Introduction
Wicket (this repository) is a Nuxt / Nitro application that fronts third-party Model Context Protocol (MCP) servers. It provides Bearer-key MCP access, Cedar authorization on tool calls, OAuth and credential handling for many connectors, audit trails, and an operator dashboard.
UI copy uses Identities and MCP connections; HTTP APIs use agents, members, and service connections.
Authentication surfaces
| Surface | Mechanism |
|---|---|
MCP under /mcp/... | Authorization: Bearer <member key> (session cookie not used for proxy auth) |
Dashboard and most /api/* routes | Session cookie after magic link (and MFA when enabled) |
POST /api/mcp/mock-call | Session + MFA — intended for dashboard testing, not generic MCP clients |
Where to read next
- Architecture — layout and startup.
- MCP proxy — JSON-RPC entrypoint.
- Policies — structured rules and Cedar.
- Connectors — supported upstream services.
- Local environment — app and docs site dev commands.
- Runtime configuration — how secrets and URLs are wired (no credential values in this book).