58 com.sanctum.* agents run across the two machines. That’s a lot of plists for two boxes. This page is the dated inventory — who runs what, what’s healthy, what’s flapping, and what should probably be retired.
Legend: RUN running clean · SCHED scheduled (no PID, last exit 0) · FAIL error state · OFF disabled.
| Agent | State | Purpose |
|---|
com.sanctum.mlx | RUN | sanctum-mlx serving Qwen3.6-35B-A3B on :1337 mTLS. The brain. |
com.sanctum.lmstudio-bridge | RUN | Keeps LM Studio’s :1234 alive; Qui-Gon and Ahsoka route through it for Coder-14B. |
| Agent | State | Interval | Purpose |
|---|
com.sanctum.pressure-valve | RUN | 5 s | Memory-pressure watchdog; armed 2026-04-22, now SIGSTOPs on RED |
com.sanctum.council-guardian | SCHED | 30 s | Fast /v1/models probe; restart sanctum-mlx if dead |
com.sanctum.council-canary | SCHED | 10 min | Slow chat probe (“2+2”) for correctness regression |
com.sanctum.council-drift | FAIL exit 1 | 1 h | SHA-check deployed artifacts vs repo. Last error: known — depends on parallel session’s uncommitted work |
com.sanctum.council-parity-smoke | SCHED | nightly 03:00 | 10-prompt token-level parity test vs Python mlx_lm |
com.sanctum.council-integrity | SCHED | hourly | Weight manifest re-verify |
com.sanctum.drift-sentinel | FAIL exit 1 | 5 min | Windu’s Firewalla-vs-ARP drift detector. Exit 1 likely stale threshold — investigate |
| Agent | State | Purpose |
|---|
com.sanctum.tunnel | RUN | Primary ssh tunnel for chalet |
com.sanctum.ha-tunnel | RUN | Home Assistant tunnel |
com.sanctum.health-tunnel | RUN-flap exit 255 | Health Center tunnel; respawned after SSH timeout |
com.sanctum.graphiti-tunnel | RUN-flap exit 255 | Graphiti service tunnel; same SSH-timeout pattern |
com.sanctum.network-control-tunnel | RUN | Firewalla network-control API tunnel |
com.sanctum.bridge | RUN | Bridge100 sanctum-triage proxy |
com.sanctum.firewalla | RUN | Firewalla Purple API bridge |
com.sanctum.orbi-bridge | RUN | Orbi router API bridge |
com.sanctum.presence | RUN | Presence detector (who’s home) |
com.sanctum.ha-gateway | RUN | HA REST gateway |
| Agent | State | Purpose |
|---|
com.sanctum.livekit-server | RUN | LiveKit voice call server |
com.sanctum.voice-agent | FAIL exit 1 | yoda-voice-agent.py; exit 1 recurring — investigate |
| Agent | State | Purpose |
|---|
com.sanctum.tommy | RUN | Tommy briefing agent (VM-side) |
com.sanctum.yoda-token-minter | RUN | Yoda auth token rotation |
com.sanctum.claude-max-proxy | RUN | Claude Max HTTP proxy (npm claude-max-api-proxy) on :3456 — symmetric with the MacBook Pro. Replaced the per-request com.sanctum.claude-cli-proxy CLI-spawn proxy on 2026-04-27. |
com.sanctum.signal-cli | RUN | Signal CLI message daemon |
com.sanctum.icloud-filer | RUN | iCloud file organizer |
| Agent | State | Schedule | Purpose |
|---|
com.sanctum.morning-briefing | SCHED | daily | Morning briefing generation |
com.sanctum.perf-review | SCHED | weekly | Performance review snapshot |
com.sanctum.tech-lookout | SCHED | daily | Tech news scan |
com.sanctum.model-scout | SCHED | weekly | New model release scan |
com.sanctum.fire-drill | SCHED | monthly | Recovery drill |
com.sanctum.rotate-secrets | SCHED | weekly | Secret rotation |
com.sanctum.secrets-audit | FAIL exit 1 | daily | Secret hygiene audit — investigate exit 1 |
com.sanctum.token-refresh | SCHED | 1 h | OAuth token refresh |
com.sanctum.version-check | SCHED | daily | SW version drift check |
com.sanctum.signal-health | SCHED | hourly | Signal CLI health check |
com.sanctum.agent-markdown-sync | SCHED | 5 min | Sync agent prompts ↔ repo |
| Agent | State | Purpose |
|---|
com.sanctum.watchdog | RUN-flap exit 1 | Top-level process supervisor — recurring exit 1, investigate |
com.sanctum.ha-self-healer | SCHED | Auto-remediate HA flaps |
com.sanctum.openclaw.colima | SCHED | Colima (Docker VM) management |
com.sanctum.openclaw.ha-healer | SCHED | OpenClaw HA healer |
com.sanctum.openclaw.docker-startup | FAIL exit 1 | Post-Docker-ready startup hook — exit 1 recurring |
com.sanctum.vm-autostart | SCHED | VM auto-start on boot |
com.sanctum.vm-push | SCHED | Push artifacts to VM |
com.sanctum.post-boot | FAIL exit 4 | Post-boot verification script — exit 4 recurring |
com.sanctum.rust-readiness-check | FAIL exit 2 | Pre-flight Rust toolchain check — exit 2 recurring |
com.sanctum.memory-consolidate | FAIL exit 1 | Memory-vault consolidation — exit 1 recurring |
