Build fast.
Stay governed.
Orbit618 is the governance engine that controls how AI builds software. Every signal enters a governed pipeline — spec-driven, policy-enforced, fully auditable. Speed without chaos.
Every transition validated. Every action audited. Every actor — human, agent, or LLM — governed.
Part of a bigger system
Orbit doesn't build your product. It governs how it's built.
Core618 ventures run on Ton618 — a shared platform with billing, messaging, CRM, contracts, and landing pages. Orbit618 sits on top, governing every development action: who can do what, when, and under which policies. The result is startups that ship fast and stay auditable.
The problem
Speed without governance is technical debt accelerated.
AI coding agents write code 10x faster. But speed without guardrails creates risk: status changes without validation, code generation without specs, PRs without review, agents acting without constraints. When the auditor asks "who approved this AI-generated code?", you have no answer.
90%
AI adoption increase
+9%
more bugs reported
+91%
more review time
0
governance solutions
The golden path
From Sentry alert to merged PR in 8 minutes.
This is the single demo that proves the entire Orbit618 thesis.
Signal arrives
Sentry fires at 3 AM: AttributeError: 'NoneType' in auth/middleware.py:42. 47 occurrences, 12 users affected.
Triage + Discovery
Orbit reads the actual codebase (not generic LLM guess), identifies root cause: user.session is None for anonymous users. Risk: LOW.
Spec generated
Structured spec created: problem statement, proposed fix, acceptance criteria, affected files. Not a prompt — a governed artifact.
Governance gate
LOW risk + balanced template = auto-approved. For HIGH risk, a human reviews. Configurable per company, project, and module.
Agent executes
Claude Code writes the fix step by step, governed by file scope per step. Adds null check + test. Every action logged.
PR created
Full governance trail attached: trigger → spec → approval → execution log. CI runs. Tests pass.
Auto-merged
LOW risk + CI green = auto-merge. Dev wakes up to a resolved incident with complete audit trail. Sentry marked resolved.
Core capabilities
FSM
State machine enforcement
Canonical lifecycle: Backlog → Spec → Arch → In Progress → Review → Staging → Done. Invalid transitions are rejected and automatically reverted. No exceptions, no shortcuts.
POLICY
Policy-as-code
Declarative, version-controlled rules. Require specs before architecture. Enforce human approval before staging. Restrict which agents can act in which states. Ship as policy packs.
GUARD
Context guard
Control what each actor can see and do, scoped by project and state. LLM A only operates on Project X during Spec. Deploy agent only triggers in Staging. Precise, granular boundaries.
AUDIT
Audit-first architecture
Every governed action produces a structured event: actor identity, transition, rule applied, decision, timestamp. Immutable log. Enterprise compliance-ready from day one.
AGENT
Agent governance layer
Identity registration, capability model, 3-tier risk classification (EU AI Act aligned), rate limiting, circuit breaker, and configurable human-in-the-loop gates.
MCP
Model context protocol
7 governed MCP tools. Every call respects FSM + policies + context. Claude Code, GPT, or any MCP-compatible LLM connects instantly. Pull-based agent model.
Universal trigger engine
9 signal sources. One governed pipeline.
Every trigger is normalized into a canonical intake. Deduplicated, rate-limited, and risk-classified before entering the pipeline.
Configurable autonomy
From full oversight to hands-free delivery.
Configure governance gates per hierarchy level. Conservative for new features, aggressive for bug fixes. Every team finds their own balance.
Dashboard
How Orbit618 compares
| Capability | Devin | Sweep | CodeRabbit | Orbit618 |
|---|---|---|---|---|
| Trigger sources | Slack, Jira | GitHub Issues | PR webhook | 9 sources |
| Discovery / Research | — | — | — | AI-driven sessions |
| Spec generation | — | — | — | Business + Technical |
| Risk classification | — | — | Partial | Per company/project/module |
| Configurable gates | — | — | — | 0 to 4+ per risk level |
| Audit trail | Replay log | Git only | PR comments | Full lineage |
| Auto-merge | — | — | — | LOW risk + CI green |
| Executor freedom | Devin only | Sweep only | N/A | Any executor |
| Open source | — | Partial | — | Apache 2.0 |
Executor agnostic
Zero vendor lock-in.
Push or pull model. Use the executor that fits your workflow. Switch anytime.
Claude Code
Primary executor. Agent pulls tasks from Orbit via 7 governed MCP tools. Every action respects FSM, policies, and context guards. The fastest path from spec to merged PR.
OpenHands
API-based. Orbit pushes execution steps to the agent runtime.
Continue
IDE integration. Developer-assisted execution with governance overlay.
Local agent
Run your own executor. Orbit governs, you execute.
Compliance-ready
EU AI Act
3-tier risk classification for autonomous agents. HIGH-risk gates enforced.
SOC 2
CC6 / CC7 controls coverage. Audit trail satisfies evidence requirements.
ISO 42001
AI management system alignment. Policy-as-code maps to control objectives.
Colorado AI Act
Algorithmic accountability requirements. Full decision lineage from trigger to merge.
Packaging
Open Source
Free
Apache 2.0 forever
- Core governance engine
- Discovery + executors + MCP
- CLI + admin UI
- ClickUp / GitHub connectors
- Community support
Team
$x,xx/user/mo
For growing teams
- Everything in Open Source
- 9 universal triggers
- Sentry + DataDog + Slack bot
- Hands-free autonomy templates
- Auto-PR + auto-merge
Enterprise
$x,xx/user/mo
For regulated industries
- Everything in Team
- SSO + SCIM + scoped RBAC
- Policy versioning + audit exports
- Tenant isolation + SLA
- Dedicated support
By the numbers
141
specs implemented
45
specs backlog
1,493
tests passing
9
trigger sources
Integrations
Live
Coming soon
Governance that ships with you.
Open source. Self-hosted or managed. Apache 2.0.