No surprise device actions
Oplut should never run commands, connect over SSH, or touch local hardware without making the action explicit first.
Security
Safe enough to touch real hardware
Oplut is built for the trust problem inside physical baseline evidence: keep raw data local, explain what is measured, and sync only compact evidence when asked.
Local hardware stays local
Device scans, serial paths, hostnames, and SSH details should stay on the user's machine unless a cloud feature truly needs them.
Full setup visibility
Every setup should show what command runs, what file changes, what output is expected, and how success is verified.
Credentials stay separate
SSH credentials and account tokens should never become part of reusable setup profiles or evidence records.
Cloud requests have boundaries
The API should receive only the context needed for setup or sync, not unnecessary local device details.
Audited and testable
The architecture is designed so detection, execution, and verification behavior can be tested directly.
Control standards hardware teams can inspect
Local
Device privacy
Prompt
Before execution
SSH
Credential care
Audit
Setup history
Verify
Output checks
Hardware evidence,securely stored
Oplut runs beside the robot, records compact baseline evidence, and keeps raw hardware data local unless sync is explicitly used. The security model starts with the physical machine, not the cloud.
That means setup actions are visible, credentials stay separate, and every baseline or check should be explainable before it becomes trusted history.