Glide OSS is MIT-licensed. Contributions land under MIT. Third-party dependencies (npm packages, vendor SDKs) are evaluated against the matrix below.Documentation Index
Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Matrix
| License | OK to depend on? | OK to redistribute? | Notes |
|---|---|---|---|
| MIT | ✅ | ✅ | Glide’s own license. Preferred for all dependencies. |
| Apache-2.0 | ✅ | ✅ | Patent grant + attribution requirements. Compatible. |
| BSD-2-Clause / BSD-3-Clause | ✅ | ✅ | Attribution required. Compatible. |
| ISC | ✅ | ✅ | Functionally equivalent to MIT. |
| MPL-2.0 | ✅ (with care) | ✅ | File-level copyleft only — touching an MPL file makes that file MPL but not your other files. Avoid for core surface. |
| LGPL-3.0 | ⚠️ (dynamic link only) | ⚠️ | LGPL is acceptable as a dynamically-linked dependency but our build is bundled. Treat as warn; reviewer must confirm linking model. |
| AGPL-3.0 | 🚧 WARN | 🚧 | Network-copyleft “infects” hosting obligations for every self-hoster. We don’t block AGPL deps but the contributor-PR CI gate WARNS LOUDLY on AGPL pulls. Self-hosters carry the AGPL hosting obligation forward. Documented in CI output + this file. |
| GPL-2.0-only / GPL-3.0-only | ❌ | ❌ | Strong copyleft. Blocks our MIT redistribution. Hard CI block on connector / skill PRs that pull GPL deps. |
| SSPL-1.0 (MongoDB-style) | ❌ | ❌ | “Service-source-provider” requirement is incompatible with operator-side commercial use. Hard CI block. |
| Commons Clause / “non-commercial” | ❌ | ❌ | Restricts commercial redistribution. Hard CI block. |
| Proprietary / unlicensed | ❌ | ❌ | No license = all rights reserved. Hard CI block. |
CI behavior
Thelicense-compat-scan CI gate (lands as a follow-up workflow file in M5.5+) walks every new dependency added in a PR and emits one of three signals:
| Signal | Outcome | Examples |
|---|---|---|
pass | Build green | MIT, Apache-2.0, BSD-2/3, ISC |
warn | Build green + bot comment requesting reviewer ack | MPL-2.0, LGPL-3.0, AGPL-3.0 |
fail | Build red | GPL-2/3-only, SSPL, Commons Clause, unlicensed |
pnpm-lock.yaml + each transitive dependency’s package.json license field, normalized via the SPDX identifier list.
What about Privy / Bridge / Noah / Chainalysis SDKs?
Vendor SDKs are typically MIT or Apache-2.0 (the standard for client libraries). The vendor’s terms of service are a separate matter — see each connector’sDISCLAIMER.md for ToS-redistribution language. License compatibility (this doc) and ToS compatibility (per-connector DISCLAIMER) are orthogonal.
What if the license is missing?
Treat unlicensed packages as proprietary. The CI gate fails on missing license fields. If you need an unlicensed dep, file an issue with the dependency’s maintainer to clarify; don’t ship it through Glide CI.Operator notes
If you (the self-hoster) add an AGPL-licensed connector or skill to your deployment:- Your deployment falls under the AGPL “interaction over a network” trigger. You owe source disclosure to anyone interacting with the running service.
- This includes the AGPL component’s source AND the source of “the larger Program,” which is interpreted broadly under AGPL. Talk to a lawyer before going live.
- Glide does not redistribute AGPL packages by default. The CI warn gate is your reminder.
Where this lives
- This file: human-readable matrix.
.github/workflows/license-compat-scan.yml: the CI implementation (lands in a follow-up).CONTRIBUTING.md: pre-PR checklist that points contributors here.