@pan-sec/notebooklm-mcp 2026.3.2 → 2026.4.0

package/dist/logging/query-logger.js

@@ -37,8 +37,6 @@ function generateQueryId() {
     return crypto.randomBytes(8).toString("hex");
 }
 const MAX_LOG_FILE_BYTES = 100 * 1024 * 1024; // 100 MB per daily file (I232)
-const TRUNCATED_FIELD_LENGTH = 500;
-const TRUNCATED_SUFFIX = "...[truncated]";
 /**
  * Query Logger Class
  *
@@ -56,6 +54,19 @@ export class QueryLogger {
      * severity so we don't redact legitimate base64 payloads (images, PDFs,
      * JWT payloads) that frequently appear in NotebookLM answers. Real
      * credentials live at critical/high/medium severity.
+     *
+     * ACCEPTED RISK (L11): the only `severity: "low"` rule in the scanner is the
+     * "High Entropy String" pattern (/\b[A-Za-z0-9+/]{32,}={0,2}\b/, see
+     * secrets-scanner.ts). It is DELIBERATELY NOT redacted at rest because
+     * NotebookLM answers routinely contain long, high-entropy base64 that is NOT
+     * a secret — inline image/PDF data-URIs, JWT payload segments, GCS object
+     * names, CSRF tokens, document hashes. Redacting at "low" would shred this
+     * legitimate research content (high false-positive rate) for marginal gain:
+     * genuine credentials (API keys, bearer tokens, private keys, connection
+     * strings) already match dedicated critical/high/medium rules and are
+     * redacted regardless. The base64 false-positive cost outweighs the residual
+     * risk of an unstructured low-confidence entropy hit slipping through, so the
+     * threshold stays at "medium" by design.
      */
     scanner = new SecretsScanner({ minSeverity: "medium" });
     stats = {
@@ -91,14 +102,25 @@ export class QueryLogger {
     cleanOldLogs() {
         try {
             const files = fs.readdirSync(this.config.logDir);
+            // Filenames are UTC dates (toISOString) and new Date("YYYY-MM-DD") parses as
+            // UTC midnight, so compute the cutoff at UTC midnight too — using local
+            // setDate/getDate would skew the comparison by up to a day near TZ boundaries (L13).
             const cutoffDate = new Date();
-            cutoffDate.setDate(cutoffDate.getDate() - this.config.retentionDays);
+            cutoffDate.setUTCHours(0, 0, 0, 0);
+            cutoffDate.setUTCDate(cutoffDate.getUTCDate() - this.config.retentionDays);
             let deletedCount = 0;
             for (const file of files) {
                 if (!file.startsWith("query-log-") || !file.endsWith(".jsonl"))
                     continue;
-                // Extract date from filename (query-log-YYYY-MM-DD.jsonl)
+                // Extract date from filename (query-log-YYYY-MM-DD.jsonl). The fixed-width
+                // slice(10,20) yields "YYYY-MM-DD" for both base and rotated
+                // (query-log-DATE.NNN.jsonl) names, so this guard does NOT exclude rotated files
+                // from retention — it only rejects genuinely malformed names before feeding
+                // new Date, which would otherwise parse to Invalid Date or a misread cutoff (L13).
+                // Matches audit-logger's guard.
                 const dateStr = file.slice(10, 20);
+                if (!/^\d{4}-\d{2}-\d{2}$/.test(dateStr))
+                    continue;
                 const fileDate = new Date(dateStr);
                 if (fileDate < cutoffDate) {
                     fs.unlinkSync(path.join(this.config.logDir, file));
@@ -131,7 +153,13 @@ export class QueryLogger {
