Omnicord is a Model Context Protocol server that runs your Discord server through your own bot. Day-to-day chat, moderation, and administration, all the way up to building an entire community server from a one-paragraph brief. You describe what you want, your AI decides how, and Omnicord makes sure nothing destructive happens without your confirmation.
What it can do
Omnicord turns the Discord REST API and gateway into a tool surface an AI client can drive directly. It enforces Discord's rules before they bite, queues politely behind rate limits, and returns results your AI can read and act on.
Describe the community you want and Omnicord plans and executes the build: roles, categories, channels, and permissions in one additive operation. Save a layout as a blueprint, diff it against a live server, and rebuild it anywhere.
Send, edit, pin, react, run polls, schedule messages, post through webhooks, and DM members. Read channel history, search, members, roles, permissions, and the audit log so your AI can answer what happened and act on it.
Timeouts, kicks, bans, prune, and bulk cleanup, each with a preview before anything runs. Configure Discord's server-side AutoMod, including its maintained slur and profanity preset lists, plus spam and mention-flood limits.
Events, stages, threads, forums, invites, welcome screen, and onboarding. Manage channels, categories, permission overwrites, reordering, and cloning. Add emojis, stickers, and soundboard sounds.
Subscribe to live server events and ask what is happening right now, or what you missed while you were away. Omnicord watches the gateway so your AI does not have to poll for changes.
A setup check runs eight plain-English checks against your bot and tells you the exact fix for anything wrong. Bot info, rate-limit status, and permission explainers round it out.
The safety model
Giving an AI control of a live server is only sensible if the dangerous actions are gated by something other than the model's judgment. In Omnicord, that gate is the server itself.
Deleting, banning, kicking, timeouts, and bulk actions never execute on the first call. The tool returns a human-readable preview and a single-use token bound to that exact action. The token expires after two minutes. Repeating the call with the token runs it. This is enforced by Omnicord, so a confused or compromised AI session cannot skip it.
Before any punitive action, Omnicord preflights Discord's role hierarchy, owner protection, and self protection. The bot cannot act above its station or against the owner or itself, and the failure mode is a clear explanation rather than a raw 403.
There is no LLM inside Omnicord and no service behind it. The AI is your own client and the bot token stays in a local file. Nothing is uploaded anywhere and there is no Omnicord account. Omnicord controls a bot, not your user account, so it can never act as you or read your DMs.
The HTTP transport uses bearer auth compared in constant time, rejects browser origins unless allowlisted, validates the Host header to close DNS rebinding, and refuses to start if bound beyond localhost without a token. The Docker image runs as a non-root user. A security self-audit mapped to the OWASP MCP Top 10 is published in the repository.
Install
The setup wizard validates every step against Discord as you go, so you do not have to read a manual to get it right. You need a Discord account, a bot you create in the Developer Portal, and Node 20 or newer.
Run npx @orygn/omnicord init. The wizard takes the bot token with input hidden, verifies it live against Discord, checks the privileged intents and waits while you fix any that are off, generates an invite link at the permission level you pick, and writes the config into your AI client (backing up the file first). Claude Desktop, Claude Code, Cursor, and Windsurf are detected automatically.
Clone the repository, run npm install and npm run build, then node dist/index.js init. The stdio transport is the default for desktop MCP clients that spawn a local process.
The image runs the HTTP transport as a non-root user with the container health check wired to the health endpoint. It binds beyond loopback, so it requires OMNICORD_HTTP_TOKEN and exits with a clear message without one. The token arrives through the environment at runtime and is never baked into the image.
Run the Streamable HTTP transport for remote-capable clients and self-hosting. This is also the path for ChatGPT, which supports remote MCP servers only, so it connects to Omnicord through a self-hosted HTTPS endpoint rather than the local flow.
Distribution
Omnicord is available everywhere people look for MCP servers. It scored an A grade across the board on Glama and is listed in the official MCP Registry.
Built with
The server talks to Discord over REST and the gateway, queues behind rate limits, and reserves stdout for the MCP protocol. CI runs the build, unit logic, and both protocol smoke suites on Linux, Windows, and macOS across Node 20, 22, and 24.
FAQ
Built by Orygn
Orygn builds custom software, security tooling, and infrastructure-level systems for teams that need them production-grade from day one. Omnicord came out of the same kind of work, applied to the job of letting an AI assistant run real systems safely.
Work with Orygn