Skip to main content
All 22 tools at MCP v1 GA. Each handler lives in apps/mcp/src/tools/<tool>.ts. Format per tool: name · scope · category · annotations. Full input/output schemas in the source file.

Write tools (/write endpoint, 60 req/min cap)

ToolScopeAnnotations
payments.initiatepayments:initiatedestructive · idempotent · requires human approval (step-up threshold)
payments.simulatepayments:simulateread-only · idempotent (dry-run)
cards.issuecards:manageidempotent
cards.freezecards:manageidempotent (already_frozen is no-op)
beneficiary.addbeneficiary:writerequires human approval (principal multisig-proposal gate)
transfer.schedulepayments:initiateidempotent · policy re-eval at execute time
payroll.runpayments:initiatedestructive · requires human approval · V2-dep-flagged
x402.payx402:paydestructive · idempotent · F1 server-fetch tx verify
x402.receivex402:receiveread-only (endpoint metadata describe)

Read tools (/read endpoint, 300 req/min cap)

ToolScope
accounts.listaccounts:read
accounts.balanceaccounts:read
transactions.listaccounts:read
agents.listagents:read
skills.listagents:read
audit.streamaudit:stream (mints SSE cursor — idempotentHint=false)

Treasury tools (/treasury endpoint, 10 req/min cap)

ToolScopeNotes
agent.budget.createagent:budget:createsaga with 4-step rollback; requires human approval
agent.budget.revokeagent:budget:revokedestructive · auto-sweep on by default
agent.grant.issueagent:budget:createstep-up required; refuses scope escalation
vault.rotateSignertreasury:rotate-signerstep-up required; bumps policy_version
yield.allocatetreasury:yield-allocateV3-dep-flagged; envelope step-up respected
killSwitch.allagent:budget:revokedestructive · emergency · confirm_scope literal required

Step-up flow (shared)

Write/treasury tools over the envelope return JSON-RPC -32003 with: 
{
  "code": -32003,
  "message": "amount 60000 requires step-up approval",
  "data": {
    "reason_id": "step_up_required",
    "step_up_url": "https://app.glide.co/step-up/<sigil>"
  }
}
Surface the URL to the user. They biometric-approve on the Glide sheet. Retry the tool with step_up_sigil=<sigil>. CAS-claim guarantees first-use-only; a 5-minute grace window returns the same payload to benign polls (prevents re-asking on network retry).

Annotations honored by MCP clients

Per MCP 2025-11-25 spec:
  • readOnlyHint: no side effects.
  • destructiveHint: cannot be undone by the tool itself.
  • idempotentHint: safe to retry with same params.
  • openWorldHint: interacts with external systems (x402.pay, facilitators).
Glide extension:
  • requiresHumanApproval: client SHOULD surface the step-up flow to the user even before calling.
Official Glide clients (Claude Desktop, ChatGPT Apps, Vertex) verify emitted annotations match the client-side registry; mismatch = refuse to execute. Custom runtimes that bypass this client-side check are still caught by the server-side annotation check on each call.