feat: Implement a FastMCP server to expose NotebookLM functionalities for listing, creating, adding sources, and chatting.#156
Conversation
… for listing, creating, adding sources, and chatting.
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a new FastMCP server designed to expose core functionalities of NotebookLM. This integration allows for programmatic interaction with NotebookLM, enabling users and applications to list, create, and manage notebooks, add web-based sources, and engage in conversational AI through a standardized API. The change significantly enhances the extensibility and automation capabilities for NotebookLM. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a FastMCP server to expose NotebookLM functionalities. However, a potential path traversal vulnerability was identified in the add_source_url and chat_ask tools, where the notebook_id parameter is used to construct API request paths without validation, potentially allowing an attacker to manipulate the request path to call unintended endpoints on the Google domain. Additionally, the current management of the NotebookLMClient instance is inefficient due to new client creation for every request; a single, long-lived client instance is recommended for performance. There's also an opportunity to simplify the chat_ask function for better clarity and maintainability.
| @mcp.tool() | ||
| async def list_notebooks(): | ||
| """List all NotebookLM notebooks available in the account.""" | ||
| async with await NotebookLMClient.from_storage() as client: |
There was a problem hiding this comment.
The pattern async with await NotebookLMClient.from_storage() as client: is repeated in every tool function. This is inefficient for a server application because it creates a new NotebookLMClient instance for every API call. This involves I/O for reading storage state and setting up a new HTTP client each time. A NotebookLMClient is designed to be long-lived and should be reused across requests.
Consider creating a single client instance when the application starts and closing it on shutdown. This will significantly improve performance and resource management. You can likely achieve this using your server framework's startup and shutdown lifecycle events.
| return {"id": nb.id, "title": nb.title} | ||
|
|
||
| @mcp.tool() | ||
| async def add_source_url(notebook_id: str, url: str): |
There was a problem hiding this comment.
The notebook_id parameter is used to construct the URL path for RPC calls to Google's NotebookLM API without any validation. An attacker could provide a malicious notebook_id containing path traversal sequences (e.g., ../../) to manipulate the request path and potentially call unintended API endpoints on the notebooklm.google.com domain using the user's authenticated session. This is possible because the notebook_id is directly interpolated into the source_path in the underlying library calls. Validate that notebook_id matches the expected format (e.g., a UUID or alphanumeric string) before using it in API calls.
| return {"status": "success", "url": url} | ||
|
|
||
| @mcp.tool() | ||
| async def chat_ask(notebook_id: str, message: str): |
There was a problem hiding this comment.
The notebook_id parameter is used to construct the URL path for RPC calls to Google's NotebookLM API without any validation. An attacker could provide a malicious notebook_id containing path traversal sequences (e.g., ../../) to manipulate the request path and potentially call unintended API endpoints on the notebooklm.google.com domain using the user's authenticated session. This is possible because the notebook_id is directly interpolated into the source_path in the underlying library calls. Validate that notebook_id matches the expected format (e.g., a UUID or alphanumeric string) before using it in API calls.
| """Ask a question to the NotebookLM notebook and get an answer based on its sources.""" | ||
| async with await NotebookLMClient.from_storage() as client: | ||
| result = await client.chat.ask(notebook_id, message) | ||
| return {"answer": result.text if hasattr(result, 'text') else result.answer} |
There was a problem hiding this comment.
The expression result.text if hasattr(result, 'text') else result.answer suggests uncertainty about the structure of the AskResult object. Based on the notebooklm library's implementation, client.chat.ask returns an AskResult object that consistently has an answer attribute. Relying on this attribute directly makes the code cleaner and easier to maintain. If there's a specific reason to check for a .text attribute (e.g., for backward compatibility), it would be helpful to add a comment explaining why.
| return {"answer": result.text if hasattr(result, 'text') else result.answer} | |
| return {"answer": result.answer} |
1 participant
No description provided.