You signed up. Now what.

Your account is provisioned with the Guardian default policy: 50 rules across 14 categories of risky agent behavior, each set to a sensible default (Allow, Ask me first, or Block). You did not have to write a policy to be governed. You can change every verdict, and you can add custom rules later.

You also have an API key. ORBIT uses it to identify your account when your agent calls in. The key is shown once. We will get to it in step 2.

When Guardian pauses an action and asks for your call, the question lands on your phone over SMS. The product runs without a verified phone, but you will miss escalations: a paused agent will time out and the action will be blocked, every time. Verifying your phone is the first thing worth doing.

Open /settings/phone, enter a US mobile number, and confirm the code we text you.

US-only at launch. International support is on the roadmap.

Open /keys. The key created at signup is shown once at the top of the page. Copy it and stash it somewhere safe (a password manager is fine).

If you missed the one-time reveal, that key is gone. You can issue a new one from the same page; it shows once and is then a prefix-only display.

The fast path is the install command setupclaw runs end-to-end:

curl -sL https://orbitgrc.com/install | bash

setupclaw downloads the orbit-hook binary, stores your API key in the OS keychain, wires the Claude Code hook config, and runs a self-test. If it finishes clean, your next Claude Code session is governed.

Before you pipe a script into bash: this command runs whatever orbitgrc.com/install serves at the moment you run it. Guardian is the thing meant to govern your agent, so if you would rather download the installer, inspect it, and verify the published checksum and signature before running anything, take the manual install path instead. Same result, slower, with the trust boundary in your hands.

Open Claude Code in a project directory and ask it to do something benign. Anything will do; the goal is just to confirm the hook is firing and ORBIT sees the action.

A first call worth trying:

> List the files in this directory.

Claude runs ls. ORBIT records it. The Allow rule for read-only filesystem operations is the default, so no escalation fires and you do not get a text message.

Open the dashboard. Within a few seconds the action you just made shows up under recent activity, with the agent identity, the action, and the verdict ORBIT applied.

That is the loop: your agent acts, ORBIT evaluates, the dashboard records, and Guardian asks you only when your policy says to ask.

To trigger an escalation on purpose, ask Claude to run something the default policy treats as Ask me first. A safe option: ask it to run sudo for any reason. The default rule pauses the action and texts your phone.

From here the product is yours to shape. The pieces worth knowing about:

• Agent Policy is the cockpit. Every default rule is in there, with three verdicts (Allow, Ask me first, Block). Change anything you want; add custom rules to narrow specific risks.
• Approvals is where you see what Guardian is currently asking you and what time-bounded approvals you have granted (10 minutes, 1 hour, 2 hours).
• Audit is the full record of governed actions, searchable, with a downloadable receipt per action.
• Verify a receipt lets anyone (you or someone you hand a .orbitproof file to) confirm a receipt is authentic and untampered, without needing to trust ORBIT.

Common first-day friction:

• No SMS arriving on a verified phone. Check that the verified number on /settings/phone is the one you are watching. ORBIT only texts the verified number on file.
• Claude Code is running but nothing lands in the dashboard. The hook might not be wired in. Run orbit-hook whoami in a terminal; it should print your account. If it prints an error, the API key is not where the hook expects it.
• An action you expected to be blocked was allowed. The Guardian default set is conservative-but-not-paranoid. Check the rule for that action in Agent Policy; if its verdict is Allow, that is by design. Change it to Ask me first or Block and the next call follows the new rule.

Anything else, email support@orbitauthority.com. Reply latency is human-fast at launch volume.