🚀 NotebookLM MCP Server (Security Hardened)
Get zero-hallucination answers from NotebookLM + Gemini Deep Research, all with enterprise-grade security.
This repository is a security-hardened fork of PleasePrompto/notebooklm-mcp, maintained by Pantheon Security.
• • • Security • Install
🚀 Quick Start
1. Install (see installation section below)
2. Authenticate
"Log me in to NotebookLM"
Chrome opens → sign in with Google
3. Add your notebook
Go to notebooklm.google.com → Create notebook → Upload docs → Share link
4. Use it
"Research [topic] using this NotebookLM: [link]"
5. Try Deep Research (NEW!)
"Use deep research to investigate [complex topic]"
✨ Features
- Gemini Deep Research: Access Google's state-of-the-art Deep Research agent via a stable API.
- Document API: Upload and query documents directly via Gemini API, with fast response and auto-chunking for large PDFs.
- Programmatic Notebook Creation: Create, manage, and sync notebooks entirely from code.
- 14 Security Layers: Protect sensitive data with post-quantum encryption, secrets scanning, and more.
- Enterprise Compliance: Meet GDPR, SOC2, and CSSF requirements.
📦 Installation
Claude Code
claude mcp add notebooklm -- npx @pan-sec/notebooklm-mcp@latest
With Authentication + Gemini (Recommended)
claude mcp add notebooklm \
--env NLMCP_AUTH_ENABLED=true \
--env NLMCP_AUTH_TOKEN=$(openssl rand -base64 32) \
--env GEMINI_API_KEY=your-gemini-api-key \
-- npx @pan-sec/notebooklm-mcp@latest
Codex
codex mcp add notebooklm -- npx @pan-sec/notebooklm-mcp@latest
Cursor
Add to ~/.cursor/mcp.json:
{
"mcpServers": {
"notebooklm": {
"command": "npx",
"args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
"env": {
"NLMCP_AUTH_ENABLED": "true",
"NLMCP_AUTH_TOKEN": "your-secure-token",
"GEMINI_API_KEY": "your-gemini-api-key"
}
}
}
}
Other MCP Clients
{
"mcpServers": {
"notebooklm": {
"command": "npx",
"args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
"env": {
"NLMCP_AUTH_ENABLED": "true",
"NLMCP_AUTH_TOKEN": "your-secure-token",
"GEMINI_API_KEY": "your-gemini-api-key"
}
}
}
}
💻 Usage Examples
Gemini Deep Research
deep_research — Comprehensive Research Agent
"Research the security implications of post-quantum cryptography adoption in financial services"
This command runs Google's Deep Research agent (same as Gemini Advanced), takes 1 - 5 minutes for comprehensive, web-grounded analysis, and returns structured answers with citations and sources.
gemini_query — Fast Grounded Queries
"What are the latest CVEs for Log4j in 2025?" (with Google Search)
"Calculate the compound interest on $10,000 at 5% over 10 years" (with code execution)
"Summarize this security advisory: [URL]" (with URL context)
This tool provides Google Search grounding, code execution, and URL context capabilities, and supports models like gemini-2.5-flash (fast), gemini-2.5-pro (powerful), gemini-3-flash-preview (latest).
get_research_status — Background Task Monitoring
"Start researching [topic] in the background"
... continue other work ...
"Check research status for interaction_abc123"
Document API
upload_document — Fast Document Upload
Upload /path/to/research-paper.pdf
Supported file types include PDF (50MB, 1000 pages), TXT, MD, HTML, CSV, JSON, DOCX, images, audio, video. It has a 48 - hour retention and returns a file ID for querying.
query_document — Ask Questions About Documents
"What are the main findings in this research paper?"
"Summarize section 3 of the document"
"Extract all statistics mentioned in the PDF"
It offers full document understanding and fast API response.
Workflow Example
1. upload_document("/research/paper.pdf")
→ Returns: files/abc123
2. query_document("files/abc123", "What methodology was used?")
→ Returns: "The paper uses a mixed-methods approach combining..."
3. query_document("files/abc123", "List all cited authors")
→ Returns: "Smith et al. (2024), Johnson (2023)..."