                 if (this.currentLogFile !== expectedFile) {
                     this.currentLogFile = expectedFile;
                 }
-                // Enforce per-file size cap (I232) — truncate fields if approaching limit
+                // Enforce per-file size cap (I232). When the cap would be exceeded we ROTATE to
+                // a sequence-suffixed file (query-log-DATE.NNN.jsonl) instead of silently
+                // truncating Q&A content (M9) — the old behaviour permanently lost research
+                // data with no record. Each rotation emits a mandatory log.warning so the event
+                // is visible. The current file size is re-read after each rotation; the next
+                // suffix is determined by scanning the directory so the cap holds across writers
+                // and process restarts (per-process counters did not).
                 let currentFileSize = (() => {
                     try {
                         return fs.statSync(this.currentLogFile).size;
@@ -140,29 +168,65 @@ export class QueryLogger {
                         return 0;
                     }
                 })();
-                const lines = batch.map((e) => {
+                const linesToWrite = [];
+                for (const e of batch) {
                     const serialized = JSON.stringify(e);
                     const entryBytes = Buffer.byteLength(serialized + "\n");
-                    if (currentFileSize + entryBytes > MAX_LOG_FILE_BYTES) {
-                        const truncated = {
-                            ...e,
-                            question: e.question.slice(0, TRUNCATED_FIELD_LENGTH) + TRUNCATED_SUFFIX,
-                            answer: e.answer.slice(0, TRUNCATED_FIELD_LENGTH) + TRUNCATED_SUFFIX,
-                        };
-                        const ts = JSON.stringify(truncated);
-                        currentFileSize += Buffer.byteLength(ts + "\n");
-                        return ts;
+                    if (currentFileSize > 0 && currentFileSize + entryBytes > MAX_LOG_FILE_BYTES) {
+                        // Flush what we have to the current file before rotating.
+                        if (linesToWrite.length > 0) {
+                            appendFileSecure(this.currentLogFile, linesToWrite.join("\n") + "\n", PERMISSION_MODES.OWNER_READ_WRITE);
+                            linesToWrite.length = 0;
+                        }
+                        const rotatedFile = this.nextRotatedFile(today);
+                        log.warning(`⚠️ Query log ${path.basename(this.currentLogFile)} reached ${MAX_LOG_FILE_BYTES} byte cap — rotating to ${path.basename(rotatedFile)} (no content truncated)`);
+                        this.currentLogFile = rotatedFile;
+                        currentFileSize = (() => {
+                            try {
+                                return fs.statSync(this.currentLogFile).size;
+                            }
+                            catch {
+                                return 0;
+                            }
+                        })();
                     }
+                    linesToWrite.push(serialized);
                     currentFileSize += entryBytes;
-                    return serialized;
-                }).join("\n") + "\n";
-                appendFileSecure(this.currentLogFile, lines, PERMISSION_MODES.OWNER_READ_WRITE);
+                }
+                if (linesToWrite.length > 0) {
