@pan-sec/notebooklm-mcp 2026.3.3 → 2026.4.1

package/dist/logging/query-logger.js

@@ -37,8 +37,6 @@ function generateQueryId() {
     return crypto.randomBytes(8).toString("hex");
 }
 const MAX_LOG_FILE_BYTES = 100 * 1024 * 1024; // 100 MB per daily file (I232)
-const TRUNCATED_FIELD_LENGTH = 500;
-const TRUNCATED_SUFFIX = "...[truncated]";
 /**
  * Query Logger Class
  *
@@ -56,6 +54,19 @@ export class QueryLogger {
      * severity so we don't redact legitimate base64 payloads (images, PDFs,
      * JWT payloads) that frequently appear in NotebookLM answers. Real
      * credentials live at critical/high/medium severity.
+     *
+     * ACCEPTED RISK (L11): the only `severity: "low"` rule in the scanner is the
+     * "High Entropy String" pattern (/\b[A-Za-z0-9+/]{32,}={0,2}\b/, see
+     * secrets-scanner.ts). It is DELIBERATELY NOT redacted at rest because
+     * NotebookLM answers routinely contain long, high-entropy base64 that is NOT
+     * a secret — inline image/PDF data-URIs, JWT payload segments, GCS object
+     * names, CSRF tokens, document hashes. Redacting at "low" would shred this
+     * legitimate research content (high false-positive rate) for marginal gain:
+     * genuine credentials (API keys, bearer tokens, private keys, connection
+     * strings) already match dedicated critical/high/medium rules and are
+     * redacted regardless. The base64 false-positive cost outweighs the residual
+     * risk of an unstructured low-confidence entropy hit slipping through, so the
+     * threshold stays at "medium" by design.
      */
     scanner = new SecretsScanner({ minSeverity: "medium" });
     stats = {
@@ -91,14 +102,25 @@ export class QueryLogger {
     cleanOldLogs() {
         try {
             const files = fs.readdirSync(this.config.logDir);
+            // Filenames are UTC dates (toISOString) and new Date("YYYY-MM-DD") parses as
+            // UTC midnight, so compute the cutoff at UTC midnight too — using local
+            // setDate/getDate would skew the comparison by up to a day near TZ boundaries (L13).
             const cutoffDate = new Date();
-            cutoffDate.setDate(cutoffDate.getDate() - this.config.retentionDays);
+            cutoffDate.setUTCHours(0, 0, 0, 0);
+            cutoffDate.setUTCDate(cutoffDate.getUTCDate() - this.config.retentionDays);
             let deletedCount = 0;
             for (const file of files) {
                 if (!file.startsWith("query-log-") || !file.endsWith(".jsonl"))
                     continue;
-                // Extract date from filename (query-log-YYYY-MM-DD.jsonl)
+                // Extract date from filename (query-log-YYYY-MM-DD.jsonl). The fixed-width
+                // slice(10,20) yields "YYYY-MM-DD" for both base and rotated
+                // (query-log-DATE.NNN.jsonl) names, so this guard does NOT exclude rotated files
+                // from retention — it only rejects genuinely malformed names before feeding
+                // new Date, which would otherwise parse to Invalid Date or a misread cutoff (L13).
+                // Matches audit-logger's guard.
                 const dateStr = file.slice(10, 20);
+                if (!/^\d{4}-\d{2}-\d{2}$/.test(dateStr))
+                    continue;
                 const fileDate = new Date(dateStr);
                 if (fileDate < cutoffDate) {
                     fs.unlinkSync(path.join(this.config.logDir, file));
@@ -131,7 +153,13 @@ export class QueryLogger {
                 if (this.currentLogFile !== expectedFile) {
                     this.currentLogFile = expectedFile;
                 }
-                // Enforce per-file size cap (I232) — truncate fields if approaching limit
+                // Enforce per-file size cap (I232). When the cap would be exceeded we ROTATE to
+                // a sequence-suffixed file (query-log-DATE.NNN.jsonl) instead of silently
+                // truncating Q&A content (M9) — the old behaviour permanently lost research
+                // data with no record. Each rotation emits a mandatory log.warning so the event
+                // is visible. The current file size is re-read after each rotation; the next
+                // suffix is determined by scanning the directory so the cap holds across writers
+                // and process restarts (per-process counters did not).
                 let currentFileSize = (() => {
                     try {
                         return fs.statSync(this.currentLogFile).size;
@@ -140,29 +168,65 @@ export class QueryLogger {
                         return 0;
                     }
                 })();
-                const lines = batch.map((e) => {
+                const linesToWrite = [];
+                for (const e of batch) {
                     const serialized = JSON.stringify(e);
                     const entryBytes = Buffer.byteLength(serialized + "\n");
-                    if (currentFileSize + entryBytes > MAX_LOG_FILE_BYTES) {
-                        const truncated = {
-                            ...e,
-                            question: e.question.slice(0, TRUNCATED_FIELD_LENGTH) + TRUNCATED_SUFFIX,
-                            answer: e.answer.slice(0, TRUNCATED_FIELD_LENGTH) + TRUNCATED_SUFFIX,
