Doctor
The doctor command checks your InitRunner environment — API keys, provider SDKs, and service connectivity — in a single command. With --quickstart, it runs a real agent prompt to verify the entire stack end-to-end.
Quick Start
# Check provider configuration
initrunner doctor
# Full end-to-end smoke test (makes a real API call)
initrunner doctor --quickstart
# Test a specific role file
initrunner doctor --quickstart --role role.yaml
# Auto-repair detected issues
initrunner doctor --fix
# Auto-fix without prompts (CI-friendly)
initrunner doctor --fix --yesCLI Options
| Option | Type | Default | Description |
|---|---|---|---|
--quickstart | bool | false | Run a smoke prompt to verify end-to-end connectivity. |
--role | Path | — | Role file to test. Used for .env loading and as the agent for --quickstart. |
--fix | bool | false | Interactively repair detected issues (install missing SDKs, configure API keys, fix config). |
--yes / -y | bool | false | Auto-confirm all fix prompts (CI-friendly). Requires --fix. |
Config Scan
The config scan runs automatically on every doctor invocation. It checks:
| Check | What it verifies |
|---|---|
| API Key | Whether the provider's environment variable is set (e.g. OPENAI_API_KEY) |
| SDK | Whether the provider's Python SDK is importable (only checked when key is set) |
| Ollama | Whether the Ollama server is reachable at localhost:11434 |
| Docker | Whether the Docker CLI and daemon are available |
| Sandbox | With --role, the resolved sandbox backend and readiness. Since v2026.4.16. Shows the bwrap probe, Docker daemon, and image status for whichever backend the role picked. |
| Embedding Provider | Whether the embedding provider API key is set (for RAG and memory features) |
Example output:
Provider Status
┏━━━━━━━━━━━┳━━━━━━━━━┳━━━━━┳━━━━━━━━━━━━━━━━┓
┃ Provider ┃ API Key ┃ SDK ┃ Status ┃
┡━━━━━━━━━━━╇━━━━━━━━━╇━━━━━╇━━━━━━━━━━━━━━━━┩
│ openai │ Set │ OK │ Ready │
│ anthropic │ Missing │ — │ Not configured │
│ google │ Missing │ — │ Not configured │
│ groq │ Missing │ — │ Not configured │
│ mistral │ Missing │ — │ Not configured │
│ cohere │ Missing │ — │ Not configured │
│ ollama │ — │ — │ Ready │
│ docker │ — │ — │ Ready │
└───────────┴─────────┴─────┴────────────────┘The scan loads .env files before checking, so keys defined in .env files (project-local or ~/.initrunner/.env) are detected. If --role is provided, the .env in the role's directory is loaded first.
Quickstart Smoke Test
With --quickstart, the doctor runs a real agent prompt after the config scan:
initrunner doctor --quickstartWhat it does:
- Detects the available provider (or uses the one from
--role) - Builds a minimal agent (or loads the role file if
--roleis given) - Sends a single prompt: "Say hello in one sentence."
- Reports success or failure with response preview, token count, and duration
On success:
╭───────────────────────────── Quickstart Result ──────────────────────────────╮
│ Smoke test passed! │
│ │
│ Response: Hello! │
│ Tokens: 97 | Duration: 2229ms │
╰──────────────────────────────────────────────────────────────────────────────╯On failure, the error is displayed and the command exits with code 1:
╭───────────────────────────── Quickstart Result ──────────────────────────────╮
│ Smoke test failed: Model API error: 401 Unauthorized │
╰──────────────────────────────────────────────────────────────────────────────╯Testing a specific role
Use --role to test a specific role file. This loads the role's .env, builds the role's agent (with its model, tools, and system prompt), and runs the smoke prompt against it.
initrunner doctor --quickstart --role examples/roles/code-reviewer.yamlThis is useful for verifying that a role's provider, model, and SDK configuration work before deploying it.
Extended Diagnostics
Since v2026.4.12, doctor can inspect individual roles, run active connectivity checks, and validate entire flows.
Role diagnostics
initrunner doctor --role role.yamlBy default, role diagnostics run static checks only (no network or I/O):
| Check | What it verifies |
|---|---|
| Skills | References resolve, requirements are met |
| Custom tools | Modules are locatable, AST sandbox analysis passes |
| Memory store | Parent directory exists and is writable |
| Triggers | Cron expressions are valid, timezones exist, env vars are set |
| Sandbox | security.sandbox.backend resolves; bwrap runs the functional probe and reports the sysctl/AppArmor fix on failure; docker checks the daemon and verifies the image exists or pulls cleanly. Since v2026.4.16. |
| MCP servers | Listed as "skipped" (use --deep to probe) |
Deep checks
Add --deep to run active checks that hit the network and open databases:
initrunner doctor --role role.yaml --deepDeep mode adds:
- MCP servers — full connection, tool listing, and latency measurement
- Custom tools — full Python import and function discovery
- Memory store — opens the database to verify it's readable
Flow diagnostics
Validate an entire flow topology and run per-agent diagnostics on every referenced role:
initrunner doctor --flow flow.yaml
initrunner doctor --flow flow.yaml --deepDashboard API
The dashboard exposes per-agent diagnostics at:
GET /api/agents/{agent_id}/doctor?deep=falseAuto-fix with deprecation repair
--fix now also detects deprecated YAML fields and offers to patch them in-place. Edits are surgical (they preserve formatting and comments). After fixes are applied, spec_version is auto-bumped if safe.
initrunner doctor --fix --role role.yaml
initrunner doctor --fix --yes # CI-friendly, no promptsUse Cases
- First-time setup: Run
initrunner doctorafterinitrunner setupto verify everything is configured. - CI/CD validation: Add
initrunner doctor --quickstartto your CI pipeline to catch provider configuration issues early. - Debugging: When a role isn't working,
doctorquickly shows whether the issue is a missing API key, missing SDK, or unreachable service. - Multi-provider environments: See at a glance which providers are configured and ready.
- Auto-repair: Run
initrunner doctor --fixto resolve missing SDKs, API keys, and config issues. Add--yesfor unattended CI repairs.
Exit Codes
| Code | Meaning |
|---|---|
0 | Config scan passed (without --quickstart), or smoke test passed |
1 | Smoke test failed or encountered an error |