Security & Policies

Every site key is locked to a set of allowed domains. When the embed script initializes, it checks the current hostname against the key's domain list. If there's no match, Dayside refuses to boot and logs a warning.

allowedDomains: ['yourdomain.com']
domainScopeMode: 'registrable_domain'

Standard installs do not expose owner-selected navigation policies. Dayside opens outside-domain pages in a new tab with notice, keeps same-host work in the current tab unless a link explicitly asks for a new tab, and chooses the right tab automatically for allowed-host hops.

Unlike screenshot-based agents that run in a remote VM, Dayside executes directly in the user's browser tab. This means:

1. No user credentials leave the browser. Dayside acts as the user, within the user's existing authenticated session.
2. Dayside can only interact with DOM elements that are visible and accessible to the current user.
3. All actions are subject to the same CORS, CSP, and browser security policies as your own JavaScript.
4. No screenshots or page content are sent to external servers — only the semantic DOM structure.

Analytics runtime writes and owner analytics do not share the same trust path.

1. Site-tag analytics writes are authenticated by signed session claims, not by raw browser-supplied site IDs.
2. Workspace analytics reads and launch/settings writes require owner Firebase auth plus site ownership checks.
3. Webhook secrets and auth material are stored privately by owner + site and are not returned in public site config.

Dayside distinguishes between who owns a site and which agent visited it.

External tabs are tracked with virtual tab IDs, URL, and title. Dayside cannot directly control live DOM outside the embedded domain.

If Cloud sandboxes are enabled, Dayside can request best-effort cloud text context or action support for approved external tabs. Access is still subject to domain allow/deny rules and account credits.

Navigation-only external steps use open-only handling (tracked via POST /command with type='TAB_EVENT' + placeholder tabs). Context/action fetches are routed through /v2/rover/context/external with read_context or act intent.

When cloud fetch fails or is blocked by allow/deny policy, Dayside falls back to placeholder context and continues.

Dayside uses a Shadow DOM (not an iframe) to render its UI, which means it runs in your page's security context. If you have a strict CSP, add the following directives (the script origin keeps its wire name, https://rover.rtrvr.ai, for protocol compatibility):

Page action bundles are served from https://rover.rtrvr.ai, the same origin as embed.js. If Workspace shows a fallback bundle script tag, your CSP must still allow this script origin.

For environments with strict CSP that cannot allow external script domains, you can self-host the SDK and worker files on your own domain and set workerUrl in your boot config. See the configuration guide or contact support for strict self-hosting requirements.

Site keys can be rotated, disabled, and domain-scoped from the Workspace without redeploying your site:

• Replace — generates a new key with the same configuration. Old key is immediately invalidated.
• Disable/Enable — toggle key access without deleting it.
• Update domains — change the allowed domain list in real time.
• TTL — keys can be set to auto-expire after 30, 90, 180, or 365 days.

Capability flags are enforced server-side for cloud APIs: roverEmbed for embed runtime requests and cloudAgent and cloudScrape for cloud MCP/direct APIs.

Site owners get siteId, publicKey, and optional siteKeyId from Workspace for installation. External AI callers using POST https://agent.rtrvr.ai/v1/a2w/runs or chatbot GET execution do not need those values. Public GET targets must still be HTTPS, outside local/private host ranges, inside the site scope, and allowed by aiAccess.

Site keys require an active subscription with available credits. Check your credit balance in the Workspace.