+                    appendFileSecure(this.currentLogFile, linesToWrite.join("\n") + "\n", PERMISSION_MODES.OWNER_READ_WRITE);
+                }
             }
         }
         finally {
             this.isWriting = false;
         }
     }
+    /**
+     * Determine the next sequence-suffixed log file for `date` when the base file (or a
+     * prior rotation) has hit the size cap (M9). Scans the directory for the highest
+     * existing query-log-DATE.NNN.jsonl suffix and returns the next one, so rotation is
+     * correct across writers and restarts rather than relying on a per-process counter.
+     */
+    nextRotatedFile(date) {
+        let maxSeq = 0;
+        try {
+            const re = new RegExp(`^query-log-${date}\\.(\\d{3})\\.jsonl$`);
+            for (const f of fs.readdirSync(this.config.logDir)) {
+                const m = f.match(re);
+                if (m) {
+                    const seq = parseInt(m[1], 10);
+                    if (seq > maxSeq)
+                        maxSeq = seq;
+                }
+            }
+        }
+        catch (err) {
+            log.debug(`query-logger: scanning for rotated files: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        const nextSeq = String(maxSeq + 1).padStart(3, "0");
+        return path.join(this.config.logDir, `query-log-${date}.${nextSeq}.jsonl`);
+    }
     /**
      * Log a query (Q&A pair).
      *
@@ -216,8 +280,23 @@ export class QueryLogger {
      * Get all queries for a specific date (YYYY-MM-DD)
      */
     async getQueriesForDate(date) {
-        const logFile = path.join(this.config.logDir, `query-log-${date}.jsonl`);
-        return this.readLogFile(logFile);
+        // Include any size-cap rotations for the day (query-log-DATE.NNN.jsonl), not just
+        // the base file, so rotated entries are not missed (M9).
+        const baseFile = path.join(this.config.logDir, `query-log-${date}.jsonl`);
+        const entries = this.readLogFile(baseFile);
+        const rotatedRe = new RegExp(`^query-log-${date}\\.\\d{3}\\.jsonl$`);
+        try {
+            const rotated = fs.readdirSync(this.config.logDir)
+                .filter(f => rotatedRe.test(f))
+                .sort();
+            for (const f of rotated) {
+                entries.push(...this.readLogFile(path.join(this.config.logDir, f)));
+            }
+        }
+        catch (err) {
+            log.debug(`query-logger: reading rotated files for date ${date}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        return entries;
     }
     /**
      * Get recent queries
@@ -279,6 +358,11 @@ export class QueryLogger {
             return;
         process.on("beforeExit", () => QueryLogger.flushAllSync());
         process.on("SIGTERM", () => QueryLogger.flushAllSync());
+        // Mirror SIGTERM for SIGINT (Ctrl-C) and SIGHUP so buffered Q&A is flushed
+        // synchronously on those signals too (M5). Additive flush-only safety nets — the
+        // process entry point owns termination, so these do not suppress exit or hang.
+        process.on("SIGINT", () => QueryLogger.flushAllSync());
+        process.on("SIGHUP", () => QueryLogger.flushAllSync());
         QueryLogger.processHandlersRegistered = true;
     }
     static flushAllSync() {
@@ -361,4 +445,3 @@ export function getQueryLogger() {
 export async function logQuery(entry) {
     return getQueryLogger().logQuery(entry);
 }
-//# sourceMappingURL=query-logger.js.map

