# Rover


## docs

- [Summarisation backends](/docs/backends.md): Declare backends as backends.] entries and pick the active one with summarization.default_backend. The MCP summarize tool and the inline summarize sub-arg on fetch accept a per-call backend override, so a client can switch backends without touching the config. See [Summarising pages for how modes and styles flow through.
- [Batch & background tasks](/docs/batch.md): batchfetch validates every URL against the SSRF policy before scheduling, then returns a taskid. No request leaves the machine until the whole batch passes. The fetches run concurrently in the background, and you watch progress through rover task  or its batch-specific alias rover batch . Tasks are persisted, so they survive a rover mcp restart.
- [Caching & freshness](/docs/caching.md): Every fetch is cached, and every cached copy has a bound on how stale it can get. The backing store is a single SQLite database in WAL mode, keyed by a hash of the canonical URL. Cache decisions follow upstream HTTP semantics. An origin that says "fresh for an hour" gets an hour; an origin that says "don't store this" is honoured. The default TTL is short on purpose.
- [Rover CLI](/docs/cli.md): rover runs as an MCP server over stdio, or as a one-shot CLI that fetches a URL and prints clean Markdown to stdout. The remaining subcommands inspect or maintain what those two produce: the cache, background tasks, config, and local models.
- [Configuration](/docs/configuration.md): Every subcommand resolves the same config file. Pass --config  to load a specific file (it must exist). Without --config, Rover loads the default config: the file named by ROVER_CONFIG if set, otherwise the platform config file (~/.config/rover/rover.toml on Linux/macOS) or a project-local ./rover.toml, whichever exists first. If none exists, built-in defaults apply.
- [JavaScript & dynamic pages](/docs/dynamic-pages.md): A JavaScript-rendered page hands a plain HTTP client an empty shell: the server returns a near-empty root `, the content paints later in JavaScript, and a plain fetch never runs it. Readability keeps nothing, and extraction_quality` in the response envelope comes back low. Headless rendering fixes this. It drives a real Chrome/Chromium over the DevTools Protocol, runs the page's scripts, then hands the rendered DOM to extraction.
- [Optional features](/docs/features.md): The default build does fetch-and-extract: no Cargo features, no model weights. Three opt-in features add capability. headless renders JavaScript pages, local-inference summarises on-device, and injection-model adds the ONNX prompt-injection classifier. Each one pulls in extra dependencies, and two of them download a model the first time you use them.
- [Images & captioning](/docs/images.md): The fetch tool's images argument controls what happens to every ` on the page. You can keep the tag, strip it to alt text, download the file, drop it, or caption it with a vision model. The default is alttextonly`: no downloads, no model calls.
- [Installation](/docs/install.md): Three channels v0.1.0.
- [Introduction](/docs/intro.md): Rover fetches a URL and hands back clean, token-counted Markdown your agent can treat as untrusted data. It strips ads, nav, and chrome with readabilityrs, normalises the page to Markdown, counts the tokens, optionally summarises to a budget, and wraps the body so the model reads the page as data, not instructions. Rover runs as an MCP server and a CLI.
- [Rover MCP tools](/docs/mcp-tools.md): Rover exposes five tools over MCP on stdio (rover mcp): fetch, batchfetch, summarize, getmetadata, and counttokens. Every argument is validated against a JSON Schema with denyunknownfields. Pass a key Rover doesn't recognize and the call is rejected with invalidargs rather than silently ignored.
- [Anatomy of a Rover document](/docs/output.md): A fetch returns one content string plus a few envelope fields. The content string is a trusted plain-text preamble followed by a nonce-fenced wrapper. Inside the wrapper sit the YAML frontmatter and the Markdown body. This page walks each part. For the tool arguments, see MCP tools.
- [Quickstart](/docs/quickstart.md): Wire Rover into your agent, then fetch a page. This assumes rover is installed; if it isn't, start with Installation.
- [Security & threat model](/docs/security.md): Rover treats the web as hostile. Outbound requests are policed before a byte leaves the host, fetched pages are fenced as untrusted data before they reach your agent, and credentials are scrubbed before anything lands in a log. This page covers the boundaries Rover enforces, the typed errors raised when one is crossed, and the tradeoffs behind them.
- [Summarising pages](/docs/summarizing.md): summarize compresses a page to a shorter version on a backend you choose. The defaults work without configuration. The arguments below steer length, focus, format, and backend. Summaries count against your token budget.
- [Managing token budgets](/docs/token-budgets.md): Most of a page's token cost is fixed before its body reaches your model. Rover reports the count first and gives you the controls to cap it.
- [Trust & prompt injection](/docs/trust.md): Rover treats every fetched page as untrusted data. Each content-returning tool wraps the page in a per-response nonce fence and runs a pattern detector — plus an optional model detector — over the text to flag known injection attempts. The fence always holds; the detectors are the net on top.