The Autonomy Cloud for regulated industries
A regulated bank, hospital, or agency can't send its data to a dozen AI vendors — and can't stitch a stack from them either: the model from one, identity from another, voice, payments, tools, and audit from five more. Visca is the whole stack — models, identity, tools, voice, payments, runtime, and audit — as a single integrated ecosystem, run inside your own walls. Air-gapped, sovereign, every component self-hosted. Nothing leaves your perimeter.
Every component runs inside your perimeter — model weights, identity, tools, voice, payments, runtime, audit. Air-gapped. Nothing calls home.
The whole stack on one contract and one identity model. No multi-vendor procurement maze for a compliance team to clear, one third party at a time.
Audit-grade by default: every action identity-bound, capability-scoped, recorded in a tamper-evident chain. Sovereign tenancy — your region, your keys.
Built on the open Lattice Runtime (MPL 2.0), and runs open-weight models inside your perimeter — so cognition cost collapses without your data ever leaving.
A consumer startup wires together a model API, an auth provider, a payments vendor, a voice API, and an observability tool, and ships by Friday. A bank, a hospital, or an agency cannot: every one of those is a third party touching regulated data — a separate contract, a separate breach surface, a separate review no compliance officer will sign off on piecemeal. Self-hosting is the only acceptable shape. And no one ships the whole stack self-hosted, as one ecosystem. That gap is the moat.
Data can't leave
Prompts, documents, patient records, transactions — feeding any of it to a hosted model, auth, or voice API means regulated data crossing your boundary into a third party. No compliance officer at a bank, hospital, or agency signs that. Self-hosting isn't a preference here; it's the only acceptable shape.
The vendor maze
Identity from one open-source project, the model from another, voice, payments and virtual cards, tools, audit from five more — each with its own auth, its own data model, its own upgrade cycle, and brittle seams between them. The integration, and the security of those seams, becomes your problem, forever.
No complete offering
The choice today is a SaaS you can't use, or a DIY integration project you have to operate. No single vendor delivers models, identity, tools, voice, payments, runtime, and audit as one coherent stack you run inside your own walls — one identity model, one audit trail, across all of it. That's the gap Visca fills.
Keep your voice, clinical, browser, document, embodied, and coding agents. Put one self-hosted stack underneath that makes every one of them legible to a regulator.
Real-time conversational agents — call centers, intake, patient ops, customer service, collections. Latency-sensitive, often PHI- or PCI-handling.
Describes the generic stitched-stack pattern in this category. No specific product is named or evaluated.
Identity
SigilA voice agent runs as a tenant on a hosted vendor — one of several in the stack. Whoever holds the API key issues calls, and the call already left your perimeter to reach it. There is no per-call root of trust — no cryptographic identity bound to the caller, the agent persona answering, or the consent captured on this call.
Every call mints a Sigil bound to the caller, the agent persona, the runtime, and the consent record. Two calls from the same campaign are cryptographically distinct. Revocation propagates mid-conversation.
Credentials
WarrantEHR session tokens, CRM credentials, payment processors, and SMS providers sit in the agent's tool config for the life of the deployment. One call's prompt injection — via DTMF, via a hostile caller — is access to everything.
Every mid-call tool reach is a Capability Grant — scoped to caller, verb, resource, and duration. Read-PHI for this caller, for sixty seconds, with consent on file. Nothing reusable.
Discovery
PlexusDownstream telephony carriers, STT/TTS providers, and tool endpoints are hardcoded per environment. Failover is a redeploy. Latency is whatever the last config push produced.
STT, TTS, telephony, and tool providers resolved through Plexus by capability descriptor. Failover is a policy change. Latency targets enforced per call.
5 more concerns — Declarative state, Packaging, Runtime, Audit, Dev surface.
See the full comparisonEverything a regulated team would assemble from a dozen vendors and open-source projects — identity, authority, tools, packaging, compute, audit — Visca ships as one integrated stack you run inside your own walls. Eight named primitives that install, version, and audit together, organized across three planes: Trust, Lifecycle, and Record.
That's the difference between an ecosystem and a stitched stack. The primitives aren't separately purchasable point tools — they share one identity, one audit trail, one release train. You adopt the stack; nothing leaves your perimeter.
The Visca stack
one stack · eight primitivesTrust plane
identity, access, fabricLifecycle plane
declare, package, run, buildRecord plane
the single answerOpen foundation · MPL 2.0
Lattice Runtime
Bundle · Sigil · Capability Grant · Plexus wire · Audit envelope. Open specifications, reference runtime, conformance suite.
Read the foundation →TRUST · plane
Every autonomous actor has cryptographic identity, every access is brokered with a scoped capability, every connection is rooted in identity — not in a hardcoded URL.
The identity layer of the self-hosted stack.
The identity primitive of the stack, run inside your perimeter. Issues, verifies, and revokes the cryptographic identity every autonomous actor holds — bound to principal, runtime, and lineage from the moment of instantiation. The one identity every other primitive trusts.
The authority layer of the self-hosted stack.
The authority primitive of the stack, run inside your perimeter. Brokers every access from an autonomous actor to a consequential resource against its Sigil — identity-bound, scoped, time-limited, and recorded to Chronicle. Long-lived credentials disappear.
The fabric layer of the self-hosted stack.
The fabric primitive of the stack, run inside your perimeter. Discovery, mTLS, and routing across every autonomous actor and every resource an actor reaches — rooted in the same Sigil identities, not hardcoded URLs, and never crossing your boundary.
LIFECYCLE · plane
Declare the data model. Package the actor. Run it on autonomy-aware compute. Build, evaluate, and ship from one developer surface.
The data-model layer of the self-hosted stack.
The data-model primitive of the stack, run inside your perimeter. Declare what should exist as versioned source; agents write it as source, humans edit it as a spreadsheet. Plan, apply, drift-detect — all against state that stays in your tenancy.
The packaging layer of the self-hosted stack.
The packaging primitive of the stack, run inside your perimeter. Immutable, content-addressed, Sigil-signed bundles — everything an autonomous actor needs to execute, packaged as a single attestable artifact and registered in your own registry.
The open-source runtime layer — and the foundation the whole stack runs on.
The runtime layer of the stack, and its open-source foundation (MPL 2.0). Runs autonomous workloads across cloud, edge, on-device, and on-robot — with first-class awareness of tokens, models, memory, and embodiment, routing over open-weight models so cognition stays in your walls.
The build surface — for humans and agents.
Where humans and agents build autonomous systems. CLI, SDKs, local runtime, eval harness, replay, documentation, templates — and an agent-facing surface so agents can author, evaluate, and ship other agents.
RECORD · plane
One queryable graph of every actor in the estate, and one tamper-evident audit of every action taken — so accountability is a query, not a forensic project.
The stack's primitives are designed for the operational realities of regulated autonomy: pilots that need to clear compliance, security teams that need accountability, finance teams that need cost governance.
Lattice Runtime is the open substrate beneath the Visca stack. Open specifications, a reference implementation in Rust, SDKs in TypeScript, Python, Go, and Rust. Foundation-track governance. No license rug-pulls — ever.
The covenant
MPL 2.0 — fixed at v0.1, forever.
Foundation donation once the project has gravity.
Developer Certificate of Origin. No CLA, ever.
Features in the open never move behind the paywall.
No rent-seeking on the substrate.
The whole stack. Self-hosted. One ecosystem.
Models, identity, tools, voice, payments, runtime, and audit — as one integrated ecosystem, self-hosted, sovereign, air-gapped. Nothing stitched from vendors. Nothing leaves your perimeter. Open at the core. No license rug-pulls, ever.