Pantheon-Security/notebooklm-mcp-secure

v2026.2.9 Breaking

This release includes breaking changes for platform teams planning a safe upgrade.

Published 3mo MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai automation browser-automation claude google llm

+5 more

mcp model-context-protocol notebooklm research typescript

Affected surfaces

auth

Summary

AI summary

Fixed recurring auth loss by removing unconditional clearAllAuthData() call and adding stack trace logging.

Full changelog

Critical Bug Fix

Root Cause

performSetup called clearAllAuthData() unconditionally at startup — before Chrome even opened. If Chrome failed to launch or the user didn't complete login within the timeout, all auth credentials were already destroyed with no recovery path.

This was the final source of recurring auth loss.

Changes

Removed clearAllAuthData() from performSetup — Chrome re-login overwrites cookies without needing to delete first. For account switching, call clearAllAuthData() explicitly before invoking setup_auth
Added stack trace logging to clearAllAuthData() so every call is traceable in server logs with the exact caller location

Upgrade Notes

Auth is now stable across session restarts. Use auth-now.mjs in the project root for initial authentication or re-authentication.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Pantheon-Security/notebooklm-mcp-secure

Get notified when new releases ship.

About Pantheon-Security/notebooklm-mcp-secure

Security-hardened NotebookLM MCP with post-quantum encryption (ML-KEM-768), GDPR/SOC2/CSSF compliance, and 14 security layers. Query Google's Gemini-grounded research from Claude and AI agents.

All releases →