Skip to main content
Re-issue this agent’s grant under the current policy version when the new policy is unchanged-or-narrowed vs the issue-time version. No step-up required (refresh is definitionally non-escalating). Throws InvalidParamsError if the new policy expands authority — caller must use agent.grant.issue with step-up to acquire the broader scope.

Metadata

FieldValue
Nameagent.grant.refresh
Categorytreasury
Required scopeagent:budget:create
Idempotency key requiredno

Annotations

AnnotationValue
TitleRefresh Grant (no step-up)
Read-onlyno
Destructiveno
Idempotentyes
Open-worldno
Requires human approvalno

Input schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {},
  "additionalProperties": false
}

Output schema

{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "type": "object",
  "properties": {
    "grant_id": {
      "type": "string",
      "format": "uuid",
      "pattern": "^([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-8][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|00000000-0000-0000-0000-000000000000|ffffffff-ffff-ffff-ffff-ffffffffffff)$"
    },
    "bearer_token": {
      "type": "string",
      "minLength": 1
    },
    "expires_at": {
      "type": "string",
      "format": "date-time",
      "pattern": "^(?:(?:\\d\\d[2468][048]|\\d\\d[13579][26]|\\d\\d0[48]|[02468][048]00|[13579][26]00)-02-29|\\d{4}-(?:(?:0[13578]|1[02])-(?:0[1-9]|[12]\\d|3[01])|(?:0[469]|11)-(?:0[1-9]|[12]\\d|30)|(?:02)-(?:0[1-9]|1\\d|2[0-8])))T(?:(?:[01]\\d|2[0-3]):[0-5]\\d(?::[0-5]\\d(?:\\.\\d+)?)?(?:Z))$"
    },
    "scope": {
      "type": "array",
      "items": {
        "type": "string",
        "enum": [
          "accounts:read",
          "agents:read",
          "payments:initiate",
          "payments:simulate",
          "cards:manage",
          "agent:budget:create",
          "agent:budget:revoke",
          "beneficiary:read",
          "beneficiary:write",
          "kyc:start",
          "x402:pay",
          "x402:receive",
          "audit:stream",
          "treasury:rotate-signer",
          "treasury:yield-allocate"
        ]
      }
    },
    "old_policy_version": {
      "type": "integer",
      "minimum": 0,
      "maximum": 9007199254740991
    },
    "new_policy_version": {
      "type": "integer",
      "minimum": 0,
      "maximum": 9007199254740991
    },
    "policy_changed": {
      "type": "boolean"
    }
  },
  "required": [
    "grant_id",
    "bearer_token",
    "expires_at",
    "scope",
    "old_policy_version",
    "new_policy_version",
    "policy_changed"
  ],
  "additionalProperties": false
}

Request examples

curl -X POST https://mcp.glide.co/mcp/treasury \
  -H "Authorization: Bearer $GLIDE_GRANT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "agent.grant.refresh",
    "params": {}
  }'

Response examples

Successful response — policy unchanged (pure TTL extension): 
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "grant_id": "g8h9i0j1-k2l3-4567-m012-567890123456",
    "bearer_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkNGU1ZjZhNyIsInNjb3BlIjpbImFjY291bnRzOnJlYWQiLCJwYXltZW50czppbml0aWF0ZSJdfQ.newsignature",
    "expires_at": "2026-05-04T13:30:00Z",
    "scope": ["accounts:read", "payments:initiate"],
    "old_policy_version": 3,
    "new_policy_version": 3,
    "policy_changed": false
  }
}
Successful response — policy narrowed (scope reduced by org admin): 
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "grant_id": "h9i0j1k2-l3m4-5678-n123-678901234567",
    "bearer_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJkNGU1ZjZhNyIsInNjb3BlIjpbImFjY291bnRzOnJlYWQiXX0.newsignature",
    "expires_at": "2026-05-04T13:30:00Z",
    "scope": ["accounts:read"],
    "old_policy_version": 3,
    "new_policy_version": 4,
    "policy_changed": true
  }
}
Error — new policy expands authority (caller must use agent.grant.issue with step-up): 
{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32602,
    "message": "new policy version 5 expands authority (daily_limit increased from 5000 to 10000); use agent.grant.issue with step-up",
    "data": {
      "reason_id": "policy_broadened_requires_step_up"
    }
  }
}
Error — policy envelope missing for vault (data integrity issue): 
{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32602,
    "message": "policy version 3 on vault a1b2c3d4-e5f6-7890-abcd-ef1234567890 is not on file; agent.grant.refresh cannot validate narrowing without it",
    "data": {
      "reason_id": "old_envelope_missing"
    }
  }
}

Errors

CodeNameCauseRemediation
-32600Invalid requestMalformed JSON-RPC envelopeCheck method, jsonrpc, and id fields
-32602Invalid paramsNew policy expands authority vs issue-time version; policy envelope missing or fails schema validationUse agent.grant.issue with step-up to acquire broader scope; contact support if envelope missing
-32000UnauthenticatedMissing Authorization headerSupply a valid Bearer token
-32001UnauthorizedGrant token expired or revokedIssue a new grant via agent.grant.issue (step-up required)
-32002Insufficient scopeGrant missing agent:budget:create scopeIssue new grant with agent:budget:create scope
-32603Internal errorServer-side errorRetry with backoff; contact support

Auth

Caller’s grant must include the agent:budget:create scope. Grants whose scope set is a superset of the required scope are accepted.