Related Pages

Related topics: Installation, Authentication, Transports & Multi-account, Tools, Local Library, Sessions & Citations, Configuration Reference, Browser Stealth & Common Failure Modes

Overview & System Architecture

notebooklm-mcp is an MCP (Model Context Protocol) server that lets CLI-based LLM agents — Claude Code, Codex, Cursor, LibreChat, Claude Desktop — interact with Google NotebookLM through Chrome automation. The server exposes NotebookLM's notebook library, conversational QA, source ingestion, and Audio Overview generation as standard MCP tools, so any compliant client can drive NotebookLM without bespoke adapters. Source: README.md

High-Level Architecture

The server is a single Node.js process that wires three layers together: a transport layer for MCP clients, a tool/handler layer that maps MCP tool calls to domain operations, and a browser-automation layer that drives the live NotebookLM web app. A persistent local library file holds notebook metadata, while a Chrome profile caches the user's Google session.

flowchart TB
    Client["MCP Client<br/>(Claude Code, Claude Desktop,<br/>Cursor, LibreChat, HTTP)"]
    Transport["Transport Layer<br/>stdio or Streamable-HTTP<br/>(--transport http --port 3000)"]
    Handlers["Tool Handlers<br/>src/tools/handlers.ts"]
    Library["NotebookLibrary<br/>src/library/notebook-library.ts<br/>(persistent JSON on disk)"]
    Browser["Browser Automation<br/>Patchright + persistent Chrome<br/>profile per --account"]
    NotebookLM["NotebookLM Web UI<br/>(notebooklm.google.com)"]

    Client -->|tools/list, tools/call| Transport
    Transport --> Handlers
    Handlers --> Library
    Handlers --> Browser
    Browser -->|DOM selectors| NotebookLM
    Browser -->|answer text + citations| Handlers
    Handlers -->|structured response| Client

Source: README.md, src/tools/definitions.ts

Core Subsystems

Transport and Tool Surface

The server can be launched in two transports. The default stdio transport is what Claude Desktop and most local agents use; the Streamable-HTTP transport (--transport http --port 3000) is used when multiple clients must share one server, and the v2.0.0 release introduced it specifically to resolve the "Already connected to a transport" error caused by the MCP SDK's 1:1 server-to-transport model. Source: CHANGELOG.md, README.md

The tool surface is assembled dynamically in buildToolDefinitions(library), which merges modules for notebook management, session management, system/diagnostics, sources, and a special ask_question tool whose description is rewritten at registration time to reflect the currently active notebook. Source: src/tools/definitions.ts, src/tools/definitions/ask-question.ts

Notebook Library

A persistent on-disk library (src/library/notebook-library.ts) stores NotebookEntry records containing id, URL, name, description, topics, content_types, use_cases, tags, and usage counters. Each entry has stable fields plus optional metadata; older library files that lack topics or use_cases are read defensively. Source: src/library/types.ts

The library also tracks an "active" notebook — the default target of ask_question — and exposes the count use_count for statistics. Library state is exposed to clients as MCP resources under the notebooklm://library/{id} URI template, plus a deprecated notebooklm://metadata resource kept for backward compatibility. Source: src/resources/resource-handlers.ts

Browser Automation and Source Ingestion

All NotebookLM interaction happens by driving a real Chrome instance via Patchright. The v2.0.0 stack replaces v1.x's selector-gated polling with a streaming-stability answer detector, and adds explicit source-ingestion tooling: add_source accepts a type of url (NotebookLM crawls the site) or text (treated as a copied document), verifies insertion by snapshotting .single-source-container counts before and after, and reports sourceCountBefore / sourceCountAfter. File, YouTube, and Google-Drive uploads are explicitly out of scope for v2.0.0. Source: src/notebooklm/sources.ts, src/tools/definitions/sources.ts, CHANGELOG.md

The ask_question tool delegates citation extraction to a dedicated module that reads the citation panel DOM, then sequentially clicks each numbered citation to capture an excerpt — sequential because parallel clicks would race the same DOM region. Source: src/notebooklm/citations.ts

Provenance and Safety

Because NotebookLM answers are synthesized from user-uploaded documents (which may be attacker-influenceable), every result carries a _provenance envelope plus an inline [AI-GENERATED via Gemini 2.5 ...] marker prefix. Both can be tuned via env vars: NOTEBOOKLM_AI_MARKER=false removes the prefix, and NOTEBOOKLM_AI_MARKER_PREFIX="..." overrides the text. The provenance payload declares provider: "google-notebooklm", model: "gemini-2.5", and grounding: "user-uploaded-documents". Source: src/utils/disclaimer.ts, CHANGELOG.md

