github teng-lin/notebooklm-py v0.8.0b3

pre-release8 hours ago

This is a beta pre-release in the 0.8.0 line. Changes since v0.8.0b2:

Added

  • MCP file upload now records and can verify a SHA-256 of the uploaded bytes.
    The /files/ul route computes the digest of exactly the received bytes and
    stores it in the completion record ({source_id, name, size, mime, sha256}),
    which await_upload surfaces. An optional ?sha256=<hex> lets a client assert
    transit integrity — a mismatch returns a clean 400 before the source is added
    (the single-use token rolls back and stays retryable)
    (#1889).
  • MCP await_upload emits progress keepalives while it polls, so an MCP host
    no longer treats a long upload wait as a stalled call (ctx.report_progress at
    start and on each ~2s tick; best-effort, and a no-op without a client progress
    token) (#1889).
  • MCP remote studio_download returns the report / data-table body inline
    (bounded, alongside the signed link) so a remote host can read a generated
    report without a second fetch
    (#1911).
  • studio_status reports media_ready, studio_download reports
    size_bytes, and studio_retry raises an actionable error
    when an artifact
    can't be retried, instead of a bare failure
    (#1924).
  • Deploy quick start for end users: the shipped Compose defaults to the
    :latest image, and each release now attaches a version-baked
    docker-compose.yml + env.example
    (#1904).

Changed

  • MCP: the standalone studio_get_prompt tool was folded into studio_list
    (net −1 tool, ADR-0025 tool-surface consolidation). Each artifact's
    generation_prompt (the free-text prompt it was generated from, null when it
    records none) now rides the default studio_list summary listing, and
    studio_list(item=<artifact>) returns it for a single artifact resolved by id or
    exact title (the unified cross-type Studio resolver, as studio_delete /
    studio_rename use — not the old artifact-scoped title-prefix resolver). The
    prompt is decoded from the same LIST_ARTIFACTS row the listing already fetches,
    so this adds no extra request. The CLI notebooklm artifact get-prompt command
    is unchanged.
    (#1896)
  • The in-app upload widget's token pool gets a longer (1h) TTL. The widget
    mints one single-use token per file up front but uploads them sequentially, so
    a later file in a large batch could hit an expired token mid-upload; the pool
    now uses WIDGET_UPLOAD_TTL instead of the 15-minute default. The single-use /
    signed-token model is unchanged
    (#1894).

Fixed

  • MCP notebook_describe(include_metadata=true) no longer reports a source
    count that disagrees with its own sources list.
    The exposed
    metadata.notebook.sources_count is now re-projected to the enumerated
    (id-bearing, deduped) source count instead of the raw unfiltered
    GET_NOTEBOOK row count, which could inflate it (e.g. 168 vs 50) and mislead
    autonomous agents on quota / completeness. Source enumeration
    (source_list / metadata.sources) also dedups duplicate id-bearing rows
    (research re-imports, ghost/probe echoes), keeping the first occurrence
    (#1919).
  • MCP research_import is safe for unattended use. The tool now imports via
    the timeout-tolerant import_sources_with_verification (as the CLI does), so a
    deep-research import that times out is reconciled against what the server
    actually committed instead of failing as if nothing imported (hiding a large
    partial import). It also gained optional cited_only (import only the sources
    the report cites) and max_sources (cap the count imported, applied after
    cited_only) so one call can't silently blow a notebook to its source cap.
    (#1920)
  • source_add batch mode isolates a per-URL failure instead of aborting the
    whole batch: a bad URL now yields a per-item SourceAddError while the other
    sources in the same call still add, matching the tool's documented behavior
    (#1905).
  • MCP studio_generate for interactive mind maps now normalizes its payload
    to the bare node tree and returns a terminal poll shape, fixing malformed
    generate requests and non-terminal status reports
    (#1908,
    #1914).
  • MCP research_cancel distinguishes an already-cancelled run and surfaces
    the raw status code instead of a generic failure
    (#1922).
  • Content-sanity flags bot-challenge / WAF interstitial pages, so a source
    that fetched a challenge page instead of real content is reported rather than
    silently ingested as thin content
    (#1929).
  • suggest_prompts strips a leading list marker from returned prompts, and
    research_start drops redundant ids from its result
    (#1909).
  • The MCP server warns at startup when the upload widget is enabled but
    stateless HTTP is disabled
    (FASTMCP_STATELESS_HTTP explicitly falsey),
    which would silently stop the widget from rendering
    (#1915).

Security

  • The loopback DNS-rebinding Host guard is no longer bypassed on a tokenless
    local bind.
    The guard is skipped only when an external bind is opted into
    and authentication (bearer or OAuth) is configured — the
    ALLOW_EXTERNAL_BIND flag alone (e.g. set while --host stays at loopback) no
    longer disables it, closing a rebinding gap on an unauthenticated local server
    (#1935).
  • Client-facing RPC errors no longer leak the obfuscated internal method id or
    the raw upstream status code
    , trimming information disclosure in error
    messages (#1931).

Full 0.8.0 cycle changelog: CHANGELOG.md. Install with pip install --pre notebooklm-py==0.8.0b3.

Don't miss a new notebooklm-py release

NewReleases is sending notifications on new releases.