com.sanctum.force-flow | RUN | Security alert router (bell, notify, escalate) |
| Agent | State | Purpose |
|---|
com.sanctum.dashboard | RUN-flap exit -15 | Holocron dashboard server; respawned after recent SIGTERM |
com.sanctum.rewind-dashboard | RUN | Rewind dashboard (activity timeline) |
com.sanctum.health-center | RUN-flap exit 143 | Health Center API; respawned after SIGTERM |
com.sanctum.proxy | FAIL exit 101 | Sanctum proxy launcher — exit 101 recurring, investigate |
| Agent | Disabled | Reason |
|---|
com.sanctum.server-mlx.plist.disabled-20260422 | 2026-04-22 | Python mlx_lm fallback retired post-mTLS migration. Delete on 2026-05-05. |
com.sanctum.server.plist.disabled | earlier | Rust sanctum-server router not yet promoted. Deliberately deferred. |
com.sanctum.living-force.plist.disabled | unknown | Orphan — investigate; likely safe to delete |
| Agent | State | Purpose |
|---|
com.sanctum.shadow-mlx | RUN | sanctum-mlx shadow for HA failover (:8902 plain, :8903 mTLS) |
com.sanctum.council-canary-offbox | SCHED (10 min) | Off-box chat probe to Mini via Tailscale (catches Mini panic before Mini can log it) |
com.sanctum.council-drift-offbox | FAIL exit 1 | Off-box drift check via deploy-sanctum-mlx.sh verify. Known-issue: parallel session’s uncommitted work drifts repo |
com.sanctum.autoresearch | SCHED | Overnight LLM research runner |
com.sanctum.backup | SCHED | MBP-side backup |
com.sanctum.secret-rotation-scan | SCHED | MBP-side secret rotation monitor |
com.sanctum.agent-markdown-sync | SCHED | Same as Mini; cross-machine sync |
| Candidate | Status | Action |
|---|
com.sanctum.server-mlx.plist.disabled-20260422 (Mini) | Disabled since 2026-04-22 | Delete 2026-05-05 (rollback window closes) — already on calendar |
com.sanctum.living-force.plist.disabled (Mini) | Orphan, unknown last-useful date | Investigate + likely delete |
com.sanctum.server-mlx.plist.bak-20260420 (Mini) | Old .bak file | Safe to delete — precedes .disabled-20260422 |
sanctum-mlx.old-pre-mtls binary (Mini) | Rollback binary from mTLS migration | Delete 2026-05-05 — already on calendar |
Ordered by noise level (recurring non-zero exits deserve attention first):
| Agent | Exit | Priority | Likely cause |
|---|
com.sanctum.proxy | 101 | High — serves all proxy requests | Script error in proxy-launcher.sh; check ~/.openclaw/logs/sanctum-proxy.err |
com.sanctum.post-boot | 4 | Medium — runs once at boot | Hook script expecting something that isn’t there |
com.sanctum.rust-readiness-check | 2 | Medium — pre-flight gate | Likely cargo/toolchain drift or missing binary |
com.sanctum.memory-consolidate | 1 | Medium — memory-vault integrity | Check log; possibly schema drift |
com.sanctum.voice-agent | 1 | Medium — yoda-voice | TTS dependency or model missing |
com.sanctum.secrets-audit | 1 | Medium — security hygiene | Possibly a moved file or revoked scope |
com.sanctum.openclaw.docker-startup | 1 | Low — race with Docker readiness | Probably benign if Docker eventually loads |
com.sanctum.drift-sentinel | 1 | Low — Windu’s drift detector | Possibly same kind of stale-threshold issue as council-drift |
com.sanctum.watchdog | 1 | Low — supervisor; running anyway | Investigate, but non-blocking |
com.sanctum.council-drift (Mini) + council-drift-offbox (MBP) | 1 | Known | Parallel session’s uncommitted work shows up as drift — resolves when they commit |
Probably yes. Not because any individual agent is wrong, but because:
- No single-pane dashboard for their health — you find out an agent is flapping by tailing logs.
- No standard naming convention for probes vs bridges vs scheduled jobs vs apps — everything is
com.sanctum.<noun>.
- Retirement is manual. Agents linger long past their usefulness unless someone notices.
A future consolidation pass could:
- Fold probes into sanctum-server as child tasks once it’s promoted (guardian, canary, drift, integrity, parity-smoke — all probes of the same thing, doesn’t need 6 separate plists).
- Adopt naming prefixes:
com.sanctum.probe.*, com.sanctum.bridge.*, com.sanctum.app.*, com.sanctum.sched.*. Makes launchctl list | grep probe trivially grep-able.
- Wire an SLO dashboard (Holocron panel, Prometheus-style
/metrics endpoint) that shows each agent’s last N exit codes and flapping-rate.
None of that is urgent. The system works. This inventory exists so the next reorg has a ground-truth starting point.
