Discourse MCP
A Model Context Protocol (MCP) stdio server that exposes Discourse forum capabilities as tools and resources for AI agents.
- Entry point:
src/index.ts→ compiled todist/index.js(binary name:discourse-mcp) - SDK:
@modelcontextprotocol/sdk - Node: >= 24
- Version: 0.2.4 (0.2.x has breaking changes from 0.1.x - JSON-only output, resources replace list tools)
Quick start (release)
- Run (read‑only, recommended to start)
npx -y @discourse/mcp@latestThen, in your MCP client, either:
-
Call the
discourse_select_sitetool with{ "site": "https://try.discourse.org" }to choose a site, or -
Start the server tethered to a site using
--site https://try.discourse.org(in which casediscourse_select_siteis hidden). -
Enable writes (opt‑in, safe‑guarded)
npx -y @discourse/mcp@latest --allow_writes --read_only=false --auth_pairs '[{"site":"https://try.discourse.org","api_key":"'$DISCOURSE_API_KEY'","api_username":"system"}]'- Use in an MCP client (example: Claude Desktop) — via npx
{
"mcpServers": {
"discourse": {
"command": "npx",
"args": ["-y", "@discourse/mcp@latest"],
"env": {}
}
}
}Alternative: if you prefer a global binary after install, the package exposes
discourse-mcp.{ "mcpServers": { "discourse": { "command": "discourse-mcp", "args": [] } } }
Configuration
The server registers tools under the MCP server name @discourse/mcp. Choose a target Discourse site either by:
-
Using the
discourse_select_sitetool at runtime (validates via/about.json), or -
Supplying
--site <url>to tether the server to a single site at startup (validates via/about.jsonand hidesdiscourse_select_site). -
Auth
- None by default.
- Admin API Keys (require admin permissions):
--auth_pairs '[{"site":"https://example.com","api_key":"...","api_username":"system"}]' - User API Keys (any user can generate):
--auth_pairs '[{"site":"https://example.com","user_api_key":"...","user_api_client_id":"..."}]' - HTTP Basic Auth (for sites behind a reverse proxy): Add
http_basic_userandhttp_basic_passto anyauth_pairsentry. This is useful for Discourse sites protected by HTTP Basic Authentication at the reverse proxy level. - You can include multiple entries in
auth_pairs; the matching entry is used for the selected site. If bothuser_api_keyandapi_keyare provided for the same site,user_api_keytakes precedence.
-
Write safety
- Writes are disabled by default.
- Write tools (
discourse_create_post,discourse_create_topic,discourse_create_category,discourse_update_topic,discourse_create_user,discourse_update_user,discourse_upload_file,discourse_save_draft,discourse_delete_draft) are only registered when--allow_writesAND not--read_only. - Write tools require a matching
auth_pairsentry for the selected site; otherwise they return an error. - A ~1 req/sec rate limit is enforced for write actions.
-
Flags & defaults
--read_only(default: true)--allow_writes(default: false)--timeout_ms <number>(default: 15000)--concurrency <number>(default: 4)--log_level <silent|error|info|debug>(default: info)debug: Shows all HTTP requests, responses, and detailed error informationinfo: Shows retry attempts and general operational messageserror: Shows only errorssilent: No logging output
--show_emails(default: false). includes emails in user tools. Requires admin access--tools_mode <auto|discourse_api_only|tool_exec_api>(default: auto)--site <url>: Tether MCP to a single site and hidediscourse_select_site.--default-search <prefix>: Unconditionally prefix every search query (e.g.,tag:ai order:latest).--max-read-length <number>: Maximum characters returned for post content (default 50000). Applies todiscourse_read_postand per-post content indiscourse_read_topic. The tools preferrawcontent by requestinginclude_raw=true.--allowed_upload_paths <paths>: Comma-separated list or JSON array of directories allowed for local file uploads. Required to enable local file uploads indiscourse_upload_file. Example:--allowed_upload_paths "/home/user/images,/tmp/uploads"or--allowed_upload_paths '["/home/user/images"]'--transport <stdio|http>(default: stdio): Transport type. Usestdiofor standard input/output (default), orhttpfor Streamable HTTP transport (stateless mode with JSON responses).--port <number>(default: 3000): Port to listen on when using HTTP transport.--cache_dir <path>(reserved)--profile <path.json>(see below)
-
Profile file (keep secrets off the command line)
{
"auth_pairs": [
{
"site": "https://try.discourse.org",
"api_key": "<redacted>",
"api_username": "system"
},
{
"site": "https://example.com",
"user_api_key": "<user_api_key>",
"user_api_client_id": "<client_id>"
},
{
"site": "https://protected.example.com",
"api_key": "<redacted>",
"api_username": "system",
"http_basic_user": "username",
"http_basic_pass": "password"
}
],
"read_only": false,
"allow_writes": true,
"show_emails": true,
"log_level": "info",
"tools_mode": "auto",
"site": "https://try.discourse.org",
"default_search": "tag:ai order:latest",
"max_read_length": 50000,
"transport": "stdio",
"port": 3000,
"allowed_upload_paths": ["/home/user/images", "/tmp/uploads"]
}Run with:
node dist/index.js --profile /absolute/path/to/profile.jsonFlags still override values from the profile.
-
Remote Tool Execution API (optional)
- With
tools_mode=auto(default) ortool_exec_api, the server discovers remote tools via GET/ai/toolsafter you select a site (or immediately at startup if--siteis provided) and registers them dynamically. Set--tools_mode=discourse_api_onlyto disable remote tool discovery.
- With
-
Networking & resilience
- Retries on 429/5xx with backoff (3 attempts).
