Pantheon-Security/notebooklm-mcp-secure

Бесплатно

Security-hardened NotebookLM MCP with post-quantum encryption (ML-KEM-768), GDPR/SOC2/CSSF compliance, and 14 security layers. Query Google's Gemini-grounded re

автор: Pantheon-Security

GitHub

Описание

Security-hardened NotebookLM MCP with post-quantum encryption (ML-KEM-768), GDPR/SOC2/CSSF compliance, and 14 security layers. Query Google's Gemini-grounded research from Claude and AI agents.

README

NotebookLM MCP Server (Security Hardened)

🏆 The World's Most Advanced NotebookLM MCP Server

Zero-hallucination answers • Gemini Deep Research • 17 Security Layers • Enterprise Compliance

npm CalVer TypeScript MCP Platform Security Post-Quantum Gemini Documents Notebooks Compliance Tests

What's New 2026 • Deep Research • Document API • Create Notebooks • Security • Install

The only NotebookLM MCP with enterprise-grade security, post-quantum encryption, and full Gemini API integration.

Security-hardened fork of PleasePrompto/notebooklm-mcp • Maintained by Pantheon Security

⚡ TL;DR — What You Get

🔍 Query your NotebookLM notebooks — source-grounded, zero-hallucination answers
📚 Create & manage notebooks programmatically — no manual clicking
🎙️ Generate audio overviews — podcast-style summaries of your docs
🎬 Generate video overviews — AI video summaries with 10 visual styles NEW
📊 Extract data tables — structured JSON from notebook sources NEW
🔬 Gemini 3 + Deep Research — latest models with thinking control (optional API) NEW
📄 Document API — upload & query PDFs without browser (optional API)
🔐 17 security layers — post-quantum encryption, audit logs, secrets scanning
✅ Compliance-ready architecture — built to GDPR, SOC2, and CSSF standards (controls implemented; formal certification requires third-party audit)
💡 No API key required — core features work with just browser auth

🚀 What's New in 2026

Latest: v2026.3.1 — All 334 audit issues resolved. 631 tests. Full MCP protocol compliance.

Version	Highlights
v2026.3.1	Security Audit Complete — All 334 issues from the independent audit resolved. Tests: 609 → 631. Code quality: URL resolution deduplicated, handler extraction, non-null assertions eliminated. Test gaps closed: `validateNotebookId`, error body shape, `delete_document` confirm guard, sanitized throws, log rotation, rate-limiter memory bound, range clamping.
v2026.3.0	The Security Audit Release — Four parallel AI code reviews (security, protocol, architecture, testing) against 334 issues. All highs and mediums resolved. Tests: 139 → 609 across 50 files (4.4×). Full MCP protocol compliance: structuredContent, isError, transport tags. Schema bounds on all 48 tools. Annotation correctness. Webhook SSRF fix. Audit log integrity (hash chain, concurrent write lock, rotation continuity). Per-page mutex. HandlerContext DI. Cert pinning retracted (claims aligned with implementation).
v2026.2.10	The Hardening Release — 3 new security layers (14→17): secure-by-default auth, exponential backoff lockout, credential isolation. Architecture overhaul: 3,611-line handler split into 9 domain modules, tool registry pattern. Gemini API retry with backoff. Multi-stage Docker build. Token CLI (`token show/rotate`). 168 tests.
v2026.2.9	`performSetup` no longer wipes credentials before Chrome opens — prevents auth destruction on failed launch
v2026.2.8	`cleanup_data` never deletes auth dirs (`browser_state/`, `chrome_profile/`) — auth survives all cleanup paths
v2026.2.7	Block headless `setup_auth` calls; robust `auth-now.mjs` standalone script with Chrome profile lock handling
v2026.2.6	New `add_folder` tool for bulk PDF/file uploads; improved tier detection for NotebookLM Plus
v2026.2.5	Fix `show_browser` silently ignored in `setup_auth` — browser now reliably opens for auth
v2026.2.4	Auth stability: 7-day state expiry, `touchStateFile` on validation, block headless `re_auth`
v2026.2.3	Studio Panel tools restored: Video Overview, Data Table generation re-enabled
v2026.2.1	Standard profile expanded: 14 → 33 tools — notebook creation, audio, source management now visible by default
v2026.2.0	Gemini 3 models (2.5 retiring March 31), Video Overviews, Data Tables, thinking level, structured JSON, SDK 1.41
v2026.1.12	Security hardening: constant-time auth, command injection fix, memory leak fixes, MCP SDK 1.26.0
v2026.1.11	Notebook sync extraction for new Angular UI, `NOTEBOOKLM_NO_GEMINI` env var
v2026.1.10	Tool description clarity for multi-LLM compatibility
v2026.1.9	Documentation & UX improvements, npm audit fix
v2026.1.8	Major dependency updates (zod 4.x, dotenv 17.x, post-quantum 0.5.4)
v2026.1.7	MCP Protocol UX: tool icons, human-friendly titles, behavior annotations
v2026.1.4	Defense-in-depth path validation, security hardening
v2026.1.1	Deep health checks, chat history extraction, context management

# Quick install
claude mcp add notebooklm -- npx @pan-sec/notebooklm-mcp@latest

Why Choose This MCP?

Capability	Other MCPs	This MCP
Query NotebookLM	✅ Basic	✅ + session management, quotas
Create notebooks programmatically	❌	✅ UNIQUE
Gemini Deep Research	❌	✅ EXCLUSIVE
Document API (no browser)	❌	✅ EXCLUSIVE
Post-quantum encryption	❌	✅ Hybrid PQ at-rest
Enterprise compliance	❌	✅ GDPR/SOC2/CSSF-ready
Video Overview generation	❌	✅ NEW
Data Table extraction	❌	✅ NEW
Chat history extraction	❌	✅
Deep health verification	❌	✅

🔬 Security Audit 2026 — What We Found and Fixed

In April 2026, we commissioned a parallel deep-audit of v2026.2.11 (main @ 2973097) using four specialised AI code reviewers, each focused on a different attack surface: security vulnerabilities, protocol correctness, architecture quality, and testing gaps and edge cases. The four reviewers operated independently so their findings wouldn't influence each other. Together they produced a 334-item master issue list covering protocol correctness, security vulnerabilities, architecture flaws, test gaps, and documentation accuracy. All 334 issues are resolved across v2026.3.0 and v2026.3.1.