package/dist/notebook-creation/audio-manager.d.ts

@@ -53,4 +53,3 @@ export declare class AudioManager {
      */
     private closePage;
 }
-//# sourceMappingURL=audio-manager.d.ts.map

package/dist/notebook-creation/audio-manager.js

@@ -8,6 +8,68 @@ import { log } from "../utils/logger.js";
 import { randomDelay } from "../utils/stealth-utils.js";
 import fs from "fs";
 import path from "path";
+import os from "os";
+/**
+ * Maximum size for a downloaded audio file. Caps unbounded in-memory buffering
+ * (response.body() reads the whole response) and arbitrary disk writes (H14).
+ */
+const MAX_AUDIO_BYTES = 200 * 1024 * 1024; // 200 MiB
+/**
+ * Allowed origins for audio download URLs scraped from the page DOM.
+ * Prevents SSRF: the download URL (downloadBtn.href / data-url / audio.src) is
+ * attacker-influenceable content, so it must be confined to Google/NotebookLM
+ * hosts before page.goto() (C3). Mirrors the host-matching used by
+ * validateNotebookUrl in utils/security.ts.
+ */
+const ALLOWED_AUDIO_DOWNLOAD_DOMAINS = [
+    "google.com",
+    "googleusercontent.com",
+];
+/**
+ * Resolve and validate the audio output path, confining it to an allowed base
+ * directory (C2). Mirrors resolveExportPath in tools/handlers/system.ts:
+ *   1. NLMCP_EXPORT_DIR env override
+ *   2. user home directory
+ * Rejects absolute paths and '..' traversal that escape the base dir.
+ */
+function resolveAudioOutputPath(userPath, defaultName) {
+    const envDir = process.env.NLMCP_EXPORT_DIR?.trim();
+    const baseDirRaw = envDir && envDir.length > 0 ? envDir : os.homedir();
+    const baseDir = path.resolve(baseDirRaw);
+    const candidate = userPath && userPath.trim().length > 0
+        ? path.resolve(baseDir, userPath)
+        : path.resolve(baseDir, defaultName);
+    // Defence in depth: ensure resolved path is still inside the base dir.
+    const rel = path.relative(baseDir, candidate);
+    if (rel.startsWith("..") || path.isAbsolute(rel)) {
+        throw new Error(`output_path must resolve inside ${baseDir} (got '${candidate}'). ` +
+            `Set NLMCP_EXPORT_DIR to allow another base directory.`);
+    }
+    return candidate;
+}
+/**
+ * Validate a DOM-sourced audio download URL before navigating to it (C3, SSRF).
+ * Enforces https and an allowed Google/NotebookLM host. Returns the normalized
+ * URL or throws.
+ */
+function validateAudioDownloadUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error("Audio download URL is not a valid absolute URL");
+    }
+    if (parsed.protocol !== "https:") {
+        throw new Error(`Audio download URL must be https (got '${parsed.protocol}')`);
+    }
+    const hostname = parsed.hostname.toLowerCase();
+    const allowed = ALLOWED_AUDIO_DOWNLOAD_DOMAINS.some((d) => hostname === d || hostname.endsWith("." + d));
+    if (!allowed) {
+        throw new Error(`Audio download host not allowed: ${hostname}`);
+    }
+    return parsed.href;
+}
 // Selectors for audio controls (may need refinement based on actual UI)
 const AUDIO_SELECTORS = {
     // Generate button
@@ -65,20 +127,20 @@ export class AudioManager {
      * Generate an audio overview for a notebook
      */
     async generateAudioOverview(notebookUrl) {
-        log.info(`🎙️ Generating audio overview for: ${notebookUrl}`);
+        log.info(`Generating audio overview for: ${notebookUrl}`);
         const page = await this.navigateToNotebook(notebookUrl);
         try {
             // First, check current status
             const currentStatus = await this.checkAudioStatusInternal(page);
             if (currentStatus.status === "generating") {
-                log.info("  ⏳ Audio generation already in progress");
+                log.info("  Audio generation already in progress");
                 return {
                     success: true,
                     status: currentStatus,
                 };
             }
             if (currentStatus.status === "ready") {
-                log.info("  ✅ Audio already generated");
+                log.info("  Audio already generated");
                 return {
                     success: true,
                     status: currentStatus,
@@ -127,7 +189,7 @@ export class AudioManager {
                 });
             }
             if (!generateClicked) {
-                log.warning("  ⚠️ Could not find audio generation button");
+                log.warning("  Could not find audio generation button");
                 return {
                     success: false,
                     status: { status: "unknown" },
@@ -138,7 +200,7 @@ export class AudioManager {
             // Check if generation started
             const newStatus = await this.checkAudioStatusInternal(page);
             if (newStatus.status === "generating" || newStatus.status === "ready") {
-                log.success(`  ✅ Audio generation ${newStatus.status === "ready" ? "completed" : "started"}`);
+                log.success(`  Audio generation ${newStatus.status === "ready" ? "completed" : "started"}`);
                 return {
                     success: true,
                     status: newStatus,
@@ -158,7 +220,7 @@ export class AudioManager {
      * Check the current audio status for a notebook
      */
     async getAudioStatus(notebookUrl) {
-        log.info(`🔍 Checking audio status for: ${notebookUrl}`);
