Show HN: RedNotebook AI open-source AI data notebook for Trino, +12 SQL engines

RedAnalytica has released RedNotebook AI, an open-source AI data notebook that integrates with Trino, DuckDB, and 11 other SQL engines to provide a unified workspace for querying, visualizing, and exploring data. The tool features a NotebookLM-style knowledge layer, AI suggestions from multiple providers, drag-and-drop file uploads, and one-click publishing of self-contained HTML snapshots. Designed as a local-first application with read-only defaults and privacy-safe AI context, RedNotebook AI aims to replace the need for multiple separate tools in modern data workflows.

The open-source AI data notebook for Trino, DuckDB, and 11 more SQL engines. By RedAnalytica https://redanalytica.in . Query, visualize, profile, and explore data with beautiful charts, AI suggestions, and a NotebookLM-style knowledge layer. Modern data teams jump between five tools to answer one question. RedNotebook AI puts all of it in one notebook: A real SQL workspace with Monaco, AG Grid, drag-to-reorder cells, and keyboard shortcuts. Premium charts powered by Apache ECharts with brand-aware theming. AI you can trust , pluggable across OpenAI, Anthropic, Ollama, or a deterministic offline mock. Privacy-safe by default, schema-only context, PII masking, secrets stripped. NotebookLM-style knowledge layer. Pull SQL, schemas, results, and charts into a notebook of sources. Ask grounded questions with n citation chips. Generate infographics and a Studio briefing overview / FAQ / study guide / suggested next questions . Drag-and-drop file uploads. Drop a CSV, TSV, Parquet, or JSON file anywhere in the app — DuckDB attaches it instantly as a queryable table SELECT FROM customers Just Works . One-click publish. Mint a public, no-account-needed share link from any notebook. The published page is a self-contained HTML snapshot — your live data never leaves your machine. Read-only by default. A SQL guard backed by sqlglot blocks destructive statements unless you explicitly enable writes. Local-first. Runs on your laptop with no login. Flip a single env var AUTH ENABLED=true to enable multi-user mode with local email+password, GitHub OAuth, API tokens, per-user namespacing, and admin invites. docker run -d --name rednotebook \ -p 8000:8000 \ -v rednotebook-data:/data \ ghcr.io/sanniheruwala/rednotebook-ai:latest Then open http://localhost:8000 http://localhost:8000 . Or with Compose: cp .env.example .env edit as needed docker compose up -d pip install rednotebook-ai from PyPI when a release is tagged rednotebook run starts the FastAPI server on :8000 Then in a second terminal: cd frontend npm install npm run dev starts the dev UI on :3000 git clone https://github.com/sanniheruwala/RedNotebookAI.git cd RedNotebookAI python -m venv .venv && source .venv/bin/activate pip install -e ". dev " cp .env.example .env rednotebook run in another terminal cd frontend && npm install && npm run dev RedNotebook AI is local-first. Today: | Tier | Supported? | |---|---| 🟢 Your laptop localhost | ✅ Primary use case | 🟢 Single team behind VPN / private network | ✅ With the | Public internet, multi-user SaaS slowapi , and audit log have all landed. Full SaaS hardening RBAC / SSO / sharing is on the Phase 4 roadmap /sanniheruwala/RedNotebookAI/blob/main/docs/roadmap.md .See docs/deployment.md /sanniheruwala/RedNotebookAI/blob/main/docs/deployment.md for the full security model. In the UI top bar, click Configure connection . 13 connectors ship in the box — no extra pip install step, no driver setup, no ODBC dance. | Connector | What you'll need | |---|---| | DuckDB | Nothing. Pick in-memory or a .duckdb file path. | | Trino | Host, port, user, password, catalog, schema, TLS settings. | | PostgreSQL | Host, port, user, password, database. | | MySQL / MariaDB | Host, port, user, password, database. | | SQLite | Path to the .db / .sqlite file. | | MSSQL | Host, port, user, password, database. ODBC 18 driver is bundled. | | Snowflake | Account, warehouse, role, user, password, database. | | BigQuery | Project, dataset, service-account JSON path. | | Redshift | Host, port, user, password, database. | | Oracle | Host, port, user, password, database or service name . | | ClickHouse | Host, port 8123 HTTP , user, password, database, secure flag. | | Databricks SQL | Host, http path , access token, optional catalog. | See docs/connectors.md /sanniheruwala/RedNotebookAI/blob/main/docs/connectors.md for the full per-dialect field reference. The default. Pick "DuckDB no server " in the dialog. Two modes: In-memory :memory: — ephemeral playground. Great for one-off SQL against local files: SELECT FROM read csv auto 'orders.csv' WHERE … File ./local.duckdb — persistent. Use it like a single-user warehouse: CREATE TABLE customers … , INSERT … , etc. Optionally set a "Working directory" so relative file paths in read csv auto / read parquet resolve