What to expect when ORBIT texts you.

Your agent attempts an action. Guardian evaluates it against your Agent Policy. If the matching rule is set to Allow, the action proceeds; if it is set to Block, the action is blocked. If the rule is set to Ask me first, the action pauses and Guardian sends you an approval request.

An approval request is a question for you. Until you answer it, the agent is waiting and the action has not happened.

The text you get looks like this:

ORBIT: your agent (Claude, hearth) wants to
delete 412 files in ./build/.

Why this matters: deleting many files at once
can be irreversible if the target is wrong.

Coverage: precise_operation.

Reply Y to allow once, N to block.
Or 10M / 1H / 2H to allow this kind of
action for that long.

If you don't reply in 2 minutes, ORBIT will
block and your agent gets back "blocked".

Open in ORBIT: o.grc/e/01HQ3XK

Each part is doing a job:

• The opener. Names the agent, the device, and the action in one sentence. The action is plain language sourced from your policy.
• Why this matters.One sentence on the consequence. From the rule’s catalog entry; the same string the cockpit shows on the rule detail page.
• Coverage. What Guardian actually knows about this action on your installed adapter. Five honest states, named the same way everywhere: precise_canonical (Guardian matched the action exactly against a canonical observation), precise_operation (Guardian observed the operation type and target through the adapter, as in the bulk-delete example above), broad_signal (Guardian saw an adapter signal that matched the rule but cannot resolve the exact action), audit_only (the rule recorded the action for the audit log without gating it), and not_detectable (Guardian did not see this kind of action on your adapter at all; the rule cannot run). The SMS always shows you which one applies; no friendlier rephrasing.
• Controls. Y / N for the one-time decision; 10M / 1H / 2H for a time-bounded standing approval (see below).
• The timeout. If you do nothing, the action is blocked. Stated explicitly so you know what silence means.
• The Open-in-ORBIT link. A short URL that opens this approval request in the product. It is owner-only and requires you to be signed in to ORBIT; it does not display receipt content to anyone else. Receipts themselves are shared as the .orbitproof file, not URLs. Tap the link if you want the longer view before deciding, or if you are at a desktop.

Five replies parse:

• Y (or yes) -- Allow this one action.
• N (or no) -- Block this one action.
• 10M -- Allow this kind of action for the next 10 minutes.
• 1H -- Allow this kind of action for the next hour.
• 2H -- Allow this kind of action for the next 2 hours.

Anything else (including sure, go ahead, free text) does not count as approval. ORBIT will reply with the canonical control list and keep waiting. This is on purpose: a fuzzy parser would let a confused or coerced reply (“what?”) pass as consent. The rule is narrow because the consequences are real.

Replies are case-insensitive; spaces and minor variants (10 m, 1 hour) work.

Replying with a time band creates a standing approval: any action that would match the same rule, for the duration you picked, is allowed without re-asking. You do not get re-texted for the same kind of action until the standing approval expires.

The longest standing approval available over SMS is 2 hours. Forever-changes happen in the cockpit at /dashboard/agent-policy, where you can set the rule’s verdict to Allow durably (and see the change in your policy). SMS is for time-bounded; the cockpit is for durable.

Active standing approvals show on /dashboard/approvals/active with a live countdown. You can revoke any of them from there; revoke takes effect immediately and the next matching action will ask you again.

If you do not reply within 120 seconds, Guardian blocks the action and the agent is told the action was blocked. The action does not proceed.

This is fail-closed by design. Silence is not consent. If you missed the SMS because you were in a meeting, the worst case is your agent reports back that the action was blocked and you can retry it (or change the rule) when you are back.

The 120-second window is the launch default. Per-rule timeouts (so you can set a longer window for specific rules where you know you are slow to respond) are on the roadmap.

Two pages, one URL each:

• /dashboard/approvals/active shows currently-active standing approvals (the 10M / 1H / 2H grants you have made over SMS), with a live countdown and a Revoke button on each row. Recently-expired approvals (last 24 hours) collapse into a section below; expand to inspect.
• /dashboard/approvals/history is the archive: every approval request you have responded to, plus the ones that timed out. Filter by date, agent, or outcome.

Both pages render the same vocabulary as the SMS and the cockpit. Same words mean the same thing everywhere.

Every approval request produces a record. The record names what was asked, what you decided (and how: SMS reply, in-product click, timeout), what the agent did with the result, and the signed receipt for the whole thing.

The record is the truth about a past approval request, frozen. If you change a rule tomorrow, the historical record still shows what the rule was at the time of the request. Audit trails do not rewrite themselves.

A record links to the receipt as a downloadable .orbitproof file and to the web verifier at /verify. See the Verifying receipts docs for how that works.

If you find yourself replying 1H to the same kind of question every few hours, the rule is wrong for your workflow. Change it.

From the SMS, tap the Open-in-ORBIT link, then tap “change this rule” on the in-product card. From the in-product card directly, the same affordance is on the card. From the cockpit, find the rule in /dashboard/agent-policy and change its verdict.

Setting a rule to Allow is the supported way to say “stop bothering me about this.” The rule still exists, the action still appears in your audit, but you stop being interrupted. Reversible at any time.