Audit by the Numbers

Metric	Before (v2026.2.11)	After (v2026.3.1)
Tests	139	631 across 50 files
Test suites	~6	50
TypeScript errors (`tsc --noEmit`)	0	0 (maintained)
npm audit vulnerabilities	0	0 (maintained)
MCP protocol compliance	Partial	Full (structuredContent, isError, transport tags)
Audit log integrity	Basic	Hash-chain verified on read
Concurrent write safety	❌	✅ Write-locked
Webhook SSRF	❌	✅ Blocked

What the Four Reviewers Found

Security reviewer: Identified the forceAuth bypass in validateToken() allowing unauthenticated access to filesystem tools; webhook SSRF via unvalidated delivery targets; audit log hash chain not verified on read; concurrent audit writes interleaving entries; auth token salt not persisted (tokens invalidated on restart).

Protocol reviewer: Found 38 tools returning incorrect response shapes (missing structuredContent, wrong isError semantics, transport tags leaking into content); all 48 tools had incorrect or missing readOnlyHint/idempotentHint/destructiveHint annotations; 9 tool schemas lacked numeric bounds, enabling out-of-range inputs.

Architecture reviewer: Flagged the 3,611-line handlers.ts as a maintenance liability; singleton imports throughout domain functions preventing unit testing; the 500-line switch/case dispatch adding O(n) overhead and making tool registration error-prone.

Testing & edge-case reviewer: Found test suite at 139 tests with minimal coverage of security-critical modules; mcp-auth.ts at near-zero coverage; no tests for prompt injection patterns, audit log tampering, or concurrent browser session state; the DSAR handler had an undetected race condition.

Key Fixes

17 security vulnerabilities addressed (auth bypass, SSRF, audit integrity, race conditions, selector injection vectors)
MCP protocol fully compliant — all 48 tools return correct structuredContent/isError shapes; annotations accurate; schema bounds enforced
Architecture decomposed — handlers.ts split into 9 domain modules with HandlerContext dependency injection; 100% unit-testable without process mocks
Test coverage — 15 new security-critical test suites including browser session, auth, prompt injection, audit log, webhook, DSAR, and compliance
Claims aligned — certificate pinning removed (implementation was retracted in Day 1 of the audit); PQ encryption scope documented accurately; compliance language uses "controls implemented" not "certified"

📋 Full Feature List (48 Tools)

Core NotebookLM (No API Key Required)

Tool	Description
`ask_question`	Query notebooks with source-grounded answers
`add_notebook`	Add a notebook to your library
`list_notebooks`	List all notebooks in library
`select_notebook`	Set active notebook
`update_notebook`	Update notebook metadata
`remove_notebook`	Remove from library
`create_notebook`	Programmatically create new notebooks
`batch_create_notebooks`	Create multiple notebooks at once
`sync_library`	Sync library with NotebookLM
`list_sources`	List sources in a notebook
`add_source`	Add source to notebook
`add_folder`	Bulk upload PDFs/files from a local folder to a notebook
`remove_source`	Remove source from notebook
`generate_audio_overview`	Create podcast-style audio
`get_audio_status`	Check audio generation status
`download_audio`	Download generated audio
`generate_video_overview`	Create AI video overview (10 styles)
`get_video_status`	Check video generation status
`generate_data_table`	Generate structured data table
`get_data_table`	Extract data table as JSON
`list_sessions`	List active sessions
`close_session`	Close a session
`reset_session`	Reset session history
`get_health`	Check server & auth status
`setup_auth`	Initial authentication
`re_auth`	Re-authenticate
`cleanup_data`	Clean up local data
`get_quota`	Check usage quotas
`set_quota_tier`	Set quota tier
`get_query_history`	View past queries
`get_notebook_chat_history`	Extract browser chat history
`get_project_info`	Get project context
`export_library`	Export library backup

Gemini API (Optional - Requires GEMINI_API_KEY)

Tool	Description
`deep_research`	Comprehensive research agent
`gemini_query`	Fast grounded queries
`get_research_status`	Check research progress
`upload_document`	Upload docs to Gemini
`query_document`	Query uploaded documents
`query_chunked_document`	Query large documents
`list_documents`	List uploaded documents
`delete_document`	Delete uploaded document

Webhooks & Integrations

Tool	Description
`configure_webhook`	Set up webhook notifications
`list_webhooks`	List configured webhooks
`test_webhook`	Test webhook delivery
`remove_webhook`	Remove a webhook

Enterprise Compliance (16 additional tools)

See Compliance Documentation for full list.

Gemini Deep Research (v1.8.0)

The most powerful research capability for AI agents — now in your MCP toolkit.

v1.8.0 introduces the Gemini Interactions API as a stable, API-based research backend alongside browser automation. This gives your agents access to Google's state-of-the-art Deep Research agent.

