The open-source AI data notebook for Trino, DuckDB, and 11 more SQL engines. By RedAnalytica.
Query, visualize, profile, and explore data with beautiful charts, AI suggestions, and a NotebookLM-style knowledge layer.
Modern data teams jump between five tools to answer one question. RedNotebook AI puts all of it in one notebook:
A real SQL workspace with Monaco, AG Grid, drag-to-reorder cells, and keyboard shortcuts.Premium charts powered by Apache ECharts with brand-aware theming.AI you can trust, pluggable across OpenAI, Anthropic, Ollama, or a deterministic offline mock. Privacy-safe by default, schema-only context, PII masking, secrets stripped.NotebookLM-style knowledge layer. Pull SQL, schemas, results, and charts into a notebook of sources. Ask grounded questions with[n]
citation chips. Generate infographics and a Studio briefing (overview / FAQ / study guide / suggested next questions).Drag-and-drop file uploads. Drop a CSV, TSV, Parquet, or JSON file anywhere in the app β DuckDB attaches it instantly as a queryable table (SELECT * FROM customers
Just Works).One-click publish. Mint a public, no-account-needed share link from any notebook. The published page is a self-contained HTML snapshot β your live data never leaves your machine.Read-only by default. A SQL guard backed bysqlglot
blocks destructive statements unless you explicitly enable writes.Local-first. Runs on your laptop with no login. Flip a single env var (AUTH_ENABLED=true
) to enable multi-user mode with local email+password, GitHub OAuth, API tokens, per-user namespacing, and admin invites.
docker run -d --name rednotebook \
-p 8000:8000 \
-v rednotebook-data:/data \
ghcr.io/sanniheruwala/rednotebook-ai:latest
Then open http://localhost:8000.
Or with Compose:
cp .env.example .env # edit as needed
docker compose up -d
pip install rednotebook-ai # from PyPI (when a release is tagged)
rednotebook run # starts the FastAPI server on :8000
Then in a second terminal:
cd frontend
npm install
npm run dev # starts the dev UI on :3000
git clone https://github.com/sanniheruwala/RedNotebookAI.git
cd RedNotebookAI
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
cp .env.example .env
rednotebook run
cd frontend && npm install && npm run dev
RedNotebook AI is local-first. Today:
| Tier | Supported? |
|---|---|
π’ Your laptop (localhost ) |
|
| β Primary use case | |
| π’ Single team behind VPN / private network | |
| β With the | |
Public internet, multi-user SaaSslowapi
), and audit log have all landed. Full SaaS hardening (RBAC / SSO / sharing) is on the Phase 4 roadmap.See docs/deployment.md for the full security model.
In the UI top bar, click Configure connection. 13 connectors ship in
the box β no extra pip install
step, no driver setup, no ODBC dance.
| Connector | What you'll need |
|---|---|
| DuckDB | Nothing. Pick in-memory or a .duckdb file path. |
| Trino | Host, port, user, password, catalog, schema, TLS settings. |
| PostgreSQL | Host, port, user, password, database. |
| MySQL / MariaDB | Host, port, user, password, database. |
| SQLite | Path to the .db / .sqlite file. |
| MSSQL | Host, port, user, password, database. ODBC 18 driver is bundled. |
| Snowflake | Account, warehouse, role, user, password, database. |
| BigQuery | Project, dataset, service-account JSON path. |
| Redshift | Host, port, user, password, database. |
| Oracle | Host, port, user, password, database or service_name . |
| ClickHouse | Host, port (8123 HTTP), user, password, database, secure flag. |
| Databricks SQL | Host, http_path , access token, optional catalog. |
See docs/connectors.md for the full per-dialect field reference.
The default. Pick "DuckDB (no server)" in the dialog. Two modes:
In-memory(:memory:
) β ephemeral playground. Great for one-off SQL against local files:SELECT * FROM read_csv_auto('orders.csv') WHERE β¦
File(./local.duckdb
) β persistent. Use it like a single-user warehouse:CREATE TABLE customers (β¦)
,INSERT β¦
, etc.
Optionally set a "Working directory" so relative file paths in read_csv_auto
/ read_parquet
resolve where you expect.
For team analytics on real data warehouses, fill in the UI dialog or set
defaults in .env
:
TRINO_HOST=trino.example.com
TRINO_PORT=443
TRINO_SCHEME=https
TRINO_USER=alice
TRINO_PASSWORD=...
