Orbit Authority

Stop babysitting agents you already run in YOLO mode.

You run Claude Code with --dangerously-skip-permissions and Codex in YOLO or bypass-sandbox mode because you want work to continue. Orbit Authority lets agent work keep moving, then pulls you back in when real authority is needed.

Approve, deny, inspect, or revoke from your phone when a boundary matters: while you are away from the computer, at the grocery store, walking in the woods, or just letting the agents run. Enforcing adapters can pause before execution; observe-only adapters collect evidence without pretending to block.

Orbit Authority cockpit

Sample cockpit view

Sample action queue: requests, policy reasons, approvals, and receipts in one place.

Sample queue view
policy: no-prod-writes · Production changes need explicit approval.policy: spend-limit-5k · Over $5k needs approval.policy: human-approval-required · A named owner must approve.policy: standing-refunds-500 · Refunds under $500 can proceed.policy: secret-access-blocked · Secret paths are blocked.
ActorRequested actionSurfaceRiskVerdict

Click any requested action, or press Enter or Space while focused, to inspect its policy and receipt details.

For dangerous delegation, not theater

Give agents operational room without giving every action blank-check authority.

Orbit does not claim that a model is safe because it generated a good explanation. It checks action boundaries: what the agent is trying to do, which policy applies, whether the installed adapter can enforce that boundary, and what evidence exists afterward.

Start with one boundary

Free

Free is the low-friction starting point: put a basic command boundary in front of agent work, see what would be allowed, asked, or blocked, and learn the approval loop before expanding the scope.

Protect the dangerous modes builders actually use

Guard

Guard is for OpenClaw, Claude Code, Codex, wrappers, and hooks. Where an enforcing adapter is installed, protected shell, SSH, cloud, GitHub, database, deploy, and secret-adjacent actions can hit policy before execution instead of relying on a terminal prompt you might not be watching.

The cockpit and receipt layer

Authority

Authority is the control plane: see what is running, approve or deny from your phone, revoke broad delegation when needed, and keep receipts or clearly labeled telemetry for the decisions Orbit actually observed.

Broad delegation still needs hard stops.

Orbit is built for teams that want agents to keep working, not for teams that want to click every routine command. The point is to label and route the actions that should not be invisible.

  • New cloud spend or infrastructure changes
  • IAM, DNS, firewall, and security-group edits
  • Production deploys and service restarts
  • Destructive database or data-retention work
  • Secret access, publication, or credential changes

The authority loop

  1. Actor requests a consequential action.

    The agent asks to do something consequential.

  2. Orbit Authority checks authority and scope.

    Orbit checks actor, action, scope, time, and active policy.

  3. Allow, escalate to a human, or deny.

    ALLOW, ASK, BLOCK, or SHADOW/OBSERVE depending on the adapter boundary.

  4. Receipt and audit trail recorded.

    Receipt or telemetry records actor, action hash, rule, verdict, approver path, timestamp.

One authority system. Cockpits shaped for the work.

Start with Guardian for agent tools, Action Control for high-stakes product side effects, and Enterprise for customer-controlled deployments. Each surface keeps the same authority loop, but labels what is enforcing, observe-only, or audit evidence.

Solutions

Guardian

Guardrails for AI agent toolchains.

Wraps agent runtimes and tool paths, including OpenClaw, Hermes, Claude Code, Codex, wrappers, and hooks, so dangerous actions hit an authority check before execution.

Action Control

Control point before money moves, trades execute, or customer data changes.

Checks AI-started payments, trades, app mutations, and other irreversible side effects before the external API is called.

Enterprise

Authority across teams, agents, tools, and vendors.

Runs agent work across the org without handing every team, vendor, or automation blank-check authority.

Cockpits shaped for the job

Same bones: what tried to happen, which rule applied, who approved, and what receipt proves it.

Builder, payments, trading, creator, agentic SaaS, and enterprise teams need different cockpit views. Orbit keeps the underlying authority loop consistent.

Sample cockpit view / Builder

Agents can code, test, and ship, with hard stops around danger.

