Skip to content
Le Sanctum

Verify

Verify — an inspector's bench laid out with a stethoscope, tuning fork, balance scale, and probe, all aimed at a small glass model of the Sanctum building; vibes are not permitted in the building.

“It seems fine” is the operator equivalent of taking your own pulse in the dark. Sanctum has enough moving parts that the unaided hand can’t count them, and the haus will happily run for hours in a state where the dashboard is green and the model is silent. The operator path below is what the stethoscope is for: start with the checked-in CLI, escalate to the audit wall, only then start poking at subsystems by hand.

Fast Confidence Check

Section titled “Fast Confidence Check”

For the shortest useful answer, run:

Terminal window
python3 tools/sanctumctl.py doctor --quick

That checks:

  • workspace manifests
  • runtime manifests
  • agent capabilities
  • agent markdown drift
  • runtime calibration
  • plist audit
  • feature matrix
  • Kitchen Loop source validity

If doctor --quick is red, stop there and fix the drift first. A dirty generated surface makes every other result less trustworthy.

Full Verification Wall

Section titled “Full Verification Wall”

For the audited end-to-end proof path, run:

Terminal window
python3 tools/sanctumctl.py verify

Today that executes three suites:

  • workspace audit
  • runtime audit
  • system E2E

If you want the exact plan before running it:

Terminal window
python3 tools/sanctumctl.py verify --dry-run

What Each Layer Proves

Section titled “What Each Layer Proves”

Workspace Audit

Section titled “Workspace Audit”

The workspace audit checks the checked-in slice:

  • workspace manifest rendering
  • docs wiring
  • sidecar behavior
  • feature matrix consistency
  • linked subsystem harnesses

Use this when you changed repository-owned logic and need to confirm the checked-in surface is still coherent.

Runtime Audit

Section titled “Runtime Audit”

The runtime audit checks the machine-owned slice:

  • ~/.sanctum/services render drift
  • runtime calibration artifacts
  • launchagent alignment
  • runtime graph edges
  • health export canary integration

Use this when you suspect local machine drift rather than repo logic drift.

System E2E

Section titled “System E2E”

The system E2E checks live surfaces:

  • dashboards
  • health endpoints
  • proxy
  • navigator sidecar
  • Tommy supervisor
  • Claude Team auth recovery
  • agent markdown sync fanout
  • pre-restart remediation metadata

Use this when you need to know whether the running system is actually serving, not just whether the files look tidy.

Section titled “Recommended Operator Flow”
  1. Run python3 tools/sanctumctl.py doctor --quick.
  2. If that passes, run python3 tools/sanctumctl.py verify.
  3. If verify fails, read the failing phase name first, not the entire scrollback.
  4. Repair the smallest real fault.
  5. Re-run the narrowest relevant check, then the full wall.

When To Escalate

Section titled “When To Escalate”

Drop below sanctumctl only when the higher-level command has already told you what class of problem you have.

The goal is not to avoid low-level debugging forever. The goal is to avoid starting there by reflex.