+        log.info(`Checking audio status for: ${notebookUrl}`);
         const page = await this.navigateToNotebook(notebookUrl);
         try {
             const status = await this.checkAudioStatusInternal(page);
@@ -222,7 +284,7 @@ export class AudioManager {
      * Download the generated audio file
      */
     async downloadAudio(notebookUrl, outputPath) {
-        log.info(`⬇️ Downloading audio from: ${notebookUrl}`);
+        log.info(`Downloading audio from: ${notebookUrl}`);
         const page = await this.navigateToNotebook(notebookUrl);
         try {
             // First check if audio is ready
@@ -266,12 +328,12 @@ export class AudioManager {
                     return false;
                 });
                 if (clicked) {
-                    // Wait for download to start
+                    // The button was clicked but we cannot capture the file via this code
+                    // path, so no file is written. Do not report success (M27).
                     await randomDelay(2000, 3000);
-                    // Note: Actual file download handling would require more complex logic
                     return {
-                        success: true,
-                        error: "Download initiated. Check your downloads folder.",
+                        success: false,
+                        error: "Download could not be completed automatically; no file was saved. Try downloading the audio manually from the notebook.",
                     };
                 }
                 return {
@@ -279,29 +341,59 @@ export class AudioManager {
                     error: "Could not find download button or audio source",
                 };
             }
-            // Generate output path if not provided
-            const finalPath = outputPath || path.join(process.env.HOME || process.env.USERPROFILE || ".", `notebooklm-audio-${Date.now()}.mp3`);
+            // Confine output to an allowed base directory (C2). When no output_path
+            // is supplied, the generated default also lands inside the base dir.
+            const defaultName = `notebooklm-audio-${Date.now()}.mp3`;
+            const finalPath = resolveAudioOutputPath(outputPath, defaultName);
+            // Validate the DOM-sourced download URL before navigating (C3, SSRF).
+            const safeDownloadUrl = validateAudioDownloadUrl(downloadInfo.url);
             // Download the file using the page context
-            const response = await page.goto(downloadInfo.url);
+            const response = await page.goto(safeDownloadUrl);
             if (!response) {
                 return {
                     success: false,
                     error: "Failed to fetch audio file",
                 };
             }
+            // Enforce size cap early via Content-Length if present (H14).
+            const contentLengthHeader = response.headers()["content-length"];
+            if (contentLengthHeader) {
+                const declared = parseInt(contentLengthHeader, 10);
+                if (Number.isFinite(declared) && declared > MAX_AUDIO_BYTES) {
+                    return {
+                        success: false,
+                        error: `Audio file too large: ${declared} bytes exceeds limit of ${MAX_AUDIO_BYTES} bytes`,
+                    };
+                }
+            }
+            // Warn (do not hard-fail) if content-type is not audio/* — NotebookLM may
+            // serve application/octet-stream.
+            const contentType = response.headers()["content-type"];
+            if (contentType && !contentType.startsWith("audio/") && !contentType.startsWith("application/octet-stream")) {
+                log.warning(`  Unexpected audio content-type: ${contentType}`);
+            }
+            // patchright's response.body() has no streaming cap, so buffer then
+            // enforce the cap before writing (H14). Content-Length can be absent or
+            // inaccurate, so this check is authoritative.
             const buffer = await response.body();
-            fs.writeFileSync(finalPath, buffer);
-            const stats = fs.statSync(finalPath);
-            log.success(`  ✅ Audio downloaded: ${finalPath} (${stats.size} bytes)`);
+            if (buffer.length > MAX_AUDIO_BYTES) {
+                return {
+                    success: false,
+                    error: `Audio file too large: ${buffer.length} bytes exceeds limit of ${MAX_AUDIO_BYTES} bytes`,
+                };
+            }
+            // Async write to avoid blocking the event loop (H14).
+            await fs.promises.writeFile(finalPath, buffer);
+            log.success(`  Audio downloaded: ${finalPath} (${buffer.length} bytes)`);
             return {
                 success: true,
                 filePath: finalPath,
-                size: stats.size,
+                size: buffer.length,
             };
         }
         catch (error) {
             const msg = error instanceof Error ? error.message : String(error);
-            log.error(`  ❌ Failed to download audio: ${msg}`);
+            log.error(`  Failed to download audio: ${msg}`);
             return {
                 success: false,
                 error: msg,
@@ -327,4 +419,3 @@ export class AudioManager {
         }
     }
 }
-//# sourceMappingURL=audio-manager.js.map

