Omnicord
Omnicord is an MCP server that gives an AI assistant full operational control of a Discord server, covering day-to-day chat, moderation, administration, and server building.
Messaging & Interaction
Send, edit, and delete messages (with embeds, replies, mention control)
Pin/unpin messages, add/remove/clear reactions, see who reacted
Send DMs and webhook messages with custom name/avatar
Create, monitor, and end native Discord polls
Schedule messages for future delivery
Reading & Searching
Read channel history and search messages by content/author
List channels, roles, members, pinned messages, bans, and invites
Get detailed member profiles and a structured server overview
Access audit logs (filtered by action or user)
Resolve any entity name to an ID
Server Structure & Building
Create, update, delete, reorder, and clone channels (text, voice, forum, stage, announcement, category), roles, and categories
Manage permission overwrites and assign roles to members
Plan and execute full server builds from a blueprint (roles, categories, channels, permissions) in one additive operation
Save, diff, and rebuild layouts as blueprints using curated reference layouts
Moderation
Timeout, kick, ban, unban, and bulk ban (up to 200 users) members
Prune inactive members
All destructive actions require a two-step preview + single-use token confirmation
AutoMod
List, create, update, and delete Discord AutoMod rules
Configure keyword filters, Discord-maintained preset lists (slurs, profanity), spam detection, and mention-flood limits
Community & Events
Create, update, cancel, and list scheduled community events and get attendees
Manage threads, forum posts, forum tags, and stages
Manage server invites, welcome screen, and new-member onboarding flow
Expression
Upload, rename, and delete custom emojis, stickers, and soundboard sounds
Webhooks & Integrations
Create, update, delete, list, and post through webhooks
List and remove server integrations (bots, Twitch, YouTube)
Server Settings
Edit server name, description, verification level, AFK settings, system channels, Community features, and widget
Create, sync, and delete server templates
Real-Time Monitoring
Subscribe to live server events (messages, joins/leaves, reactions, bans, voice changes, etc.)
Read buffered events and manage subscriptions
Diagnostics & Setup
Run setup checks with fix instructions, get bot identity/intents/version, and check rate limit status
Safety: All destructive operations require a two-step confirmation (preview + single-use token). Safe mode is enforced server-side, not by the AI.
Full operational control of a Discord server, including messaging, moderation, administration, server building, real-time events, and more.
Omnicord
Omnicord is an MCP server that gives your AI assistant full operational control of a Discord server. Day to day chat, moderation, administration, and at the top end: building out an entire community server from a one paragraph brief.
You describe what you want. Your AI decides how to do it. Omnicord makes sure it happens correctly, and that nothing destructive happens without your say so.
How it works
Your AI client (Claude Desktop, Cursor, Windsurf, Claude Code, or any other MCP client) is the brain. Omnicord is the hands: it talks to Discord through your own bot, enforces Discord's rules before they bite, queues politely behind rate limits, and gates every destructive action behind a preview you confirm. There is no LLM inside Omnicord and no cloud service behind it. Your bot token stays in a file on your machine.
Related MCP server: Eye of Sauron - Discord Bot MCP
Quick start
You need Node 20 or newer and a Discord account. One command:
npx @orygn/omnicord initOr from source:
git clone https://github.com/OrygnsCode/Omnicord.git && cd Omnicord
npm install
npm run build
node dist/index.js initPrefer to watch? Here is the full setup, start to finish:

The wizard goes from a bare Discord application to a working setup in
about a minute. It takes the bot token with input hidden, verifies it
live against Discord, checks the privileged intent toggles and waits
while you fix any that are off, generates an invite link at the
permission level you pick, saves the token locally (a gitignored .env
for a source checkout, or .omnicord/.env in your user folder for an
npx or global install), and writes the omnicord entry into your AI
client's config (backing the file up first). Claude Desktop (including the Microsoft Store build), Cursor,
Windsurf, and project level Claude Code are detected automatically;
anything else gets a snippet to paste.
Then fully restart your AI client and ask it:
run a setup check on my Discord bot
Eight checks, plain English results, and the exact fix for anything that is wrong.
What it can do
Area | Examples |
Server building | Plan and execute a full server build from a brief: roles, categories, channels, permissions, in one additive operation. Save, diff, and rebuild layouts as blueprints. |
Messaging | Send, edit, pin, react, polls, scheduled messages, DMs, webhooks. |
Reading | Channel history, search, members, roles, permissions, audit log. |
Moderation | Timeouts, kicks, bans, bulk actions, prune, all preview first. |
AutoMod | Discord's server side filters: keyword rules, Discord maintained preset lists (slurs, profanity), spam and mention flood limits. |
Real time | Subscribe to live server events and ask "what did I miss?" |
Structure | Channels, categories, permission overwrites, reordering, cloning. |
Community | Events, stages, threads, forums, invites, welcome screen, onboarding. |
Expression | Emojis, stickers, soundboard sounds. |
Diagnostics | Setup check, bot info, rate limit status, permission explainers. |
The full contract for every tool is in the tool catalog.
