Documentation Index
Fetch the complete documentation index at: https://glide-9da73dea.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
After every successful MCP tool call, the gateway writes a Receipt row to the activity_log table. The append-only Postgres trigger (F4 IRON RULE) prevents tampering: UPDATE/DELETE/TRUNCATE rejected unless the admin DSAR session var is set.
Canonical URL
https://glide.co/schemas/agent-banking/v1/receipt.json
Required fields
| Field | Type | Meaning |
|---|
eventType | string | tool_call, step_up_completed, policy_change, kill_switch, etc. |
timestamp | string (ISO 8601) | UTC instant. |
agentId | string | Acting agent (matches grant’s act.sub). |
principalUserId | string | Principal user (matches grant’s sub). |
vaultId | string | Resource vault (matches grant’s aud.vault_id). |
toolName | string | Which tool was called (e.g. x402.pay, payments.initiate). |
endpoint | 'read' | 'write' | 'treasury' | Confused-deputy isolation tier. |
inputDigest | string (hex) | SHA-256 of the redacted input. |
outputDigest | string (hex) | SHA-256 of the redacted output. |
riskVerdict | 'pass' | 'flag' | 'block' | Anomaly detector verdict. |
policyVersion | number | Envelope version at call time. |
grantId | string | The grant’s jti. |
latencyMs | number | End-to-end tool latency. |
Optional fields
| Field | Type | When populated |
|---|
onChainTxHash | string | Money-movement tools after F1 RPC verify settles. |
onChainAmount | number (USD cents) | Same. From serverFetchChainTx, never from facilitator receipt. |
stepUpSigil | string | Step-up tools after the principal’s biometric approval. |
redactedFieldsBitmap | number | Bit-flags for fields redacted via DSAR (F4). |
F-rule enforcement points
| Rule | What’s enforced on the Receipt |
|---|
| F1 | onChainTxHash + onChainAmount come from RPC, not facilitator. |
| F4 | The row is append-only by Postgres trigger. Admin redaction requires session var + redactedFieldsBitmap match. |
| F5 | policyVersion mismatch with current envelope blocks the row write. |
Replay rendering
DSAR redaction does NOT delete the row. It nulls specific fields + sets redactedFieldsBitmap. The replay UI renders the row with [REDACTED] watermark over redacted fields — historical existence preserved.
Example
{
"eventType": "tool_call",
"timestamp": "2026-04-25T18:23:45.123Z",
"agentId": "agent_01H8...",
"principalUserId": "user_01H7...",
"vaultId": "vault_01HA...",
"toolName": "x402.pay",
"endpoint": "write",
"inputDigest": "abc123...",
"outputDigest": "def456...",
"riskVerdict": "pass",
"policyVersion": 7,
"grantId": "grant_01HC...",
"latencyMs": 142,
"onChainTxHash": "0xdeadbeef...",
"onChainAmount": 50
}
Reading list
