authsome doctor is the first command to run when something looks wrong. It calls the daemon’s /api/ready endpoint and reports subsystem status as JSON.
"status": "ready" and exits with code 0.
Checks performed
| Check | What it verifies |
|---|---|
store | The relational store (SQLite or Postgres) opens and passes a health probe. |
vault | The encrypted KV store accepts a read/write roundtrip. |
integrity | Vault integrity check succeeds for the active identity. |
identity | The caller’s identity is registered and authorized. |
providers | Every bundled and custom provider definition parses. |
connections | Connection records for the active vault load successfully. |
spec_version | Server config schema version matches. |
redis | Present only when AUTHSOME_REDIS_URL is set; pings the Redis backend. |
warnings (for example, no active provider connections yet). Fatal problems appear in issues and set "status": "not_ready".
Common failures
master.key not found
master.key not found
- You haven’t initialized authsome on this machine. Run
authsome onboardto provision the home directory, identity, and master key. - You moved or deleted
~/.authsome/server/. If you have a backup, restore it. Without the master key, encrypted records cannot be decrypted.
master.key has insecure permissions
master.key has insecure permissions
provider failed to parse
provider failed to parse
~/.authsome/providers/ is malformed. Open the file, fix the indicated field, and re-run.keyring not available
keyring not available
- On Linux without a graphical session, the
keyringlibrary can’t reach a backend. Switch to local file mode by editing~/.authsome/client/config.jsonor settingAUTHSOME_MASTER_KEY. - A required system package is missing. On Debian/Ubuntu:
sudo apt install gnome-keyring.
identity not registered
identity not registered
authsome onboard to create a local identity, then complete the Principal claim flow at the URL the daemon prints.daemon unreachable
daemon unreachable
AUTHSOME_BASE_URL points somewhere wrong. See Daemon issues.Verbose logging
For deeper inspection of any command, enable verbose logging:~/.authsome/client/logs/authsome.log. Inspect the log:
Reset to a clean slate
If your install is irrecoverably broken and you don’t have any credentials to preserve:What’s next
OAuth callbacks
Diagnose
redirect_uri_mismatch, port-in-use, and timeout errors.Token refresh
Why a token failed to refresh and what to do.