- Lightweight in‑memory GET cache for selected endpoints.
-
Privacy
- Secrets are redacted in logs. Errors are returned as human‑readable messages to MCP clients.
MCP Resources
Resources provide static/semi-static read-only data via URI addressing. Use these instead of tools for listing operations.
-
discourse://site/categories
- List all categories with hierarchy and permissions
- Output:
{ categories: [{id, name, slug, pid, read_restricted, topic_count, post_count, perms}], meta: {total} } permsis array of{gid, perm}where perm: 1=full, 2=create_post, 3=readonly- Note:
permsis only populated with admin/moderator auth. Without admin auth, onlyread_restrictedboolean is available.
-
discourse://site/tags
- List all tags with usage counts
- Output:
{ tags: [{id, name, count}], meta: {total} }
-
discourse://site/groups
- List all groups with visibility, interaction levels, and access settings
- Output:
{ groups: [{id, name, automatic, user_count, vis, members_vis, mention, msg, public_admission, public_exit, allow_membership_requests}], meta: {total} } - Levels (0-4): 0=public, 1=logged_on_users, 2=members, 3=staff, 4=owners
- Use case: Resolve
gidvalues from category permissions to group names, replicate group settings during migrations
-
discourse://chat/channels
- List all public chat channels
- Output:
{ channels: [{id, title, slug, status, members_count, description}], meta: {total} }
-
discourse://user/chat-channels
- List user's chat channels (public + DMs) with unread/mention counts
- Output:
{ public_channels: [...], dm_channels: [...], meta: {total} } - Requires authentication
-
discourse://user/drafts
- List user's drafts
- Output:
{ drafts: [{draft_key, sequence, title, category_id, created_at, reply_preview}], meta: {total} } - Requires authentication
Tools
Built‑in tools (always present unless noted). All tools return strict JSON (no Markdown).
discourse_search- Input:
{ query: string; max_results?: number (1–50, default 10) } - Output:
{ results: [{id, slug, title}], meta: {total, has_more} }
- Input:
discourse_read_topic- Input:
{ topic_id: number; post_limit?: number (1–50, default 5); start_post_number?: number } - Output:
{ id, title, slug, category_id, tags, posts_count, posts: [{id, post_number, username, created_at, raw}], meta }
- Input:
discourse_read_post- Input:
{ post_id: number } - Output:
{ id, topic_id, topic_slug, post_number, username, created_at, raw, truncated }
- Input:
discourse_get_user- Input:
{ username: string } - Output:
{ id, username, name, trust_level, created_at, bio, admin, moderator }
- Input:
discourse_list_user_posts- Input:
{ username: string; page?: number (0-based); limit?: number (1–50, default 30) } - Output:
{ posts: [{id, topic_id, post_number, slug, title, created_at, excerpt, category_id}], meta: {page, limit, has_more} }
- Input:
discourse_filter_topics- Input:
{ filter: string; page?: number; per_page?: number (1–50) } - Output:
{ results: [{id, slug, title}], meta: {page, limit, has_more} } - Query language (succinct): key:value tokens separated by spaces; category/categories (comma = OR,
=category= without subcats,-prefix = exclude); tag/tags (comma = OR,+= AND) and tag_group; status:(open|closed|archived|listed|unlisted|public); personalin:(bookmarked|watching|tracking|muted|pinned); dates: created/activity/latest-post-(before|after) withYYYY-MM-DDor relative daysN; numeric: likes[-op]-(min|max), posts-(min|max), posters-(min|max), views-(min|max); order: activity|created|latest-post|likes|likes-op|posters|title|views|category with optional-asc; free text terms are matched.
- Input:
discourse_get_chat_messages- Input:
{ channel_id: number; page_size?: number (1–50, default 50); target_message_id?: number; direction?: "past" | "future"; target_date?: string (ISO 8601) } - Output:
{ channel_id, messages: [{id, username, created_at, message, edited, thread_id, in_reply_to_id}], meta }
- Input:
discourse_get_draft- Input:
{ draft_key: string; sequence?: number } - Output:
{ draft_key, sequence, found, data: {title, reply, category_id, tags, action} }
- Input:
discourse_save_draft(only when writes enabled; see Write safety)- Input:
{ draft_key: string; reply: string; title?: string; category_id?: number; tags?: string[]; sequence?: number (default 0); action?: "createTopic" | "reply" | "edit" | "privateMessage" } - Output:
{ draft_key, sequence, saved }
- Input:
discourse_delete_draft(only when writes enabled; see Write safety)- Input:
{ draft_key: string; sequence: number } - Output:
{ draft_key, deleted }
- Input:
discourse_create_post(only when writes enabled; see Write safety)- Input:
{ topic_id: number; raw: string (<= 30k chars); author_username?: string } - Output:
{ id, topic_id, post_number }
- Input:
discourse_create_topic(only when writes enabled; see Write safety)- Input:
{ title: string; raw: string (<= 30k chars); category_id?: number; tags?: string[]; author_username?: string } - Output:
{ id, topic_id, slug, title }
- Input:
discourse_update_topic(only when writes enabled; see Write safety)- Input:
{ topic_id: number; title?: string; category_id?: number; tags?: string[]; featured_link?: string; original_title?: string; original_tags?: string[] } - Output:
{ success, topic_id, updated_fields, topic: {id, title, slug, category_id, tags, featured_link} }
- Input:
discourse_list_users(requires admin API key)- Input: `{ query?: "active"|"new"|"staff"|"suspended"|"silenced"|"pending"|"staged"; filter?: string; order?: "created"|"last_emailed"|"seen
…