Open Source

Glide Coding Standards

Battle-tested patterns for governed AI development. Community-driven. Free to use. Ready to enforce.

Browse Standards Contribute
67
YAML Standards
9
Categories
808
Enforced Rules
MIT
License

Standard Categories

🤖

Agent Governance

10 standards

Trust scoring, capability permissions, audit trails, adversarial defense, memory governance, enforcement gates, LLM application patterns.

🔒

Security & Compliance

9 standards

OWASP API security, OAuth flows, GDPR compliance, secrets management, container security, vulnerability scanning, data validation.

📋

Architecture & Quality

10 standards

Clean code principles, architecture patterns, documentation, observability, structured logging, code review, TypeScript, Python patterns.

🛠

API & Backend

8 standards

REST patterns, GraphQL, microservices resilience, caching strategies, error handling, message queues, payments, database design.

Well-Architected

7 standards

AWS reliability pillars, operational excellence, performance efficiency, security foundations, cost optimization.

🚀

DevOps & Deployment

7 standards

CI/CD pipelines, deployment safety, Docker optimization, infrastructure as code, git workflows, monorepo patterns.

💡

Core Principles

6 standards

Development principles, AI assistant configuration, testing principles, cost optimization, agent memory standards.

💻

Frontend

5 standards

React component patterns, accessibility (WCAG), internationalization, state management, web performance optimization.

Serverless & Testing

5 standards

Lambda best practices, SAM patterns, serverless architecture, TDD methodology, end-to-end integration testing.

Sample Standards

A few examples from the library

Never fetch SSM parameters at Lambda runtime Serverless Cost

Use environment variables with SAM template resolution instead. Runtime SSM calls cost $25/month per million invocations and add latency.

Never use connection pools in Lambda Serverless Database

Lambda handles one request at a time. Use a single cached client that reconnects on error. Pools waste memory and connections.

Never use DefaultAuthorizer in API Gateway Security CORS

DefaultAuthorizer applies to ALL methods including OPTIONS preflight. This breaks CORS. Use explicit per-function Auth properties.

Agent permissions must be task-scoped and time-limited Agent Security

Never inherit full user permissions. Each agent task gets a capability token specifying exactly what it can access and for how long.

Contribute Standards

These standards are community-driven. If you've learned a pattern the hard way, share it so others don't have to.

All contributions are reviewed, tested, and refined before inclusion. Your name goes in the commit history. The community benefits forever.

Contribution Guide
  • 1

    Fork the Repository

    Create your own copy to work on

  • 2

    Add Your Standard

    Follow the template format in /templates

  • 3

    Include Evidence

    Why does this matter? What happens if ignored?

  • 4

    Submit PR

    We'll review, discuss, and merge

Open Source License

All standards are released under the MIT License. Use them in any project—commercial or open source. No restrictions. No attribution required.

MIT License - Maximum freedom to use, modify, and distribute