# discord-ops > Agency-grade Discord MCP server — multi-guild project routing, AI-native notifications, and DevOps workflows for Claude Code and other AI agents - **URL**: https://www.freshcrate.ai/projects/discord-ops - **Author**: bookedsolidtech - **Category**: MCP Servers - **Latest version**: `v0.23.3` (2026-05-20) - **License**: MIT - **Source**: https://github.com/bookedsolidtech/discord-ops - **Language**: TypeScript - **GitHub**: 2 stars, 1 forks - **Registry**: github - **Tags**: `ai`, `ai-agents`, `anthropic`, `automation`, `chatops`, `claude`, `claude-code`, `devops`, `mcp-server`, `typescript` ## Description Agency-grade Discord MCP server — multi-guild project routing, AI-native notifications, and DevOps workflows for Claude Code and other AI agents ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v0.23.3` | 2026-05-20 | High | ### Patch Changes - 4faf83d: fix(release): pin npm to 11.5.1 for OIDC trusted-publishing auth The previous corepack-based install activated npm 10.9.7 (corepack's `npm@latest` alias is stale), which supports `--provenance` for sigstore attestation but lacks native trusted-publishing OIDC auth. The publish PUT to the registry therefore went out unauthenticated and was rejected with a misleading E404. Pinning to npm 11.5.1 ensures both provenance signing and TP auth fun | | `v0.23.0` | 2026-04-11 | High | ### Minor Changes - bbc870b: Multi-bot architecture: bot personas, per-channel bot assignment, and per-project tool profile enforcement. **Bot personas:** Named bots with identity metadata (`name`, `role`, `description`) configured in a top-level `bots` section. Each bot references a `token_env` and can have a `default_profile` restricting which tools it can use. **Channel-level bot assignment:** Channels accept `{ "id": "...", "bot": "bot-name" }` to override which bot operates in | | `v0.22.0` | 2026-04-11 | High | ### Minor Changes - a7f7218: Engineering audit remediation: 32 findings fixed across 5 epics. **Breaking:** `get_messages` now returns full embed and attachment objects instead of counts. `embeds` changes from `number` to `array`, `attachments` from `number` to `array`. Update consumers checking `embeds > 0` to `embeds.length > 0`. **New tools:** `send_template`, `list_templates`, `pin_message`, `unpin_message`, `notify_owners`, `get_invites` (42 → 48 tools). **CLI:** `setup`, | | `v0.21.2` | 2026-04-11 | Medium | ### Patch Changes - 58be846: Enforce `snowflakeId` schema on all Snowflake ID parameters (`channel_id`, `guild_id`, `author_id`) in `search_messages` and `send_embed` tools. Previously these used bare `z.string()` which lacked the `^\d{17,20}$` pattern validation, causing callers that pass 19-digit integer IDs to hit type coercion errors. | | `v0.21.1` | 2026-04-06 | Medium | ### Patch Changes - e34f143: Add messaging, channels, and webhooks tool profiles; consolidate duplicate filterTools implementation; improve HTTP transport branch coverage (70.45% → 88.88%) | | `v0.21.0` | 2026-04-06 | Medium | ### Minor Changes - b1d687e: Add `discord-ops init` CLI subcommand for non-interactive scaffolding of per-project `.discord-ops.json` config files. Accepts `--project`, `--guild-id`, `--token-env`, `--channel`, `--force`, and `--default` flags. Runs without a Discord connection. - b1d687e: Add `max_pages` parameter to `search_messages` (1–5, default 1). When set above 1, the tool paginates through results using the `before` cursor and returns up to `max_pages × 100` messages. Response now i | | `v0.20.2` | 2026-04-03 | Medium | ### Patch Changes - 09596d6: Fix port range validation, rate-limiter stats aggregation, and invite channel consistency - **CLI**: `--port` now rejects out-of-range values (negative, zero, >65535) with a clear message; previously only `NaN` and falsy values were caught - **RateLimiter.stats()**: returns the max-used bucket instead of the sum across all buckets, making `used/limit` a meaningful per-bucket pressure ratio rather than a misleading aggregate - **create_invite**: s | | `v0.20.1` | 2026-04-03 | Medium | ### Patch Changes - 5f65f23: Security hardening and type safety improvements (v0.20.0 audit follow-up) **SSRF protection (og-fetch)** - Block HTTP redirect following — `redirect: "manual"` prevents redirects to private IPs - Full `127.0.0.0/8` loopback range blocked (was only `127.0.0.1`) - IPv4-mapped IPv6 addresses (`::ffff:x.x.x.x`) now blocked, handling both dotted-decimal and hex-normalized URL parser forms - OG regex patterns pre-compiled at module load ins | | `v0.20.0` | 2026-04-03 | Medium | ### Minor Changes - 02f55c7: Security hardening and structural cleanup (v0.20.0) **Security fixes:** - H-1: Add `requiresGuild: true` to `delete_channel`, `edit_channel`, `set_slowmode`, `set_permissions`, `purge_messages`, and `create_invite` — enables permission pre-flight checks for channel-targeting tools - H-1: Extend server permission pre-check to resolve guild from `channel_id` (not just `guild_id`) so channel tools also get bot-permission enforcement - H-2: Rem | | `v0.19.0` | 2026-04-03 | Medium | ### Minor Changes - f9c9bd0: Comprehensive security, type safety, and correctness audit fixes (5-specialist review) **Security** - Fix shell injection in release workflow: use `execFileSync` argv array instead of shell string interpolation for Discord notification step - Remove unused `id-token: write` permission from release workflow - Guard `PUBLISHED_PACKAGES` JSON parse in CI notify script to prevent spurious workflow failures - Inline `DISCORD_OPS_CONFIG` JS | ## Citation - HTML: https://www.freshcrate.ai/projects/discord-ops - Markdown: https://www.freshcrate.ai/projects/discord-ops.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/discord-ops/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._