package/dist/notebook-creation/browser-options.d.ts

@@ -25,4 +25,3 @@ export interface BrowserOptions {
  * Apply browser options to CONFIG (returns modified copy, doesn't mutate global CONFIG).
  */
 export declare function applyBrowserOptions(options?: BrowserOptions, legacyShowBrowser?: boolean): Config;
-//# sourceMappingURL=browser-options.d.ts.map

package/dist/notebook-creation/browser-options.js

@@ -72,4 +72,3 @@ export function applyBrowserOptions(options, legacyShowBrowser) {
     }
     return config;
 }
-//# sourceMappingURL=browser-options.js.map

package/dist/notebook-creation/data-table-manager.d.ts

@@ -87,9 +87,15 @@ export declare class DataTableManager {
      * Returns the largest table found.
      */
     private extractTableData;
+    /**
+     * Sanitize extracted table content through the shared response validator.
+     * Each cell originates from untrusted document sources, so any prompt
+     * injection / malicious content is redacted before the table is returned
+     * to the calling model.
+     */
+    private sanitizeTable;
     /**
      * Close the page if open
      */
     private closePage;
 }
-//# sourceMappingURL=data-table-manager.d.ts.map

package/dist/notebook-creation/data-table-manager.js

@@ -16,6 +16,7 @@
  */
 import { log } from "../utils/logger.js";
 import { randomDelay } from "../utils/stealth-utils.js";
+import { validateResponse } from "../utils/response-validator.js";
 export class DataTableManager {
     authManager;
     contextManager;
@@ -105,6 +106,18 @@ export class DataTableManager {
                 if (item.classList.contains("shimmer-blue") || titleText.toLowerCase().includes("generating")) {
                     return { status: "generating", progress: 0 };
                 }
+                // Detect an explicit failure state on THIS artifact before assuming ready.
+                // A failed generation leaves a non-shimmer artifact, which would otherwise be
+                // misreported as "ready". Scope the check to the matched item only — a page-global
+                // alert query could match unrelated UI. Class names are best-effort (unconfirmed
+                // by live inspection); [role="alert"]/error child is the locale-independent signal.
+                const hasErrorChild = !!item.querySelector('[role="alert"], .error-state, .artifact-error');
+                if (hasErrorChild ||
+                    item.classList.contains("error-state") ||
+                    item.classList.contains("artifact-error") ||
+                    item.classList.contains("failed")) {
+                    return { status: "failed" };
+                }
                 // Otherwise it's ready
                 return { status: "ready" };
             }
@@ -214,6 +227,14 @@ export class DataTableManager {
             await randomDelay(500, 800);
             // Check if generation started
             const newStatus = await this.checkDataTableStatusInternal(page);
+            if (newStatus.status === "failed") {
+                log.warning("  Data table generation reported a failed state");
+                return {
+                    success: false,
+                    status: newStatus,
+                    error: "Data table generation failed.",
+                };
+            }
             if (newStatus.status === "generating" || newStatus.status === "ready") {
                 log.success(`  Data table generation ${newStatus.status === "ready" ? "completed" : "started"}`);
                 return { success: true, status: newStatus };
@@ -253,6 +274,12 @@ export class DataTableManager {
                     error: "No data table found. Use generate_data_table first.",
                 };
             }
+            if (status.status === "failed") {
+                return {
+                    success: false,
+                    error: "Data table generation failed. Use generate_data_table to retry.",
+                };
+            }
             // Click the data table artifact to open it
             const artifactClicked = await this.clickDataTableArtifact(page);
             if (!artifactClicked) {
@@ -270,10 +297,14 @@ export class DataTableManager {
                     error: "Could not extract table data. The table may not be visible yet.",
                 };
             }
-            log.success(`  Extracted data table: ${table.totalColumns} columns x ${table.totalRows} rows`);
+            // Notebook sources are arbitrary documents, so table cell text is untrusted
+            // and a prompt-injection conduit. Sanitize every cell before returning it
+            // to the calling model (mirrors ask_question response validation).
+            const safeTable = await this.sanitizeTable(table);
+            log.success(`  Extracted data table: ${safeTable.totalColumns} columns x ${safeTable.totalRows} rows`);
             return {
                 success: true,
-                table,
+                table: safeTable,
             };
         }
         finally {
@@ -335,6 +366,32 @@ export class DataTableManager {
             return bestTable;
         });
     }
+    /**
+     * Sanitize extracted table content through the shared response validator.
+     * Each cell originates from untrusted document sources, so any prompt
+     * injection / malicious content is redacted before the table is returned
+     * to the calling model.
+     */
+    async sanitizeTable(table) {
+        let flagged = false;
+        const sanitizeCell = async (value) => {
+            const validation = await validateResponse(value);
+            if (!validation.safe)
+                flagged = true;
+            return validation.sanitized;
+        };
+        const headers = await Promise.all(table.headers.map(sanitizeCell));
+        const rows = await Promise.all(table.rows.map((row) => Promise.all(row.map(sanitizeCell))));
+        if (flagged) {
+            log.warning("🛡️ Suspicious content detected in extracted data table — sanitized");
+        }
+        return {
+            headers,
+            rows,
+            totalRows: table.totalRows,
+            totalColumns: table.totalColumns,
+        };
+    }
     /**
      * Close the page if open
      */
@@ -351,4 +408,3 @@ export class DataTableManager {
         }
     }
 }
-//# sourceMappingURL=data-table-manager.js.map

