salban-mcp-server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@salban-mcp-serverprogram a two-bar arpeggio in C minor with saw waves"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
SAL BAN Monolith Engine - Model Context Protocol (MCP) Server
This is the official Model Context Protocol (MCP) server for the SAL BAN Monolith Engine, a powerful, cutting-edge in-browser synthesizer and groovebox.
This MCP server acts as a local WebSocket bridge, allowing agentic AI coding assistants (such as Claude Desktop, Cursor, or Antigravity) to directly program sequences, tweak synthesizer parameters, load audio samples, and interact with the Monolith Engine in real-time.
ποΈ The Monolith Engine Modules & MCP Integration
While this repository focuses on the secure MCP WebSocket Server, here is a brief overview of the Monolith Engine modules that you can control. You can experience the complete interactive synthesizer live on salban.de.
What makes the MCP Integration so unique?
Traditional music software relies on complex MIDI mappings, local file transfers, or closed scripting languages. The SAL BAN MCP integration breaks these barriers by exposing the entire synth state and sequencer controls as natural language tools to AI models. This allows an AI agent to:
Code complex arpeggios, Goa trance rolling basslines, or syncopated breaks on the fly using standard programming loops.
Programmatically synthesize new raw waveforms in Node.js and load them directly into the browser's audio buffer (e.g., custom drums or sweeps).
Tweak synthesis knobs (cutoff, resonance, LFO speed) dynamically based on natural language commands (e.g., "make it squelchier" or "slow down the tempo").
Core Synthesizer Modules
Related MCP server: Ableton MCP Extended
π Architecture & Data Flow
The integration runs entirely on the user's local machine, establishing a secure loopback connection between the browser, the sandboxed Docker container, and the AI client.
graph TD
subgraph Browser ["Web Browser (User's System)"]
Site["https://salban.de (Monolith Engine)"]
JS["Web Audio API & Sequencer UI"]
end
subgraph local_mcp ["Local Docker Sandbox (USER node)"]
WS["WebSocket Server (port 8080)"]
Verify["Strict verifyClient: Origin Check / Max Conn Limit / Optional Token"]
end
subgraph LLM_Client ["AI Client (e.g. Claude Desktop, Cursor)"]
Agent["LLM Coding Assistant"]
Stdio["Stdio Transport Connection"]
end
%% Data Flow Connections
Site <-->|WS Local Loopback: localhost:8080| Verify
Verify <-->|Secure Channel| WS
WS <-->|JSON-RPC via Stdio| Stdio
Stdio <-->|Tools Interface| Agent
%% Styling
classDef browser fill:#051d36,stroke:#00e5ff,stroke-width:2px,color:#fff;
classDef docker fill:#1f2937,stroke:#00e5ff,stroke-width:2px,color:#fff;
classDef client fill:#111827,stroke:#00e5ff,stroke-width:2px,color:#fff;
class Browser browser;
class local_mcp docker;
class LLM_Client client;π Security & Hardening by Design
Because the MCP server runs locally and connects to a public web interface, it is built with strict security measures to protect end-users:
Docker Sandbox: The server runs inside an unprivileged environment (
USER node) instead of root. Compiled files inside/appare set to read-only (755owned byroot:root) to prevent post-exploitation modification of execution binaries.Strict Origin Validation: The WebSocket server strictly validates HTTP
Originheaders, allowing connections only fromhttps://salban.deand authorized local development hosts (e.g.localhost:3000). All other connection attempts (e.g., malicious background tabs) are rejected immediately with a403 Forbiddenresponse.Connection Rate Limiting: Limits connections to a maximum of 2 concurrent active WebSocket sockets to prevent denial-of-service (DoS) exploits.
Payload Size Restriction: Limits incoming frame sizes strictly to 15MB.
Flexible Token Protection (Pro-Mode):
By default, it operates in a Hybrid No-Token Mode for a frictionless out-of-the-box experience.
For maximum security (e.g. preventing unauthorized local host scripts from accessing the bridge), you can activate Token Pro-Mode by setting the
SALBAN_MCP_TOKENenvironment variable. When set, clients must pass this token during the WebSocket handshake.
βοΈ GDPR (DSGVO) & EU AI Act Compliance
This project is built from the ground up to respect user privacy and comply with European regulatory frameworks.
πͺπΊ GDPR / DSGVO Compliance (Privacy by Design - Art. 25)
No Processing of Personal Data (PII): The MCP server processes only technical telemetry and synthesis variables (tempo, notes, pitches, mute states, envelope parameters). It does not collect, log, or transmit personal data such as names, emails, IPs, or location telemetry.
100% Local Loopback (Art. 32 Security): All communication occurs locally. No audio parameters or command payloads are sent to external servers or third parties.
