guildbridge

GuildBridge is a remotely hosted Model Context Protocol (MCP) server for Discord, intended to let MCP clients authenticate and then access Discord guilds/channels/messages (list/search/read/send/reply) with server-side permission-aware access control. It is designed to run on Cloudflare Workers and can use Discord OAuth2 plus Cloudflare Zero Trust for protecting the admin allowlist.

Evaluated Mar 30, 2026 (21d ago)
Repo ↗ Communication ai agents automation discord mcp model-context-protocol cloudflare-workers oauth2 rbac security typescript
⚙ Agent Friendliness
57
/ 100
Can an agent use this?
🔒 Security
76
/ 100
Is it safe for agents?
⚡ Reliability
28
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
72
Error Messages
0
Auth Simplicity
55
Rate Limits
20

🔒 Security

TLS Enforcement
90
Auth Strength
85
Scope Granularity
70
Dep. Hygiene
45
Secret Handling
80

Strengths: uses Discord OAuth2 for user identity and server-side permission checks; bot token is server-side only; user OAuth token is carried by an encrypted MCP token returned to the client; admin is gated by Cloudflare Zero Trust; uses CSRF cookie and Cloudflare KV state binding during OAuth. Potential concerns: rate limiting and explicit throttling/error semantics are not documented; dependency list includes libraries but no vulnerability/lockfile/CVE posture is provided here; allowlist logic explicitly states empty allowlist permits authentication by anyone, which can be risky if not configured immediately after deployment.

⚡ Reliability

Uptime/SLA
20
Version Stability
30
Breaking Changes
25
Error Recovery
35
AF Security Reliability

Best When

You want agents to operate inside Discord with explicit OAuth-based identity verification and guild/channel permission checks, deployed on Cloudflare Workers.

Avoid When

You need an SDK/REST-style interface or a standardized HTTP API beyond MCP, or you require a clearly documented SLAs/rate limits/retry semantics at the MCP tool layer.

Use Cases

  • Connect MCP-capable AI agents to Discord to read and search messages across permitted guilds/channels
  • Allow controlled message posting and replying from AI agents in existing Discord conversations
  • Provide a permission-aware bridge between MCP clients and Discord where contributors coordinate in Discord
  • Administer an allowlist of Discord users who can authenticate to the MCP server (via /admin)

Not For

  • Unauthenticated public Discord message access
  • Use cases requiring data export guarantees beyond what’s documented (e.g., regulated archival, strict retention policies)
  • High-reliability transactional message processing without retries/idempotency considerations

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: OAuth2 (Discord OAuth2 login) Cloudflare Zero Trust (admin panel gating) MCP bearer token carrying encrypted user OAuth token
OAuth: Yes Scopes: Yes

Authentication flow described: MCP client connects to /mcp, authenticates via Discord OAuth2, and receives an MCP access token that contains/enables decryption of the user OAuth token for guild membership verification. Admin panel access uses Cloudflare Zero Trust. Tool authorization includes guild membership and channel visibility/permissions checks.

Pricing

Free tier: No
Requires CC: No

No pricing for the project itself is described; it relies on Cloudflare Workers/Zero Trust/DB primitives. Free tier is mentioned as sufficient for Cloudflare for prerequisites, but tool usage costs are not quantified.

Agent Metadata

Pagination
page/limit style (read_messages described as 'with pagination'; exact cursor/format not specified in README)
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • OAuth/permission enforcement: the MCP client must complete Discord OAuth2 and be allowed via the allowlist (/admin).
  • Message/search content intent: enabling Message Content Intent is required for full message content in search results.
  • Empty allowlist behavior: described as 'anyone can authenticate until you add the first user'—agents using the service should assume access may expand if allowlist isn’t configured.
  • Pagination details not fully specified in README—agents may need to probe tool responses to find the exact pagination mechanism/cursor.
  • Token handling model: the client receives an MCP token containing encrypted user OAuth token; agents should not assume server stores user tokens server-side.

Alternatives

Build a direct Discord bot/agent integration (custom code) with MCP or tool wrappers Use a different MCP Discord integration project (if available) Use Discord API via your own backend and expose tools through your own MCP server Create a lightweight proxy service around Discord REST APIs with OAuth-based gating

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for guildbridge.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered