web-fetch-mcp 0.1.0__tar.gz

web_fetch_mcp-0.1.0/.gitignore

@@ -0,0 +1,16 @@
+# Virtualenv / caches
+.venv/
+__pycache__/
+*.pyc
+.pytest_cache/
+.ruff_cache/
+
+# Build artifacts (never commit or publish these)
+dist/
+build/
+*.egg-info/
+
+# Local editor/IDE config — must never be packaged or published
+.cursor/
+.idea/
+.vscode/

web_fetch_mcp-0.1.0/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

web_fetch_mcp-0.1.0/NOTICE

@@ -0,0 +1,5 @@
+web-fetch-mcp
+Copyright 2026 Sandip Dutta
+
+This product includes software developed by Sandip Dutta.
+Licensed under the Apache License, Version 2.0.

web_fetch_mcp-0.1.0/PKG-INFO

@@ -0,0 +1,152 @@
+Metadata-Version: 2.4
+Name: web-fetch-mcp
+Version: 0.1.0
+Summary: Resilient web-fetch MCP server: 3-tier escalation (curl_cffi -> Patchright -> nodriver) that fails honestly, with article-extraction mode and automatic content-type handling (HTML/JSON/PDF/image).
+Project-URL: Homepage, https://github.com/Dutta-SD/web-fetch-mcp
+Project-URL: Source, https://github.com/Dutta-SD/web-fetch-mcp
+Project-URL: Issues, https://github.com/Dutta-SD/web-fetch-mcp/issues
+Author-email: Sandip Dutta <duttasandip11100@gmail.com>
+License-Expression: Apache-2.0
+License-File: LICENSE
+License-File: NOTICE
+Keywords: anti-bot,curl-cffi,fetch,llm,mcp,model-context-protocol,nodriver,playwright,web-scraping
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Internet :: WWW/HTTP
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.11
+Requires-Dist: beautifulsoup4>=4.12.0
+Requires-Dist: curl-cffi>=0.7.0
+Requires-Dist: lxml>=5.0.0
+Requires-Dist: markdownify>=0.13.0
+Requires-Dist: mcp[cli]>=1.2.0
+Requires-Dist: nodriver>=0.40
+Requires-Dist: patchright>=1.49.0
+Requires-Dist: pypdf>=4.0.0
+Requires-Dist: trafilatura>=1.8.0
+Description-Content-Type: text/markdown
+
+# web-fetch-mcp
+
+**A web-fetch [MCP](https://modelcontextprotocol.io) server for LLM agents that
+fails honestly — it raises `FetchBlocked` instead of silently handing your model
+a CAPTCHA or login page as if it were the article.**
+
+Naive fetchers poison an agent's context: when a site returns a JavaScript
+interstitial or a login wall with HTTP 200, the agent reads the challenge page as
+if it were content and reasons from garbage. `web-fetch-mcp` detects that and
+either escalates to a stronger strategy or fails loudly.
+
+> **Status:** early / alpha. The escalation logic and helpers are unit-tested,
+> but real-world bypass rates are not yet benchmarked — see `assets/benchmarks.md`
+> and the roadmap in `TODO.md`.
+
+## How it works
+
+A cheapest-first escalation ladder. Each tier targets a different layer of
+bot-detection, and the server only pays for the expensive ones when it has to:
+
+| Tier | Engine | Targets | Speed |
+|------|--------|---------|-------|
+| 1 | `curl_cffi` (Chrome TLS/HTTP2 fingerprint) | TLS (JA3/JA4) + HTTP/2 fingerprinting | ~500 ms |
+| 2 | Patchright (real headful Chrome) | JavaScript fingerprinting; renders SPAs | ~1–3 s |
+| 3 | nodriver (custom CDP) | automation-protocol (CDP) detection | ~2–4 s |
+
+Every tier's output is checked for **hard blocks** (403/429/503) and **soft
+blocks** (HTTP-200 challenge or login bodies served in place of content).
+Transient failures retry with exponential backoff + jitter (honoring
+`Retry-After`) before escalating. If everything is blocked, it raises
+`FetchBlocked` with a remedy hint — it never returns a block page as content.
+