Strict Necessity (Exemption from Cookie Banner): The local token and configuration details stored in the browser's
localStorageare technically necessary to establish and secure the local loopback WebSocket connection requested by the user, making it fully exempt from prior cookie consent requirements under ePrivacy guidelines.
π€ EU AI Act Compliance
Low-Risk Classification: This application acts as a creative assistant for music generation. It does not fall under the "High-Risk" categories (such as critical infrastructure, education, law enforcement, or biometrics) outlined in Annex III of the EU AI Act.
Transparency Requirement (Art. 52): When using an AI co-producer via this MCP bridge, the user initiates all actions. There is complete transparency that an artificial intelligence model is generating the notes/sequences.
Human-in-the-Loop (HITL): The user remains in complete control. All sequences generated by the AI can be edited, mutated, or muted in real-time via the web interface.
π Installation & Getting Started
1. Build and Run via Docker (Recommended)
Building the container automatically compiles the TypeScript source code in a secure sandboxed multi-stage build.
Step A: Build the Docker Image
docker build -t salban-mcp-server:latest .Step B: Run the Container
Option A: Hybrid No-Token Mode (Frictionless / Default)
Allows instant connection from https://salban.de via automatic origin verification:
docker run -d --name salban-mcp -p 8080:8080 salban-mcp-server:latestOption B: Token Pro-Mode (High Security) Enforces authentication with a custom static token:
docker run -d --name salban-mcp -p 8080:8080 -e SALBAN_MCP_TOKEN=your_secure_password salban-mcp-server:latest(Enter this token once on the salban.de interface when prompted; it will be securely cached in your browser's local storage).
π οΈ Configuring AI Clients (Claude Desktop / Cursor)
To allow your AI assistant to use the MCP tools, add the server to your local Claude Desktop configuration file:
On macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
On Windows: %APPDATA%\Claude\claude_desktop_config.json
Add the following entry (adjusting the paths or command if running via Docker):
Running via Stdio (Native Docker)
{
"mcpServers": {
"salban-monolith": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"salban-mcp-server:latest"
]
}
}
}π‘ Registered MCP Tools
The server exposes 19 rich semantic tools to the AI assistant:
salban_get_preset: Returns the active preset JSON state from the browser client.salban_apply_preset: Sends a complete preset JSON configuration to the browser.salban_tweak_parameter: Tweaks a single nested parameter (e.g.,synthParams.lead.cutoff).salban_load_sample: Injects a Base64-encoded audio sample into a sampler pad (0β7).salban_load_phrase: Loads a Base64-encoded audio loop directly into the central Phrase Sampler.salban_inject_mcp_sample: Programmatically synthesizes standard electronic drum hits (kick, noise click) and injects them.salban_get_sequence: Returns the 16-step sequence for a specific voice.salban_set_pad_sequence: Sets triggers, pitch, reverse, and volume for a sampler pad's 16 steps.salban_set_sampler_sequence: Sets triggers, pitch, reverse, volume, and tie (sustain) for the Phrase Sampler's 16 steps.salban_set_drum_sequence: Sets kick/snare/hat 16-step velocity triggers.salban_set_synth_sequence: Sets note values, ties, and accents for bass/lead sequences.salban_set_voice_params: Sets loop length, speed, and direction.salban_clear_sequence: Silences all 16 steps of a voice.salban_get_parameter_schema: Returns valid tweakable parameters and LFO targets.salban_get_song_sequencer: Returns the active Song Preset Sequencer state (pads, names, repeats, play direction, and auto-chain status).salban_configure_song_pad: Configures a specific pad (0β7), allowing name assignment, repeat count modification, capturing the current live state, or direct preset snapshot uploading.salban_clear_song_pad: Resets and clears a pad slot, removing the assigned preset snapshot.salban_configure_song_sequencer: Updates global song sequencer parameters (toggling Auto-Chain mode and setting play direction like forward, reverse, ping-pong, or random).salban_trigger_song_pad: Triggers or queues playback of a specific pad in the Song Preset Sequencer immediately or at the next loop boundary.
π» Developer Setup
If you want to run the server locally outside of Docker for development:
Install dependencies:
npm installCompile and run:
npm run build node build/index.js
π License & Legal Notice
This project is confidential and protected under a Proprietary Evaluation License. Commercial use, production deployment, modification, or distribution is strictly prohibited without a separate, explicit written agreement from Matthias KΓΆhler (Oszillation Media & AI Ecosystems). Please refer to the LICENSE file for full terms, conditions, and third-party notices.
β οΈ Important: These blueprints provide a security architecture pattern and reference implementation. They are not a substitute for a formal security assessment by a qualified professional. Always conduct a Data Protection Impact Assessment (DPIA) under GDPR Article 35 before deploying AI tooling against personal data in regulated environments. Engage your Data Protection Officer and Information Security team before production use.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/WizardofTryout/salban-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server