Why This Matters

Challenge	Solution
Browser UI changes break automation	Gemini API is stable and versioned
Need comprehensive research but no research agent	Deep Research agent does it for you
Want current information with citations	Google Search grounding built-in
Need reliable, fast queries	API-based = no UI dependencies

New Tools

`deep_research` — Comprehensive Research Agent

"Research the security implications of post-quantum cryptography adoption in financial services"

Runs Google's Deep Research agent (same as Gemini Advanced)
Takes 1-5 minutes for comprehensive, web-grounded analysis
Returns structured answers with citations and sources
Perfect for complex topics requiring multi-source synthesis

`gemini_query` — Fast Grounded Queries

"What are the latest CVEs for Log4j in 2025?" (with Google Search)
"Calculate the compound interest on $10,000 at 5% over 10 years" (with code execution)
"Summarize this security advisory: [URL]" (with URL context)

Google Search grounding — Current information, not just training data
Code execution — Run calculations, data analysis
URL context — Analyze web pages on demand
Models: gemini-3-flash-preview (default), gemini-3-pro-preview (powerful), gemini-2.5-flash (legacy)

`get_research_status` — Background Task Monitoring

Run deep research in the background and check progress:

"Start researching [topic] in the background"
... continue other work ...
"Check research status for interaction_abc123"

Hybrid Architecture

┌──────────────────────────────────────────────────────────────────────────────┐
│                      NotebookLM MCP Server v2026.3.x                         │
├──────────────────────────────────────────────────────────────────────────────┤
│                                                                              │
│  ┌────────────────────────────────┐    ┌──────────────────────────────────┐  │
│  │      BROWSER AUTOMATION        │    │          GEMINI API              │  │
│  │    ✅ NO API KEY NEEDED        │    │    ⚡ OPTIONAL - needs API key   │  │
│  ├────────────────────────────────┤    ├──────────────────────────────────┤  │
│  │                                │    │                                  │  │
│  │  QUERY                         │    │  RESEARCH                        │  │
│  │  • ask_question                │    │  • deep_research                 │  │
│  │  • get_notebook_chat_history   │    │  • gemini_query                  │  │
│  │                                │    │  • get_research_status           │  │
│  │  CREATE & MANAGE               │    │                                  │  │
│  │  • create_notebook             │    │  DOCUMENTS                       │  │
│  │  • batch_create_notebooks      │    │  • upload_document               │  │
│  │  • manage_sources              │    │  • query_document                │  │
│  │  • generate_audio              │    │  • query_chunked_document        │  │
│  │  • generate_video_overview     │    │  • list/delete_document          │  │
│  │  • generate_data_table         │    │                                  │  │
│  │  • sync_notebook               │    │                                  │  │
│  │                                │    │                                  │  │
│  │  HEALTH & SESSIONS     v2026   │    │                                  │  │
│  │  • get_health (deep_check)     │    │  Fast API • 48h retention        │  │
│  │  • get_query_history           │    │  Auto-chunking for large PDFs    │  │
│  └────────────────────────────────┘    └──────────────────────────────────┘  │
│                                                                              │
│                      ┌─────────────────────────────────┐                     │
│                      │       17 SECURITY LAYERS        │                     │
│                      │   Post-Quantum • Audit Logs     │                     │
│                      │   Secrets Scan • Memory Wipe    │                     │
│                      │  GDPR • SOC2 • CSSF Ready*      │                     │
│                      └─────────────────────────────────┘                     │
└──────────────────────────────────────────────────────────────────────────────┘

💡 Gemini API is completely optional! All core NotebookLM features (ask_question, notebooks, sessions, audio) work via browser automation with no API key required. The Gemini tools below are bonus features for users who want direct API access.

Gemini Configuration (Optional)

# Only required if you want Gemini API features (deep_research, gemini_query, upload_document)
GEMINI_API_KEY=your-api-key          # Get from https://aistudio.google.com/apikey

# Optional settings
GEMINI_DEFAULT_MODEL=gemini-3-flash-preview  # Default model (was gemini-2.5-flash)
GEMINI_DEEP_RESEARCH_ENABLED=true            # Enable Deep Research
GEMINI_TIMEOUT_MS=30000                      # API timeout

When to Use Which

Task	Best Tool	Why
Questions about YOUR documents	`ask_question`	Grounded on your uploaded sources
Comprehensive topic research	`deep_research`	Multi-source synthesis with citations
Current events / recent info	`gemini_query` + google_search	Live web data
Code calculations	`gemini_query` + code_execution	Reliable computation
Analyze a webpage	`gemini_query` + url_context	Direct page analysis
Quick PDF/document analysis	`upload_document` + `query_document`	Fast API, no browser (NEW!)

📄 Document API (v1.9.0)

Upload and query documents directly via Gemini API — no browser automation needed.

v1.9.0 introduces the Gemini Files API for fast, reliable document analysis. Upload PDFs, analyze them instantly, and delete when done.

Why This Matters

Feature	Browser Mode	Document API
Speed	Seconds	Milliseconds
Reliability	UI-dependent	API-stable
File Support	Via NotebookLM	50MB PDFs, 1000 pages
Retention	Permanent	48 hours
Setup	Auth + cookies	Just API key

New Tools

`upload_document` — Fast Document Upload

Upload any document to Gemini for instant querying:

Upload /path/to/research-paper.pdf

Supported: PDF (50MB, 1000 pages), TXT, MD, HTML, CSV, JSON, DOCX, images, audio, video
48-hour retention — files auto-expire, or delete manually
Returns a file ID for querying

`query_document` — Ask Questions About Documents

"What are the main findings in this research paper?"
"Summarize section 3 of the document"
"Extract all statistics mentioned in the PDF"

Full document understanding (text, tables, charts, diagrams)
Multi-document queries (compare multiple files)
Fast API response (no browser wait)

`list_documents` — See All Uploaded Files

List all my uploaded documents

Shows file names, sizes, MIME types, and expiration times.

`delete_document` — Clean Up Sensitive Files

Delete file xyz123

Immediately remove files (don't wait for 48h expiration).

Workflow Example

1. upload_document("/research/paper.pdf")
   → Returns: files/abc123

2. query_document("files/abc123", "What methodology was used?")
   → Returns: "The paper uses a mixed-methods approach combining..."

3. query_document("files/abc123", "List all cited authors")
   → Returns: "Smith et al. (2024), Johnson (2023)..."

4. delete_document("files/abc123")
   → File removed

Auto-Chunking for Large PDFs (v1.10.0)

No file size limits — PDFs of any size are automatically handled.

