QUIQQER Documentation

AI Integration

QUIQQER can expose selected system functionality to AI clients and agents. The recommended integration path is MCP, backed by dedicated QUIQQER user accounts, API tokens, and explicit permissions.

This section explains the architecture, account model, permissions, MCP tools, and security rules for connecting AI clients to a QUIQQER installation.

Integration Model

A typical setup has four parts:

PartPurpose
AI clientThe external tool or agent, for example a desktop AI client, coding agent, or automation runner.
API tokenA token created for one QUIQQER user account. Treat it like a password.
QUIQQER userThe account used by the AI client. Its groups and permissions define what the AI can do.
MCP serverThe quiqqer/ai-mcp package endpoint that exposes tools and resources to the AI client.

Create separate QUIQQER accounts for AI usage. Do not reuse personal admin accounts. Separate accounts make it possible to limit permissions, audit changes, rotate tokens, and disable one integration without affecting other users.

What MCP Provides

MCP is a protocol for exposing tools and resources to AI clients. In QUIQQER, MCP tools are provided by installed packages.

Current examples:

  • quiqqer/ai-mcp provides the MCP server, authentication integration, session resources, and basic server information.
  • quiqqer/core provides core MCP tools for projects, sites, media, and cache handling.
  • quiqqer/bricks provides MCP tools for brick types, bricks, and site brick area assignments.
  • Other packages can add MCP tools through package providers.

Tools are only useful when the authenticated QUIQQER user also has the required permissions. Install the package, create a token, and then grant the smallest set of permissions needed for the AI workflow.

Start with a restricted AI account:

  1. Install quiqqer/ai-mcp.
  2. Create a dedicated QUIQQER user, for example ai-content-editor.
  3. Put the user into a dedicated group for AI access.
  4. Create an API token for that user.
  5. Grant only the required MCP permissions and normal QUIQQER project permissions.
  6. Test read-only tools before enabling write tools.

See Setup and Accounts for the initial setup and Using MCP for the connection model.

Security Baseline

  • Do not paste API tokens into prompts, chats, issue comments, or public logs.
  • Store tokens in a local secret store or environment variable.
  • Use one token per AI client or automation.
  • Rotate tokens when a user changes role, a device is lost, or a workflow is no longer needed.
  • Revoke tokens instead of reusing old credentials.
  • Grant write permissions only when the workflow really needs write access.
  • Review AI-created changes before publishing content.

See Security for operational rules.

Released under GPL-3.0-or-later.

Copyright PCSG - Computer & Internet Service OHG