npm - @pan-sec/notebooklm-mcp - Versions diffs - 2026.1.4 → 2026.1.6 - Mend

@pan-sec/notebooklm-mcp 2026.1.4 → 2026.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +106 -2
package/docs/MCP-DIRECTORY-LISTINGS.md +91 -0
package/docs/SECURITY-FORK-OPPORTUNITIES.md +79 -0
package/package.json +3 -1
package/server.json +20 -0

package/README.md CHANGED Viewed

@@ -580,9 +580,106 @@ Add to `~/.cursor/mcp.json`:
 ```
 </details>
+<details>
+<summary>Google Antigravity</summary>
+Add to `~/.gemini/antigravity/mcp_config.json` (macOS/Linux) or `%USERPROFILE%\.gemini\antigravity\mcp_config.json` (Windows):
+```json
+{
+  "mcpServers": {
+    "notebooklm": {
+      "command": "npx",
+      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"]
+    }
+  }
+}
+```
+With optional env vars:
+```json
+{
+  "mcpServers": {
+    "notebooklm": {
+      "command": "npx",
+      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
+      "env": {
+        "GEMINI_API_KEY": "your-gemini-api-key"
+      }
+    }
+  }
+}
+```
+> **Note:** Antigravity does NOT support `${workspaceFolder}` variables. Use absolute paths.
+</details>
+<details>
+<summary>OpenCode</summary>
+Add to `~/.config/opencode/opencode.json` (global) or `opencode.json` in project root:
+```json
+{
+  "$schema": "https://opencode.ai/config.json",
+  "mcp": {
+    "notebooklm": {
+      "type": "local",
+      "command": ["npx", "-y", "@pan-sec/notebooklm-mcp@latest"],
+      "enabled": true,
+      "environment": {
+        "GEMINI_API_KEY": "your-gemini-api-key"
+      }
+    }
+  }
+}
+```
+> **Note:** OpenCode uses `"mcp"` (not `"mcpServers"`) and `"command"` is an array.
+</details>
+<details>
+<summary>Windsurf</summary>
+Add to `~/.codeium/windsurf/mcp_config.json`:
+```json
+{
+  "mcpServers": {
+    "notebooklm": {
+      "command": "npx",
+      "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
+      "env": {
+        "GEMINI_API_KEY": "your-gemini-api-key"
+      }
+    }
+  }
+}
+```
+</details>
+<details>
+<summary>VS Code + Copilot</summary>
+Add to your VS Code `settings.json`:
+```json
+{
+  "mcp": {
+    "servers": {
+      "notebooklm": {
+        "command": "npx",
+        "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
+        "env": {
+          "GEMINI_API_KEY": "your-gemini-api-key"
+        }
+      }
+    }
+  }
+}
+```
+</details>
 <details>
 <summary>Other MCP Clients</summary>
+Most MCP clients use this standard format:
 ```json
 {
   "mcpServers": {
@@ -590,14 +687,21 @@ Add to `~/.cursor/mcp.json`:
       "command": "npx",
       "args": ["-y", "@pan-sec/notebooklm-mcp@latest"],
       "env": {
-        "NLMCP_AUTH_ENABLED": "true",
-        "NLMCP_AUTH_TOKEN": "your-secure-token",
         "GEMINI_API_KEY": "your-gemini-api-key"
       }
     }
   }
 }
 ```
+**Common config locations:**
+| Client | Config File |
+|--------|-------------|
+| Claude Desktop | `~/.config/claude/claude_desktop_config.json` |
+| Cursor | `~/.cursor/mcp.json` |
+| Antigravity | `~/.gemini/antigravity/mcp_config.json` |
+| OpenCode | `~/.config/opencode/opencode.json` |
+| Windsurf | `~/.codeium/windsurf/mcp_config.json` |
 </details>
 ---

package/docs/MCP-DIRECTORY-LISTINGS.md ADDED Viewed

@@ -0,0 +1,91 @@
+# MCP Directory Listings Tracker
+Track where `@pan-sec/notebooklm-mcp` is listed and submission progress.
