Verify
Sanctum has enough moving parts that “it seems fine” is not an acceptable verification method. The operator path is now explicit: start with the checked-in CLI, escalate to the audit wall, and only then start poking at subsystems by hand.
Fast Confidence Check
Section titled “Fast Confidence Check”For the shortest useful answer, run:
python3 tools/sanctumctl.py doctor --quickThat checks:
- workspace manifests
- runtime manifests
- agent capabilities
- agent markdown drift
- runtime calibration
- plist audit
- feature matrix
- Kitchen Loop source validity
If doctor --quick is red, stop there and fix the drift first. A dirty generated surface makes every other result less trustworthy.
Full Verification Wall
Section titled “Full Verification Wall”For the audited end-to-end proof path, run:
python3 tools/sanctumctl.py verifyToday that executes three suites:
- workspace audit
- runtime audit
- system E2E
If you want the exact plan before running it:
python3 tools/sanctumctl.py verify --dry-runWhat Each Layer Proves
Section titled “What Each Layer Proves”Workspace Audit
Section titled “Workspace Audit”The workspace audit checks the checked-in slice:
- workspace manifest rendering
- docs wiring
- sidecar behavior
- feature matrix consistency
- linked subsystem harnesses
Use this when you changed repository-owned logic and need to confirm the checked-in surface is still coherent.
Runtime Audit
Section titled “Runtime Audit”The runtime audit checks the machine-owned slice:
~/.sanctum/servicesrender drift- runtime calibration artifacts
- launchagent alignment
- runtime graph edges
- health export canary integration
Use this when you suspect local machine drift rather than repo logic drift.
System E2E
Section titled “System E2E”The system E2E checks live surfaces:
- dashboards
- health endpoints
- proxy
- navigator sidecar
- Tommy supervisor
- Claude Team auth recovery
- agent markdown sync fanout
- pre-restart remediation metadata
Use this when you need to know whether the running system is actually serving, not just whether the files look tidy.
Recommended Operator Flow
Section titled “Recommended Operator Flow”- Run
python3 tools/sanctumctl.py doctor --quick. - If that passes, run
python3 tools/sanctumctl.py verify. - If
verifyfails, read the failing phase name first, not the entire scrollback. - Repair the smallest real fault.
- Re-run the narrowest relevant check, then the full wall.
When To Escalate
Section titled “When To Escalate”Drop below sanctumctl only when the higher-level command has already told you what class of problem you have.
- Use Troubleshooting for incident patterns and common breakages.
- Use CLI Reference when you need exact subcommands.
- Use Runtime Drift Audit when the problem smells like generated-state divergence.
The goal is not to avoid low-level debugging forever. The goal is to avoid starting there by reflex.