Recording Analysis in the Notebook¶

The Notebook is a persistent workspace where you record findings, track analysis goals, and build a structured knowledge base about the binary you are examining. It is accessible from the Sidekick Notebook sidebar and persists across sessions inside the Binary Ninja database.

The Notebook is organized around entries. Each entry represents a distinct analysis goal or line of inquiry. Within an entry you can record:

TaskItems — specific steps you plan to take or are tracking
Outcomes — findings, artifacts, and blockers you have discovered while pursuing the entry

Entries can also carry analysis_context: structured intermediate analysis state used by Sidekick tools, agents, and scripts. This is not a fourth outcome kind, and it is not currently shown in the Notebook sidebar UI.

Sidekick reads the Notebook as context when responding to your messages in Chat, and automatically updates its understanding of your analysis as you record findings and complete entries.

Opening the Notebook¶

Open the Notebook sidebar by clicking the Sidekick Notebook icon in the right sidebar area of Binary Ninja.

The sidebar has two views:

Browse list — shows all entries sorted by most-recently-touched first, with a search box at the top and an input box at the bottom for creating new entries
Detail view — shows the full content of the selected entry, including its description, outcomes, tasks, threads, and dependencies

Each browse-list row shows the entry description, an optional resolution_summary, and a metadata row with outcome counts and task progress.

When the sidebar is narrow, the browse list and detail view are stacked vertically. When the sidebar is wide, they appear side by side.

Session Briefing¶

The Notebook sidebar also gives you access to the Session Briefing — Sidekick's rolling executive summary of the current workspace. Open it from the Notebook sidebar hamburger menu with Edit Session Briefing..., or from Plugins > Sidekick > Edit Session Briefing....

The briefing editor is organized into four sections:

Stable Context — durable facts and background assumptions
Active Focus — the current direction of the investigation
Recent Evidence — newly established findings or supporting details
Open Questions — unresolved issues that still need attention

You can edit any section manually. Automatic synthesis only refreshes sections that you have not manually overridden — manual edits are authoritative across synthesis runs.

Note

To restore a section to the synthesized text, use Reset Section in the editor. To restore all sections at once, use Reset All to Synthesized. This hands control of those sections back to the background synthesis actor.

Creating Entries¶

Using the input box¶

Type a description in the "Add a new entry" input box at the bottom of the browse list and press Enter. When the Sidekick service is available, your text is interpreted intelligently — Sidekick determines whether to create a new entry, add a task to an existing entry, or record a new outcome. When the service is offline, a plain entry is created directly from your text.

Examples of natural language input:

Input	What gets created
`Investigate the authentication flow`	A new entry of type `operational`
`Research XOR cipher implementations`	A new entry of type `research`
`parse_header seems to validate the magic bytes`	An outcome (finding) on the selected entry
`Check all callers of validate_token`	A task on the selected entry

Note

Phrases that add a task or outcome (such as the last two examples above) require an entry to be selected in the browse list first. If no entry is selected, Sidekick creates a new entry instead.

From Chat¶

The Chat Assistant can create entries and record findings in the Notebook during its analysis. You can also ask it directly to add an entry or record a finding.

Entry Types¶

Every entry has one of three types that describe the nature of the analysis goal:

Type	Description
`operational`	A concrete analysis task (default)
`research`	An open-ended investigation or question
`learning`	Documentation of something learned about the binary

Managing Entries¶

Viewing an entry¶

Click an entry in the browse list to open its detail view. The detail view shows:

The entry description (double-click to edit inline)
Status and resolution metadata (for completed or abandoned entries)
Collapsible Outcomes, Tasks, Threads, and Dependencies sections

Renaming an entry¶

Right-click the entry in the browse list and select Rename Entry, or double-click the description in the detail view to edit it inline.

Searching entries¶

Type in the search box at the top of the browse list. Search matches against the entry description, relevant domains, outcome titles, and task descriptions.

Completing or abandoning an entry¶

Right-click an entry in the browse list to access lifecycle actions:

Complete — opens a submenu to choose a resolution:
- achieved — goal fully accomplished
- partial — partially completed
- infeasible — determined to be impossible
- deferred — postponed for later
Abandon — marks the entry as abandoned without a resolution

Completed and abandoned entries remain visible in the browse list and show a colored resolution badge. To resume work on a completed or abandoned entry, right-click it and select Reactivate.

Deleting an entry¶

Right-click an entry and select Delete Entry. Deletion is permanent.

Working with Tasks¶

TaskItems are specific steps tracked within an entry. They appear in the Tasks section of the detail view.

Adding a task¶

In the detail view, expand the Tasks section and type a description in the "New task..." input field. Press Enter or click + to add it.

Cycling task status¶

Each task has a clickable status icon. Click it to advance the task through its status cycle:

Icon	Status
—	`pending`
—	`in_progress`
—	`completed`
—	`blocked`

Clicking a blocked task returns it to pending. Completed tasks appear with a strikethrough in the task list.

Removing a task¶

Click the × button on the right side of a task row.

Working with Outcomes¶

Outcomes capture knowledge discovered while pursuing an entry. Each outcome has a kind, a title, an optional description, a confidence score, a status lifecycle, an orthogonal important flag, and thread-level provenance for creation and validation.