+**Last Updated:** 2026-01-24
+---
+## Current Listings
+| Directory | Status | URL | Notes |
+|-----------|--------|-----|-------|
+| [Official MCP Registry](https://registry.modelcontextprotocol.io/) | ✅ Listed | io.github.Pantheon-Security/notebooklm-mcp-secure | Published 2026-01-24 |
+| [Glama.ai](https://glama.ai/mcp/servers) | ✅ Listed | [View Listing](https://glama.ai/mcp/servers/@Pantheon-Security/notebooklm-mcp-secure) | Auto-indexed from GitHub |
+| [PulseMCP](https://www.pulsemcp.com/servers) | ✅ Listed | [View Listing](https://www.pulsemcp.com/servers/pantheon-security-notebooklm-secure) | Auto-indexed, #601 this week |
+| [awesome-mcp-servers](https://github.com/punkpeye/awesome-mcp-servers) | ⏳ PR Pending | [PR #1735](https://github.com/punkpeye/awesome-mcp-servers/pull/1735) | Submitted 2026-01-24 |
+---
+## Pending Submissions
+### Priority 2: Good Visibility
+#### MCP.so
+- **URL:** https://mcp.so/
+- **Submit via:** https://github.com/chatmcp/mcpso
+- **Status:** ⏳ Not submitted
+- **Notes:** Popular directory with call ranking leaderboard.
+#### MCPServers.org
+- **URL:** https://mcpservers.org/
+- **Submit via:** Unknown - check site
+- **Status:** ⏳ Not submitted
+- **Notes:** Has original notebooklm-mcp, not secure fork.
+#### mcp-get.com
+- **URL:** https://mcp-get.com/
+- **Submit via:** Package registry submission
+- **Status:** ⏳ Not submitted
+- **Notes:** Package manager style directory.
+### Requires Hosted Server
+#### Smithery.ai
+- **URL:** https://smithery.ai/
+- **Status:** ❌ Requires remote hosting
+- **Notes:** Server/Client style MCP. Would need to deploy notebooklm-mcp as a hosted service.
+### Priority 3: Niche/Emerging
+#### Azure API Center
+- **URL:** https://learn.microsoft.com/en-us/azure/api-center/register-discover-mcp-server
+- **Submit via:** Azure portal
+- **Status:** ⏳ Not applicable yet
+- **Notes:** Enterprise Azure integration. Consider for enterprise customers.
+#### awesome-devops-mcp-servers
+- **URL:** https://github.com/rohitg00/awesome-devops-mcp-servers
+- **Submit via:** Pull Request
+- **Status:** ⏳ Not submitted
+- **Notes:** DevOps focused list. May not be relevant.
+---
+## Completed
+- [x] Official MCP Registry - Published 2026-01-24
+- [x] Glama.ai - Auto-listed
+- [x] PulseMCP - Auto-indexed
+- [x] awesome-mcp-servers - PR #1735 submitted
+---
+## Related Projects
+| Project | Directories Listed |
+|---------|-------------------|
+| [chrome-mcp-secure](https://github.com/Pantheon-Security/chrome-mcp-secure) | awesome-mcp-servers ✅ |
+| [notebooklm-mcp-secure](https://github.com/Pantheon-Security/notebooklm-mcp-secure) | Official Registry ✅, Glama ✅, PulseMCP ✅ |
+---
+## Stats
+- **PulseMCP Rank:** #601 this week, #3,227 global
+- **GitHub Stars:** 14
+- **npm:** @pan-sec/notebooklm-mcp v2026.1.5
+---
+*This document tracks MCP directory listings for visibility and discoverability.*

package/docs/SECURITY-FORK-OPPORTUNITIES.md ADDED Viewed

@@ -0,0 +1,79 @@
+# Security Fork Opportunities
+MCP servers that could benefit from Pantheon Security hardening.