When you upload a PDF that exceeds Gemini's limits (50MB or 1000 pages), the system automatically:

Detects the oversized PDF
Splits it into optimal chunks (500 pages each)
Uploads all chunks in parallel
Returns chunk metadata for querying

upload_document("/research/massive-2000-page-report.pdf")

→ Returns:
{
  "wasChunked": true,
  "totalPages": 2000,
  "chunks": [
    { "fileName": "files/abc1", "pageStart": 1, "pageEnd": 500 },
    { "fileName": "files/abc2", "pageStart": 501, "pageEnd": 1000 },
    { "fileName": "files/abc3", "pageStart": 1001, "pageEnd": 1500 },
    { "fileName": "files/abc4", "pageStart": 1501, "pageEnd": 2000 }
  ],
  "allFileNames": ["files/abc1", "files/abc2", "files/abc3", "files/abc4"]
}

`query_chunked_document` — Query All Chunks at Once

For chunked documents, use this tool to query all parts and get an aggregated answer:

query_chunked_document(
  file_names: ["files/abc1", "files/abc2", "files/abc3", "files/abc4"],
  query: "What are the key recommendations in this report?"
)

→ Queries each chunk, then synthesizes a unified answer

When to Use Document API vs NotebookLM

Scenario	Use
Quick one-off document analysis	Document API — fast, no setup
Building a permanent knowledge base	NotebookLM — permanent storage
Analyzing sensitive documents	Document API — 48h auto-delete
Multi-source research over time	NotebookLM — organized notebooks
CI/CD pipeline document processing	Document API — API-native
Large PDFs (1000+ pages)	Document API — auto-chunking

Programmatic Notebook Creation (v1.7.0+)

Create NotebookLM notebooks entirely from code — no manual clicks required.

Most MCP servers can only read from NotebookLM. This one can create notebooks, add sources, and generate audio — all programmatically.

`create_notebook` — Build Notebooks Instantly

Create a complete notebook with multiple sources in one command:

{
  "name": "Security Research 2025",
  "sources": [
    { "type": "url", "value": "https://owasp.org/Top10" },
    { "type": "file", "value": "/path/to/security-report.pdf" },
    { "type": "text", "value": "Custom analysis notes...", "title": "My Notes" }
  ],
  "description": "OWASP security best practices",
  "topics": ["security", "owasp", "vulnerabilities"]
}

Supported source types:

URL — Web pages, documentation, articles
File — PDF, DOCX, TXT, and more
Text — Raw text, code snippets, notes

`batch_create_notebooks` — Scale Up

Create up to 10 notebooks in a single operation:

{
  "notebooks": [
    { "name": "React Docs", "sources": [{ "type": "url", "value": "https://react.dev/reference" }] },
    { "name": "Node.js API", "sources": [{ "type": "url", "value": "https://nodejs.org/api/" }] },
    { "name": "TypeScript Handbook", "sources": [{ "type": "url", "value": "https://www.typescriptlang.org/docs/" }] }
  ]
}

Perfect for:

Setting up project documentation libraries
Onboarding new team members with curated knowledge bases
Creating topic-specific research notebooks in bulk

`manage_sources` — Dynamic Source Management

Add or remove sources from existing notebooks:

{
  "notebook_id": "abc123",
  "action": "add",
  "sources": [{ "type": "url", "value": "https://new-documentation.com" }]
}

`generate_audio` — Audio Overview Creation

Generate NotebookLM's famous "Audio Overview" podcasts programmatically:

"Generate an audio overview for my Security Research notebook"

`sync_notebook` — Keep Sources Updated

Sync notebook sources from a local directory:

{
  "notebook_id": "abc123",
  "directory": "/path/to/docs",
  "patterns": ["*.md", "*.pdf"]
}

Why This Matters

Traditional Workflow	With This MCP
Manually create notebook in browser	`create_notebook` → done
Click "Add source" for each document	Batch add in single command
Navigate UI to generate audio	`generate_audio` → podcast ready
Update sources by hand	`sync_notebook` from local files

Your agent can now build entire knowledge bases autonomously.

🎬 Video Overviews & Data Tables (v2026.2.0)

Generate AI-powered visual summaries and extract structured data from any notebook — all programmatically.

NotebookLM's Studio panel now offers Video Overviews and Data Tables alongside Audio Overviews. This release brings full automation for both.

`generate_video_overview` — AI Video Summaries

Generate visual video overviews of your notebook content with 10 visual styles:

Style	Description
`auto-select`	Let NotebookLM choose the best style (default)
`classic`	Clean presentation style
`whiteboard`	Hand-drawn whiteboard aesthetic
`kawaii`	Cute illustrated style
`anime`	Anime-inspired visuals
`watercolour`	Watercolour painting style
`retro-print`	Retro print aesthetic
`heritage`	Traditional heritage style
`paper-craft`	Paper-craft visual style
`custom`	Custom visual style

Two formats:

Explainer — Full explanation (5-15 min)
Brief — Quick summary (1-3 min)

"Generate a kawaii-style brief video overview for my Security Research notebook"

`get_video_status` — Check Generation Progress

Video generation takes 3-10 minutes. Check progress:

"Check video status for my Security Research notebook"
→ { "status": "generating", "progress": 0 }
→ { "status": "ready" }

`generate_data_table` — Structured Data Extraction

Generate a structured table from your notebook sources. NotebookLM extracts key information into rows and columns:

"Generate a data table for my research notebook"

`get_data_table` — Extract Table as JSON

Extract the generated table as structured JSON for processing:

"Get the data table from my research notebook"
→ {
    "headers": ["Title", "Year", "Key Finding", "Methodology", ...],
    "rows": [["Paper A", "2025", "Finding X", "Survey", ...], ...],
    "totalRows": 27,
    "totalColumns": 7
  }

When to Use Which Studio Feature

Task	Best Tool	Why
Podcast-style audio summary	`generate_audio_overview`	Shareable audio content
Visual presentation of research	`generate_video_overview`	Engaging video summary
Structured data for analysis	`generate_data_table` + `get_data_table`	Machine-readable JSON
Quick status check	`get_audio_status` / `get_video_status`	Non-blocking progress

📊 Query History & Chat Extraction (v2026.1.0)

Track your research and recover conversations from NotebookLM notebooks.

