Nothing leaves the perimeter, and every layer shares one identity and one audit — by construction.
You're accountable for autonomy you didn't build and can't fully see, where sending regulated data to hosted AI vendors is off the table and a self-hosted stack stitched from a dozen projects gives you a dozen identity models and audit trails to correlate by hand. Visca makes the safe default the default across one ecosystem — cryptographic identity, scoped credentials, and a tamper-evident audit shared by every layer in your perimeter — so most of what you'd achieve by writing policy is achieved by the protocols themselves.
Why the data can't leave
Production agents hold broad, long-lived credentials. Your policy says least-privilege; the infrastructure offers all-or-nothing.
Answering an incident or an examiner means correlating framework traces, tool logs, identity events, and model-provider logs by hand. The answer takes hours; the question is urgent.
You can write the policy, but proving it held — for every action, across every agent — is the part that blocks sign-off.
One ecosystem, not a stitched stack
Least-privilege starts with knowing who's acting. Every autonomous actor has a non-transferable cryptographic identity, by construction.
Long-lived credentials disappear. Every access is scoped, time-bound, consented where required, and audited — least-privilege as the only available mode.
Append-only, Sigil-keyed, cryptographically chained. The control isn't a policy you assert — it's a record you can prove, exportable to your SIEM and GRC tooling.
Every agent is a signed, content-addressed bundle with an SBOM. Supply-chain provenance is verifiable, not assumed.
What you get
In practice
An application team wants to ship an agent with production access. The review is short: identity is cryptographic (Sigil), access is scoped and ephemeral (Warrant), every action is recorded tamper-evidently (Chronicle), and the bundle is signed with an SBOM (Seal). The controls aren't promises in a doc — they're properties of the runtime, with evidence.
The whole stack. Self-hosted. One ecosystem.
Models, identity, tools, voice, payments, runtime, and audit — as one integrated ecosystem, self-hosted, sovereign, air-gapped. Nothing stitched from vendors. Nothing leaves your perimeter. Open at the core. No license rug-pulls, ever.