+### Escalation path (`mode="auto"`)
+
+```mermaid
+flowchart TD
+    A["fetch(url)"] --> B{dismiss_selector set?}
+    B -- "no" --> T1["Tier 1 · curl_cffi<br/>static fetch"]
+    B -- "yes (can't click)" --> T2
+
+    T1 --> C1{blocked or<br/>empty SPA shell?}
+    C1 -- "no" --> OK["render_by_type → return"]
+    C1 -- "yes, escalate" --> T2["Tier 2 · Patchright<br/>headful Chrome, JS render"]
+
+    T2 --> C2{blocked?}
+    C2 -- "no" --> OK
+    C2 -- "yes, escalate" --> T3["Tier 3 · nodriver<br/>custom-CDP stealth"]
+
+    T3 --> C3{blocked?}
+    C3 -- "no" --> OK
+    C3 -- "yes" --> X["raise FetchBlocked<br/>(suggest residential proxy)"]
+
+    OK:::done
+    X:::fail
+    classDef done fill:#1f7a1f,color:#fff,stroke:#0d4d0d;
+    classDef fail fill:#a11,color:#fff,stroke:#600;
+```
+
+Each tier runs through `with_retry` (exponential backoff + jitter, honoring
+`Retry-After`) before the chain escalates. Tier 1 must clear the **strict** check
+(not blocked **and** not an unrendered SPA shell); Tiers 2–3 only need to be
+not-blocked. The single-tier modes (`static`/`dynamic`/`stealth`) run exactly one
+box and skip the chain.
+
+## Tools
+
+- **`fetch`** — retrieve a page as `markdown` / `text` / `html` / `article`
+  (main-content extraction via trafilatura). Non-HTML URLs are auto-handled:
+  JSON is pretty-printed, PDFs are text-extracted, images return a note to use
+  `screenshot`.
+- **`screenshot`** — render a page in real Chrome and return a PNG.
+
+## Architecture
+
+A layered package (`src/web_fetch_mcp/`), dependencies pointing inward:
+
+```
+controller  (FastMCP tools, lifespan)        controller/app.py
+   -> service   (retry decorator, strategy registry, escalation, facade)
+        -> accessor  (curl_cffi / Patchright / nodriver, BrowserManager)
+             -> core   (models, config, detection, rendering, proxy, backoff)
+```
+
+- **Strategy** — the three tiers are interchangeable `async (request) -> FetchResult`
+  callables in a registry (`service/strategies.py`).
+- **Chain of Responsibility** (intent) — `auto` mode walks the tiers cheapest-first,
+  escalating until one yields usable content (`service/escalation.py`).
+- **Decorator** — `with_retry` adds exponential-backoff + Retry-After to any tier
+  (`service/retry.py`), hand-rolled on the stdlib (no `tenacity`).
+- **Manager** — `BrowserManager` owns one reused Chromium and closes it on the
+  FastMCP lifespan shutdown (`accessor/browser.py`).
+
+## Quickstart
+
+```bash
+uv sync
+uv pip install -e .        # installs the `web-fetch-mcp` console command
+web-fetch-mcp              # run the stdio MCP server
+```
+
+Register it with any MCP-compatible client as a stdio server that runs the
+`web-fetch-mcp` command (or `python -m web_fetch_mcp.controller.app`).
+
+```python
+fetch("https://example.com/article", output="article")   # clean main content
+fetch("https://api.site/data.json")                       # pretty-printed JSON
+fetch("https://spa.example.com", mode="dynamic")          # force a JS render
+```
+
+## Responsible use
+
+This tool is for fetching content you are **authorized** to access. You are
+solely responsible for complying with each site's Terms of Service, `robots.txt`,
+and applicable law. It honors `Retry-After` and backs off by default; please
+rate-limit responsibly. It does **not** solve CAPTCHAs or bypass authentication
+you do not hold. Provided **as-is, without warranty**.
+
+## License
+
+[Apache-2.0](LICENSE).