4. delete_document("files/abc123")
→ File removed
Programmatic Notebook Creation
create_notebook — Build Notebooks Instantly
{
"name": "Security Research 2025",
"sources": [
{ "type": "url", "value": "https://owasp.org/Top10" },
{ "type": "file", "value": "/path/to/security-report.pdf" },
{ "type": "text", "value": "Custom analysis notes...", "title": "My Notes" }
],
"description": "OWASP security best practices",
"topics": ["security", "owasp", "vulnerabilities"]
}
batch_create_notebooks — Scale Up
{
"notebooks": [
{ "name": "React Docs", "sources": [{ "type": "url", "value": "https://react.dev/reference" }] },
{ "name": "Node.js API", "sources": [{ "type": "url", "value": "https://nodejs.org/api/" }] },
{ "name": "TypeScript Handbook", "sources": [{ "type": "url", "value": "https://www.typescriptlang.org/docs/" }] }
]
}
📚 Documentation
Gemini Deep Research (v1.8.0)
The most powerful research capability for AI agents — now in your MCP toolkit.
v1.8.0 introduces the Gemini Interactions API as a stable, API-based research backend alongside browser automation. This gives your agents access to Google's state-of-the-art Deep Research agent.
Why This Matters
| Challenge |
Solution |
| Browser UI changes break automation |
Gemini API is stable and versioned |
| Need comprehensive research but no research agent |
Deep Research agent does it for you |
| Want current information with citations |
Google Search grounding built-in |
| Need reliable, fast queries |
API-based = no UI dependencies |
New Tools
See the usage examples section above for details.
Hybrid Architecture
┌──────────────────────────────────────────────────────────────────────────────┐
│ NotebookLM MCP Server v1.9.0 │
├──────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌────────────────────────────────┐ ┌──────────────────────────────────┐ │
│ │ BROWSER AUTOMATION │ │ GEMINI API │ │
│ │ (Your Documents) │ │ (Research & Documents) │ │
│ ├────────────────────────────────┤ ├──────────────────────────────────┤ │
│ │ │ │ │ │
│ │ QUERY │ │ RESEARCH v1.8 │ │
│ │ • ask_question │ │ • deep_research │ │
│ │ │ │ • gemini_query │ │
│ │ CREATE & MANAGE v1.7 │ │ • get_research_status │ │
│ │ • create_notebook │ │ │ │
│ │ • batch_create_notebooks │ │ DOCUMENTS (NEW!) v1.9 │ │
│ │ • manage_sources │ │ • upload_document │ │
│ │ • generate_audio │ │ • query_document │ │
│ │ • sync_notebook │ │ • list_documents │ │
│ │ │ │ • delete_document │ │
│ │ Grounded on YOUR docs │ │ │ │
│ │ Permanent storage │ │ Fast API • 48h retention │ │
│ └────────────────────────────────┘ └──────────────────────────────────┘ │
│ │
│ ┌─────────────────────────────────┐ │
│ │ 14 SECURITY LAYERS │ │
│ │ Post-Quantum • Audit Logs │ │
│ │ Cert Pinning • Memory Wipe │ │
│ │ GDPR • SOC2 • CSSF Ready │ │
│ └─────────────────────────────────┘ │
└──────────────────────────────────────────────────────────────────────────────┘
Gemini Configuration
GEMINI_API_KEY=your-api-key
GEMINI_DEFAULT_MODEL=gemini-2.5-flash
GEMINI_DEEP_RESEARCH_ENABLED=true
GEMINI_TIMEOUT_MS=30000
When to Use Which
| Task |
Best Tool |
Why |
| Questions about YOUR documents |
ask_question |
Grounded on your uploaded sources |
| Comprehensive topic research |
deep_research |
Multi-source synthesis with citations |
| Current events / recent info |
gemini_query + google_search |
Live web data |
| Code calculations |
gemini_query + code_execution |
Reliable computation |
| Analyze a webpage |
gemini_query + url_context |
Direct page analysis |
| Quick PDF/document analysis |
upload_document + query_document |
Fast API, no browser (NEW!) |
Document API (v1.9.0)
Upload and query documents directly via Gemini API — no browser automation needed.
v1.9.0 introduces the Gemini Files API for fast, reliable document analysis. Upload PDFs, analyze them instantly, and delete when done.
Why This Matters
| Feature |
Browser Mode |
Document API |
| Speed |
Seconds |
Milliseconds |
| Reliability |
UI-dependent |
API-stable |
| File Support |
Via NotebookLM |
50MB PDFs, 1000 pages |
| Retention |
Permanent |
48 hours |
| Setup |
Auth + cookies |
Just API key |
New Tools
See the usage examples section above for details.
