Quick Start

If you have an Apple Silicon Mac Mini and about thirty minutes, this is the shortest path from “I read a doc” to “a thing is alive in my haus that runs on my hardware and watches over the things I care about.” The detailed Installation page goes deeper. This one is the friendly one.

Before you start

Sanctum runs on Apple Silicon Macs. The hub is a Mac Mini (M-series, 16 GB+ RAM, 256 GB+ disk). If you don’t have one yet, see Requirements — the short version is “the cheapest current-generation Mac Mini will do.”

You also need:

• A free Cloudflare account (the R2 free tier — 10 GB — is what we’ll use for backups).
• A spare half-hour. Bring tea.

You do not need:

• A static IP. Sanctum runs entirely on your LAN with no inbound ports.
• A separate domain name. The internal certificates are minted locally.
• Apple Developer credentials. Everything in the quick path uses Homebrew + Python.
• A subscription to anything. There’s no cloud login for Sanctum itself.

The four steps

1. Install Homebrew if you don’t already have it.

   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

   This installs brew into /opt/homebrew/. It will ask for your password once. That’s fine — it needs to write to /opt/.

2. Install sanctum-cli via the Homebrew tap.

   brew install ogilthorp3/sanctum/sanctum-cli

   That’s a tap (the formula repository) plus the formula itself in one command. It installs Python 3.12 if you don’t already have it, creates a private virtual environment under Homebrew’s libexec, pulls the CLI from its GitHub release tag and the runtime dependencies from PyPI, and symlinks the sanctum command into /opt/homebrew/bin/sanctum.

   Recent Homebrew (5.x) gates third-party taps behind a one-time trust prompt. If you see one, it’s asking permission to run our formula — read it, then accept:

   brew trust --formula ogilthorp3/sanctum/sanctum-cli

   Confirm with:

   sanctum --help

   A help screen with sub-commands (status, doctor, onboard, backup, chat) means you’re ready.

   Tip

   First-time Homebrew users may be prompted to install Apple’s Command Line Tools — that’s a one-time macOS thing, not a Sanctum thing. Open System Settings → Software Update and let it run; come back when it finishes. The trust prompt above is the same shape: a gate you pass once, not a thing that nags.

3. Run onboarding.

   This is the moment.

   sanctum onboard --recipe family

   You’ll see a small ASCII splash, then a line that greets you by name, then a guided arc of named chapters — Welcome → Your AI → Your Network → Your Data → You’re Alive — with a step counter and a green check that lights only when a step genuinely succeeded:

   • Your AI connects Claude (a Claude Max or Pro subscription used free through the local proxy — the default — or an Anthropic API key) and Gemini (a Google AI / Gemini API key). Keys land in the macOS Keychain. Skippable; the local mlx_local seat is always the offline fallback.
   • Your Network auto-detects your Bell hub, Firewalla, and Orbi and walks guided, fail-closed pairing. Also skippable.
   • Your Data estimates the backup set (Documents, Desktop, ssh keys, dotfiles), walks Cloudflare R2 setup if needed (auto-opening the right tabs), shows a dry run, runs the real backup, and restores a known file as a canary to confirm the round-trip.

   When it finishes, a recap card and a green panel say “Your Sanctum is alive, <your name>.” Take a screenshot. Manage gear later with sanctum net hub|firewalla|orbi; talk to your AI with sanctum chat.

4. Verify.

   sanctum status        # the whole haus at a glance
   sanctum doctor        # deep health check

   You should see green across the board. If anything is yellow or red, sanctum doctor will tell you what to fix.

What you just got

• Daily backups, automatically, via a com.sanctum.backup LaunchAgent that runs at a quiet hour, plus a com.sanctum.backup-canary companion that restores a known file and confirms the round-trip. The backup you can’t restore isn’t a backup, so we check.
• A health check you can run anytime — sanctum doctor probes the LaunchAgents, providers, and backup repos; sanctum self-test runs the twelve probes that decide whether the install is sound. The full supervisory stack (R2D2, the cathedrals, the autohealers, the drift sentinels) is what an operator deployment adds — the quick path gives you the backup and the means to verify it.
• A clean audit trail — every action that matters is logged to ~/.sanctum/logs/ with bounded rotation. You can read what your haus has been doing, and it won’t quietly eat your disk.
• No phone-home. Nothing leaves your machine unless you explicitly configure a cloud target (which you just did, for backups, encrypted with a key only you hold).

Tip

The thing that took the longest to build was making sure thirty minutes is actually enough — we kept finding the half-hour was really forty-five. If something in the quick path stalls past the budget, that’s a real bug, not your tea going cold; please report it.

What to expect over the first week

Day 1

You’ll get a notification when the daily backup completes. That’s intentional. After that, Sanctum will go quiet for a while — it doesn’t have anything to tell you yet.

Day 2-3

Try sanctum chat to talk to your local agents. Try sanctum status first thing each morning. Sanctum is meant to fade into the background; if you find yourself running these commands less, that’s a sign it’s working.

Day 4-7

The backup and its canary keep running on their own schedule; you don’t tend them. If your Mac reboots for any reason (Apple update, power blip, you walked into the cord), the LaunchAgents come back by themselves — no login, no manual unlock — and pick up where they left off.

When something interesting happens

A notification that isn’t the daily backup means something needs your eyes. Open sanctum doctor and read the report. It would rather tell you the awkward truth than show you a reassuring green it can’t back up.

When something goes wrong

The honest part of the doctrine matters most here. Sanctum tells you when something is broken, even if it can’t fix it yet.

• sanctum doctor is the first stop. It checks the same things the daily sentinels check, but on demand.
• The audit log at ~/.sanctum/logs/r2d2-audit.jsonl is the second stop. Each cycle carries a cycle_id; grep it to follow one run end to end.
• Troubleshooting has the top issues with copy-paste fixes.
• Bug reports: open an issue on Ogilthorp3/sanctum-cli. The bug-report template asks for sanctum doctor + sanctum self-test output and a credentials-redacted checkbox. The maintainers read it; the auto-fix drone (R2D2) might already be working on a recipe to handle it next time.

What’s next

If you got through this and the green panel said hello: congratulations, you’re running. The First Run page has the deeper verification checklist. What Is Sanctum? goes into the why.

To share the haus with the rest of the family, the Family Pass installation page adds per-person scoping for kids and partners.

Note

This page is the canonical front door. If you found yourself somewhere else first, that’s our fault; please tell us so we can point at this one harder.