The Autonomy Stack for regulated industries

Ship agents that pass security review — on a stack that maintains itself.

A bank, hospital, or agency can't approve an agent product stitched from a dozen SaaS vendors — each one is data egress, another contract, another breach surface. Visca is the whole stack — identity, credentials, runtime, and audit — shipped as part of your product and run inside your customer's walls. Your agent arrives with the answers security teams demand: who is this agent, what can it touch, where is the record. Nothing leaves their perimeter.

Get the stack See it running

Maintenance ledger

Recording

operator.deploy
release rolled, health verified
signed
operator.rotate
credentials rotated · scope prod/db
signed
operator.patch
security patch applied, attested
signed
human.approve
scope grant reviewed and signed
signed
operator.incident
recovered · root cause recorded
signed

Every operation: a principal, a scope, a signature. Nothing off the record.

Who is this agent

Every agent is a first-class identity with a recorded human sponsor — not an API key taped to a service account.

What can it touch

Scoped, short-lived credentials. Authority is granted, reviewed, and revoked — never assumed.

Where is the record

Every action lands on one tamper-evident ledger — the document your security team actually reads.

Who keeps it alive

The stack ships with its own operators — agents that run it inside the perimeter, under the same audit as everything else.

Self-hosted, without the self

And no one has to keep it alive.

Self-hosted has always meant inheriting an ops burden — the reason SaaS won everywhere it was allowed to win. Visca ships with its own operators: agents that deploy, upgrade, patch, rotate credentials, and answer incidents, inside the perimeter, under the same identity and audit as everything else. The vendor's ops team was SaaS's secret advantage. Ours is agents — and they never leave the building.

Deploys and upgrades

Releases land themselves.

Operator agents roll new versions, verify them, and roll back on failure — no maintenance window on a human calendar, no engineer with production access inside your customer's network.

Rotates and patches

Credentials and CVEs don't wait for a ticket.

Keys rotate on schedule, patches apply as they ship. The work that always slips when humans run self-hosted software simply doesn't slip.

Answers incidents

The first responder is already inside.

Operator agents watch, diagnose, and act within the scopes they were granted — and every step of the response is on the ledger before anyone asks for a postmortem.

Nothing off the record

A stack operated by agents is a stack with no off-the-record.

Hand-run systems leak history — SSH sessions, console clicks, tribal knowledge. Here, every operation is a principal acting within a scope through one governed gateway, so the audit trail isn't a feature: it's how the stack works. Maintenance itself becomes evidence — every patch, every rotation, every recovery, signed and on the ledger your security team reads.

Declare intent

Humans state what should be true. Agents do everything below that line.

Sign approvals

Authority changes only by reviewed, recorded approval. The signature is the product.

Hold the kill-switch

Deterministic stops no agent can reason its way around. Always on, always recorded.

Humans keep exactly three jobs. All three recorded.

Who it's for

For teams building agents for regulated customers — and teams building them inside.

Ship the stack as part of your product, or stand it up inside your own perimeter. Either way, the security review meets a system built to answer it.

Proven on ourselves first

A clinical AI product built on this stack — approved and in pilot at Stanford.

And the stack runs its own production. We are our own first regulated customer; the pitch is the deployment we operate.