Skip to main content
← Back to Blog

Gated Model Providers: Connecting Robots to Frontier AI

4 min read By Craig Merry
opencastor rcan robotics ai security

The most capable AI models for robotics aren’t open source. Physical Intelligence’s π0 can fold laundry. Google DeepMind’s RT-2-X generalizes across robot morphologies. These models are gated behind authentication — and until now, connecting a robot to them required custom integration work for every provider.

The Problem: Model Fragmentation

A modern robot needs multiple AI models working together. Your reasoning layer might use Claude or GPT-4. Your manipulation layer needs a specialized action model like π0. Your perception layer uses a fine-tuned vision model from HuggingFace. Each has different authentication:

  • Physical Intelligence (π) — OAuth2 client credentials with scoped model access
  • HuggingFace gated models — Hub token with per-model approval gates
  • Enterprise APIs — mutual TLS certificates, OIDC federation
  • Cloud providers — API keys, workload identity, IAM roles

Without a unified auth layer, every robot deployment becomes a bespoke integration project.

The Solution: Six Auth Methods, One Interface

OpenCastor v2026.3.20.3 introduces castor.auth.provider_auth — a unified authentication layer for gated model providers. Configure any provider in your robot’s config:

providers:
  pi-foundation:
    type: gated
    base_url: https://api.physicalintelligence.company/v1
    auth:
      method: oauth2
      client_id: ${PI_CLIENT_ID}
      client_secret: ${PI_CLIENT_SECRET}
      token_url: https://auth.physicalintelligence.company/oauth/token
      scopes: [model:inference, model:pi0]
    models: [pi0, pi0.5-grasp, pi0.5-bimanual]
    fallback_provider: ollama
    fallback_model: rt2-x

The runtime handles token refresh, rate limiting, and fallback automatically.

Supported Methods

MethodUse CaseToken Management
api_keyOpenAI, Anthropic, CohereStatic, from env/config
bearerPre-issued JWT tokensStatic or refreshable
oauth2π, enterprise APIsAuto-refresh with client credentials
huggingfaceHF gated modelsToken + model gate validation
mutual_tlsEnterprise/gov deploymentsCertificate-based
oidcGCP, Azure workload identityFederated identity

Security by Design

Credentials are the most sensitive data a robot handles:

  • Never logged — tokens never appear in log files, even at debug level
  • Never in telemetry — provider status is reported without credentials
  • Never sent to registry — robot registration never includes auth tokens
  • Environment variable resolution — secrets use ${ENV_VAR} syntax
  • Thread-safe refresh — background token refresh with locking

What is OpenCastor?

OpenCastor is an open-source robot runtime — the operating layer that turns any computer into a robot brain. It handles AI model orchestration, safety enforcement (the P66 invariant ensures safety commands always preempt), sensor fusion, and communication. “OpenCastor Robot” means any robot running the OpenCastor runtime, from a Raspberry Pi with a camera to an industrial arm with LiDAR.

What is RCAN?

The Robot Communication and Autonomy Network (RCAN) is the protocol that OpenCastor robots speak — standardized messaging for commands, status, sensor data, and fleet coordination. RCAN v1.8 defines 36 canonical message types with fixed integer assignments, verified across Python and TypeScript SDKs with CI tests. The spec is open and maintained at continuonai/rcan-spec.

Graceful Fallback

Robots can’t stop working because a cloud API is down:

  • OAuth2 token expired → auto-refresh, use cached token meanwhile
  • API rate limited → track headers, switch to fallback before hitting zero
  • Provider unreachable → after 3 failures, use local model
  • All transparent to the harness — your robot keeps working

The Bigger Picture

The robotics AI landscape is exploding. Foundation models for manipulation (π0), navigation (RT-2-X), grasping (GraspNet), and whole-body control are emerging — most behind gated APIs. With this release, an OpenCastor robot can use Claude for reasoning, π0 for manipulation, a HuggingFace model for perception, and an enterprise model behind mTLS — all in YAML, all with automatic credential management, all with local fallbacks.

That’s what a runtime should do: make the hard parts invisible.

Ecosystem Status

ComponentVersionTests
OpenCastor2026.3.20.37,827+
RCAN spec1.8.075 pages
rcan-py0.7.0609
rcan-ts0.7.0447
opencastor-client1.1.0+2

All 8 repositories CI green. All 21 roadmap issues from the overnight session closed.

View the release on GitHub →