Sanctifier ships as a single Rust binary calledDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Centurylong/sanctifier/llms.txt
Use this file to discover all available pages before exploring further.
sanctifier. The primary distribution channel is Cargo (building from source), which gives you the full CLI on any platform with a working Rust toolchain. A Docker image is also available for environments where installing Rust is impractical, such as ephemeral CI runners.
Prerequisites
Rust toolchain
Sanctifier is written in Rust and requires Rust 1.78 or later. Install the Rust toolchain via rustup:source ~/.cargo/env) and confirm:
wasm32-unknown-unknown compilation target that Soroban contracts compile to:
System libraries
On Debian/Ubuntu-based Linux distributions, thepkg-config and libssl-dev packages are required to compile Sanctifier’s TLS dependencies:
Installation
- Cargo (from source)
- Docker
Clone the Sanctifier repository and install the CLI with Cargo:Cargo builds the Verify the installation:You should see the top-level help output listing all available subcommands: UpdatingAfter the initial install, you can update to the latest binary without re-cloning:Or use the built-in updater command:
sanctifier binary in release mode and copies it to ~/.cargo/bin. This directory must be on your PATH:analyze, init, baseline, diff, watch, prove, verify, attest, badge, report, callgraph, cve, and update.The
sanctifier-cli crate links against the z3 crate (Z3 solver bindings) via the smt feature on sanctifier-core. On some platforms the z3 crate compiles Z3 from source as part of cargo build, which can take several minutes on first install. Subsequent builds use the cached artifacts.Optional: Formal verification dependencies
Thesanctifier analyze command and all static analysis features work with no additional dependencies. The following tools are only required if you intend to use sanctifier prove (SMT-based formal verification) or sanctifier verify (Kani model-checking).
Z3 SMT solver
sanctifier prove uses Z3 under the hood to discharge token-invariant proofs. The z3 Rust crate used by Sanctifier can either compile Z3 from source (automatic, no extra steps) or link against a system-installed Z3 library.
To install a system Z3 library and avoid the longer build-from-source path:
Kani verifier
sanctifier verify validates #[sanctify::invariant] declarations across a contract or workspace using the Kani verifier. Kani runs as a separate subprocess, so it must be installed independently:
Environment variables
For teams using the runtime-guard deployment scripts, a handful of environment variables control network and deployment behavior. Copy the provided template to a local file that is excluded from version control:Verify the installation
Run the following to confirm everything is working:command not found: sanctifier, confirm that ~/.cargo/bin is on your PATH (see the Cargo tab above).
Next steps
Now that Sanctifier is installed, move on to the Quickstart to run your first scan, or jump straight to the Configuration guide to customize.sanctify.toml for your project.