Enterprise
Robota is used by engineering teams that need a controllable, self-hostable AI coding assistant. This page covers security practices, deployment options, and how to get in touch.
Contact Us
To discuss team licensing, on-premises deployment, priority support, or custom integrations, open a GitHub Discussion or email us directly.
We aim to respond to enterprise inquiries within 2 business days.
Security Policy
Data Handling
Robota operates as a local CLI or self-hosted server. No conversation data is stored or transmitted to Robota servers — the SDK calls the AI provider of your choice directly from your machine or infrastructure.
| Data type | Where it goes |
|---|---|
| Prompts and responses | Sent only to the AI provider you configure |
| API keys | Stored in your local environment variables or secrets manager |
| Session history | Written to your local filesystem (~/.robota/sessions/) |
| Tool outputs (files, shell) | Stay on your machine |
On-Premises Deployment
Robota can run in air-gapped environments with local LLMs (install packages from an internal mirror):
- • Ollama — run models locally with zero external network calls
- • LM Studio — OpenAI-compatible local server
- • Any OpenAI-compatible endpoint — point baseURL to your internal gateway
import { OpenAIProvider } from '@robota-sdk/openai';
const provider = new OpenAIProvider({
apiKey: 'local',
baseURL: 'http://your-internal-gateway/v1',
model: 'your-model-name',
});
Auditable source code
The full source is public on GitHub for security review (github.com/woojubb/robota)
No telemetry
No analytics, no phone-home in the SDK or CLI
Append-only session logs
You control retention and deletion of all local session files
Stays inside your compliance boundary
Robota stores no data of its own, so your existing controls and your provider's certifications (e.g. SOC 2, ISO 27001) remain the system of record
FAQ
Does Robota store my code in the cloud?
No. All file reads and writes happen on your local machine. The only data that leaves your machine is the prompt you send to your configured AI provider.
Can we use Robota behind a corporate proxy?
Yes. Set the standard HTTPS_PROXY environment variable and the SDK's HTTP client will route through it.
Can Robota be installed in a restricted network with no internet access?
Yes — use a local LLM (Ollama, LM Studio) and install npm packages from an internal registry mirror.
Is there a commercial license option?
Yes. Robota is dual-licensed: free under the AGPL-3.0, with a commercial license available for proprietary or closed-source use that cannot meet the AGPL-3.0 obligations. Enterprise support contracts (SLA, dedicated channels, custom integrations) are also available — contact us for details.
Vulnerability Disclosure
To report a security vulnerability, email [email protected] with a description and reproduction steps. We follow responsible disclosure and prioritize fixes by severity , shipping a patch as quickly as is practical.