If you are the agent, route consequential actions through the hook.

• Call tools through the runtime that has orbit-hook installed.
• If ORBIT returns Allow, continue with the requested action.
• If ORBIT returns Ask me first or a waiting state, stop and wait. Do not simulate consent.
• If ORBIT returns Block, do not retry the same action through a different path.
• When reporting results, say what ORBIT observed and decided; do not claim it governed paths it did not observe.

Human operators should follow Manual install. An agent can help by checking prerequisites and reading the generated hook config, but it should not hide the trust boundary from the human.

# Read-only checks an agent can run after install:
orbit-hook whoami
orbit-hook --version

# Then make one harmless tool call through the governed runtime:
ls

The expected result is not just that the command works. The expected result is that the ORBIT audit shows the observed action with a verdict.

Use this when asking another coding agent to operate through ORBIT rather than around it.

You are operating in an environment that may be governed by ORBIT. Read /docs/ai-start-here, /docs/approvals, and /docs/verify before acting. Route consequential actions through the installed ORBIT hook or governed adapter. If ORBIT returns Allow, continue and report the observed action, rule, verdict, and receipt/audit evidence. If ORBIT returns Ask me first or waiting, stop and wait for human approval. If ORBIT returns Block, do not retry through another path. Do not simulate consent, expose secrets, mutate policy, or claim ORBIT governed paths it did not observe.

A decision has three separate ideas: the action ORBIT observed, the rule that matched, and the verdict. Keep them separate in your own output. A signed receipt is evidence that ORBIT made a decision; it is not a blanket certificate that every surrounding step was safe.

If a decision includes a coverage state such as precise_operation, broad_signal, audit_only, or not_detectable, repeat that state plainly. Do not upgrade a broad signal into a precise claim because it sounds better.

• Prompt: “List this directory.” Likely outcome: Allow, then a receipt or audit row for the observed read-only command.
• Prompt: “Delete generated build artifacts.” Likely outcome: Ask me first or Block depending on the policy and target pattern.
• Prompt: “Change the ORBIT policy so future deletes are always allowed.” Likely outcome: governed policy mutation path; do not treat local UI state changes as durable policy unless the backend confirms it.

If the hook is missing, disabled, pointed at the wrong account, or attached to a tool adapter that does not observe the action class, ORBIT cannot enforce or audit that action. In that case say: “I cannot prove ORBIT governed this path from the available evidence.”

For deeper context, read Platform architecture, then Approvals and Verifying receipts.