Tun / tap difference, is it the interfaces that handle the protocols or OS?

I am having a hard time understanding the difference between tap and tun interface. I know this is a frequently asked question and I apologize for that.

I have read working with crane at level 2 and tun working at level 3. I also read that crane is used for bridge and tunnel is used for routing. I've already heard things like "ROUTERS operate at layer 3" or "BRIDGES operate at layer 3": does this make sense to me because routers manage layer 3 protocols and bridge for layer 2 protocols? but since tap and tun are "interfaces" it means that a clause like "INTERFACES" works at layer 3 "makes sense, but I don't understand what it is: I mean that interfaces do not manipulate protocols (OS does this, but not an interface), so it sounds like an interface tun == interface:

If I create two front-end interfaces (with tunctl) with two IP addresses that are on different networks (192.168.2.1/24 and 192.168.3.1/24), I link them to two kvm virtual machines (one interface interface corresponds to one virtual machine) and if I enable routing on the host, my two virtual machines can communicate.

So tap interfaces can also be used for routing: what's the difference with tun? maybe faucet is also a tun interface?

Also I can create a transition interface using the tunctl command, but how can I create a tunnel interface with the same command (the command is called TUNctl not TAPctl ...)?

Can you help me clarify this? Thank.