Turn Your Website into an AI Agent
This guide covers every way to integrate Rover — from a single script tag to framework-specific npm setups. Watch the walkthrough above to see the end result.
Prerequisites
- A website you control
- A Rover Workspace account (sign in with Google)
- Your Site ID and public key (
pk_site_*) from the Workspace
Script Tag (Simplest)
Use data attributes for a zero-JavaScript integration:
<script src="https://rover.rtrvr.ai/embed.js"
data-site-id="YOUR_SITE_ID"
data-public-key="pk_site_YOUR_PUBLIC_KEY"
data-allowed-domains="yourdomain.com,app.yourdomain.com">
</script>
Supported attributes: data-site-id, data-public-key, data-allowed-domains (comma-separated), data-site-key-id, data-worker-url.
Boot Script (Advanced Config)
For task routing, checkpointing, UI options, or other advanced settings, use the two-part snippet before </body>:
<script>
(function(){
var r = window.rover = window.rover || function(){
(r.q = r.q || []).push(arguments);
};
r.l = +new Date();
})();
rover('boot', {
siteId: 'YOUR_SITE_ID',
publicKey: 'pk_site_YOUR_PUBLIC_KEY',
allowedDomains: ['yourdomain.com'],
});
</script>
<script src="https://rover.rtrvr.ai/embed.js" async></script>
The inline script queues commands until embed.js loads asynchronously. No commands are lost regardless of load order, and page load is never blocked.
npm Package
npm install @rtrvr-ai/rover
import { boot, shutdown } from '@rtrvr-ai/rover';
boot({
siteId: 'YOUR_SITE_ID',
publicKey: 'pk_site_YOUR_PUBLIC_KEY',
allowedDomains: ['yourdomain.com'],
});
Use npm when you need TypeScript types, version pinning, or SPA lifecycle control.
Framework Guides
React / Next.js
import { useEffect } from 'react';
import { boot, shutdown } from '@rtrvr-ai/rover';
export function RoverWidget() {
useEffect(() => {
boot({
siteId: 'YOUR_SITE_ID',
publicKey: 'pk_site_YOUR_PUBLIC_KEY',
allowedDomains: ['yourdomain.com'],
});
return () => { shutdown(); };
}, []);
return null;
}
Next.js requires an SSR guard since Rover needs window and document:
import dynamic from 'next/dynamic';
const RoverWidget = dynamic(() => import('./RoverWidget'), { ssr: false });
Vue / Nuxt
<script setup>
import { onMounted, onUnmounted } from 'vue';
onMounted(async () => {
const { boot } = await import('@rtrvr-ai/rover');
boot({
siteId: 'YOUR_SITE_ID',
publicKey: 'pk_site_YOUR_PUBLIC_KEY',
allowedDomains: ['yourdomain.com'],
});
});
onUnmounted(async () => {
const { shutdown } = await import('@rtrvr-ai/rover');
shutdown();
});
</script>
For Nuxt, create a client-only plugin at plugins/rover.client.ts.
WordPress / Shopify
Use the script tag snippet from above. Place it before </body> in your theme template or theme settings.
Configuration
Domain Security
| Option | Default | Description |
|---|---|---|
allowedDomains | [] | Hostnames where Rover may operate |
domainScopeMode | 'registrable_domain' | 'registrable_domain' matches subdomains; 'host_only' requires exact match |
Navigation
| Option | Default | Description |
|---|---|---|
externalNavigationPolicy | 'open_new_tab_notice' | How Rover handles links outside your domains |
navigation.crossHostPolicy | 'same_tab' | In-scope cross-subdomain navigation behavior |
Task Routing
| Mode | Behavior |
|---|---|
act (default) | Execute actions immediately |
planner | Plan first, then execute |
auto | Rover selects the best route per task |
Set taskRouting.plannerOnActError: true (default in auto mode) to fall back to planning when direct execution fails.
Checkpointing
Enabled by default. Rover syncs session state to the cloud for crash recovery and cross-tab continuity. Set checkpointing.enabled: false to disable.
UI & Branding
| Option | Default | Description |
|---|---|---|
ui.agent.name | 'Rover' | Assistant name in the UI |
ui.shortcuts | [] | Suggested journeys shown to users |
ui.greeting | — | Greeting bubble config ({name} placeholder supported) |
ui.mascot.disabled | false | Disable the mascot video |
Content Security Policy (CSP)
No CSP header? No action needed — Rover works out of the box.
If you set CSP headers, add:
| Directive | Value | Why |
|---|---|---|
script-src | https://rover.rtrvr.ai blob: | SDK + Web Worker |
worker-src | blob: https://rover.rtrvr.ai | Worker execution |
connect-src | https://extensionrouter.rtrvr.ai | API calls |
style-src | 'unsafe-inline' | Shadow DOM styles |
font-src | https://rover.rtrvr.ai | Self-hosted Manrope font |
For strict CSP, self-host embed.js and worker/rover-worker.js from your own origin, then set workerUrl in your boot config. This eliminates all external domain requirements except connect-src for the API.
Testing Locally
Add localhost to your allowed domains in the Workspace. Verify:
- Rover widget appears on page load
- You can type a request and Rover identifies page elements
- Navigation policies behave as expected
- Actions execute correctly
Production Checklist
- Site key created with production domains only
-
allowedDomainsset correctly - External navigation policy configured
- Tested on production domain
- CSP directives added (if applicable)
- Monitoring blocked host attempts in Workspace
Ongoing Management
From the Rover Workspace you can rotate keys, update domains, enable/disable keys, and monitor usage — all without redeploying code.
See the full API and configuration reference for events, client tools, multi-tab behavior, and more.