Skip to content
Wicket

Concepts glossary

Definitions for the terms used across the dashboard and these docs, alphabetised.

Agent

A named AI identity. An agent holds enabled connectors, policies, and members. Each member of an agent gets their own member key and their own OAuth connections. The dashboard UI also calls agents Identities.

Agent owner

The user who created the agent. Owners enable connectors, manage policies, invite/approve/remove members, and can disable the agent. Owners cannot see members’ keys or OAuth tokens.

Aggregator endpoint

The single MCP endpoint, https://mcp.wicket.sh/mcp. It exposes the tools of every connector the agent has enabled, with each tool name prefixed by its service: github__get_file_contents, slack__slack_send_message.

Audit entry

A record written for every tool call — allowed or denied — containing the tool, member, decision, matched policies (with the exact policy version), duration, and redacted arguments. See Audit event schema.

Connector

A supported third-party service (GitHub, Slack, Linear, …) wired into the proxy: an upstream MCP server, a tool catalog grouped into tiers, an OAuth flow for member credentials, and optionally entity harvesting and webhooks. See the Connectors catalog.

Deny message

An optional human-readable explanation (max 500 characters) on a forbid policy. Recorded in the audit entry whenever the policy denies a call.

Entity harvesting

The background collection of resource metadata from connected services — repositories, channels, teams, projects, labels — used to power policy pickers and resource-condition evaluation. See Entity harvesting and freshness.

GitHub App installation

An alternative GitHub connection mode where a GitHub App installation (rather than a user OAuth token) provides credentials, with per-installation repository selection. Also enables GitHub webhooks that keep harvested entities fresh.

Member

A user who belongs to an agent. Members hold their own encrypted OAuth connections and their own member key. Membership status is pending until the owner approves (approved) or rejects (rejected). Roles are owner and member.

Member key

The Bearer credential an MCP client presents to the proxy. One key per member per agent. Shown exactly once at generation — Wicket stores only a lookup digest, never the key. The key also unlocks that member’s encrypted OAuth tokens, which is why losing it means reconnecting services. Sometimes called a proxy key.

Policy (structured policy)

A rule that permits or forbids tool calls, scoped by service, tools, principal, time, resources, and session state. Compiled to Cedar for evaluation. See the Structured policy schema.

Policy version

An immutable snapshot created on every policy save (create, update, toggle, delete) with author, timestamp, and compiled Cedar. Audit entries reference the version that matched, and the dashboard shows field-level diffs between versions.

Resource condition

A policy clause matching attributes of the targeted resource — repo visibility, PR state, label, Linear team, Vercel target, and more. See the full list.

Session condition

A policy clause that depends on what already happened in the current tool session — prior tool usage or how often another policy fired. Enables circuit-breaker patterns.

Tool session

A correlated sequence of MCP calls from one client conversation, identified by the client’s session header where available. Sessions track tools used and per-policy allow/deny counts, expire after 30 minutes of inactivity, and can be reset from the dashboard. See Tool sessions.

Tool tier

Each connector’s tools are grouped as read, write, or destructive. Tiers make bulk policy authoring fast: “forbid the destructive tier” is one click.

Trusted / untrusted agent

The agent’s trust mode. Trusted agents evaluate one agent-wide policy set for all members. Untrusted agents evaluate policies per member — and fail closed: if no per-member policies can be resolved for a request, the call is denied. See Trust model.