-                        };
-                        const ts = JSON.stringify(truncated);
-                        currentFileSize += Buffer.byteLength(ts + "\n");
-                        return ts;
+                    if (currentFileSize > 0 && currentFileSize + entryBytes > MAX_LOG_FILE_BYTES) {
+                        // Flush what we have to the current file before rotating.
+                        if (linesToWrite.length > 0) {
+                            appendFileSecure(this.currentLogFile, linesToWrite.join("\n") + "\n", PERMISSION_MODES.OWNER_READ_WRITE);
+                            linesToWrite.length = 0;
+                        }
+                        const rotatedFile = this.nextRotatedFile(today);
+                        log.warning(`⚠️ Query log ${path.basename(this.currentLogFile)} reached ${MAX_LOG_FILE_BYTES} byte cap — rotating to ${path.basename(rotatedFile)} (no content truncated)`);
+                        this.currentLogFile = rotatedFile;
+                        currentFileSize = (() => {
+                            try {
+                                return fs.statSync(this.currentLogFile).size;
+                            }
+                            catch {
+                                return 0;
+                            }
+                        })();
                     }
+                    linesToWrite.push(serialized);
                     currentFileSize += entryBytes;
-                    return serialized;
-                }).join("\n") + "\n";
-                appendFileSecure(this.currentLogFile, lines, PERMISSION_MODES.OWNER_READ_WRITE);
+                }
+                if (linesToWrite.length > 0) {
+                    appendFileSecure(this.currentLogFile, linesToWrite.join("\n") + "\n", PERMISSION_MODES.OWNER_READ_WRITE);
+                }
             }
         }
         finally {
             this.isWriting = false;
         }
     }
+    /**
+     * Determine the next sequence-suffixed log file for `date` when the base file (or a
+     * prior rotation) has hit the size cap (M9). Scans the directory for the highest
+     * existing query-log-DATE.NNN.jsonl suffix and returns the next one, so rotation is
+     * correct across writers and restarts rather than relying on a per-process counter.
+     */
+    nextRotatedFile(date) {
+        let maxSeq = 0;
+        try {
+            const re = new RegExp(`^query-log-${date}\\.(\\d{3})\\.jsonl$`);
+            for (const f of fs.readdirSync(this.config.logDir)) {
+                const m = f.match(re);
+                if (m) {
+                    const seq = parseInt(m[1], 10);
+                    if (seq > maxSeq)
+                        maxSeq = seq;
+                }
+            }
+        }
+        catch (err) {
+            log.debug(`query-logger: scanning for rotated files: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        const nextSeq = String(maxSeq + 1).padStart(3, "0");
+        return path.join(this.config.logDir, `query-log-${date}.${nextSeq}.jsonl`);
+    }
     /**
      * Log a query (Q&A pair).
      *
@@ -216,8 +280,23 @@ export class QueryLogger {
      * Get all queries for a specific date (YYYY-MM-DD)
      */
     async getQueriesForDate(date) {
-        const logFile = path.join(this.config.logDir, `query-log-${date}.jsonl`);
-        return this.readLogFile(logFile);
+        // Include any size-cap rotations for the day (query-log-DATE.NNN.jsonl), not just
+        // the base file, so rotated entries are not missed (M9).
+        const baseFile = path.join(this.config.logDir, `query-log-${date}.jsonl`);
+        const entries = this.readLogFile(baseFile);
+        const rotatedRe = new RegExp(`^query-log-${date}\\.\\d{3}\\.jsonl$`);
+        try {
+            const rotated = fs.readdirSync(this.config.logDir)
+                .filter(f => rotatedRe.test(f))
+                .sort();
+            for (const f of rotated) {
+                entries.push(...this.readLogFile(path.join(this.config.logDir, f)));
+            }
+        }
+        catch (err) {
+            log.debug(`query-logger: reading rotated files for date ${date}: ${err instanceof Error ? err.message : String(err)}`);
+        }
+        return entries;
     }
     /**
      * Get recent queries
@@ -279,6 +358,11 @@ export class QueryLogger {
             return;
         process.on("beforeExit", () => QueryLogger.flushAllSync());
         process.on("SIGTERM", () => QueryLogger.flushAllSync());
+        // Mirror SIGTERM for SIGINT (Ctrl-C) and SIGHUP so buffered Q&A is flushed
+        // synchronously on those signals too (M5). Additive flush-only safety nets — the
+        // process entry point owns termination, so these do not suppress exit or hang.
+        process.on("SIGINT", () => QueryLogger.flushAllSync());
+        process.on("SIGHUP", () => QueryLogger.flushAllSync());
         QueryLogger.processHandlersRegistered = true;
     }
     static flushAllSync() {
@@ -361,4 +445,3 @@ export function getQueryLogger() {
 export async function logQuery(entry) {
     return getQueryLogger().logQuery(entry);
 }
-//# sourceMappingURL=query-logger.js.map

