doctrove is a local development tool that mirrors publicly available documentation to a local workspace. The threat model assumes:

• The operator controls the machine and config file
• Content sources are public websites publishing LLM-targeted documentation
• The MCP server runs locally as a child process of the agent host (Claude Code, Cursor, etc.)
• The workspace directory contains only mirrored documentation, not secrets

• Context7 API key (context7_api_key in config): sent as a Bearer token to context7.com. Don't commit to public repos.
• No other credentials are stored or transmitted.

doctrove makes outbound HTTP requests to:

1. Content sources: websites you explicitly add via trove_scan or doctrove grab
2. Context7 API: context7.com/api/v2 (only when a valid API key is configured)

No telemetry, no other outbound connections. The MCP server communicates only via stdio.

All outbound requests are rate-limited per host (default: 2 req/sec, burst 5). This is configurable in doctrove.yaml. The User-Agent header identifies the tool as doctrove/1.0.

By default, doctrove does not check robots.txt because it only fetches content that sites explicitly publish for LLM consumption (llms.txt, etc.). The --respect-robots flag enables robots.txt checking for environments that require it.

The MCP server (doctrove mcp) runs as a stdio child process:

• No network listener (stdin/stdout only)
• Read/write access to workspace directory
• Outbound HTTP for discover/sync operations
• No arbitrary command execution

• Don't store API keys or credentials in mirrored content paths
• Don't point doctrove at internal/private documentation URLs (it mirrors to disk as plain files)
• Don't share your workspace directory if it contains a Context7 API key in the config

If you discover a security issue, please open a GitHub issue or contact the maintainers directly. We will respond within 3 business days.