`get_query_history` — Review Past Research (v1.10.8)

All queries made through the MCP are automatically logged for review:

"Show me my recent NotebookLM queries"
"Find queries about security from last week"
"What did I ask the fine-tuning notebook?"

Automatic logging — every Q&A pair saved with metadata
Search — find specific topics across all queries
Filter — by notebook, session, or date
Quota tracking — see query counts and timing

`get_notebook_chat_history` — Extract Browser Conversations (v2026.1.0)

Extract conversation history directly from a NotebookLM notebook's chat UI with context management to avoid overwhelming your AI context window:

Quick audit (preview mode):

{ "notebook_id": "my-research", "preview_only": true }

Returns message counts without content — test the water before extracting.

Export to file (avoids context overflow):

{ "notebook_id": "my-research", "output_file": "/tmp/chat-history.json" }

Dumps full history to disk instead of returning to context.

Paginate through history:

{ "notebook_id": "my-research", "limit": 20, "offset": 0 }
{ "notebook_id": "my-research", "limit": 20, "offset": 20 }

Page through large histories without loading everything at once.

Returns:

{
  "notebook_url": "https://notebooklm.google.com/notebook/xxx",
  "notebook_name": "My Research",
  "total_messages": 150,
  "returned_messages": 40,
  "user_messages": 75,
  "assistant_messages": 75,
  "offset": 0,
  "has_more": true,
  "messages": [...]
}

Use cases:

Recover conversations made directly in the NotebookLM browser (not tracked by MCP)
Audit research — see what queries were made in a notebook
Resume context — pick up where a previous session left off
Quota reconciliation — understand why quota seems off

Why This Fork?

The original NotebookLM MCP is excellent for productivity — but MCP servers handle sensitive data:

Browser sessions with Google authentication
Cookies and tokens stored on disk
Query history that may contain proprietary information

This fork adds 17 security hardening layers to protect that data.

Security Features

Layer	Feature	Protection
🔐	Post-Quantum Encryption	ML-KEM-768 + ChaCha20-Poly1305 hybrid (local at-rest)
🔍	Secrets Scanning	Detects 30+ credential patterns (AWS, GitHub, Slack...)
🧹	Memory Scrubbing	Zeros sensitive data after use
📝	Audit Logging	Tamper-evident logs with hash chains
⏱️	Session Timeout	8h hard limit + 30m inactivity auto-logout
🎫	MCP Authentication	Token-based auth with brute-force lockout
🛡️	Response Validation	Detects prompt injection attempts
✅	Input Validation	URL whitelisting, sanitization
🚦	Rate Limiting	Per-session request throttling
🙈	Log Sanitization	Credentials masked in all output
🐍	MEDUSA Integration	Automated security scanning
🖥️	Cross-Platform	Native support for Linux, macOS, Windows
🔒	Secure-by-Default Auth	Auth ON without configuration, explicit opt-out required
📈	Exponential Backoff	Lockout escalation: 5min → 15min → 45min → 4hr cap
🗝️	Credential Isolation	SecureCredential TTL + env var scrubbing from process.env

Post-Quantum Primitives (Local At-Rest)

Encryption of secrets on disk uses hybrid post-quantum primitives:

ML-KEM-768 (Kyber) + ChaCha20-Poly1305

ML-KEM-768: NIST-standardized post-quantum key encapsulation
ChaCha20-Poly1305: Modern stream cipher (immune to timing attacks)

Scope, honestly: this is local at-rest encryption. Both keys live on the same machine — the PQ secret key is wrapped with a classical key derived from a machine-bound secret, not held by a remote recipient. This protects against offline theft of individual encrypted files, not against Harvest-Now-Decrypt-Later attacks (those require a remote PQ recipient holding the unwrap key).

Cross-Platform Support

Full native support for all major operating systems:

Platform	File Permissions	Data Directory
Linux	Unix chmod (0o600/0o700)	`~/.local/share/notebooklm-mcp/`
macOS	Unix chmod (0o600/0o700)	`~/Library/Application Support/notebooklm-mcp/`
Windows	ACLs via icacls (current user only)	`%LOCALAPPDATA%\notebooklm-mcp\`

All sensitive files (encryption keys, auth tokens, audit logs) are automatically protected with owner-only permissions on every platform.

Enterprise Compliance-Ready Architecture (v1.6.0+)

Built to the standards required for regulated industries. All code-level technical controls are implemented — full compliance also requires organizational process controls (policies, training, vendor management). Formal certification (SOC2 Type II report, GDPR registration, CSSF submission) requires a third-party audit engagement.

Regulation	Controls Implemented
GDPR	Consent management, DSAR handling, right to erasure, data portability
SOC2 Type II	Hash-chained audit logs, incident response, availability monitoring
CSSF	7-year retention, SIEM integration, policy documentation

Compliance Tools (16 MCP tools)

compliance_dashboard    - Real-time compliance status
compliance_report       - Generate audit reports (JSON/CSV/HTML)
compliance_evidence     - Collect evidence packages
grant_consent          - Record user consent
submit_dsar            - Handle data subject requests
request_erasure        - Right to be forgotten
export_user_data       - Data portability export
create_incident        - Security incident management
...and 8 more

See COMPLIANCE-SPEC.md for full documentation.

Installation

What Works Out of the Box (No API Key)

All core NotebookLM features work immediately with just browser authentication:

Feature	Tool	Description
🔍 Query notebooks	`ask_question`	Get source-grounded answers from your documents
📚 Manage library	`add_notebook`, `list_notebooks`, etc.	Organize your notebook collection
🎙️ Audio overviews	`generate_audio_overview`	Create podcast-style summaries
🎬 Video overviews	`generate_video_overview`	AI video summaries with 10 visual styles NEW
📊 Data tables	`generate_data_table`, `get_data_table`	Structured data extraction as JSON NEW
📝 Create notebooks	`create_notebook`	Programmatically create new notebooks
🔄 Session management	`list_sessions`, `reset_session`	Manage conversation context
📊 Chat history	`get_notebook_chat_history`	Extract past conversations
❤️ Health checks	`get_health`	Verify authentication status

Optional: Add GEMINI_API_KEY for bonus features like deep_research, gemini_query, and upload_document.

