Architecture Overview

At 02:47 on a Tuesday in April, an Xbox in the basement quietly joined the Wi-Fi. By 02:47:03, it was blocked at the router, a Signal message was sitting on a phone nine hundred kilometres away, a curfew violation was recorded in a SQLite database in a service named after the Sermon on the Mount, and a dashboard banner was already glowing amber. Nobody woke up. The haus, as of that moment, had noticed.

That is Sanctum working correctly. Thirty-eight services, two machines, one private bridge, and an ethos that matters more than any individual technical choice: we are building this like a body, with an immune response that sometimes wakes you up gently and sometimes does not wake you up at all. The docs below are the anatomy chart.

The Shape

Physically, Sanctum is a Mac Mini M4 Pro and a Lima vmType=vz Ubuntu VM running on it, connected by a private bridge100 interface on 10.0.0.0/24. The Mac is where hardware lives: Apple Silicon inference, Sonos, Signal, HomeKit, anything that has to touch a USB port or a microphone. The VM is where the agent cluster lives: six to nine specialized intelligences with no direct route to the internet — an air-gapped tenant with an indoor-plumbing privilege.

🔍 Hover to zoom

One more principle: the Council is plural on purpose. The current assignments live on the Council page:

The Council is plural on purpose — different Jedi run on different model families so a single prior can't dominate the synthesis. As of last roster refresh: Yoda + Ki-Adi-Mundi on claude-opus-4-7, Qui-Gon on Codestral-22B-v0.1-4bit, Windu on gemini-3.1-pro-preview, and Cilghal on Qwen3.6-35B-A3B-4bit-text. See the full Council roster for the table with provider URLs and fallbacks.

The Bones

The bones are written in Rust and live in the sanctum-rs workspace — the parts of the system that have stopped redesigning themselves. Once a service crosses into sanctum-rs/services/ and is built and deployed as the running launchd unit, it becomes structural: a single deploy binary, compile-time guarantees on its interfaces, and a slot that either holds or doesn’t.

Two services meet that bar today:

Bone	Port	What It Holds Up
sanctum-watchdog	2187	The Living Force incarnate. Checks every service every ten minutes, self-heals the ones it can, escalates the ones it can’t. Ships two binaries — sanctum-watchdog and the daemon sanctumd that launchd actually runs.
sanctum-proxy	4040	The cloud-tier model router. Classifies requests, applies daily cost caps, falls back through a configured chain before giving up.

sanctum-firewalla’s Rust binary is compiled and waiting, but its live :1984 listener is still the Node bridge — built is not deployed, so tools/rust_readiness.py parks it at porting with the only recommendation that matters: cut the launchd unit over. Bones must be earned, then occupied.

Note

Living Force is the doctrine; sanctum-watchdog is the vertebra — the system LaunchDaemon com.sanctum.watchdog runs the compiled sanctumd directly, no living-force.sh and no bash in the path.

The Flesh

The flesh is Python — how we find out what a service is before we carve it in Rust. Everything in ~/.sanctum/force-flow/ or the sanctum-screen-time repo is there because its feature shape is still moving — new curfew edge cases, a homework mode that keeps acquiring exemptions.

Muscle	Port	What It’s Still Figuring Out
force-flow	4077	The unified notification hub. iPhone push, Sonos TTS, Signal via signal-cli daemon, dashboard banners, macOS Notification Center. The channel list keeps gaining members.
screen-time	—	Curfew, wind-down, homework mode, credits, guests. Deployed alongside force-flow. The rules here change whenever a teenager finds a loophole.
yoda-tts-worker	8008	The Python TTS backend answering on :8008 under the com.sanctum.yoda-tts-worker unit. The Rust sanctum-tts adapter that’s meant to front it is built but not yet the live listener.

Flesh hardens. The current rust_readiness readout puts force-flow alone in the hardening stage — feature velocity slowing, but not zero. screen-time is still firmly organic, the busiest service on the chart with 42 commits in thirty days. It crosses when the guest-approval flow stabilises, and not a day before.

The Nerves

Between bones and flesh runs a network of private pathways — bridge100 on the Mac–VM axis, plus well-known local ports services use to find each other without DNS. The rule is simple: no service reaches across the bridge for a remote call if a local one does the same job. Every cross-service conversation is a few hundred microseconds on loopback, so nothing interesting depends on the router’s mood at 3 AM.