package/dist/notebook-creation/audio-manager.d.ts

@@ -4,8 +4,7 @@
  * Manages audio overview generation in NotebookLM notebooks.
  * Audio overviews are AI-generated podcast-style summaries of notebook content.
  */
-import { AuthManager } from "../auth/auth-manager.js";
-import { SharedContextManager } from "../session/shared-context-manager.js";
+import { StudioManagerBase } from "./studio-manager-base.js";
 export interface AudioStatus {
     status: "not_started" | "generating" | "ready" | "failed" | "unknown";
     progress?: number;
@@ -23,15 +22,12 @@ export interface DownloadAudioResult {
     size?: number;
     error?: string;
 }
-export declare class AudioManager {
-    private authManager;
-    private contextManager;
-    private page;
-    constructor(authManager: AuthManager, contextManager: SharedContextManager);
-    /**
-     * Navigate to a notebook and ensure we're on the right page
-     */
-    private navigateToNotebook;
+export declare class AudioManager extends StudioManagerBase {
+    protected readonly logName = "audio-manager";
+    protected readonly navigateDelay: {
+        min: number;
+        max: number;
+    };
     /**
      * Generate an audio overview for a notebook
      */
@@ -48,9 +44,4 @@ export declare class AudioManager {
      * Download the generated audio file
      */
     downloadAudio(notebookUrl: string, outputPath?: string): Promise<DownloadAudioResult>;
-    /**
-     * Close the page if open
-     */
-    private closePage;
 }
-//# sourceMappingURL=audio-manager.d.ts.map