The safety model
Destructive operations (deleting, banning, kicking, timeouts, bulk actions) never execute on the first call. They return a human readable preview and a confirmation token bound to that exact action; repeating the call with the token executes it. Tokens are single use and expire after two minutes. Moderation additionally preflights Discord's hierarchy rules, owner protection, and self protection before the gate, so the failure mode is an explanation rather than a 403.
This is enforced by Omnicord itself, not by the model's judgment. A confused or compromised AI session cannot skip the gate.
Running it
Stdio, the default, for desktop MCP clients:
node dist/index.jsStreamable HTTP, for remote capable clients and self hosting:
node dist/index.js --http # 127.0.0.1:3414/mcp
node dist/index.js --http --port 8080A bot token sits behind the HTTP endpoint, so the defaults are strict:
binding beyond localhost without OMNICORD_HTTP_TOKEN refuses to start,
bearer auth is compared in constant time, browser origins are rejected
unless allowlisted, and the Host header is validated in loopback mode to
close DNS rebinding. Details in self-hosting.
Docker
A published image is on Docker Hub (orygn/omnicord), or you can build
your own. The image runs the HTTP transport as a non root user with the
container health check wired to the health endpoint. It binds beyond
loopback, so it requires OMNICORD_HTTP_TOKEN and exits with a clear
message without one. The token never lives in the image; everything
arrives through the environment at runtime.
docker run -d -p 3414:3414 \
-e DISCORD_TOKEN=your-bot-token \
-e OMNICORD_HTTP_TOKEN=a-strong-secret \
orygn/omnicordTo build it yourself instead: docker build -t omnicord .. Or with
compose, after exporting the two secrets: docker compose up -d.
Configuration
Environment variables, or a .env file (the wizard writes one for you;
source checkouts use .env next to package.json, npx and global
installs use .omnicord/.env in your user folder):
Variable | What it does |
| The bot token. Required for anything real; the server boots without it and the diagnostics explain what to fix. |
| Optional default server ID so tools can omit the guild parameter. |
| Default on. Destructive tools preview first and require a confirm token; set to |
| Default on when a token is set: the bot shows as online and real time event subscriptions work. Set to |
| Where saved blueprints and scheduled messages live. Default: |
| HTTP port, default 3414. |
| HTTP bind address, default |
| Bearer token for HTTP mode. Required to bind beyond localhost. |
| Comma separated browser origins allowed to call the HTTP endpoint. Empty means none. |
Client config for stdio (Claude Desktop and compatible):
{
"mcpServers": {
"omnicord": {
"command": "node",
"args": ["/absolute/path/to/dist/index.js"]
}
}
}No token goes in the client config. The server finds .env no matter
where the client spawns it from: it checks the current directory, then
the package root, then .omnicord in your user folder, and a real
environment variable overrides all of them.
Documentation
Doc | What is in it |
Setup in a few minutes, wizard or by hand. | |
Exact config for Claude Desktop, Claude Code, Cursor, Windsurf, ChatGPT, and anything else. | |
HTTP transport, Docker, and the security model for networked deployments. | |
Common problems and their fixes. | |
Plain language: what Omnicord can and cannot touch, for whoever decides whether to install it. | |
The engineering level threat model and audit findings. | |
The full contract of all 148 tools. |
The docs are written to be read by AI assistants too: paste a page at your AI and have it walk you through.
Omnicord is also listed on the official MCP registry, Smithery, and Docker Hub.
Tests
node scripts/unit.mjs # pure logic: resolver, permissions, planner, gate
node scripts/smoke.mjs # stdio protocol session, no token needed
node scripts/smoke-http.mjs # HTTP transport, sessions, auth, security gates
node scripts/acceptance.mjs # live end-to-end against a real test serverThe acceptance suite needs DISCORD_TOKEN and OMNICORD_GUILD pointing
at a disposable test server, and cleans up after itself.
scripts/smoke-docker.mjs builds and verifies the container image and
needs a running Docker daemon.
License
Omnicord is source available under the Elastic License 2.0. In plain terms: anyone may read, use, modify, and self host it freely, including businesses running their own communities. The one thing the license forbids is offering Omnicord to third parties as a hosted or managed service. The code is public so it can be audited; it is not up for resale as a service.
Versioning
Semantic versioning, tracked in CHANGELOG.md. 1.0.0
marked the public launch; releases since follow semver, and the npm
badge above shows the current version. The version in package.json
flows everywhere automatically: the MCP server identity, the health
endpoint, and the wizard.
Built by Orygn LLC. Security reports: security@orygn.tech.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/OrygnsCode/Omnicord'
If you have feedback or need assistance with the MCP directory API, please join our Discord server