3.3 Cloudflare Tunnel | Hermes + NotebookLM

🏛️ Por que tunnel vence cookie inline

Antes: embedavam cookie em skill. Google rotacionava token → quebra. Agora: CLI fica na sua máquina, tunnel expõe via HTTPS. Credenciais nunca saem do Mac. Estado da arte.

📐 Arquitetura ponta a ponta

Cloud agent (Cowork/Claude)
        ↓ MCP via SSE HTTPS
Cloudflare Tunnel (mcp-x.yourdomain.com)
        ↓
Mac local — localhost:8484
        ↓
FastMCP Python server
        ↓
notebooklm CLI → Google NotebookLM

🐍 FastMCP server em 50 linhas

Python script com @mcp.tool() por comando. Stdio local, SSE remoto. Smoke test rápido.

from mcp.server.fastmcp import FastMCP
mcp = FastMCP("notebooklm", host="0.0.0.0", port=8484)

@mcp.tool()
def notebooklm_ask(question: str) -> str:
    """RAG query no notebook atual."""
    return run_cli("ask", question, timeout=120)

if __name__ == "__main__":
    mcp.run(transport="sse")

🌥️ Cloudflared setup

brew install cloudflared
cloudflared tunnel login
cloudflared tunnel create notebooklm-mcp
cloudflared tunnel route dns notebooklm-mcp mcp.yourdomain.com

♻️ Launch Agents — auto-start

Dois plists em ~/Library/LaunchAgents/: server + tunnel. KeepAlive=true. Mac reinicia, tudo volta sozinho.

🩺 Troubleshooting

Sintoma	Fix
Auth expirou	notebooklm login local (sem restart)
Server não responde	lsof -i :8484 + launchctl kickstart
Tunnel down	cloudflared tunnel info notebooklm-mcp
Cliente sem conectar	curl https://mcp.dom/sse \| head -3

✅ Resumo

✓Tunnel substitui cookie inline

✓Cloud → tunnel → Mac → CLI → Google

✓FastMCP em 50 linhas

✓cloudflared sem abrir porta no router

✓Launch Agents = boot automático

✓Troubleshooting estruturado

← Trilha Próximo →