package/dist/notebook-creation/audio-manager.js

@@ -6,8 +6,71 @@
  */
 import { log } from "../utils/logger.js";
 import { randomDelay } from "../utils/stealth-utils.js";
+import { StudioManagerBase, } from "./studio-manager-base.js";
 import fs from "fs";
 import path from "path";
+import os from "os";
+/**
+ * Maximum size for a downloaded audio file. Caps unbounded in-memory buffering
+ * (response.body() reads the whole response) and arbitrary disk writes (H14).
+ */
+const MAX_AUDIO_BYTES = 200 * 1024 * 1024; // 200 MiB
+/**
+ * Allowed origins for audio download URLs scraped from the page DOM.
+ * Prevents SSRF: the download URL (downloadBtn.href / data-url / audio.src) is
+ * attacker-influenceable content, so it must be confined to Google/NotebookLM
+ * hosts before page.goto() (C3). Mirrors the host-matching used by
+ * validateNotebookUrl in utils/security.ts.
+ */
+const ALLOWED_AUDIO_DOWNLOAD_DOMAINS = [
+    "google.com",
+    "googleusercontent.com",
+];
+/**
+ * Resolve and validate the audio output path, confining it to an allowed base
+ * directory (C2). Mirrors resolveExportPath in tools/handlers/system.ts:
+ *   1. NLMCP_EXPORT_DIR env override
+ *   2. user home directory
+ * Rejects absolute paths and '..' traversal that escape the base dir.
+ */
+function resolveAudioOutputPath(userPath, defaultName) {
+    const envDir = process.env.NLMCP_EXPORT_DIR?.trim();
+    const baseDirRaw = envDir && envDir.length > 0 ? envDir : os.homedir();
+    const baseDir = path.resolve(baseDirRaw);
+    const candidate = userPath && userPath.trim().length > 0
+        ? path.resolve(baseDir, userPath)
+        : path.resolve(baseDir, defaultName);
+    // Defence in depth: ensure resolved path is still inside the base dir.
+    const rel = path.relative(baseDir, candidate);
+    if (rel.startsWith("..") || path.isAbsolute(rel)) {
+        throw new Error(`output_path must resolve inside ${baseDir} (got '${candidate}'). ` +
+            `Set NLMCP_EXPORT_DIR to allow another base directory.`);
+    }
+    return candidate;
+}
+/**
+ * Validate a DOM-sourced audio download URL before navigating to it (C3, SSRF).
+ * Enforces https and an allowed Google/NotebookLM host. Returns the normalized
+ * URL or throws.
+ */
+function validateAudioDownloadUrl(url) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error("Audio download URL is not a valid absolute URL");
+    }
+    if (parsed.protocol !== "https:") {
+        throw new Error(`Audio download URL must be https (got '${parsed.protocol}')`);
+    }
+    const hostname = parsed.hostname.toLowerCase();
+    const allowed = ALLOWED_AUDIO_DOWNLOAD_DOMAINS.some((d) => hostname === d || hostname.endsWith("." + d));
+    if (!allowed) {
+        throw new Error(`Audio download host not allowed: ${hostname}`);
+    }
+    return parsed.href;
+}
 // Selectors for audio controls (may need refinement based on actual UI)
 const AUDIO_SELECTORS = {
     // Generate button
@@ -38,47 +101,27 @@ const AUDIO_SELECTORS = {
         text: '[class*="progress-text"], [class*="eta"]',
     },
 };
-export class AudioManager {
-    authManager;
-    contextManager;
-    page = null;
-    constructor(authManager, contextManager) {
-        this.authManager = authManager;
-        this.contextManager = contextManager;
-    }
-    /**
-     * Navigate to a notebook and ensure we're on the right page
-     */
-    async navigateToNotebook(notebookUrl) {
-        const context = await this.contextManager.getOrCreateContext();
-        const isAuth = await this.authManager.validateWithRetry(context);
-        if (!isAuth) {
-            throw new Error("Not authenticated. Run setup_auth first.");
-        }
-        this.page = await context.newPage();
-        await this.page.goto(notebookUrl, { waitUntil: "domcontentloaded" });
-        await this.page.waitForLoadState("networkidle").catch(() => { });
-        await randomDelay(1500, 2500);
-        return this.page;
-    }
+export class AudioManager extends StudioManagerBase {
+    logName = "audio-manager";
+    navigateDelay = { min: 1500, max: 2500 };
     /**
      * Generate an audio overview for a notebook
      */
     async generateAudioOverview(notebookUrl) {
-        log.info(`🎙️ Generating audio overview for: ${notebookUrl}`);
+        log.info(`Generating audio overview for: ${notebookUrl}`);
         const page = await this.navigateToNotebook(notebookUrl);
         try {
             // First, check current status
             const currentStatus = await this.checkAudioStatusInternal(page);
             if (currentStatus.status === "generating") {
-                log.info("  ⏳ Audio generation already in progress");
+                log.info("  Audio generation already in progress");
                 return {
                     success: true,
                     status: currentStatus,
                 };
             }
             if (currentStatus.status === "ready") {
-                log.info("  ✅ Audio already generated");
+                log.info("  Audio already generated");
                 return {
                     success: true,
                     status: currentStatus,
@@ -127,7 +170,7 @@ export class AudioManager {
                 });
             }
             if (!generateClicked) {
-                log.warning("  ⚠️ Could not find audio generation button");
+                log.warning("  Could not find audio generation button");
                 return {
                     success: false,
                     status: { status: "unknown" },
@@ -138,7 +181,7 @@ export class AudioManager {
             // Check if generation started
             const newStatus = await this.checkAudioStatusInternal(page);
             if (newStatus.status === "generating" || newStatus.status === "ready") {
-                log.success(`  ✅ Audio generation ${newStatus.status === "ready" ? "completed" : "started"}`);
+                log.success(`  Audio generation ${newStatus.status === "ready" ? "completed" : "started"}`);
                 return {
