Pantheon-Security/notebooklm-mcp-secure

v2026.3.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Security & Auth

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai automation browser-automation claude google llm

+5 more

mcp model-context-protocol notebooklm research typescript

Affected surfaces

auth

Summary

AI summary

All remaining low‑severity security audit items resolved, bringing the total closed issues to 334.

Full changelog

Security Audit Complete — All 334 Issues Resolved

This release closes the full 334-item security audit end-to-end. v2026.3.0 closed every critical, high, and medium issue. This release closes all remaining low-severity items plus the three intentionally-deferred items, and cleans internal process documents out of the repository.

By the numbers:

Tests: 609 → 643 across 52 test files
npx tsc --noEmit — clean
npm audit — 0 vulnerabilities
npm: @pan-sec/[email protected]

Security & Validation

Notebook ID validation centralised — validateNotebookId() used everywhere (I107, I108)
delete_document confirm guard — destructive tool requires confirm: true (I078, I331)
Auth startup transparency — effective auth state logged on startup (I118, I314)
Optional token rotation via NLMCP_AUTH_ROTATION_INTERVAL_HOURS (I119)
Login retry — page.goto timeout retries once before throwing (I126)
Startup tool coverage check — phantom TOOLS_REQUIRING_AUTH entries removed (I313)
Secrets scanner — Bearer token pattern broadened to any opaque token ≥ 20 chars (I189)
Audit hash chain — previousHash advanced only after write succeeds (I228)
File lock liveness — forceUnlock treats EPERM as "process alive" (I296)

Protocol & API

All error paths include data: null for consistent shape (I095, I330)
Duplicate title fields removed from all annotations blocks (I041)
Empty arguments: [] removed from prompt definitions (I109)
parseArray now splits on comma and semicolon (I028)
Raw notebook URLs never leak in thrown errors (I173, I332)
Webhook error classification — errors classified as timeout, dns_or_connect, or network; DNS failures skip retries; errorKind in all log messages (I281)

Code Quality

Repeated notebook URL resolution deduplicated into resolveNotebookUrl() (I093, I094)
clickAddSource and addFileSource split into focused helpers (I166, I167)
findElement/waitForElement relocated to src/utils/page-utils.ts (I149)
Discovery scripts relocated — run-discovery.ts and selector-discovery.ts moved to scripts/; npm run discover-selectors added (I171)

Test Coverage

Handler smoke tests — session-management (6), ask-question (3), notebook-creator (+3) via injected mocks; no browser required (I305)
Webhook error classification — DNS cause-chain classification and single-attempt behaviour verified (I281)
validateNotebookId, data: null shape, delete_document guard, sanitized throws, log rotation, RateLimiter memory bound, clampInteger (I329–I332, I302–I304)

Repository Cleanup

Removed internal process documents (CODEX_BATCH*.md, ISSUES.md, OUTSTANDING.md, medusa-fp-analysis.md)
.gitignore extended to cover tooling artifacts and internal document patterns

Security Fixes

Resolved all remaining low‑severity security audit items (334 total) — specific CVE IDs not listed in the changelog

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Pantheon-Security/notebooklm-mcp-secure

Get notified when new releases ship.

About Pantheon-Security/notebooklm-mcp-secure

Security-hardened NotebookLM MCP with post-quantum encryption (ML-KEM-768), GDPR/SOC2/CSSF compliance, and 14 security layers. Query Google's Gemini-grounded research from Claude and AI agents.

All releases →