Platforms
Sprintsail Shortlist Drydock
Solutions
Ark Solutions Quantum Labs
Company
About Blog Careers Guardrails Contact
Get Started
Built · Run · Sold

Products we trust to run on.
Services to make them yours.

Three products we built because we needed them. Two services for the work between greenfield and steady state. The team you hire is the same team that operates these platforms in production every day.

Products — proof of depth

We sell what we run.

Each of the three products below started because we needed it ourselves. Sprintsail deploys our infrastructure, Drydock runs our managed-Kubernetes workloads, Shortlist matches the senior engineers we ship with.

01
Sprintsail

TypeScript IaC SDK with no-lock-in runtime

Declare your app as primitives — Function, WebApp, Database, Bucket, Secret, ... — then sail deploy to AWS. When you're ready to leave, sail migrate moves the same app to a managed Kubernetes runtime running open-source operators. Same handler code. No proprietary lock-in. Apache 2.0.

  • 9 primitives, 2 targets, 1 mental model
  • sail deploy — idempotent provisioning
  • sail migrate — cross-target data + infra copy
  • AWS provider stable, Sprintsail Runtime alpha
  • Cross-provider DB migration in-cluster
  • SealedSecret for runtime secrets
  • cert-manager TLS, Contour ingress
  • Apache 2.0 — open source SDK + CLI
Explore Sprintsail →

Technologies

TypeScript @sprintsail/sdk sail CLI AWS Lambda · ECS · RDS · S3 Knative Serving CloudNativePG MinIO RabbitMQ Cluster Operator sealed-secrets Contour + cert-manager
02
Drydock

Secure, compliant managed Cloud Foundry on Kubernetes

The full cf push developer experience on Kubernetes — buildpacks, routing, service binding — without managing PCF or TAS. Production-ready POC architecture; brought up on demand for customer demos. The platform we use when "compliant managed PaaS" is the hard requirement.

  • cf push DX on K8s — no Korifi operator gymnastics
  • Multi-AZ cluster, autoscaling, isolated namespaces per app
  • Cloud Native Buildpacks for language runtimes
  • Contour ingress, cert-manager TLS, sealed-secrets
  • Audit-trail logging via Fluent Bit + CloudWatch
  • Optional WAF, VPC-only ingress, AWS GovCloud-ready
  • Production-ready POC — spun up per customer engagement
  • Open source operator stack — no vendor lock-in
Explore Drydock →

Technologies

Korifi EKS Cloud Native Buildpacks Contour cert-manager sealed-secrets Fluent Bit CloudWatch AWS WAF
03
Shortlist

Verified ✓ talent in domains where resume-only matching breaks down

Resume polish is not a skill. Cold-applying is not a strategy. ~2.5 hours of real work — domain assessment, take-home lab, 45-min interview with a senior practitioner in the field — and the credential follows the engineer across every employer on the platform. The talent layer behind every Orion engagement.

  • Domain assessments — co-authored with senior practitioners
  • ~90-min take-home labs, scored in the candidate's stack
  • Live 45-min SME interview, sign-off written into profile
  • Verified ✓ credential — visible to every employer on the platform
  • Generated resume backed by assessment + lab + SME evidence
  • AI matching with Claude — explainable, employer-visible
  • Cloud, backend, ML, DevOps, data, security, frontend domains
  • Free for candidates to earn the credential
Explore Shortlist →

Domains supported

Cloud / Infrastructure Backend Engineering ML / AI DevOps / SRE Data Engineering Security Frontend Senior · Staff · Principal
Services — application of depth

When the products don't fit your problem directly.

Two named practices for the work between greenfield and steady state. Each is run by the team that operates the products above — so when we recommend a pattern, it's the one we've already debugged in production.

01
Ark Solutions

Senior cloud architecture between "it works" and "it scales"

The moment your team needs Well-Architected reviews, multi-account guardrails, a real disaster-recovery posture, or a fractional cloud lead — that's where Ark lands. CDK-first, written to be handed off to the team that has to run it after we leave.

  • Multi-account architecture + Control Tower
  • Landing zone design + IAM baseline
  • Cost optimization with measurable targets
  • Well-Architected reviews
  • Network architecture, Transit Gateway, hybrid
  • Disaster recovery with tested RTO/RPO
  • Cloud migration with rollback plan
  • Fractional cloud lead — embedded for 60–90 days
Explore Ark Solutions →

Technologies

AWS CDK CloudFormation Terraform Azure ARM VPC / VNet Transit Gateway AWS Organizations Control Tower S3 · CloudFront · Route 53
02
Quantum Labs

Vertical AI for the workflows horizontal models can't touch

Horizontal AI saves time per person. Vertical AI changes what's economically possible in a specific workflow. We build the vertical kind — domain-grounded agents on Bedrock + Claude, evaluation harnesses, retrieval pipelines, and the boring observability that keeps them honest. Two-week spikes; we kill or graduate.

  • Domain-grounded agents on Bedrock + Claude
  • Evaluation harnesses, not vibes
  • RAG pipelines with versioned context
  • MCP integration into existing toolchains
  • Production observability + cost guardrails
  • Two-week spike to prove or kill
  • Production graduation handed to your platform team
  • Runs inside your environment on your data
Explore Quantum Labs →

Technologies

AWS Bedrock AgentCore Claude API MCP Lambda · ECS DynamoDB · OpenSearch SageMaker LangChain
Get Started

Ready to build something
reliable and intelligent?

Whether you need cloud architecture, AI development, a managed platform, or vetted talent — let's talk about what you're building.

Start a Conversation → About Orion