                     success: true,
                     status: newStatus,
@@ -158,7 +201,7 @@ export class AudioManager {
      * Check the current audio status for a notebook
      */
     async getAudioStatus(notebookUrl) {
-        log.info(`🔍 Checking audio status for: ${notebookUrl}`);
+        log.info(`Checking audio status for: ${notebookUrl}`);
         const page = await this.navigateToNotebook(notebookUrl);
         try {
             const status = await this.checkAudioStatusInternal(page);
@@ -222,7 +265,7 @@ export class AudioManager {
      * Download the generated audio file
      */
     async downloadAudio(notebookUrl, outputPath) {
-        log.info(`⬇️ Downloading audio from: ${notebookUrl}`);
+        log.info(`Downloading audio from: ${notebookUrl}`);
         const page = await this.navigateToNotebook(notebookUrl);
         try {
             // First check if audio is ready
@@ -266,12 +309,12 @@ export class AudioManager {
                     return false;
                 });
                 if (clicked) {
-                    // Wait for download to start
+                    // The button was clicked but we cannot capture the file via this code
+                    // path, so no file is written. Do not report success (M27).
                     await randomDelay(2000, 3000);
-                    // Note: Actual file download handling would require more complex logic
                     return {
-                        success: true,
-                        error: "Download initiated. Check your downloads folder.",
+                        success: false,
+                        error: "Download could not be completed automatically; no file was saved. Try downloading the audio manually from the notebook.",
                     };
                 }
                 return {
@@ -279,29 +322,59 @@ export class AudioManager {
                     error: "Could not find download button or audio source",
                 };
             }
-            // Generate output path if not provided
-            const finalPath = outputPath || path.join(process.env.HOME || process.env.USERPROFILE || ".", `notebooklm-audio-${Date.now()}.mp3`);
+            // Confine output to an allowed base directory (C2). When no output_path
+            // is supplied, the generated default also lands inside the base dir.
+            const defaultName = `notebooklm-audio-${Date.now()}.mp3`;
+            const finalPath = resolveAudioOutputPath(outputPath, defaultName);
+            // Validate the DOM-sourced download URL before navigating (C3, SSRF).
+            const safeDownloadUrl = validateAudioDownloadUrl(downloadInfo.url);
             // Download the file using the page context
-            const response = await page.goto(downloadInfo.url);
+            const response = await page.goto(safeDownloadUrl);
             if (!response) {
                 return {
                     success: false,
                     error: "Failed to fetch audio file",
                 };
             }
+            // Enforce size cap early via Content-Length if present (H14).
+            const contentLengthHeader = response.headers()["content-length"];
+            if (contentLengthHeader) {
+                const declared = parseInt(contentLengthHeader, 10);
+                if (Number.isFinite(declared) && declared > MAX_AUDIO_BYTES) {
+                    return {
+                        success: false,
+                        error: `Audio file too large: ${declared} bytes exceeds limit of ${MAX_AUDIO_BYTES} bytes`,
+                    };
+                }
+            }
+            // Warn (do not hard-fail) if content-type is not audio/* — NotebookLM may
+            // serve application/octet-stream.
+            const contentType = response.headers()["content-type"];
+            if (contentType && !contentType.startsWith("audio/") && !contentType.startsWith("application/octet-stream")) {
+                log.warning(`  Unexpected audio content-type: ${contentType}`);
+            }
+            // patchright's response.body() has no streaming cap, so buffer then
+            // enforce the cap before writing (H14). Content-Length can be absent or
+            // inaccurate, so this check is authoritative.
             const buffer = await response.body();
-            fs.writeFileSync(finalPath, buffer);
-            const stats = fs.statSync(finalPath);
-            log.success(`  ✅ Audio downloaded: ${finalPath} (${stats.size} bytes)`);
+            if (buffer.length > MAX_AUDIO_BYTES) {
+                return {
+                    success: false,
+                    error: `Audio file too large: ${buffer.length} bytes exceeds limit of ${MAX_AUDIO_BYTES} bytes`,
+                };
+            }
+            // Async write to avoid blocking the event loop (H14).
+            await fs.promises.writeFile(finalPath, buffer);
+            log.success(`  Audio downloaded: ${finalPath} (${buffer.length} bytes)`);
             return {
                 success: true,
                 filePath: finalPath,
-                size: stats.size,
+                size: buffer.length,
             };
         }
         catch (error) {
             const msg = error instanceof Error ? error.message : String(error);
-            log.error(`  ❌ Failed to download audio: ${msg}`);
+            log.error(`  Failed to download audio: ${msg}`);
             return {
                 success: false,
                 error: msg,
@@ -311,20 +384,4 @@ export class AudioManager {
             await this.closePage();
         }
     }
-    /**
-     * Close the page if open
-     */
-    async closePage() {
-        if (this.page) {
-            try {
-                await this.page.close();
-            }
-            catch (err) {
-                log.debug(`audio-manager: closing page: ${err instanceof Error ? err.message : String(err)}`);
-                // Ignore close errors
-            }
-            this.page = null;
-        }
-    }
 }
-//# sourceMappingURL=audio-manager.js.map