Key Capabilities and Constraints

The following table summarizes what the system does and the limits it operates under. Source: README.md, CHANGELOG.md, package.json, src/tools/definitions/ask-question.ts

The library's free-tier cap (100 notebooks · 50 sources each · 50 queries/day) is documented inside tool descriptions, and Google AI Pro/Ultra raises these limits five-fold. Source: src/tools/definitions/notebook-management.ts, src/tools/definitions/ask-question.ts

See Also

• Configuration reference
• Tool reference
• Troubleshooting
• Usage guide
• CHANGELOG.md

Related Pages

Related topics: Overview & System Architecture, Tools, Local Library, Sessions & Citations, Configuration Reference, Browser Stealth & Common Failure Modes

Installation, Authentication, Transports & Multi-account

This page documents the four operational prerequisites every operator of notebooklm-mcp must handle before the first ask_question call: how to install the server, how to authenticate against Google NotebookLM, which transport to wire into the host agent, and how to manage multiple Google accounts in parallel.

Installation & Platform Support

The server is a TypeScript/Node.js process published to npm as notebooklm-mcp (v2.0.0 is the current line; v1 is no longer supported). The only runtime requirement declared in package.json is Node.js >= 18.0.0, and the production dependency set is intentionally narrow: @modelcontextprotocol/sdk, patchright, dotenv, env-paths, globby, and zod Source: [package.json:30-50].

Two install paths are supported Source: [README.md:35-60]:

• End-user path — npx notebooklm-mcp@latest. npx caches the binary and self-updates on @latest.
• From source — clone, npm install, npm run build, then run node dist/index.js. The prepare script invokes npm run build automatically so a fresh checkout is immediately runnable.

Platform support covers Linux, macOS, Windows, and WSL2+WSLg. WSL1 is explicitly rejected because it cannot launch Chromium. Headless Linux servers can still bootstrap — the one-time setup_auth must run under xvfb-run once; the persistent Chrome profile then allows every subsequent run to go fully headless. The README also documents a BROWSER_CHANNEL=chromium fallback that the server activates automatically when system Chrome refuses to launch (the original motivation was macOS Tahoe and Windows exit 21 failures) Source: [CHANGELOG.md:18-22].

Authentication

Authentication is delegated to a real Chrome instance controlled by Patchright (a stealth fork of Playwright). The server never sees Google credentials — the browser does — and the resulting session is persisted to disk so subsequent invocations skip the login dance.

The AuthManager in src/auth/auth-manager.ts is the single source of truth for login state. It maintains two file paths under CONFIG.browserStateDir (state.json for cookies/localStorage, a separate session file) and validates a fixed allow-list of critical Google cookies (SID, HSID, SSID, APISID, SAPISID, OSID, __Secure-OSID, __Secure-1PSID, __Secure-3PSID) plus a 24-hour state-file age check Source: [src/auth/auth-manager.ts:35-58]. Browser launches are wrapped in withChannel() and getPreferredChannel() so the server transparently falls back from system Chrome to bundled Patchright Chromium when Chrome is unavailable.

The user-facing surface is three MCP tools in src/tools/definitions/system.ts:

Community note (#49): the README's "call setup_auth" instruction left non-technical users unable to find the actual call site. The fix is to treat setup_auth as an MCP tool, not a CLI command — your agent invokes it from a chat, and it returns once the visible browser has been closed Source: [src/tools/definitions/system.ts:15-40].

Once authenticated, every ask_question response is tagged with a provenance envelope (provider: "google-notebooklm", model: "gemini-2.5", via: "chrome-automation", grounding: "user-uploaded-documents", ai_generated: true) so the host agent can distinguish LLM synthesis from deterministic retrieval Source: [src/utils/disclaimer.ts:18-32].

Transports

Two MCP transports are supported:

1. stdio (default) — the host agent spawns the server as a subprocess and talks to it over stdin/stdout. This is the path Claude Code, Cursor, and Codex use out of the box, and it sidesteps every concurrency issue the HTTP transport exposes.
2. Streamable-HTTP — the server listens on a TCP port. Useful for shared/remote deployments.

