OSS Legal - Glide

Glide ships every legal artifact you need to operate the OSS stack with vendor adapters and partner integrations. Each one was reviewed by independent Opus-powered Legal Partner agents against a 12-axis framework; aggregate score across the five artifacts is 98.93 / 100.

The TPA and TSA are use-based consent instruments — no countersign required. Promoting a Connector or Skill to the Verified Trust Tier (or maintaining it there for ≥30 days) is the act of acceptance. Same way you accept GitHub’s TOS by pushing a commit. If your legal department requires a wet-signed counterpart for their files, email legal@glide.co and Glide will provide one — but it’s not a condition of being a Trusted Partner. See §0 of each agreement for the formal mechanic.The vendor-posture documents (Chainalysis, Coinbase x402, Ory) are operator-facing notices, not contracts — they describe what an Operator must hold contractually with the named third-party vendor.

Artifacts

Trusted Partner Agreement

Template contract between Glide and a connector vendor whose adapter is promoted to the Verified trust tier. Covers code-quality SLA, incident-response timeline, mutual indemnification, marketplace placement, Glide’s right to revoke Verified status for cause.

Trusted Skill Agreement

Template contract between Glide and a skill author whose agent skill is promoted to Verified. Lighter than the TPA. Heart of the agreement is prompt-injection review attestation, scope-minimization, and runtime envelope integrity.

Chainalysis vendor posture

Operator-facing notice + compliance brief for the Chainalysis sanctions-screening adapter. Operator must hold their own Chainalysis customer agreement. Glide is not a party.

Coinbase x402 vendor posture

Operator-facing notice + compliance brief for the Coinbase x402 facilitator adapter. Includes the F1 IRON RULE — facilitator-claimed transaction IDs are never trusted; the operator independently RPC-verifies on-chain before persisting.

Ory vendor posture

Operator-facing notice + compliance brief for the OAuth Authorization Server (Ory Network hosted or self-hosted Hydra OSS). Both modes documented as equally valid.

Framework

Each artifact was scored 0–10 across 12 axes:

#	Axis
1	Definitions clarity
2	Risk allocation
3	License grant scope
4	Compliance pass-through
5	Termination + survival
6	IP + confidentiality
7	Dispute resolution
8	Warranty + disclaimer
9	Operator obligations
10	Plain-language clarity
11	Compliance with applicable law
12	Anti-abuse + integrity

Sum / 120 × 100. Pass at ≥ 95.

Common framework defaults

Governing law: Delaware
Venue: JAMS arbitration in San Francisco, with carve-out for injunctive relief in any competent court
Class-action waiver: yes
Attorney-fee reciprocity: yes
Warranty: AS IS / AS AVAILABLE; consequential damages excluded
MIT preservation: the connector or skill code stays MIT regardless of TPA / TSA status — forks are explicitly permitted and not chillable

Where the canonical files live

Artifact	Canonical path in the source repo
TPA	`docs/TRUSTED_PARTNER_AGREEMENT.md`
TSA	`docs/TRUSTED_SKILL_AGREEMENT.md`
Chainalysis posture	`packages/connectors/chainalysis/{DISCLAIMER,COMPLIANCE}.md`
Coinbase x402 posture	`packages/connectors/coinbase-x402/{DISCLAIMER,COMPLIANCE}.md`
Ory posture	`docs/legal/ory-vendor-posture-{DISCLAIMER,COMPLIANCE}.md`

The pages below excerpt the substantive sections; for execution always use the canonical file.

Agent payment lifecycle Trusted Partner Agreement (template, use-based consent)

​Artifacts