where you expect. For team analytics on real data warehouses, fill in the UI dialog or set defaults in .env : TRINO HOST=trino.example.com TRINO PORT=443 TRINO SCHEME=https TRINO USER=alice TRINO PASSWORD=... TRINO CATALOG=hive TRINO SCHEMA=default TRINO VERIFY SSL=true Custom HTTP headers, session properties, query timeouts, and result limits are all supported. | Provider | Setup | |---|---| Mock default | Offline, deterministic. No setup. | OpenAI | AI PROVIDER=openai , OPENAI API KEY=sk-… | Anthropic | AI PROVIDER=anthropic , ANTHROPIC API KEY=sk-ant-… | Ollama local | AI PROVIDER=ollama , OLLAMA BASE URL=http://localhost:11434 | Privacy defaults: - Sample rows are not sent to AI unless AI ALLOW SAMPLE ROWS=true . - PII columns are masked when samples are shared. - Secrets are stripped from SQL before any provider call. - Credentials are never forwarded to AI. See docs/ai.md /sanniheruwala/RedNotebookAI/blob/main/docs/ai.md for details. AUTH ENABLED=true SECRET KEY=$ openssl rand -hex 32 COOKIE SECURE=true set true when behind HTTPS ALLOW SELF SIGNUP=false admin-invite only by default The first registration becomes the workspace admin. Subsequent users need an invite POST /api/auth/invite . GitHub OAuth and API tokens PAT-style are supported out of the box. See docs/deployment.md /sanniheruwala/RedNotebookAI/blob/main/docs/deployment.md . | Layer | Tech | |---|---| | Backend | Python 3.11+, FastAPI, Pydantic, Trino client, SQLAlchemy + bundled drivers Postgres, MySQL, MSSQL/ODBC, Snowflake, BigQuery, Redshift, Oracle, ClickHouse, Databricks, ... , DuckDB, Pandas, ECharts/Plotly | | Frontend | Next.js 14, TypeScript, Tailwind, shadcn/ui, Monaco, AG Grid, ECharts, framer-motion, @dnd-kit | | State | TanStack Query server + Zustand local | | Auth | Local email+password bcrypt + JWT cookies, GitHub OAuth, API tokens | | AI | Provider-pluggable mock, OpenAI, Anthropic, Ollama | | Storage | Local JSON for notebooks/knowledge/users; optional Parquet result cache | rednotebook/ Python backend FastAPI + core libs ├── auth/ User store, JWT sessions, password hashing, OAuth, API tokens ├── server/ FastAPI app + routers ├── connectors/ Trino + DuckDB + 11 SQLAlchemy dialects + registry ├── ai/ Provider abstraction mock, openai, anthropic, ollama ├── notebook/ Notebook models, JSON storage, guard-aware runner ├── knowledge/ NotebookLM-style internal knowledge layer ├── visualization/ Recommender, chart spec, HTML infographic generator ├── profiling/ Stats + PII detector ├── security/ SQL guard, secret masking ├── migrations/ One-shot data migrations └── cli/ Typer CLI frontend/ Next.js + Tailwind + shadcn/ui docs/ Architecture, AI, security, deployment, connectors, roadmap tests/ pytest test suite Full architecture write-up /sanniheruwala/RedNotebookAI/blob/main/docs/architecture.md . Architecture /sanniheruwala/RedNotebookAI/blob/main/docs/architecture.md Deployment tiers /sanniheruwala/RedNotebookAI/blob/main/docs/deployment.md Connectors /sanniheruwala/RedNotebookAI/blob/main/docs/connectors.md AI providers and privacy /sanniheruwala/RedNotebookAI/blob/main/docs/ai.md Security model /sanniheruwala/RedNotebookAI/blob/main/docs/security.md Visualization /sanniheruwala/RedNotebookAI/blob/main/docs/visualization.md Knowledge layer + NotebookLM integration /sanniheruwala/RedNotebookAI/blob/main/docs/notebooklm integration.md Roadmap /sanniheruwala/RedNotebookAI/blob/main/docs/roadmap.md Contributing /sanniheruwala/RedNotebookAI/blob/main/docs/contributing.md Backend pytest 56+ tests ruff check . Frontend cd frontend npm run typecheck npm run lint npm run build Continuous integration runs the full suite on every push and PR. See .github/workflows /sanniheruwala/RedNotebookAI/blob/main/.github/workflows . We follow the standard open-source flow. The short version: Open an issue first. Use the bug report https://github.com/sanniheruwala/RedNotebookAI/issues/new?template=bug report.yml or feature request https://github.com/sanniheruwala/RedNotebookAI/issues/new?template=feature request.yml templates. Drive-by PRs with no linked issue may be closed without review. Fork, branch, write, run the checks locally pytest , ruff check . , npm run lint && npm run typecheck && npm run build . Open a PR referencing the issue Closes 123 . A maintainer reviews and approves before merge. main is a protected branch — direct pushes are blocked, every change needs ✅ green CI and ✅ approval from a CODEOWNER /sanniheruwala/RedNotebookAI/blob/main/.github/CODEOWNERS . No exceptions, even for admins. See docs/contributing.md /sanniheruwala/RedNotebookAI/blob/main/docs/contributing.md for the full flow, branch-naming conventions, what we say "no" to, and the maintainer rights. For security vulnerabilities, use private disclosure /sanniheruwala/RedNotebookAI/blob/main/SECURITY.md , never a public issue. Apache-2.0. See LICENSE /sanniheruwala/RedNotebookAI/blob/main/LICENSE . Built with care by