Community note (#56): the underlying MCP SDK Server object is strictly 1:1 with a single transport. If two clients try to attach to the same long-lived server process, the second one fails with Already connected to a transport. Call close() before connecting to a new transport, or use a separate Server instance. The supported workaround is one process per client, not client multiplexing.

The ask_question tool is also configurable in time: v1.x hard-coded a 60-second wait that produced frequent "deadline has elapsed" failures on slow URL crawls. v2.0.0 introduced ANSWER_TIMEOUT_MS (default raised to 600 s) plus a per-call browser_options.timeout_ms parameter Source: [CHANGELOG.md:24-26] — the relevant types are declared on AskQuestionResult in src/types.ts.

Multi-account & Configuration

Multi-account support (closed issue #2) is the headline operational feature added in v2.0.0. It is opt-in via the --account <name> CLI flag or the NOTEBOOKLM_ACCOUNT env var. Each account gets an isolated Chrome profile under ~/.local/share/notebooklm-mcp/accounts/<name>/, which means cookies, localStorage, and the active NotebookLM account are scoped per name and never leak across accounts Source: [CHANGELOG.md:15-18].

The full configuration surface, drawn from the README, the changelog, and the disclaimer utility, is summarised below.

The streaming-stability detector that sits behind ANSWER_TIMEOUT_MS is the v2.0.0 replacement for the v1.x div.thinking-message poll, which broke when NotebookLM removed that DOM node. Answers are now considered settled when the rendered text is identical across N consecutive 750 ms polls Source: [CHANGELOG.md:30-34].

Community note (#38): on Python-side tooling, the indirect docket → fakeredis chain can fail to import on Python builds that removed fakeredis.aioredis.FakeConnection. This is upstream of notebooklm-mcp (which is Node-only) and only affects hybrid Python wrappers; reinstalling pinned fakeredis resolves it.

See Also

• Tools & Tool Profiles — surface area exposed to the host agent
• Source Ingestion — how add_source interacts with the authenticated browser
• Migration from v1 — what changed between the v1 and v2 selector stacks

Related Pages

Related topics: Overview & System Architecture, Installation, Authentication, Transports & Multi-account, Configuration Reference, Browser Stealth & Common Failure Modes

Tools, Local Library, Sessions & Citations

Overview

notebooklm-mcp exposes Google NotebookLM through the Model Context Protocol. The surface a host agent actually sees is a flat set of MCP tools (defined under src/tools/definitions/), backed by three persistent state systems: a local notebook library stored on disk, session identifiers that thread multi-turn context through the NotebookLM web UI, and a citation extractor that turns the UI's inline footnote markers into structured JSON. v2.0.0 rewrote this stack end-to-end so it stops breaking every time NotebookLM ships a UI tweak (see CHANGELOG.md §[2.0.0]).

Source: CHANGELOG.md:9-60

Tool System

Definition aggregation

Tool schemas live in five sub-modules and are merged by buildToolDefinitions, which also dynamically rewrites the ask_question description based on whether a notebook is currently active in the library. Source: src/tools/definitions.ts:1-32

flowchart LR
  A[definitions.ts] --> B[ask-question.ts]
  A --> C[notebook-management.ts]
  A --> D[session-management.ts]
  A --> E[system.ts]
  A --> F[sources.ts]
  G[NotebookLibrary] --> A
  A --> H[MCP Server<br/>tools/list]

Dynamic `ask_question` description

buildAskQuestionDescription produces a context-rich prompt that includes the active notebook's name, description, topics, and use_cases (rendered with safe accessors because older library.json files may omit them — see issue #33). The "no active notebook" branch instead nudges the agent toward add_notebook / select_notebook. Source: src/tools/definitions/ask-question.ts:8-78

`add_source` and source types

v2.0.0 supports exactly two source kinds: url (NotebookLM crawls a website) and text (pasted content treated as a copied document). File, YouTube, and Google-Drive uploads are explicitly out of scope. The tool returns sourceCountBefore/sourceCountAfter for caller-side verification, since URL crawls can take 5–30 seconds. Source: src/tools/definitions/sources.ts:1-44, src/notebooklm/sources.ts:1-34

Local Library

Data model

The library is a single JSON document on disk with the shape defined in src/library/types.ts. It tracks per-notebook metadata, usage counters, and a single active_notebook_id. Source: src/library/types.ts:14-78