For repeatable authenticated validation, see the Authenticated Testing Runbook.

Claude Code

claude mcp add notebooklm -- npx @pan-sec/notebooklm-mcp@latest

With Authentication + Gemini (Recommended)

claude mcp add notebooklm \
  --env NLMCP_AUTH_ENABLED=true \
  --env NLMCP_AUTH_TOKEN=$(openssl rand -base64 32) \
  --env GEMINI_API_KEY=your-gemini-api-key \
  -- npx @pan-sec/notebooklm-mcp@latest

Codex

codex mcp add notebooklm -- npx @pan-sec/notebooklm-mcp@latest

Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "notebooklm": {
      "command": "npx",
      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
      "env": {
        "NLMCP_AUTH_ENABLED": "true",
        "NLMCP_AUTH_TOKEN": "your-secure-token",
        "GEMINI_API_KEY": "your-gemini-api-key"
      }
    }
  }
}

Google Antigravity

Add to ~/.gemini/antigravity/mcp_config.json (macOS/Linux) or %USERPROFILE%\.gemini\antigravity\mcp_config.json (Windows):

{
  "mcpServers": {
    "notebooklm": {
      "command": "npx",
      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"]
    }
  }
}

With optional env vars:

{
  "mcpServers": {
    "notebooklm": {
      "command": "npx",
      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
      "env": {
        "GEMINI_API_KEY": "your-gemini-api-key"
      }
    }
  }
}

Note: Antigravity does NOT support ${workspaceFolder} variables. Use absolute paths.

OpenCode

Add to ~/.config/opencode/opencode.json (global) or opencode.json in project root:

{
  "$schema": "https://opencode.ai/config.json",
  "mcp": {
    "notebooklm": {
      "type": "local",
      "command": ["npx", "-y", "@pan-sec/notebooklm-mcp@latest"],
      "enabled": true,
      "environment": {
        "GEMINI_API_KEY": "your-gemini-api-key"
      }
    }
  }
}

Note: OpenCode uses "mcp" (not "mcpServers") and "command" is an array.

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "notebooklm": {
      "command": "npx",
      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
      "env": {
        "GEMINI_API_KEY": "your-gemini-api-key"
      }
    }
  }
}

VS Code + Copilot

Add to your VS Code settings.json:

{
  "mcp": {
    "servers": {
      "notebooklm": {
        "command": "npx",
        "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
        "env": {
          "GEMINI_API_KEY": "your-gemini-api-key"
        }
      }
    }
  }
}

Other MCP Clients

Most MCP clients use this standard format:

{
  "mcpServers": {
    "notebooklm": {
      "command": "npx",
      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
      "env": {
        "GEMINI_API_KEY": "your-gemini-api-key"
      }
    }
  }
}

Common config locations:

Client	Config File
Claude Desktop	`~/.config/claude/claude_desktop_config.json`
Cursor	`~/.cursor/mcp.json`
Antigravity	`~/.gemini/antigravity/mcp_config.json`
OpenCode	`~/.config/opencode/opencode.json`
Windsurf	`~/.codeium/windsurf/mcp_config.json`

Quick Start

1. Install (see above)

2. Authenticate

"Log me in to NotebookLM"

Chrome opens → sign in with Google

3. Add your notebook

Go to notebooklm.google.com → Create notebook → Upload docs → Share link

4. Use it

"Research [topic] using this NotebookLM: [link]"

5. Try Deep Research (NEW!)

"Use deep research to investigate [complex topic]"

Complete Tool Reference

Research Tools

Tool	Description	Backend
`ask_question`	Query your NotebookLM notebooks	Browser
`deep_research`	Comprehensive research with citations	Gemini API
`gemini_query`	Fast queries with grounding tools	Gemini API
`get_research_status`	Check background research progress	Gemini API

Notebook Management

Tool	Description
`add_notebook`	Add notebook to library
`list_notebooks`	List all notebooks
`get_notebook`	Get notebook details
`update_notebook`	Update notebook metadata
`remove_notebook`	Remove from library
`select_notebook`	Set active notebook
`search_notebooks`	Search by query

Source Management (v1.7.0+)

Tool	Description
`manage_sources`	Add/remove/list sources
`generate_audio`	Create Audio Overview
`sync_notebook`	Sync sources from local files

Studio Features (v2026.2.0)

Tool	Description
`generate_video_overview`	Create AI video overview (10 visual styles, 2 formats)
`get_video_status`	Check video generation progress
`generate_data_table`	Generate structured data table from sources
`get_data_table`	Extract data table as JSON (headers + rows)

Session & System

Tool	Description
`list_sessions`	View active sessions
`close_session`	Close a session
`reset_session`	Reset session chat
`get_health`	Server health check (with deep_check for UI verification)
`get_query_history`	Review past queries with search/filter
`get_notebook_chat_history`	Extract browser conversations (pagination, file export)
`setup_auth`	Initial authentication
`re_auth`	Re-authenticate
`cleanup_data`	Deep cleanup utility
`get_library_stats`	Library statistics
`get_quota`	Check usage limits and remaining quota

Compliance (v1.6.0+)

16 compliance tools for GDPR, SOC2, and CSSF requirements.