web_fetch_mcp-0.1.0/README.md

@@ -0,0 +1,120 @@
+# web-fetch-mcp
+
+**A web-fetch [MCP](https://modelcontextprotocol.io) server for LLM agents that
+fails honestly — it raises `FetchBlocked` instead of silently handing your model
+a CAPTCHA or login page as if it were the article.**
+
+Naive fetchers poison an agent's context: when a site returns a JavaScript
+interstitial or a login wall with HTTP 200, the agent reads the challenge page as
+if it were content and reasons from garbage. `web-fetch-mcp` detects that and
+either escalates to a stronger strategy or fails loudly.
+
+> **Status:** early / alpha. The escalation logic and helpers are unit-tested,
+> but real-world bypass rates are not yet benchmarked — see `assets/benchmarks.md`
+> and the roadmap in `TODO.md`.
+
+## How it works
+
+A cheapest-first escalation ladder. Each tier targets a different layer of
+bot-detection, and the server only pays for the expensive ones when it has to:
+
+| Tier | Engine | Targets | Speed |
+|------|--------|---------|-------|
+| 1 | `curl_cffi` (Chrome TLS/HTTP2 fingerprint) | TLS (JA3/JA4) + HTTP/2 fingerprinting | ~500 ms |
+| 2 | Patchright (real headful Chrome) | JavaScript fingerprinting; renders SPAs | ~1–3 s |
+| 3 | nodriver (custom CDP) | automation-protocol (CDP) detection | ~2–4 s |
+
+Every tier's output is checked for **hard blocks** (403/429/503) and **soft
+blocks** (HTTP-200 challenge or login bodies served in place of content).
+Transient failures retry with exponential backoff + jitter (honoring
+`Retry-After`) before escalating. If everything is blocked, it raises
+`FetchBlocked` with a remedy hint — it never returns a block page as content.
+
+### Escalation path (`mode="auto"`)
+
+```mermaid
+flowchart TD
+    A["fetch(url)"] --> B{dismiss_selector set?}
+    B -- "no" --> T1["Tier 1 · curl_cffi<br/>static fetch"]
+    B -- "yes (can't click)" --> T2
+
+    T1 --> C1{blocked or<br/>empty SPA shell?}
+    C1 -- "no" --> OK["render_by_type → return"]
+    C1 -- "yes, escalate" --> T2["Tier 2 · Patchright<br/>headful Chrome, JS render"]
+
+    T2 --> C2{blocked?}
+    C2 -- "no" --> OK
+    C2 -- "yes, escalate" --> T3["Tier 3 · nodriver<br/>custom-CDP stealth"]
+
+    T3 --> C3{blocked?}
+    C3 -- "no" --> OK
+    C3 -- "yes" --> X["raise FetchBlocked<br/>(suggest residential proxy)"]
+
+    OK:::done
+    X:::fail
+    classDef done fill:#1f7a1f,color:#fff,stroke:#0d4d0d;
+    classDef fail fill:#a11,color:#fff,stroke:#600;
+```
+
+Each tier runs through `with_retry` (exponential backoff + jitter, honoring