Notebook-management tools

The notebook-management.ts module exposes add_notebook, list_notebooks, update_notebook, get_notebook, remove_notebook, select_notebook, and search_notebooks. The add_notebook description enforces a five-step confirmation workflow: ask for description, topics, use cases, propose name, then call the tool only after explicit user confirmation. Required fields are url, name, description, and topics; everything else is optional. Free-tier limits (100 notebooks · 50 sources each · 50 queries/day) are surfaced in the same description. Source: src/tools/definitions/notebook-management.ts:1-90

`update_notebook` semantics

All metadata fields are full replacements, not appends. Pass only the fields you want to change; omitted fields are preserved. Source: src/tools/definitions/notebook-management.ts:96-130

Sessions

A "session" is the conversational thread NotebookLM maintains on its side for follow-up questions. The MCP surface maps it through session_id arguments on ask_question and a separate session-management tool group. The ask_question description explicitly tells the agent: *"Always prefer continuing an existing session for the same task"* — this preserves NotebookLM's session-RAG context so follow-ups build on prior answers instead of restarting the retrieval. Source: src/tools/definitions/ask-question.ts:32-58

The ask_question tool description also distinguishes three ways to point at a notebook: notebook_id (library entry), notebook_url (ad-hoc, not in library), or the default active notebook. Source: src/tools/definitions/ask-question.ts:70-78

Citations

Why citations exist

NotebookLM answers are LLM synthesis grounded on user-uploaded sources, including potentially poisoned documents. To help the host agent distinguish retrieval from synthesis, the citation extractor reads the DOM citation panel after an answer settles and produces a structured sources[] array. Source: src/utils/disclaimer.ts:1-26, src/notebooklm/citations.ts:1-36

`source_format` modes

ask_question accepts a source_format argument with four values:

Extras are extracted sequentially (not in parallel) because each click opens a source panel on the *currently active* citation, and the loop is capped at 1.5 s per excerpt to prevent a slow panel from blocking the whole batch. Source: src/notebooklm/citations.ts:21-50

Known follow-up failure

Issue #48 reports that a footnote-formatted answer leaves a cdk-overlay-container > div.citation-tooltip-text element hovering over the chat region. On the next ask_question call, Patchright's pointer is intercepted by the stale tooltip and the query textarea cannot be clicked. The extractCitations function includes a best-effort panel dismiss / refocus step at the end of the loop to mitigate this, but the workaround is heuristic. Source: src/notebooklm/citations.ts:48-56

Known Failure Modes (Community-Reported)

Source: CHANGELOG.md:23-58, community context above.

See Also

• README.md — installation, transports, requirements.
• CHANGELOG.md — full v2.0.0 release notes.
• docs/configuration.md, docs/tools.md, docs/troubleshooting.md, docs/usage-guide.md — referenced from the README as the canonical per-tool and per-env-var reference.

Related Pages

Related topics: Overview & System Architecture, Installation, Authentication, Transports & Multi-account, Tools, Local Library, Sessions & Citations

Configuration Reference, Browser Stealth & Common Failure Modes

This page documents the configuration surface of [email protected], the browser-stealth subsystem that keeps the underlying Patchright Chromium session indistinguishable from a human user, and the most common failure modes users encounter in the wild (drawn from GitHub issues).

1. Configuration Reference

Defaults are defined in src/config.ts and overridden by environment variables, CLI flags, or MCP transport params. The runtime requires Node.js ≥ 18 (package.json).

Key environment variables

The runtime also exposes a profile-strategy block (profileStrategy, cloneProfileOnIsolated, instanceProfileTtlHours, instanceProfileMaxCount) used to manage ephemeral per-task Chrome profiles — see src/config.ts for the full schema.

Why the viewport matters

The README and src/config.ts flag that NotebookLM switches to a tab-based mobile layout below ~1280 px. The Studio panel is then offscreen on a non-active tab and selectors that rely on isVisible() falsely report "not started". The shipped default 1920x1080 keeps the three-pane layout always rendered.

2. Browser Stealth & Robustness

The stealth subsystem (src/utils/stealth-utils.ts) generates human-like behaviour so Google's bot detection does not flag the automated session. It exposes four primitives:

• Human-like typing — WPM controlled by CONFIG.typingWpmMin/Max, with random per-character jitter and occasional typo-and-correction.
• Bezier-curve mouse movement with jitter — the cursor does not teleport to the target; it travels along a randomised curve.
• Normal-distribution random delays (Box-Muller transform) for action spacing — instead of uniform setTimeout.
• Smooth scrolling and reading pauses to mimic content review before submit.