What Gets Protected

Data	Protection
Browser cookies	Post-quantum encrypted at rest
Session tokens	Auto-expire + memory scrubbing
Query history	Audit logged with tamper detection
Google connection	TLS with response validation
Log output	Credentials auto-redacted
API responses	Scanned for leaked secrets
Gemini API key	Secure memory handling

Configuration

All security features are enabled by default. Override via environment variables:

# Authentication
NLMCP_AUTH_ENABLED=true
NLMCP_AUTH_TOKEN=your-secret-token

# Gemini API (v1.8.0+)
GEMINI_API_KEY=your-api-key
GEMINI_DEFAULT_MODEL=gemini-3-flash-preview  # Default (was gemini-2.5-flash)
GEMINI_DEEP_RESEARCH_ENABLED=true
GEMINI_TIMEOUT_MS=30000
NOTEBOOKLM_NO_GEMINI=false       # Set to true to disable all Gemini tools

# Tool Profiles
NOTEBOOKLM_PROFILE=standard      # minimal (5 tools) | standard (33 tools) | full (all 47)
NOTEBOOKLM_DISABLED_TOOLS=       # Comma-separated list of tools to hide

# Encryption
NLMCP_USE_POST_QUANTUM=true
NLMCP_ENCRYPTION_KEY=base64-32-bytes  # Optional custom key

# Session Limits
NLMCP_SESSION_MAX_LIFETIME=28800  # 8 hours
NLMCP_SESSION_INACTIVITY=1800     # 30 minutes

# Secrets Scanning
NLMCP_SECRETS_SCANNING=true
NLMCP_SECRETS_BLOCK=false         # Block on detection
NLMCP_SECRETS_REDACT=true         # Auto-redact

# Audit Logging
NLMCP_AUDIT_ENABLED=true

# Multi-Session Support (v2026.1.2+)
NOTEBOOK_PROFILE_STRATEGY=isolated  # isolated|single|auto
NOTEBOOK_CLONE_PROFILE=true         # Clone auth from base profile

Multi-Session Mode

Run multiple Claude Code sessions simultaneously with isolated browser profiles:

# Add to ~/.bashrc or ~/.zshrc
export NOTEBOOK_PROFILE_STRATEGY=isolated
export NOTEBOOK_CLONE_PROFILE=true

Variable	Values	Description
`NOTEBOOK_PROFILE_STRATEGY`	`single`, `auto`, `isolated`	`isolated` = separate profile per session
`NOTEBOOK_CLONE_PROFILE`	`true`, `false`	Clone authenticated base profile into isolated instances

How it works:

Each session gets its own Chrome profile (no lock conflicts)
Isolated profiles clone from the authenticated base profile
Auth coordination ensures cloning waits for any in-progress authentication

See SECURITY.md for complete configuration reference.

Security Scanning

Run MEDUSA security scanner:

npm run security-scan

Or integrate in CI/CD:

- name: Security Scan
  run: npx @pan-sec/notebooklm-mcp && npm run security-scan

Comparison

vs Other NotebookLM MCPs

Feature	Others	@pan-sec/notebooklm-mcp
Zero-hallucination Q&A	✅	✅
Library management	✅	✅
Create Notebooks Programmatically	❌	✅ EXCLUSIVE
Batch Create (10 notebooks)	❌	✅ EXCLUSIVE
Gemini Deep Research	❌	✅ EXCLUSIVE
Document API (no browser)	❌	✅ EXCLUSIVE
Auto-chunking (1000+ page PDFs)	❌	✅ EXCLUSIVE
Chat History Extraction	❌	✅ NEW
Deep Health Verification	❌	✅ NEW
Query History & Search	❌	✅
Quota Management	❌	✅
Source Management (add/remove)	❌	✅
Audio Overview Generation	❌	✅
Video Overview Generation (10 styles)	❌	✅ NEW
Data Table Extraction (JSON)	❌	✅ NEW
Gemini 3 + Thinking Control	❌	✅ NEW
Structured JSON Output	❌	✅ NEW
Sync from Local Directories	❌	✅

Security & Compliance (Unique to This Fork)

Feature	Others	@pan-sec/notebooklm-mcp
Cross-platform (Linux/macOS/Windows)	⚠️ Partial	✅ Full
Post-quantum encryption	❌	✅ ML-KEM-768 + ChaCha20 (local at-rest)
Secrets scanning	❌	✅ 30+ patterns
Memory scrubbing	❌	✅ Zero-on-free
Audit logging	❌	✅ Hash-chained
MCP authentication	❌	✅ Token + lockout
Prompt injection detection	❌	✅ Response validation
GDPR Compliance	❌	✅ Controls implemented*
SOC2 Type II	❌	✅ Controls implemented*
CSSF (Luxembourg)	❌	✅ Controls implemented*

* Compliance-ready: code-level technical controls are implemented. Full compliance also requires organizational process controls and formal certification via third-party audit.

Bottom line: If you need more than basic queries, or care about security, there's only one choice.

