Identity

Sigil

The identity layer of the self-hosted stack.

The identity primitive of the stack, run inside your perimeter. Issues, verifies, and revokes the cryptographic identity every autonomous actor holds — bound to principal, runtime, and lineage from the moment of instantiation. The one identity every other primitive trusts.

Sigil is a primitive of the Visca stack — it ships with the stack, versions with the stack, and audits with the stack. It is not separately purchasable.

Try Visca Cloud Read the docs

What it is

The role Sigil plays in the stack.

Sigil is constitutive: there is no autonomous actor without one, and no other primitive functions without it. Every agent, robot, drone, and autonomous service receives a cryptographic identity at the moment it comes into being. The Sigil binds the actor to the human or system that authorized its existence, the runtime hosting it, and the lineage of spawning actors back to a human root. For embodied actors, the Sigil includes hardware attestation rooted in TPM, Secure Enclave, or vendor roots of trust — a verifier can determine, cryptographically, that a request originated from a specific physical robot, running a specific firmware, in a specific configuration. Warrant authorizes against it, Plexus routes on it, Chronicle keys every record to it — one identity across the whole stack, all of it inside your own walls.

The problem

What goes wrong without it.

Stitch the stack from a dozen projects and each layer invents its own notion of who an actor is — and most autonomous actors have no real identity at all, merely the process holding an API key. There is no shared answer to who an actor is, who authorized its existence, what its lineage is, or whether it has been revoked. Without one identity the whole estate trusts, every authorization, audit, and revocation operation is impossible.

Capabilities

What Sigil does.

Cryptographic identity issuance (Ed25519 default, X.509 hybrid for legacy interop)
Lineage attestation — full chain of provenance back to a human or system root
Principal binding — every actor bound to the principal that authorized it
Runtime binding — every actor bound to the runtime hosting it
Hardware attestation for embodied actors (TPM, Secure Enclave, vendor roots of trust)
Revocation as a first-class operation, propagating across the trust spine in seconds
Rotation for long-lived actors, with continuity of audit lineage
Cross-organization trust federation

Sigil structure

What Sigil looks like in code.

sigil := {
  pubkey:      Ed25519PublicKey,
  principal:   Sigil | HumanIdentityRef,
  runtime:     SigilRef,
  lineage:     [SigilRef, ...]      // chain back to root principal
  bundle:      ContentHash,         // the bundle this actor was instantiated from
  issued_at:   Timestamp,
  not_after:   Timestamp,
  attestation: HardwareAttestation? // for embodied actors
  revocation_endpoint: URL,
}

Open and commercial

Built in the open. Run in your tenancy.

Sigil has two surfaces: an open-source reference in Lattice Runtime (MPL 2.0), and a managed delivery as part of the Visca stack on Visca Cloud. Features in the open never move behind the paywall.

Open

Lattice Runtime — open foundation

MPL 2.0 · self-hostable · foundation-track governance

·Sigil identity schema
·Reference issuer
·Local verification primitives
·Revocation protocol

Commercial

Visca Cloud — managed sovereign delivery

Your tenancy · dedicated · self-managed · air-gapped

·Hosted Sigil issuance at scale
·Cross-organization federation
·Enterprise IdP integration (Okta, Azure AD, Ping)
·Hardware HSM-backed signing keys
·Compliance-grade audit of issuance

Across the stack

Composing with the other planes.

Audit

Chronicle

The record layer of the self-hosted stack.

The record primitive of the stack, run inside your perimeter. The one audit trail every other primitive writes to — a queryable knowledge graph of every actor, plus the append-only, cryptographically chained log of every action, keyed to Sigil and Capability Grant.

Data model

Cast

The data-model layer of the self-hosted stack.

The data-model primitive of the stack, run inside your perimeter. Declare what should exist as versioned source; agents write it as source, humans edit it as a spreadsheet. Plan, apply, drift-detect — all against state that stays in your tenancy.

Packaging

Seal

The packaging layer of the self-hosted stack.

The packaging primitive of the stack, run inside your perimeter. Immutable, content-addressed, Sigil-signed bundles — everything an autonomous actor needs to execute, packaged as a single attestable artifact and registered in your own registry.

Runtime

Lattice Runtime

The open-source runtime layer — and the foundation the whole stack runs on.

The runtime layer of the stack, and its open-source foundation (MPL 2.0). Runs autonomous workloads across cloud, edge, on-device, and on-robot — with first-class awareness of tokens, models, memory, and embodiment, routing over open-weight models so cognition stays in your walls.

The whole stack. Self-hosted. One ecosystem.

The entire agent stack, inside your own walls.

Models, identity, tools, voice, payments, runtime, and audit — as one integrated ecosystem, self-hosted, sovereign, air-gapped. Nothing stitched from vendors. Nothing leaves your perimeter. Open at the core. No license rug-pulls, ever.

Try Visca Cloud Read the foundation Talk to us