MCP Policy #

MCP tools let the agent reach systems outside the core ACP session: Discord APIs, media generation, internal services, search tools, or project-specific automation.

Catalog vs Channel Policy #

The bot separates discovery from permission:

1. MCP server definitions are loaded into a catalog from a Kiro-format MCP settings source.
2. A Discord channel manager explicitly enables a server or selected tools with /mcp manage.
3. The bot injects only the allowed server/tool set into the current channel or thread agent.
4. A policy proxy filters tools/list and blocks unauthorized tools/call requests.

This means adding a server to ~/.kiro/settings/mcp.json or another catalog source does not automatically expose it to every Discord channel or every ACP engine. Kiro and OMP both receive MCP servers only through the bot's policy-controlled ACP injection path.

Built-in Bot Tools #

bot-tools is a built-in MCP server backed by the bot binary. It provides safe access to bot-managed data and controlled egress features such as file sending, cron management, and audit timeline queries.

New channel initialization enables a safe default allowlist. Higher-risk tools such as bot_send_message, bot_delete_cron, and bot_query_audit require deliberate authorization.

See Bot Tools MCP for the exact tool list, defaults, scope rules, and audit prompt behavior.

Discord MCP #

mcp-discord is an optional catalog server that can read messages, list channels, send messages, create threads, and perform other Discord REST operations. Before enabling it broadly, restrict its environment:

MCP_DISCORD_ALLOWED_GUILDS=123456789012345678
MCP_DISCORD_ALLOWED_CHANNELS=234567890123456789,345678901234567890
MCP_DISCORD_READ_ONLY=false
MCP_DISCORD_ALLOWED_WRITE_TOOLS=discord_send_message,discord_reply_message
MCP_DISCORD_ALLOW_DESTRUCTIVE=false

For local multi-bot setups, make sure the catalog command loads the .env for the same bot identity you are testing. A 403 from Discord may mean the MCP server is using a different bot token than the visible Discord bot.

See Discord MCP for the complete tool categories and policy guards. See Media MCP for optional media-generation tools.

URL and SSE Servers with Headers #

URL-based MCP servers are also loaded from the Kiro-format catalog. If a server requires HTTP headers, define them in the catalog entry:

{
  "mcpServers": {
    "ga4": {
      "type": "sse",
      "url": "http://127.0.0.1:8766/sse",
      "headers": {
        "Authorization": "Bearer <token>"
      }
    }
  }
}

The bot preserves these headers only for runtime MCP proxy traffic. /mcp manage scan, channel/thread agent injection, streamable HTTP POST requests, SSE endpoint GET requests, and SSE message POST requests all use the same headers. Catalog records stored by the bot redact header values, so authorization secrets are not persisted in the policy database.

If scan reports a generic transport failure, check the bot logs for the upstream status. A 401 Unauthorized or 403 Forbidden usually means the URL server did not receive the expected header or the token lacks access.

Operational Checks #

• Use /mcp status to see catalog and channel policy status.
• Use /mcp manage to scan tools and adjust allowlists.
• Restart or reset active agents after changing policy so the next session receives the current tool set.
• Use /doctor when Discord permissions or agent readiness are unclear.