TRINO_CATALOG=hive
TRINO_SCHEMA=default
TRINO_VERIFY_SSL=true
Custom HTTP headers, session properties, query timeouts, and result limits are all supported.
| Provider | Setup |
|---|---|
| Mock (default) | |
| Offline, deterministic. No setup. | |
| OpenAI | |
AI_PROVIDER=openai , OPENAI_API_KEY=sk-β¦ |
|
| Anthropic | |
AI_PROVIDER=anthropic , ANTHROPIC_API_KEY=sk-ant-β¦ |
|
| Ollama (local) | |
AI_PROVIDER=ollama , OLLAMA_BASE_URL=http://localhost:11434 |
Privacy defaults:
- Sample rows are
not sent to AI unless
AI_ALLOW_SAMPLE_ROWS=true
. - PII columns are masked when samples are shared.
- Secrets are stripped from SQL before any provider call.
- Credentials are never forwarded to AI.
See docs/ai.md for details.
AUTH_ENABLED=true
SECRET_KEY=$(openssl rand -hex 32)
COOKIE_SECURE=true # set true when behind HTTPS
ALLOW_SELF_SIGNUP=false # admin-invite only by default
The first registration becomes the workspace admin. Subsequent users need an invite (POST /api/auth/invite
). GitHub OAuth and API tokens (PAT-style) are supported out of the box. See docs/deployment.md.
| Layer | Tech |
|---|---|
| Backend | Python 3.11+, FastAPI, Pydantic, Trino client, SQLAlchemy + bundled drivers (Postgres, MySQL, MSSQL/ODBC, Snowflake, BigQuery, Redshift, Oracle, ClickHouse, Databricks, ...), DuckDB, Pandas, ECharts/Plotly |
| Frontend | Next.js 14, TypeScript, Tailwind, shadcn/ui, Monaco, AG Grid, ECharts, framer-motion, @dnd-kit |
| State | TanStack Query (server) + Zustand (local) |
| Auth | Local email+password (bcrypt) + JWT cookies, GitHub OAuth, API tokens |
| AI | Provider-pluggable (mock, OpenAI, Anthropic, Ollama) |
| Storage | Local JSON for notebooks/knowledge/users; optional Parquet result cache |
rednotebook/ Python backend (FastAPI + core libs)
βββ auth/ User store, JWT sessions, password hashing, OAuth, API tokens
βββ server/ FastAPI app + routers
βββ connectors/ Trino + DuckDB + 11 SQLAlchemy dialects + registry
βββ ai/ Provider abstraction (mock, openai, anthropic, ollama)
βββ notebook/ Notebook models, JSON storage, guard-aware runner
βββ knowledge/ NotebookLM-style internal knowledge layer
βββ visualization/ Recommender, chart spec, HTML infographic generator
βββ profiling/ Stats + PII detector
βββ security/ SQL guard, secret masking
βββ migrations/ One-shot data migrations
βββ cli/ Typer CLI
frontend/ Next.js + Tailwind + shadcn/ui
docs/ Architecture, AI, security, deployment, connectors, roadmap
tests/ pytest test suite
Full architecture write-up.
ArchitectureDeployment tiersConnectorsAI providers and privacySecurity modelVisualizationKnowledge layer + NotebookLM integrationRoadmapContributing
pytest # 56+ tests
ruff check .
cd frontend
npm run typecheck
npm run lint
npm run build
Continuous integration runs the full suite on every push and PR. See .github/workflows.
We follow the standard open-source flow. The short version:
Open an issue first. Use thebug reportorfeature requesttemplates. Drive-by PRs with no linked issue may be closed without review.Fork, branch, write, run the checks locally(pytest
,ruff check .
,npm run lint && npm run typecheck && npm run build
).Open a PR referencing the issue (Closes #123
).A maintainer reviews and approves before merge.main
is a protected branch β direct pushes are blocked, every change needs β green CIandβ approval from aCODEOWNER. No exceptions, even for admins.
See docs/contributing.md for the full flow, branch-naming conventions, what we say "no" to, and the maintainer rights. For security vulnerabilities, use
private disclosure, never a public issue.
Apache-2.0. See LICENSE.
Built with care by