 Mac Mini  10.0.0.1
 ├─ 1111   command-center
 ├─ 1337   sanctum-mlx (mTLS)
 ├─ 1984   firewalla bridge (Node)
 ├─ 2187   sanctum-watchdog
 ├─ 3301   sanctum-mlx-codestral (coder)
 ├─ 4040   proxyd
 ├─ 4077   force-flow
 ├─ 8008   yoda-tts-worker
 ├─ 8900   sanctum-server router
 └─ 42069  sanctum-memory
         │
    bridge100  10.0.0.0/24
         │
 Ubuntu VM  10.0.0.10
 ├─ openclaw-gateway (systemd)
 ├─ Yoda, Windu, Qui-Gon,
 │  Cilghal, Mundi, Mothma
 └─ outbound → 10.0.0.1 only

Any external dependency — an Anthropic call, a git pull — leaves through a Mac-side proxy or a Tailscale tunnel: either excellent security architecture or the opening scene of a containment thriller. It has been both.

Caution

The bridge IP is set at boot by a sudo ifconfig in the VM-autostart LaunchAgent, allowed by a sudoers.d/vmnet-bridge entry; if it goes missing, the VM wakes with no bridge to anywhere — about as gracefully as you would.

The Senses

Each agent is a specialized perception, routed by the Smart Router to the tier that fits the job: cloud for long-horizon synthesis, local-ops for code, local-secure for anything that must never leave the machine.

Agent	Role
Yoda	Consigliere — absorbs everyone else’s escalations, advises the Don
Windu	Security master — Firewalla rules, PF policy, perimeter audits
Qui-Gon	Infrastructure & code — Docker health, systemd units, recovery
Cilghal	Health — Apple Health, sleep, cognitive scaffolding
Ki-Adi-Mundi	Finance — Triptyq deal flow, personal treasury
Jocasta	Archivist — CRM, communications, long memory
Mon Mothma	Operations — Force Flow + Living Force orchestration
Ahsoka	Satellite — the agent that follows you when you leave the haus
Tommy	Guardian Spirit — the dead cat with strong opinions about network segmentation

The routing rule is not democratic, and (Neuro)diversity is Paramount explains why a council of one model in seven robes is not a council at all. General chat can be downgraded mid-conversation; the privacy-bound seats cannot. The proxy’s JSONL usage log is the ground truth for what actually ran — an agent doesn’t always know which tier served its last turn.

The Immune System

Infrastructure rots. Entropy is undefeated. sanctum-watchdog and the Living Force doctrine around it exist because a running system is a continuous low-grade medical emergency that somebody must keep checking. Every ten minutes it either (a) believes a service’s all-clear, (b) restarts it, or (c) writes a Force Flow notification aimed at a human. Most nights the answer is (a).

When the save is clean — a probe catches a drifting last_active two minutes before it metastasises into a cascade — the watchdog does what Patrick Roy did to Sandström in the Forum, Game 4, 1993: glove save, wink at the shooter, skate to the bench. The cascade never lands. The dashboard stays green. The haus sleeps.

When the answer is wrong in interesting ways, force-flow fans the notification out by severity — from a silent dashboard banner up to a critical-tier Signal message from Yoda’s account to a phone in California. Allez, les Boys.

The Chi

One reading no organ owns is the energy itself — is the haus’s living energy being well spent? Chi answers it: a read-only, fail-soft field that flows through the others, metering the haus’s fuels into one scarcity reading and naming work still running with no one home. It feeds the gland, never doses, and holds no door of its own. A field, not a fist.

The Ethos

What we have learned, building this: a living system cannot be rewritten all at once, nor frozen all at once. Rust is brittle if you reach for it too early; Python is expensive if you reach for it too late.

The practical rule is this: you cannot tell a service’s maturity from its function, only from its velocity. Force Flow is mission-critical and still Python because the channel list won’t sit still; memory-vault-mcp is a medium-stakes archivist already one Rust binary because its six tools stopped arguing months ago. Welcome to City Montreal. Where we’re going, we don’t need roads — we need launchd, age keys, and a watchdog that doesn’t lie.

Where To Go Next

The Living Force

The self-healing doctrine — ten principles, eight phases, and the incident log that birthed them.

Language Maturity

When to keep a service in Python, when to rust it, and the CLI that says which bone calcifies next.

Force Flow

One service, one brain, every alert in the haus — the fan-out the whole council depends on.

Services

The full catalogue — 38 services, their ports, LaunchAgent names, and the commentary each port earned.