatewriteconditionalInitiate a payment inside the agent vault envelope.
payroll.runpayments:initiatewritenoKick a payroll batch (requires V2 payroll infra).
transfer.schedulepayments:initiatewriteconditionalSchedule a future-dated transfer; envelope evaluated at schedule + execute time.
x402.payx402:paywritenoPay an x402 micropayment endpoint with server-side RPC verification.
agent.budget.createagent:budget:createtreasurynoSpawn a child agent with a scoped sub-vault and policy envelope.
agent.budget.revokeagent:budget:revoketreasurynoRevoke a child agent and optionally sweep its vault to the parent.
agent.grant.issueagent:budget:createtreasuryalwaysIssue a new bearer grant with a narrowed scope set.
agent.grant.refreshagent:budget:createtreasurynoRe-issue a grant under the current policy version when policy is unchanged-or-narrowed.
killSwitch.allagent:budget:revoketreasurynoAtomic kill-switch: revoke every grant + freeze every sub-vault for this principal.
vault.rotateSignertreasury:rotate-signertreasuryalwaysRotate the signing key for this agent’s sub-vault.
yield.allocatetreasury:yield-allocatetreasuryconditionalMove funds between yield vaults (Aave/Morpho/Kamino/idle).
Step-up column: always = every call requires principal biometric approval regardless of amount. conditional = required when the transfer amount exceeds the envelope’s step_up_amount_cents threshold. no = never step-up gated. See Policy envelope for the full policy contract, Step-up flow for the biometric approval sequence, and Receipts for the audit trail format.

Read tools

ToolDescription
accounts.balancePer-chain, per-token balance of the agent vault. Amounts returned in both cents (USD-normalized via current FX where app
accounts.listList the accounts this agent can operate on. Scoped strictly to the grant’s aud.vault_id — a sibling agent’s vault is ne
agents.listList sibling agents under the same principal/entity. Useful for cross-agent UIs; doesn’t expose another agent’s envelope
audit.streamMint a cursor for subscribing to this agent’s event stream over SSE. The cursor is bound to the current grant — when the
payments.simulateRun the full policy envelope evaluation against a proposed payment. Returns the verdict + every reason without any side
skills.listCatalog of installable skills from glide.co/skills. Each skill advertises its runtime compatibility and whether its upst
transactions.listPaginated list of this agent’s transactions. Scoped to the agent; sibling agents’ history never appears. Use cursor for
x402.receiveReturn this agent’s x402 receive endpoints. Every Glide vault is x402-addressable out of the box — other agents can pay

Write tools

ToolDescription
beneficiary.addPropose adding a counterparty to the agent’s envelope allowlist. Per the multisig allowlist gate, allowlist mutations ar
cards.freezeFreeze a previously issued card. The card will reject subsequent authorizations until unfrozen (unfreeze tool ships in v
cards.issueIssue a scoped virtual card against the agent sub-vault. The card carries its own MCC filters, funding cap, and expiry i
payments.initiateInitiate a payment inside the agent vault envelope. Amounts over the step-up threshold return a pending_step_up response
payroll.runKick a payroll batch. Requires V2 payroll infra (Sprint 3-4); returns blocked_by_dep if unavailable, matching PLAN.md he
transfer.scheduleSchedule a future-dated transfer. Envelope is evaluated at schedule time AND again at execute time; policy bumps between
x402.payPay an x402 micropayment endpoint. Server-side RPC verification of the on-chain tx is MANDATORY — the facilitator receip

Treasury tools

ToolDescription
agent.budget.createSpawn a child agent with a scoped multisig sub-vault and a policy envelope. The operation is a saga — on any failure the
agent.budget.revokeRevoke a child agent and optionally auto-sweep its sub-vault back to the parent treasury. Revocation is terminal; spawn
agent.grant.issueIssue a new bearer grant for this agent with a narrowed scope set. Always requires principal step-up — the first call re
agent.grant.refreshRe-issue this agent’s grant under the current policy version when the new policy is unchanged-or-narrowed vs the issue-t
killSwitch.allAtomic kill-switch: revoke every active grant + freeze every sub-vault for this principal. The confirm_scope literal ‘AL
vault.rotateSignerRotate the signing key for this agent’s sub-vault. Always requires principal step-up. Completes atomically with a policy
yield.allocateMove funds between yield vaults (Aave/Morpho/Kamino/idle) within the envelope. Blocked by V3 yield infra if that depende

Auth model

Every call must carry a Glide-issued grant JWT in the Authorization: Bearer … header. Grants are scoped (e.g. agents:read, payments:write) and tied to a specific principal + agent + entity. The MCP server fresh-reads the tenant from the database on every call so a stolen grant against a stale tenant fails closed. See /agents/policy-envelope for the policy contract Glide enforces on top of the grant.