package/dist/notebook-creation/dom-scripts.d.ts

@@ -7,4 +7,3 @@
 export declare function clickCopiedTextSourceOption(): {
     clicked: boolean;
 };
-//# sourceMappingURL=dom-scripts.d.ts.map

package/dist/notebook-creation/dom-scripts.js

@@ -55,4 +55,3 @@ export function clickCopiedTextSourceOption() {
     }
     return { clicked: false };
 }
-//# sourceMappingURL=dom-scripts.js.map

package/dist/notebook-creation/errors.d.ts

@@ -15,4 +15,3 @@ export declare class NotebookCreationError extends Error {
     readonly cause?: unknown;
     constructor(message: string, options: NotebookCreationErrorOptions);
 }
-//# sourceMappingURL=errors.d.ts.map

package/dist/notebook-creation/errors.js

@@ -17,4 +17,3 @@ export class NotebookCreationError extends Error {
         this.cause = options.cause;
     }
 }
-//# sourceMappingURL=errors.js.map

package/dist/notebook-creation/index.d.ts

@@ -12,4 +12,3 @@ export * from "./notebook-creator.js";
 export * from "./notebook-sync.js";
 export * from "./video-manager.js";
 export * from "./data-table-manager.js";
-//# sourceMappingURL=index.d.ts.map

package/dist/notebook-creation/index.js

@@ -12,4 +12,3 @@ export * from "./notebook-creator.js";
 export * from "./notebook-sync.js";
 export * from "./video-manager.js";
 export * from "./data-table-manager.js";
-//# sourceMappingURL=index.js.map

package/dist/notebook-creation/notebook-creator.d.ts

@@ -17,6 +17,14 @@ export declare class NotebookCreator {
     private withOperationLock;
     createNotebook(options: CreateNotebookOptions): Promise<CreatedNotebook>;
     private runCreateNotebook;
+    /**
+     * Best-effort deletion of a freshly-created but empty notebook (no sources
+     * added). Opens the notebook's overflow/options menu and confirms delete.
+     *
+     * Failure to delete is logged but not rethrown: the caller is already
+     * reporting the creation as failed, so we must not mask that with a
+     * secondary error.
+     */
+    private deleteEmptyNotebook;
 }
 export declare function createNotebook(authManager: AuthManager, contextManager: SharedContextManager, options: CreateNotebookOptions): Promise<CreatedNotebook>;
-//# sourceMappingURL=notebook-creator.d.ts.map