package/dist/notebook-creation/browser-options.d.ts

@@ -25,4 +25,3 @@ export interface BrowserOptions {
  * Apply browser options to CONFIG (returns modified copy, doesn't mutate global CONFIG).
  */
 export declare function applyBrowserOptions(options?: BrowserOptions, legacyShowBrowser?: boolean): Config;
-//# sourceMappingURL=browser-options.d.ts.map

package/dist/notebook-creation/browser-options.js

@@ -72,4 +72,3 @@ export function applyBrowserOptions(options, legacyShowBrowser) {
     }
     return config;
 }
-//# sourceMappingURL=browser-options.js.map

package/dist/notebook-creation/data-table-manager.d.ts

@@ -14,8 +14,7 @@
  * - Artifact title during generation: "Generating data table…"
  * - Chat-embedded tables use standard <table><tr><th>/<td> (no <tbody>)
  */
-import { AuthManager } from "../auth/auth-manager.js";
-import { SharedContextManager } from "../session/shared-context-manager.js";
+import { StudioManagerBase } from "./studio-manager-base.js";
 export interface DataTable {
     headers: string[];
     rows: string[][];
@@ -36,15 +35,8 @@ export interface GetDataTableResult {
     table?: DataTable;
     error?: string;
 }
-export declare class DataTableManager {
-    private authManager;
-    private contextManager;
-    private page;
-    constructor(authManager: AuthManager, contextManager: SharedContextManager);
-    /**
-     * Navigate to a notebook and ensure we're on the right page
-     */
-    private navigateToNotebook;
+export declare class DataTableManager extends StudioManagerBase {
+    protected readonly logName = "data-table-manager";
     /**
      * Ensure the Studio panel is visible (expand if collapsed).
      *
@@ -88,8 +80,10 @@ export declare class DataTableManager {
      */
     private extractTableData;
     /**
-     * Close the page if open
+     * Sanitize extracted table content through the shared response validator.
+     * Each cell originates from untrusted document sources, so any prompt
+     * injection / malicious content is redacted before the table is returned
+     * to the calling model.
      */
-    private closePage;
+    private sanitizeTable;
 }
-//# sourceMappingURL=data-table-manager.d.ts.map