Security
AI clients can perform real actions in a QUIQQER installation. Treat every AI connection as an integration with production access.
Account Separation
Create dedicated QUIQQER accounts for AI access.
Do not use:
- personal administrator accounts
- shared team accounts
- root or superuser accounts for normal editing workflows
- one token for multiple unrelated AI clients
Use one account and one token per workflow where possible. This makes access review and token revocation predictable.
Least Privilege
Grant only the permissions required by the workflow.
Examples:
| Workflow | Typical permissions |
|---|---|
| Read content | Core MCP access and read access to the target project/sites. |
| Edit content | Core MCP access and edit access to the target project/sites. |
| Manage media | Core MCP access and media permissions for the target project. |
| Manage bricks | Bricks MCP access and normal Bricks permissions. |
| Clear cache | Core MCP access and quiqqer.core.mcp.clearCache. |
Do not grant cache clearing, delete permissions, package management, or broad administrator access unless the workflow explicitly requires it.
Token Handling
Treat API tokens like passwords:
- Never paste tokens into prompts, chats, issue comments, pull requests, or screenshots.
- Store tokens in a local secret store or environment variable.
- Use different tokens for local machines, servers, and automation jobs.
- Rotate tokens regularly.
- Revoke tokens when access is no longer needed.
- Revoke tokens immediately if they may have been exposed.
Review Model
For write workflows, prefer a review step:
- The AI reads the current state first.
- The AI proposes the intended change.
- A human confirms sensitive changes.
- The AI applies the change.
- The AI reads the result back.
Use this especially for public pages, navigation, media replacement, deleting content, cache clearing, and changes across multiple languages.