A configuration toggle stealthEnabled (default true) and stealthRandomDelays (default true) gate the layer globally (src/config.ts).

Multilingual selector strategy

NotebookLM is shipped in dozens of locales. src/notebooklm/selectors.ts anchors DOM access with strict priority:

1. Class names (e.g. .add-source-button, .single-source-container, .submit-button) — Angular component selectors, identical across locales.
2. Material-Symbols icon names (e.g. audio_magic_eraser, content_paste, link, upload, download) — Google ships the literal icon name as the text node of <mat-icon> in every locale, making them 100 % language-agnostic.
3. role="dialog", role="button" — set synchronously by Angular, so no race against the .mdc-dialog--open animation class.
4. Locale-bound aria-label and visible text — last resort; the table covers EN, DE, FR, ES, PT, IT, NL, JA. Missing a locale is non-fatal because the class/icon anchors fire first.

Last verified 2026-05 against the live layout on DE and EN locales.

3. Provenance & Source Attribution

To make downstream agents distinguish deterministic retrieval from LLM synthesis, every ask_question result carries a _provenance envelope plus an inline AI-marker prefix (src/utils/disclaimer.ts). The envelope hard-codes provider: "google-notebooklm", model: "gemini-2.5", via: "chrome-automation", grounding: "user-uploaded-documents", ai_generated: true.

Source-citation extraction uses a separate source_format argument (none, inline, footnotes, json) that reads the DOM citation panel after the streaming answer settles (closes #20). Note that add_source supports only url and text in v2.0.0 (src/tools/definitions/sources.ts, src/notebooklm/sources.ts). File, YouTube, and Google-Drive ingestion are intentionally out of scope.

4. Common Failure Modes

The following failure modes have been reported in the issue tracker and are addressed (or partially addressed) in v2.0.0.

4.1 Startup crash — `Server does not support completions`

Fixed in v1.2.1 by adding the missing completions: {} capability to the server config (PR #10). Affects Claude Desktop and other MCP clients. Closes #5, #6, #9, #12.

4.2 `ask_question` timeouts

v1.x hard-coded a 60-second answer wait and broke when NotebookLM removed the div.thinking-message element (#50, #14). v2.0.0 replaces selector-gated polling with streaming-stability detection (the text must match across N consecutive 750 ms polls). The default wait is now ANSWER_TIMEOUT_MS=600000 ms.

4.3 `add_source` silent-drop / empty-notebook bootstrap catch-22

After the first source is added to a brand-new notebook, the DOM may not yet reflect the new count within the polling window. v2.0.0 uses count-based verification (sourceCountBefore vs sourceCountAfter returned to the caller) and polls up to 90 s for URL crawls (src/notebooklm/sources.ts). See #46.

4.4 Citation tooltip intercepts pointer events

After a footnote-formatted answer, NotebookLM leaves a cdk-overlay-container > div.citation-tooltip-text element hovering over the chat region. The next ask_question call can be intercepted by it. Tracked in #48. Workaround: dismiss the overlay programmatically before the next submit, or request source_format: "none".

4.5 Non-ASCII notebook titles

Older Python-side ASCII encoders crashed on Czech / Cyrillic / accented titles with 'ascii' codec can't encode characters… (#59). The TypeScript rewrite uses UTF-8 throughout, so titles in any language are accepted.

4.6 HTTP transport — multiple clients get "Already connected to a transport"

The MCP SDK's Server object is 1:1 with its transport (#56). When using --transport http --port 3000, each connecting client must trigger a fresh server instance, or the second connection is rejected. The v2.0.0 HTTP transport uses StreamableHTTPServerTransport with the spec's session-header model so multiple clients can share one process — verified by closing #4 and #7.

4.7 `setup_auth` onboarding is undocumented

The README says "call setup_auth" without explaining how (#49). The correct procedure is to launch the MCP server once on a host that has a display (or under xvfb-run -a npx notebooklm-mcp on a headless Linux server), complete the Google login in the visible window, then exit. The persistent Chrome profile lets every subsequent run go fully headless.