Version History

Version	Highlights
v2026.3.1	✅ Security Audit Complete — All 334 issues resolved. Tests 609→631. Code quality + test gap phase.
v2026.3.0	🔬 Security Audit Release — 334-issue independent audit. Tests 139→609 (50 files). Full MCP protocol compliance. Webhook SSRF fix. Audit log hash-chain verified on read. Per-page mutex. HandlerContext DI. Cert pinning retracted.
v2026.2.9	🔐 `performSetup` no longer destroys credentials before Chrome opens — last root cause of auth loop fixed
v2026.2.8	🛡️ `cleanup_data` excludes `browser_state/` and `chrome_profile/` from all deletion paths — auth survives cleanup
v2026.2.7	🚫 Block headless `setup_auth`; `auth-now.mjs` standalone script handles Chrome profile locks and silent save failures
v2026.2.6	📁 New `add_folder` tool — bulk upload PDFs/files to a notebook with progress, dry_run, and auto-split support
v2026.2.5	🔧 Fix: `show_browser` now correctly passed to `performSetup` — browser reliably opens for auth
v2026.2.4	🔑 Auth stability: 7-day state expiry (was 24h), `touchStateFile` resets clock on each validation, headless `re_auth` blocked
v2026.2.3	🎬 Studio Panel tools restored — Video Overview generation and Data Table tools re-enabled after UI update
v2026.2.1	🔧 Standard profile expanded: 14 → 33 tools — all key features now visible by default
v2026.2.0	🚀 Gemini 3 models (2.5 retiring March 31), Video Overviews (10 styles), Data Table extraction (JSON), thinking level control, structured JSON output, SDK 1.41
v2026.1.12	🔒 Security hardening — timing attack fix, command injection fix, 6 memory leak fixes, MCP SDK 1.26.0
v2026.1.11	🔄 Notebook sync extraction for Angular UI, `NOTEBOOKLM_NO_GEMINI` env var
v2026.1.10	📝 Tool descriptions clarified for multi-LLM compatibility (OpenCode fix)
v2026.1.9	📄 Documentation & UX improvements, npm audit fix
v2026.1.8	📦 Major dependency updates (zod 4.x, dotenv 17.x, post-quantum 0.5.4)
v2026.1.7	🎨 MCP Protocol UX — tool icons, titles, behavior annotations
v2026.1.4	🛡️ Defense-in-depth path validation, security hardening
v2026.1.2	🔗 Multi-session auth coordination — lock system for concurrent sessions
v2026.1.1	🔍 Deep health check — verifies NotebookLM chat UI actually loads
v2026.1.0	📊 Chat history extraction with context management, CalVer versioning
v1.10.8	Query history logging, quota tracking
v1.10.0	Auto-chunking for large PDFs (1000+ pages)
v1.9.0	Document API: upload, query, delete via Gemini Files API
v1.8.0	Gemini Deep Research, Query with Grounding, Background Tasks
v1.7.0	Programmatic notebook creation, batch operations, audio generation
v1.6.0	Enterprise compliance: GDPR, SOC2 Type II, CSSF
v1.5.0	Cross-platform support (Windows ACLs, macOS, Linux)
v1.4.0	Post-quantum encryption, secrets scanning

Reporting Vulnerabilities

Found a security issue? Do not open a public GitHub issue.

Email: [email protected]

Credits

Original MCP Server: Gérôme Dexheimer — notebooklm-mcp
Security Hardening: Pantheon Security
Post-Quantum Crypto: @noble/post-quantum
Gemini API: Google AI

License

MIT — Same as original.

Security hardened with 🔒 by Pantheon Security

Powered by Google Gemini 3 🚀

Full Security Documentation • Compliance Guide • Report Vulnerability

Как установить

Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.

{
  "mcpServers": {
    "pantheon-security-notebooklm-mcp-secure": {
      "command": "npx",
      "args": []
    }
  }
}

Command Palette

Pantheon-Security/notebooklm-mcp-secure

Описание

README

NotebookLM MCP Server (Security Hardened)

🏆 The World's Most Advanced NotebookLM MCP Server

⚡ TL;DR — What You Get

🚀 What's New in 2026

Why Choose This MCP?

🔬 Security Audit 2026 — What We Found and Fixed

Audit by the Numbers

What the Four Reviewers Found

Key Fixes

Core NotebookLM (No API Key Required)

Gemini API (Optional - Requires GEMINI_API_KEY)

Webhooks & Integrations

Enterprise Compliance (16 additional tools)

Gemini Deep Research (v1.8.0)

Why This Matters

New Tools

deep_research — Comprehensive Research Agent

gemini_query — Fast Grounded Queries

get_research_status — Background Task Monitoring

Hybrid Architecture

Gemini Configuration (Optional)

When to Use Which

📄 Document API (v1.9.0)

Why This Matters

New Tools

upload_document — Fast Document Upload

query_document — Ask Questions About Documents

list_documents — See All Uploaded Files

delete_document — Clean Up Sensitive Files

Workflow Example

Auto-Chunking for Large PDFs (v1.10.0)

query_chunked_document — Query All Chunks at Once

When to Use Document API vs NotebookLM

Programmatic Notebook Creation (v1.7.0+)

create_notebook — Build Notebooks Instantly

batch_create_notebooks — Scale Up

manage_sources — Dynamic Source Management

generate_audio — Audio Overview Creation

sync_notebook — Keep Sources Updated

Why This Matters

🎬 Video Overviews & Data Tables (v2026.2.0)

generate_video_overview — AI Video Summaries

get_video_status — Check Generation Progress

generate_data_table — Structured Data Extraction

get_data_table — Extract Table as JSON

When to Use Which Studio Feature

📊 Query History & Chat Extraction (v2026.1.0)

get_query_history — Review Past Research (v1.10.8)

get_notebook_chat_history — Extract Browser Conversations (v2026.1.0)

Why This Fork?

Security Features

Post-Quantum Primitives (Local At-Rest)

Cross-Platform Support

Enterprise Compliance-Ready Architecture (v1.6.0+)

Compliance Tools (16 MCP tools)

Installation

What Works Out of the Box (No API Key)

Claude Code

With Authentication + Gemini (Recommended)

Codex

Quick Start

1. Install (see above)

2. Authenticate

3. Add your notebook

4. Use it

5. Try Deep Research (NEW!)

Complete Tool Reference

Research Tools

Notebook Management

Source Management (v1.7.0+)

Studio Features (v2026.2.0)

Session & System

Compliance (v1.6.0+)

What Gets Protected

Configuration

Multi-Session Mode

`deep_research` — Comprehensive Research Agent

`gemini_query` — Fast Grounded Queries

`get_research_status` — Background Task Monitoring

`upload_document` — Fast Document Upload

`query_document` — Ask Questions About Documents

`list_documents` — See All Uploaded Files

`delete_document` — Clean Up Sensitive Files

`query_chunked_document` — Query All Chunks at Once

`create_notebook` — Build Notebooks Instantly

`batch_create_notebooks` — Scale Up

`manage_sources` — Dynamic Source Management

`generate_audio` — Audio Overview Creation

`sync_notebook` — Keep Sources Updated

`generate_video_overview` — AI Video Summaries

`get_video_status` — Check Generation Progress

`generate_data_table` — Structured Data Extraction

`get_data_table` — Extract Table as JSON

`get_query_history` — Review Past Research (v1.10.8)

`get_notebook_chat_history` — Extract Browser Conversations (v2026.1.0)