RoboTunnel is designed so the robot-side agent owns the most sensitive state. Security is not just transport encryption; it also includes where keys live, where code executes, and what never reaches the platform.
The robot-side agent owns the trust boundary. Sensitive execution and provider credentials stay on the robot, and the default allowlist model is there to make that boundary explicit instead of implicit.
LLM provider keys stay on the robot and are encrypted at rest. The intended operating model is that inference requests go directly from the robot-side agent to the provider.
The robot-side agent is open source and auditable. This is part of the trust story, not only a licensing choice.