Routine dev work stays fast. Production, secrets, destructive commands, and repo history changes hit the authority boundary.

Claude Code

git push --force main

History rewrite needs owner approval.

ESCALATE

Codex

npm test

Repo-local test command.

ALLOW

OpenClaw

cat .env.production

Secret path blocked.

BLOCK

Deploy bot

deploy prod

Production protected.

ESCALATE

Sample cockpit view / Payments

Stripe moves money after Orbit says the actor is allowed.

Refunds, payouts, charges, and contract-impacting changes show up as decisions before the payment API is called.

Billing workflow

refund.create $250

Under standing refund approval.

ALLOW

Finance bot

payout.create $8,000

Above spend limit.

ESCALATE

AI support

charge.create $12,400

Merchant scope mismatch.

BLOCK

Subscription agent

plan.change enterprise

Customer contract impact.

ESCALATE

Sample cockpit view / Trading

Mandates are enforced before the broker call.

Exposure, asset class, notional size, drawdown, and market-hours checks become visible decisions.

Trading Agent

buy NVDA $42,000

Mandate exceeded.

BLOCK

Risk bot

close TSLA 15%

Risk-reduction action.

ALLOW

Crypto agent

open BTC perp 3x

New asset class requires exception.

ESCALATE

Rebalancer

sell VTI $5,000

Inside allocation band.

ALLOW

Sample cockpit view / Creator ops

Approve the messy money moments before they leave.

Payouts, refunds, sponsor sends, and revenue split changes are decisions, not buried logs.

Payout agent

payout.create $840 creator_182

Under verified payout threshold.

ALLOW

Refund workflow

refund $1,200

Above support limit.

ESCALATE

Campaign agent

send sponsor email to 42k fans

External comms volume threshold.

ESCALATE

Account workflow

change revenue split 70/30

No signed creator request.

BLOCK

Sample cockpit view / Agentic SaaS

Customer-impacting mutations get checked before they happen.

The app can stay autonomous without giving every agent unconditional write access.

Admin agent

db.users.updateMany

Bulk customer mutation.

ESCALATE

Lifecycle agent

delete account acct_9K2

No verified customer request.

BLOCK

Support agent

issue credit $30

Inside support mandate.

ALLOW

Email agent

send cancellation notice

External customer communication.

ESCALATE

Sample cockpit view / Enterprise

See authority across teams, vendors, tools, and exceptions.

Compliance evidence is the byproduct. The primary job is operational control.

Vendor agent

export EU records

Region scope violation.

BLOCK

Team automation

terraform apply prod

Protected environment.

ESCALATE

Data agent

read anonymized report

Approved data class.

ALLOW

Ops bot

grant standing approval 2h

Authority change requires owner.

ESCALATE

External control, human version

Orbit checks the thing the agent is about to do, not the story the model tells about it.

The agent can plan, draft, and decide quickly. When it reaches a consequential boundary, such as a shell command, Stripe call, broker order, customer-data mutation, campaign send, or production deploy, Orbit applies the authority rule before execution.

Not prompt policing

Orbit does not need to judge whether a model is “good” or understand every prompt. Models can ramble; actions still have to cross a boundary.

Not after-the-fact logs

Logs tell you what happened after the damage may already be done. Orbit checks the requested action before the runtime, API, broker, or deployment tool executes it.

At the action boundary

Orbit asks the concrete question: is this actor allowed to do this thing, in this scope, right now, and should it be allowed, escalated, or blocked?

Every decision leaves proof

Receipts prove the decision before action, not vibes after the fact.

A receipt records who or what requested the action, which rule decided it, whether it was allowed, escalated, or blocked, and what approval or signature backs the verdict.

Receipts prove the decision; they do not publish raw secrets, customer payloads, full command output, or private account data.

Wrap the places where agent decisions become real

  • OpenClaw / Hermes · Agent runtimes and delegated work
  • Claude Code / Codex · CLI hooks before tool execution
  • Stripe · Refund, payout, charge, and plan calls
  • Broker path · Orders before execution
  • App mutations · Customer-data and account changes
  • Deploy tools · gh, kubectl, terraform, CI/CD