Outcome kinds¶

Kind	Purpose
`finding`	A reusable, anchored fact about the binary (for example, "Function at `0x401000` uses XOR encryption")
`artifact`	A concrete deliverable produced by the work — YARA signature, report, proof-of-concept, generated script
`blocker`	An external obstacle halting progress and flagged for human attention

Adding an outcome manually¶

In the detail view, click + Add Outcome in the Outcomes section. The Add Outcome dialog lets you set:

Kind — from the dropdown
Title — a brief description
Description — optional extended notes
Confidence — a 0—100% slider

Outcome status lifecycle¶

Outcomes move through a status lifecycle:

draft — verified
      ↖
      — rejected

draft — initial state on creation
verified — confirmed and in use; can be moved back to draft if the outcome needs to be reopened for review
rejected — determined to be invalid or withdrawn (requires a reason)

Rejection can cascade: when an outcome is rejected, any other outcomes in the same entry that reference it via $ref properties can be rejected in the same operation.

The Sidekick Chat Assistant manages outcome status transitions automatically. In the outcome card, the title appears first, kind and status pills are grouped directly underneath it, and draft outcomes also show a qualitative confidence pill (Low, Medium, or High confidence). The footer shows provenance pills such as the creator thread, validation threads, and reference links.

Marking an outcome as important¶

The important flag is orthogonal to status — any outcome, whether draft, verified, or rejected, can be flagged as important. Use it to mark the keystone outcomes that anchor an entry's conclusions. Important outcomes are visually distinguished in the detail view and are surfaced preferentially when Sidekick synthesizes context for Chat.

Removing an outcome¶

Click the × button on the right side of an outcome row.

Outcome provenance¶

Outcomes track thread-level provenance separately from the entry-wide Threads section:

created_by_thread_id records which Chat thread created the outcome, when known.
validation_thread_ids records which validation threads have checked that specific outcome.

These thread pills appear in the outcome footer alongside reference pills. The entry-level Threads section still shows the broader set of threads that touched the entry at all.

Analysis Context¶

Notebook entries may also store analysis_context: durable, machine-readable intermediate state such as scope blocks, candidate lists, partition rules, or coverage manifests. This data is meant for tooling and automation rather than for direct human browsing in the sidebar.

Use analysis_context when Sidekick or a script needs to carry structured working state forward across turns or sessions without pretending that the state is already a finding, artifact, or blocker.

analysis_context is available through the scripting and tool surfaces, but it is not currently rendered in the Notebook detail view.

Dependencies Between Entries¶

Entries can reference other entries they depend on. Dependencies are informational — they help you track relationships between analysis goals but are not enforced. Use dependencies when one entry's outcome is a prerequisite for another — for example, if "Investigate loader" must complete before "Identify entry point" can begin.

Adding a dependency¶

In the detail view, expand the Dependencies section and click + Add Dependency. The dialog shows all other entries; select one and click Add.

Removing a dependency¶

Click the × button next to the dependency in the detail view.

The Threads Section¶

Every entry tracks which Chat threads have operated on it. The Threads section in the detail view lists those threads as clickable links. Clicking a thread link navigates to that conversation in the Sidekick Chat sidebar.

This lets you trace how Sidekick's analysis in Chat contributed to outcomes recorded in the Notebook.

How Sidekick Uses the Notebook¶

Sidekick integrates with the Notebook in several automated ways:

Context for Chat — the Chat Assistant reads active notebook entries and their outcomes to inform its responses. You do not need to repeat findings you have already recorded.
Structured working state — Sidekick tools and scripts can read an entry's analysis_context to resume intermediate state such as scope and candidate sets without recomputing it.
Finding validation — when a new finding outcome is added, the 🛡️ Notebook Validation actor checks it against existing notebook context and surfaces any conflicts or gaps.
Session briefing synthesis — the 📋 Analysis Briefings actor continuously updates a session-level briefing from notebook activity and recent chats. You can review and edit that briefing from the Notebook sidebar at any time.
Skill relevance — as findings accumulate, Sidekick reassesses which analysis capabilities are most relevant to your current working context.

Note

Background synthesis and validation only run when the Sidekick service is available. The notebook itself is always accessible and fully functional offline.

Persistence¶

The Notebook is saved in Sidekick's workspace database (workspaces.db) whenever a change is made — not in the Binary Ninja .bndb file. Entries, tasks, outcomes, and analysis_context are all preserved across Binary Ninja sessions. Opening any binary that belongs to the same workspace restores your full notebook state.

For standalone files that are not part of a Binary Ninja project, each file gets its own workspace, so the notebook is scoped to that file.

Tips¶

Record your analysis intent as an entry before asking Chat to investigate. This gives the Chat Assistant explicit context about what you are trying to accomplish.
Use finding outcomes for reusable, anchored facts you can point future work at. Use artifact outcomes for concrete deliverables (YARA signatures, reports, PoCs). Use blocker outcomes when external obstacles stop you from making progress. Mark the keystone outcomes as important so they surface first in Chat context.
Mark entries as completed with an appropriate resolution when you finish a line of investigation. Completed entries remain accessible and their outcomes continue to inform Chat, but they no longer appear as active work.
If you want Chat to focus on a specific entry, select it in the Notebook sidebar before sending your message. The selected entry is used as context both for Chat and when interpreting text you type into the input box.