Skip to content
Wicket

Operations

Audit log

Every tool call through Wicket — allowed or denied — writes an audit entry. The Audit tab in the dashboard shows a live view. For bulk access, use the REST API:

GET /api/audit?limit=100&result=DENY

Filter by service, tool, member, policy, or time range. Export to CSV via GET /api/audit/export. See Work with audit logs for the day-to-day workflow and Audit event schema for the full field reference.

Useful filters for day-to-day operations:

GoalQuery
Find all denied callsresult=DENY
Watch one connectorservice=github
Check a specific tooltool=delete_file
Trace one membermember=<memberId> (UUID, not email)
Policy impact analysispolicy=<policyId> (UUID, not policy key)

The member and policy filters take internal IDs — the dashboard fills them when you click a member or matched policy in the Audit view. See Work with audit logs for how to get the IDs.

Monitoring denies

Unexpected DENY decisions usually mean one of:

  • A policy is misconfigured — scope or tool list is wrong
  • A member’s status is pending and needs approval
  • The agent was toggled to disabled

Check the matched policy name in the audit entry. Click through to the policy to inspect its rules. Use Simulate (on the policy detail page) to test a hypothetical call without making it.

Disabling an agent

To block all MCP traffic immediately — without revoking individual keys — toggle the agent’s Status to disabled. All proxy calls return 403 until re-enabled. Use this as an emergency stop during incidents.

Bulk policy management

Policies can be toggled on/off without deleting them. Use this to:

  • Disable a time-window policy outside its intended window
  • A/B test stricter vs looser rules
  • Quickly roll back a policy change that caused unexpected denies

Toggle via the dashboard or:

POST /api/policies/<policy-id>/toggle

Agent management at scale

If you run multiple agents (e.g. per team or per environment), the agent list supports filtering by name and status. Use the REST API to automate:

GET /api/agents?status=active&role=owner

See REST API reference for the full endpoint list.