Auto-Chunking for Large PDFs (v1.10.0)
No file size limits — PDFs of any size are automatically handled. When you upload a PDF that exceeds Gemini's limits (50MB or 1000 pages), the system automatically:
- Detects the oversized PDF
- Splits it into optimal chunks (500 pages each)
- Uploads all chunks in parallel
- Returns chunk metadata for querying
upload_document("/research/massive-2000-page-report.pdf")
→ Returns:
{
"wasChunked": true,
"totalPages": 2000,
"chunks": [
{ "fileName": "files/abc1", "pageStart": 1, "pageEnd": 500 },
{ "fileName": "files/abc2", "pageStart": 501, "pageEnd": 1000 },
{ "fileName": "files/abc3", "pageStart": 1001, "pageEnd": 1500 },
{ "fileName": "files/abc4", "pageStart": 1501, "pageEnd": 2000 }
],
"allFileNames": ["files/abc1", "files/abc2", "files/abc3", "files/abc4"]
}
query_chunked_document — Query All Chunks at Once
query_chunked_document(
file_names: ["files/abc1", "files/abc2", "files/abc3", "files/abc4"],
query: "What are the key recommendations in this report?"
)
→ Queries each chunk, then synthesizes a unified answer
When to Use Document API vs NotebookLM
| Scenario |
Use |
| Quick one-off document analysis |
Document API — fast, no setup |
| Building a permanent knowledge base |
NotebookLM — permanent storage |
| Analyzing sensitive documents |
Document API — 48h auto-delete |
| Multi-source research over time |
NotebookLM — organized notebooks |
| CI/CD pipeline document processing |
Document API — API-native |
| Large PDFs (1000+ pages) |
Document API — auto-chunking |
Programmatic Notebook Creation (v1.7.0+)
Create NotebookLM notebooks entirely from code — no manual clicks required.
Most MCP servers can only read from NotebookLM. This one can create notebooks, add sources, and generate audio — all programmatically.
create_notebook — Build Notebooks Instantly
See the usage examples section above for details.
batch_create_notebooks — Scale Up
See the usage examples section above for details.
manage_sources — Dynamic Source Management
{
"notebook_id": "abc123",
"action": "add",
"sources": [{ "type": "url", "value": "https://new-documentation.com" }]
}
generate_audio — Audio Overview Creation
"Generate an audio overview for my Security Research notebook"
sync_notebook — Keep Sources Updated
{
"notebook_id": "abc123",
"directory": "/path/to/docs",
"patterns": ["*.md", "*.pdf"]
}
Why This Matters
| Traditional Workflow |
With This MCP |
| Manually create notebook in browser |
create_notebook → done |
| Click "Add source" for each document |
Batch add in single command |
| Navigate UI to generate audio |
generate_audio → podcast ready |
| Update sources by hand |
sync_notebook from local files |
Your agent can now build entire knowledge bases autonomously.
🔧 Technical Details
Why This Fork?
The original NotebookLM MCP is excellent for productivity — but MCP servers handle sensitive data:
- Browser sessions with Google authentication
- Cookies and tokens stored on disk
- Query history that may contain proprietary information
This fork adds 14 security hardening layers to protect that data.
Security Features
| Layer |
Feature |
Protection |
| 🔐 |
Post-Quantum Encryption |
ML-KEM-768 + ChaCha20-Poly1305 hybrid |
| 🔍 |
Secrets Scanning |
Detects 30+ credential patterns (AWS, GitHub, Slack...) |
| 📌 |
Certificate Pinning |
Blocks MITM attacks on Google connections |
| 🧹 |
Memory Scrubbing |
Zeros sensitive data after use |
| 📝 |
Audit Logging |
Tamper-evident logs with hash chains |
| ⏱️ |
Session Timeout |
8h hard limit + 30m inactivity auto-logout |
| 🎫 |
MCP Authentication |
Token-based auth with brute-force lockout |
| 🛡️ |
Response Validation |
Detects prompt injection attempts |
| ✅ |
Input Validation |
URL whitelisting, sanitization |
| 🚦 |
Rate Limiting |
Per-session request throttling |
| 🙈 |
Log Sanitization |
Credentials masked in all output |
| 🐍 |
MEDUSA Integration |
Automated security scanning |
| 🖥️ |
Cross-Platform |
Native support for Linux, macOS, Windows |
Post-Quantum Ready
Traditional encryption (RSA, ECDH) will be broken by quantum computers. This fork uses hybrid encryption:
ML-KEM-768 (Kyber) + ChaCha20-Poly1305
- ML-KEM-768: NIST-standardized post-quantum key encapsulation
- ChaCha20-Poly1305: Modern stream cipher (immune to timing attacks)
Even if one algorithm is broken, the other remains secure.