+**Last Updated:** 2026-01-24
+---
+## High Priority (High Traffic + High Risk)
+| Rank | Server | Weekly Visitors | Security Gaps | Effort |
+|------|--------|-----------------|---------------|--------|
+| #4 | **Filesystem** (Anthropic) | 193K | No sandboxing, no path validation, no audit logging | Medium |
+| #18 | **PostgreSQL** (Anthropic) | 31.8K | SQL injection risk, no query validation, no audit trails | Medium |
+| #17 | **MongoDB** (MongoDB Inc.) | 35.6K | NoSQL injection, data exfiltration, no encryption | Medium |
+| #12 | **Git** (Anthropic) | 66.8K | Command execution, credential exposure, repo tampering | Medium |
+| #19 | **Supabase** (Supabase) | 40.5K | Database + auth, credential exposure, API key leaks | High |
+---
+## Medium Priority (Good Traffic + Moderate Risk)
+| Rank | Server | Weekly Visitors | Security Gaps | Effort |
+|------|--------|-----------------|---------------|--------|
+| #3 | **Fetch** (Anthropic) | 249K | URL validation, SSRF risks, data exfiltration | Low |
+| #7 | **Claude Flow** (ruvnet) | 163K | Agent orchestration, prompt injection, privilege escalation | High |
+| #8 | **Playwriter** (Community) | 129K | Browser automation, credential capture, DOM injection | Medium |
+| #20 | **Notion** (Notion) | 26.7K | API key exposure, data access logging | Low |
+| #16 | **Zapier** (Zapier) | 48.9K | 8000+ app integrations, credential management | High |
+---
+## Already Covered
+| Server | Pantheon Fork | Status |
+|--------|---------------|--------|
+| Chrome/Playwright | [chrome-mcp-secure](https://github.com/Pantheon-Security/chrome-mcp-secure) | ✅ Published |
+| NotebookLM | [notebooklm-mcp-secure](https://github.com/Pantheon-Security/notebooklm-mcp-secure) | ✅ Published |
+---
+## Security Layers to Add
+Standard Pantheon Security hardening:
+1. **Input Validation** - Zod schemas, path traversal prevention
+2. **Audit Logging** - Hash-chained logs, SIEM integration
+3. **Post-Quantum Encryption** - ML-KEM-768 + ChaCha20-Poly1305
+4. **Credential Protection** - Secrets scanning, memory scrubbing
+5. **Rate Limiting** - Abuse prevention
+6. **Compliance Tools** - GDPR consent, SOC2 evidence, CSSF retention
+7. **Session Security** - Timeouts, MCP authentication
+8. **Response Validation** - Output sanitization
+---
+## Recommended First Target
+**filesystem-mcp-secure**
+- Highest risk (direct file system access)
+- Large user base (193K weekly)
+- Clear value prop: "Secure file access with sandboxing and audit trails"
+- Anthropic's official = credibility for fork
+---
+## Research Links
+| Server | GitHub |
+|--------|--------|
+| Filesystem | https://github.com/modelcontextprotocol/servers/tree/main/src/filesystem |
+| PostgreSQL | https://github.com/modelcontextprotocol/servers/tree/main/src/postgres |
+| Git | https://github.com/modelcontextprotocol/servers/tree/main/src/git |
+| MongoDB | https://github.com/mongodb/mcp-server |
+| Fetch | https://github.com/modelcontextprotocol/servers/tree/main/src/fetch |
+---
+*Track progress and prioritize based on enterprise customer demand.*

package/package.json CHANGED Viewed

@@ -1,6 +1,7 @@
 {
   "name": "@pan-sec/notebooklm-mcp",
-  "version": "2026.1.4",
+  "version": "2026.1.6",
+  "mcpName": "io.github.Pantheon-Security/notebooklm-mcp-secure",
   "description": "Security-hardened MCP server for NotebookLM API with enterprise compliance (GDPR, SOC2, CSSF)",
   "type": "module",
   "bin": {
@@ -47,6 +48,7 @@
   },
   "files": [
     "dist",
+    "server.json",
     "README.md",
     "SECURITY.md",
     "LICENSE",

package/server.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
+  "name": "io.github.Pantheon-Security/notebooklm-mcp-secure",
+  "description": "Security-hardened NotebookLM MCP with post-quantum encryption",
+  "version": "2026.1.6",
+  "repository": {
+    "url": "https://github.com/Pantheon-Security/notebooklm-mcp-secure",
+    "source": "github"
+  },
+  "packages": [
+    {
+      "registryType": "npm",
+      "identifier": "@pan-sec/notebooklm-mcp",
+      "version": "2026.1.6",
+      "transport": {
+        "type": "stdio"
+      }
+    }
+  ]
+}