+`Retry-After`) before the chain escalates. Tier 1 must clear the **strict** check
+(not blocked **and** not an unrendered SPA shell); Tiers 2–3 only need to be
+not-blocked. The single-tier modes (`static`/`dynamic`/`stealth`) run exactly one
+box and skip the chain.
+
+## Tools
+
+- **`fetch`** — retrieve a page as `markdown` / `text` / `html` / `article`
+  (main-content extraction via trafilatura). Non-HTML URLs are auto-handled:
+  JSON is pretty-printed, PDFs are text-extracted, images return a note to use
+  `screenshot`.
+- **`screenshot`** — render a page in real Chrome and return a PNG.
+
+## Architecture
+
+A layered package (`src/web_fetch_mcp/`), dependencies pointing inward:
+
+```
+controller  (FastMCP tools, lifespan)        controller/app.py
+   -> service   (retry decorator, strategy registry, escalation, facade)
+        -> accessor  (curl_cffi / Patchright / nodriver, BrowserManager)
+             -> core   (models, config, detection, rendering, proxy, backoff)
+```
+
+- **Strategy** — the three tiers are interchangeable `async (request) -> FetchResult`
+  callables in a registry (`service/strategies.py`).
+- **Chain of Responsibility** (intent) — `auto` mode walks the tiers cheapest-first,
+  escalating until one yields usable content (`service/escalation.py`).
+- **Decorator** — `with_retry` adds exponential-backoff + Retry-After to any tier
+  (`service/retry.py`), hand-rolled on the stdlib (no `tenacity`).
+- **Manager** — `BrowserManager` owns one reused Chromium and closes it on the
+  FastMCP lifespan shutdown (`accessor/browser.py`).
+
+## Quickstart
+
+```bash
+uv sync
+uv pip install -e .        # installs the `web-fetch-mcp` console command
+web-fetch-mcp              # run the stdio MCP server
+```
+
+Register it with any MCP-compatible client as a stdio server that runs the
+`web-fetch-mcp` command (or `python -m web_fetch_mcp.controller.app`).
+
+```python
+fetch("https://example.com/article", output="article")   # clean main content
+fetch("https://api.site/data.json")                       # pretty-printed JSON
+fetch("https://spa.example.com", mode="dynamic")          # force a JS render
+```
+
+## Responsible use
+
+This tool is for fetching content you are **authorized** to access. You are
+solely responsible for complying with each site's Terms of Service, `robots.txt`,
+and applicable law. It honors `Retry-After` and backs off by default; please
+rate-limit responsibly. It does **not** solve CAPTCHAs or bypass authentication
+you do not hold. Provided **as-is, without warranty**.
+
+## License
+
+[Apache-2.0](LICENSE).

