Skip to content
GLACIS GLACIS Documentation

Quickstart

This guide will help you deploy a GLACIS sidecar and start generating compliance attestations in under 10 minutes.

Prerequisites

Before you begin, ensure you have:

  • Node.js 18+ installed
  • A GLACIS account (sign up here)
  • An AI provider API key (OpenAI, Anthropic, etc.)

Quick Setup

  1. Create a GLACIS Organization

    Log into the GLACIS Dashboard and create a new organization. Note your:

    • Organization ID (org_...)
    • API Key (glc_...)

  2. Install the Sidecar

    Terminal window
    npm install @glacis/sidecar

  3. Configure Environment Variables

    Create a .env file in your project root:

    Terminal window
    # GLACIS Configuration
    GLACIS_ORG_ID=org_your_org_id
    GLACIS_API_KEY=glc_your_api_key
    

    # AI Provider (example: OpenAI)
    OPENAI_API_KEY=sk-your-openai-key

  4. Create the Sidecar Configuration

    Create glacis.config.ts:

    import { defineConfig } from '@glacis/sidecar';
    

    export default defineConfig({
      orgId: process.env.GLACIS_ORG_ID!,
      apiKey: process.env.GLACIS_API_KEY!,
    

      provider: {
        type: 'openai',
        apiKey: process.env.OPENAI_API_KEY!,
      },
    

      sampling: {
        rate: 100, // 1 in 100 requests get L2 attestation
        policies: ['toxicity', 'pii'],
      },
    });

  5. Update Your AI Client

    Replace your direct AI provider calls with the GLACIS-wrapped client:

    // Before: Direct OpenAI call
    import OpenAI from 'openai';
    const client = new OpenAI();
    

    // After: GLACIS-wrapped client
    import { createGlacisClient } from '@glacis/sidecar';
    const client = createGlacisClient({
      provider: 'openai',
    });
    

    // Usage remains the same
    const response = await client.chat.completions.create({
      model: 'gpt-4',
      messages: [{ role: 'user', content: 'Hello!' }],
    });

  6. Verify Attestations

    Make a test request and check the GLACIS dashboard:

    const response = await client.chat.completions.create({
      model: 'gpt-4',
      messages: [{ role: 'user', content: 'What is GLACIS?' }],
    });
    

    console.log('Response:', response.choices[0].message.content);
    console.log('Attestation ID:', response._glacis?.attestationId);

Verify in Dashboard

After making your first request, navigate to the GLACIS Dashboard:

  1. Go to Attestations in the sidebar
  2. You should see your first attestation with:
    • Timestamp
    • Attestation level (L0 or L2)
    • Request commitment hash
    • Ed25519 signature

Alternative: Docker Deployment

If you prefer containerized deployment:

Terminal window
# Pull the sidecar image
docker pull ghcr.io/glacis-io/sidecar:latest


# Run with environment variables
docker run -d \
  -e GLACIS_ORG_ID=org_your_org_id \
  -e GLACIS_API_KEY=glc_your_api_key \
  -e OPENAI_API_KEY=sk-your-openai-key \
  -p 8080:8080 \
  ghcr.io/glacis-io/sidecar:latest

Then configure your application to use http://localhost:8080 as the AI provider endpoint.

What’s Happening?

When you make an AI request through the GLACIS sidecar:

┌─────────────────────────────────────────────────────────────┐
│ 1. Request received by sidecar                              │
├─────────────────────────────────────────────────────────────┤
│ 2. Sidecar obtains bearer token from witness service        │
│    (establishes epoch binding)                              │
├─────────────────────────────────────────────────────────────┤
│ 3. Request forwarded to AI provider (OpenAI, Anthropic)     │
├─────────────────────────────────────────────────────────────┤
│ 4. Response received from AI provider                       │
├─────────────────────────────────────────────────────────────┤
│ 5. Sidecar generates attestation:                           │
│    • L0 (always): Request metadata + commitment             │
│    • L2 (if sampled): Full evidence + policy scores         │
├─────────────────────────────────────────────────────────────┤
│ 6. Attestation sent to receipt service                      │
│    (Merkle tree inclusion proof returned)                   │
├─────────────────────────────────────────────────────────────┤
│ 7. Response returned to your application                    │
│    (with optional attestation metadata)                     │
└─────────────────────────────────────────────────────────────┘

Auto-Evidence Generation

Once attestations flow into GLACIS, they automatically map to ISO 42001 controls:

ControlEvidence TypeAuto-Mapped
A.6.2.6AI system monitoringRequest/response attestations
A.6.2.8Performance trackingLatency and error metrics
A.7.5Data qualityInput validation scores
A.9.4User monitoringUsage pattern analysis

Check the Controls page in the dashboard to see evidence automatically linked to compliance requirements.

Next Steps

Run the Certification Wizard

Complete the AI-powered interview to bootstrap your full ISO 42001 compliance program.

Start Wizard →

Configure Sampling

Learn how to tune L2 sampling rates and enable additional policy checks.

Configuration Guide →

Deploy to Production

Choose a production deployment: Cloudflare Workers, Cloud Run, Lambda, or Kubernetes.

Deployment Options →

Understand Attestations

Deep dive into the cryptographic details of L0 and L2 attestations.

Attestation Guide →

Troubleshooting

Attestations not appearing

  1. Verify your API key is correct
  2. Check network connectivity to https://receipts.glacis.io
  3. Ensure your organization ID matches

Invalid signature errors

  1. Ensure system clock is synchronized (NTP)
  2. Verify you’re using the latest sidecar version
  3. Check that epoch hasn’t expired (1 hour window)

Rate limiting

GLACIS applies rate limits per organization:

  • L0 attestations: 10,000/minute
  • L2 attestations: 1,000/minute

Contact support to increase limits for production workloads.