4.8 Outdated `download_audio` selector

Audio Studio selectors drifted and the v1.x download_audio broke. The selector/extraction/browser-lifecycle stack is rewritten end-to-end in v2.0.0 (closes the v1.x backlog including #46).

5. v2.0.0 Migration Notes

Defaults that changed from v1 → v2 (per CHANGELOG.md):

• ANSWER_TIMEOUT_MS is now 600 000 (was hard-coded 120 000). Pin explicitly if you want a 2-minute fail-fast.
• NOTEBOOKLM_FOLLOW_UP_REMINDER is off by default. Re-enable to keep v1 behaviour.
• The follow-up reminder string itself was rewritten alongside the multilingual rewrite.
• New Streamable-HTTP transport via --transport http --port 3000.
• add_source, generate_audio, download_audio, and the source_format argument on ask_question are new tools/args.

See Also

• Tools Reference — full per-tool schemas, examples, return shapes.
• Usage Guide — end-to-end walkthroughs for the common workflows.
• Troubleshooting — additional failure modes and fixes.
• CHANGELOG.md — full release history.

Doramagic Pitfall Log

Found 14 structured pitfall item(s), including 4 high/blocking item(s). Top priority: Configuration risk - Configuration risk requires verification.

1. Configuration risk: Configuration risk requires verification

• Severity: high
• Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/PleasePrompto/notebooklm-mcp/issues/48

2. Security or permission risk: Security or permission risk requires verification

• Severity: high
• Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/PleasePrompto/notebooklm-mcp/issues/49

3. Security or permission risk: Security or permission risk requires verification

• Severity: high
• Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/PleasePrompto/notebooklm-mcp/issues/46

4. Security or permission risk: Security or permission risk requires verification

• Severity: high
• Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/PleasePrompto/notebooklm-mcp/issues/50

5. Installation risk: Installation risk requires verification

• Severity: medium
• Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/PleasePrompto/notebooklm-mcp/issues/56

6. Installation risk: Installation risk requires verification

• Severity: medium
• Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/PleasePrompto/notebooklm-mcp/issues/38

7. Configuration risk: Configuration risk requires verification

• Severity: medium
• Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: capability.host_targets | https://github.com/PleasePrompto/notebooklm-mcp

8. Capability evidence risk: Capability evidence risk requires verification

• Severity: medium
• Finding: README/documentation is current enough for a first validation pass.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: capability.assumptions | https://github.com/PleasePrompto/notebooklm-mcp

9. Runtime risk: Runtime risk requires verification

• Severity: medium
• Finding: Project evidence flags a runtime risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: community_evidence:github | https://github.com/PleasePrompto/notebooklm-mcp/issues/59

10. Maintenance risk: Maintenance risk requires verification

• Severity: medium
• Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: evidence.maintainer_signals | https://github.com/PleasePrompto/notebooklm-mcp

11. Security or permission risk: Security or permission risk requires verification

• Severity: medium
• Finding: no_demo
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: downstream_validation.risk_items | https://github.com/PleasePrompto/notebooklm-mcp

12. Security or permission risk: Security or permission risk requires verification

• Severity: medium
• Finding: no_demo
• User impact: May increase setup, validation, or first-run risk for the user.
• Recommended check: Reproduce the official install and quickstart path in an isolated environment.
• Evidence: risks.scoring_risks | https://github.com/PleasePrompto/notebooklm-mcp

Community Discussion Evidence

Doramagic exposes project-level community discussion separately from official documentation. Review these links before using notebooklm-mcp with real data or production workflows.

• Non-ASCII characters in notebook titles - github / github_issue
• HTTP transport: "Already connected to a transport" error with multiple c - github / github_issue
• Three failure modes blocking autonomous corpus refresh: empty-notebook b - github / github_issue
• ask_question times out even though NotebookLM visibly returns an answer - github / github_issue
• How to call auth, "onboarding" step missing in Readme. - github / github_issue
• ask_question fails on follow-up call: citation tooltip from prior answer - github / github_issue
• `ImportError: cannot import name 'FakeConnection' from 'fakeredis.aiored - github / github_issue
• v2.0.0 — multilingual rewrite, async audio, MCP-spec descriptions - github / github_release
• v1.2.1 - Completions Capability Fix - github / github_release
• v1.2.0 - Tool Profiles & LibreChat Fix - github / github_release
• v1.1.2 - First Stable Release - github / github_release
• Configuration risk requires verification - GitHub / issue