web_fetch_mcp-0.1.0/TODO.md

@@ -0,0 +1,140 @@
+# web-fetch-mcp — TODO / Backlog
+
+Future additions, roughly prioritized. Items in **In design** are actively
+being specced; the rest are candidate ideas.
+
+## Done
+- [x] **Article / readability mode** — `output="article"` via trafilatura.
+- [x] **Retry-After honoring** — capped server-specified wait on 429/503.
+- [x] **Content-type handling** — JSON pretty-print, PDF text, image note.
+
+## High value, not yet started
+- [ ] **`web_search` tool** — completes the search → fetch → read loop the
+  `fetch` docstring already references. Pluggable backend:
+  - **DuckDuckGo** — free, keyless default (best-effort; unofficial scraping lib,
+    breaks periodically). No official web-results API.
+  - **Tavily** — LLM/agent-native search API. Returns cleaned, ranked content
+    (+ optional synthesized answer with sources) and a `/extract` endpoint, so it
+    minimizes post-fetch cleanup. Free tier ~1,000 credits/mo, no card; paid from
+    ~$30/mo. **Best fit for this MCP** — pairs naturally with `fetch`.
+    Activate via `TAVILY_API_KEY` when set. (Pricing approximate — verify.)
+  - **Brave Search API** — official, independent index, clean JSON SERP. Free
+    ~2k/mo (card required); paid ~$3–5 per 1k queries. Good general-purpose
+    keyed SERP backend.
+  - **Exa** — neural/semantic search ("find pages like this"). Best for research
+    discovery rather than plain top-N results.
+  - Design idea: keyless DDG default, upgrade to Tavily/Brave/Exa if an API key
+    is present.
+- [ ] **Batch `fetch_many(urls)`** — concurrent multi-URL fetch reusing the
+  existing async browser.
+
+## Optional ML integrations (phase 2 — all optional extras, lazily imported)
+
+**Design rule:** the tool serves two consumer modes — (a) a capable LLM agent
+that already reads + judges content natively, and (b) a standalone server/library
+in a non-LLM pipeline (scraper, RAG ingestion, monitor). A good ML feature helps
+the *fetch mechanics* (something a downstream consumer can't do for itself); a bad
+one duplicates judgment a capable caller already does. **Never a hard dependency**
+(`pip install web-fetch-mcp[ml]`), lazily imported, pretrained CPU models, and it
+must respect the "fail honestly / never silently drop content" contract.
+
+Ranked by fit:
+
+- [ ] **ML block/challenge detection (BEST FIT)** — second-stage *confirmer* on
+  top of `_is_blocked`'s substring list. The hand-maintained `_BLOCK_MARKERS`
+  list has a recall gap (a real soft-block gate was found by hand). A tiny text
+  classifier ("real content vs block/challenge/login/paywall shell") generalizes
+  to unseen gates. Helps BOTH consumer modes and deepens the project's crown
+  jewel (honest failure). Use only when a page is *ambiguous* (passed substring
+  check but suspiciously thin), not as a replacement — keeps the fast, zero-dep,
+  interpretable path as the default and limits false positives.
+  - **Recommended model: MiniLM-L6 fine-tuned → ONNX, INT8-quantized.** ~25MB
+    artifact, **~4–12ms/page CPU** (negligible vs the 500–4000ms fetch it guards).
+    Train/export with torch on the dev box; **ship torch-free** — runtime deps are
+    only `onnxruntime` + `tokenizers` + `numpy` (optional `[ml]` extra, lazily
+    imported, graceful fallback to substring-only when absent). Commit a `train/`
+    script so reviewers see the fine-tune (training code, not a runtime dep).
+  - **Design: structural/infra signals FIRST (language-neutral)** — short
+    visible-text length, high script-tag ratio, infra markers (`cf-chl`,
+    `datadome`, `px-captcha`, `/cdn-cgi/challenge-platform`), hard HTTP status —
+    these catch most foreign-language gates regardless of human language. The text
+    classifier is the second-stage confirmer for ambiguous cases only.
+  - **Multilingual:** lexical/TF-IDF approaches are English-centric; if
+    multilingual matters, start Option C from a multilingual base
+    (`microsoft/Multilingual-MiniLM-L12-H384` / `bge-m3` family) — ~50MB INT8,
+    ~10–25ms. Turns the weakness into a "shipped a torch-free multilingual
+    classifier" portfolio line.
+  - **Lighter fallback (Option A):** TF-IDF char-ngram + LogisticRegression,
+    <1MB, <1ms, scikit-learn only, interpretable — right tool if the signal stays
+    shallow/lexical and multilingual isn't a priority.
+- [ ] **Embeddings / chunked RAG output** — a mode returning the page cleaned,
+  chunked, and optionally embedded (bi-encoder, contrastive-trained, e.g.
+  `BAAI/bge-small-en-v1.5`). Strong value for the standalone RAG-ingestion
