Testnet

Architecture

Glidepay is a Next.js application with a server-side custody model. Here's the stack and the responsibility split.

The pieces

  • Next.js 16 (App Router). UI and server routes. Deployed on Vercel.
  • Clerk. Authentication. Email and Google sign-in. We never touch passwords.
  • Circle Developer-Controlled Wallets. Smart accounts on Arc and the other supported chains. Server-side signing via Circle's API. No private keys ever land in the client.
  • Circle App Kit. Swap and bridge primitives. USDC ↔ EURC ↔ cirBTC on Arc, plus CCTP V2 cross-chain.
  • Supabase Postgres + Prisma. User metadata, contacts, payment requests, scheduled transfers, activity records, chat history. Source of truth for off-chain state.
  • Groq. Llama 3.1 8B-instant for Billy. ~400ms structured JSON responses.
  • Web Push (VAPID). Real-time push for incoming USDC, paid requests, completed swaps. Native APNs / FCM coming via Capacitor on iOS / Android.
  • Capacitor. iOS and Android shells that load the live PWA. Adds native push, biometrics, status bar, haptics, share sheet.

The flow when you send

  1. You tap Send → fill recipient + amount → tap Pay
  2. Client POSTs /api/send with { walletId, destinationAddress, amount, token, note }
  3. Server resolves the recipient (0x / @username / contact), validates ownership of the source wallet, asserts sufficient balance, checks for a duplicate send in the last 10s (idempotency)
  4. Server calls Circle createTransactionwith the wallet's server-side signing credential
  5. Transaction lands on Arc in ~1s; we record a Transaction row, push-notify the recipient

The flow when someone sends to you cross-chain

See Universal Receive for the full version. Short: Circle webhook fires on inbound USDC at your receive address → handler atomically claims the event → gas refill if needed → CCTP V2 burn-on-source + mint-on-Arc → push.

Why server-side custody

Browser-side wallet management means: MetaMask popups, seed phrases, users who lose access permanently. Server-side custody (via Circle) means: email-and-Google sign-in, accounts you can recover, a UX that looks like Venmo. The trade-off is trust. You trust glidepay and Circle to operate your wallet honestly. On testnet that's no meaningful trust burden. See Security model for the longer version.