A governed console for the whole of GitHub — that cannot change a thing on its own.
Orb is an audit-grade access broker for GitHub Enterprise, built across a tier-1 bank's SDLC (2023–2026). It gives non-CLI users a governed surface for organizations, repositories, rulesets and role-based access inside a regulated bank — permission rendered as weight, not colour.
Its defining trait is zero-direct-write: the interface holds every change as staged state and cannot touch production. To make a change real it files a sync — a pull request under your own identity — reviewed and then reconciled downstream. The tool proposes; the record decides.
The demonstration
| Persona | Staged | Live state |
|---|---|---|
| GUESTbrowse only · 6 | read | |
| PMissues + boards · 4 | triage | |
| DEVstandard push · 11 | write | |
| OPSbranch protection · 3 | maintain |
- I.StageHeld, not writtenEdits accumulate client-side as unsynced state. Nothing has happened yet.
- II.File a syncA reviewed pull requestThe staged change is filed as a PR under your identity — never written straight to live state.
- III.ReviewFiled, or returnedApproved, amended, or returned at a gate. The exact plan is visible before it is real.
- IV.ReconcileNow it is liveOn merge, a downstream run reconciles the change into state. Only now — and fully audited.
The system
- none
- read
- triage
- write
- maintain
- admin
Five greyscale weights; crimson only at admin — and admin is never offered in a select. The one colour in the system is a state, not a decoration.
A sync is filed or returned— never “merged”, never “rejected”. The vocabulary is a clerk's, because the interface is a record.
- paper
- paper-2
- ink
- rule-3
- signal
- confirm
No gradients, no shadows, no radius. Structure comes from 1px rules at four weights — the way a printed form holds itself together.
The record
- Surface
- React 18 + TypeScript strict — dashboard, orb detail, realms, syncs; a marketing/login twin beside it
- Custody
- GitHub OAuth, sealed in an AES-256-GCM HttpOnly session cookie — no tokens in the page
- Write path
- staged edits → a pull request against state-file repositories → a GitOps reconcile run. The audit trail is the git history
- Tenure
- 2023–2026 · a tier-1 bank's enterprise SDLC · shipped with its own design system