+  consumer (this is what Jina Reader / Firecrawl monetize). Produces vectors,
+  never silently judges — ethos-safe. Good ML/RAG portfolio signal.
+- [ ] **Relevance reranking** — gated on `web_search` existing. A cross-encoder
+  (`cross-encoder/ms-marco-MiniLM-L-6-v2`, ~22M, CPU, ~ms) ranks "which of N
+  search results to actually fetch" before paying browser cost. Valuable
+  precisely for the standalone consumer (no LLM to rank for it). Advisory only:
+  return scores, caller decides — never silently drop.
+- [ ] **Page-type classification** (article/product/listing/forum) — minor;
+  trafilatura + content-type handling already cover most of the need. Skip unless
+  a consumer asks.
+- [ ] **On-page summarization via Ollama/smol-LLM — SKIP.** Only helps the dumb
+  consumer, heavy (Ollama service or torch), quality-limited at 0.5–1B; the one
+  non-redundant case (non-LLM pipeline wanting a summary) is exactly where small
+  models disappoint. Not worth the "lightweight local-first" identity shift.
+
+Model-choice note: prefer **pretrained off-the-shelf** (cross-encoder for
+relevance, bi-encoder for embeddings). Cross-encoder > contrastive bi-encoder >
+Ollama for relevance. Training a custom model needs labeled data and is overkill
+for a general fetcher — see implementation notes if a custom block-detector is
+ever pursued (must stay <50MB, CPU-only, e.g. ONNX-exported MiniLM or a
+fastText/linear head over embeddings).
+
+## Robustness & open-source credibility (highest-leverage are NOT ML)
+
+- [ ] **`robots.txt` awareness** — `respect_robots=True` option that checks
+  robots before fetching. The single best open-source-credibility move: signals a
+  responsible-scraping tool, backs the authorized-use README disclaimer, pre-empts
+  ToS criticism. Cheap, high-signal.
+- [ ] **Structured failure taxonomy** — replace the single `FetchBlocked` with
+  subclasses: `CaptchaWall` / `LoginRequired` / `RateLimited` / `NotFound` /
+  `Timeout`. Lets programmatic consumers branch on the reason. Pairs with the ML
+  classifier below (which can *label* the block type).
+- [ ] **Eval / benchmark harness** (`benchmarks/`) — runs the tiers against a
+  fixed URL set, reports tier-hit-rate + bypass success vs a naive fetch. Turns
+  the "defeats most anti-bot walls" claim into a demonstrated result, and is where
+  any ML classifier earns its precision/recall numbers. Directly answers the
+  assessment's "headline claim is unverified" weakness.
+- [ ] **Per-domain adaptive tier memory** — remember which tier last succeeded
+  for a domain and start there (skip cheap tiers known to fail for it). Cuts
+  latency; light systems feature. Pairs with the TTL cache.
+- [ ] **Language detection** (`fasttext-langid`, ~few MB, sub-ms) — tag each
+  fetch with detected language for RAG routing/filtering; also feeds the
+  multilingual block-detector. Low cost, real utility.
+- [ ] **Near-duplicate detection** (MinHash/SimHash — statistical, no torch) —
+  detect when two URLs return substantially the same content (mirrors, tracking-
+  param variants). Useful for `fetch_many`/crawl; pairs with the TTL cache.
+- [ ] **Multi-class page-state classifier (ELEGANT ML WIN)** — instead of a
+  binary block detector, make the ONNX model multi-class:
+  content / captcha / login / rate-limited / soft-404. ONE small model then powers
+  BOTH honest-failure detection AND the structured failure taxonomy above. Catches
+  HTTP-200 soft-404s (sites that return 200 for missing pages). Non-redundant with
+  the caller LLM, strong portfolio signal, and the eval harness gives it real
+  precision/recall. This is the recommended shape for the ML classifier.
+
+Explicitly NOT doing: LLM summarization (redundant with caller, heavy); custom
+content-extractor (trafilatura already wins); anything that silently drops or
+transforms content (violates the honest-failure contract).
+
+## Nice to have
+- [ ] **Metadata extraction** — title, description, OpenGraph, JSON-LD,
+  outbound links, without pulling the full body.
+- [ ] **Response caching (TTL)** — avoid re-fetching the same URL within a
+  window; cuts latency and repeat-hit block risk.
+- [ ] **Custom headers/cookies param** — let callers pass a cookie jar or auth
+  header for sites they have sessions on.
+- [ ] **Optional managed-unblocker tier** — escalate to ScrapingBee / ScraperAPI
+  / Bright Data / Zyte after nodriver for CAPTCHA walls the local tiers can't
+  beat. (The `fetch` docstring already points users here for CAPTCHA-gated sites.)