Cross-Platform Support
Full native support for all major operating systems:
| Platform |
File Permissions |
Data Directory |
| Linux |
Unix chmod (0o600/0o700) |
~/.local/share/notebooklm-mcp/ |
| macOS |
Unix chmod (0o600/0o700) |
~/Library/Application Support/notebooklm-mcp/ |
| Windows |
ACLs via icacls (current user only) |
%LOCALAPPDATA%\notebooklm-mcp\ |
All sensitive files (encryption keys, auth tokens, audit logs) are automatically protected with owner-only permissions on every platform.
Enterprise Compliance (v1.6.0+)
Full compliance support for regulated industries:
| Regulation |
Features |
| GDPR |
Consent management, DSAR handling, right to erasure, data portability |
| SOC2 Type II |
Hash-chained audit logs, incident response, availability monitoring |
| CSSF |
7-year retention, SIEM integration, policy documentation |
Compliance Tools (16 MCP tools)
compliance_dashboard - Real-time compliance status
compliance_report - Generate audit reports (JSON/CSV/HTML)
compliance_evidence - Collect evidence packages
grant_consent - Record user consent
submit_dsar - Handle data subject requests
request_erasure - Right to be forgotten
export_user_data - Data portability export
create_incident - Security incident management
...and 8 more
See COMPLIANCE-SPEC.md for full documentation.
Configuration
All security features are enabled by default. Override via environment variables:
NLMCP_AUTH_ENABLED=true
NLMCP_AUTH_TOKEN=your-secret-token
GEMINI_API_KEY=your-api-key
GEMINI_DEFAULT_MODEL=gemini-2.5-flash
GEMINI_DEEP_RESEARCH_ENABLED=true
GEMINI_TIMEOUT_MS=30000
NLMCP_USE_POST_QUANTUM=true
NLMCP_ENCRYPTION_KEY=base64-32-bytes
NLMCP_SESSION_MAX_LIFETIME=28800
NLMCP_SESSION_INACTIVITY=1800
NLMCP_SECRETS_SCANNING=true
NLMCP_SECRETS_BLOCK=false
NLMCP_SECRETS_REDACT=true
NLMCP_CERT_PINNING=true
NLMCP_AUDIT_ENABLED=true
See SECURITY.md for complete configuration reference.
Security Scanning
Run MEDUSA security scanner:
npm run security-scan
Or integrate in CI/CD:
- name: Security Scan
run: npx @pan-sec/notebooklm-mcp && npm run security-scan
Comparison
| Feature |
Original |
This Fork |
| Zero-hallucination Q&A |
✅ |
✅ |
| Library management |
✅ |
✅ |
| Multi-client support |
✅ |
✅ |
| Create Notebooks Programmatically |
❌ |
✅ UNIQUE |
| Batch Create (10 notebooks at once) |
❌ |
✅ UNIQUE |
| Gemini Deep Research |
❌ |
✅ NEW |
| Gemini Query with Grounding |
❌ |
✅ NEW |
| Source Management (add/remove) |
❌ |
✅ |
| Audio Overview Generation |
❌ |
✅ |
| Sync from Local Directories |
❌ |
✅ |
| Cross-platform (Linux/macOS/Windows) |
⚠️ |
✅ |
| Post-quantum encryption |
❌ |
✅ |
| Secrets scanning |
❌ |
✅ |
| Certificate pinning |
❌ |
✅ |
| Memory scrubbing |
❌ |
✅ |
| Audit logging |
❌ |
✅ |
| MCP authentication |
❌ |
✅ |
| Prompt injection detection |
❌ |
✅ |
| Enterprise Compliance (GDPR/SOC2/CSSF) |
❌ |
✅ |
Version History
| Version |
Highlights |
| v1.8.0 |
Gemini Interactions API: Deep Research, Query with Grounding, Background Tasks |
| v1.7.0 |
Source management, batch operations, audio generation, webhooks |
| v1.6.0 |
Enterprise compliance: GDPR, SOC2 Type II, CSSF |
| v1.5.0 |
Cross-platform support (Windows ACLs, macOS, Linux) |
| v1.4.0 |
Post-quantum encryption, secrets scanning |
| v1.3.0 |
Certificate pinning, audit logging |
📄 License
This project is licensed under the MIT License, same as the original.
Security hardened with 🔒 by Pantheon Security
Powered by Google Gemini 🚀
Full Security Documentation • Compliance Guide • Report Vulnerability
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
