Skip to main content
Sorat stores its configuration in ~/.sorat/config.json. You can edit it directly or use the web UI / CLI.

Config file structure

{
  "llm": { ... },
  "server": { ... },
  "agent": { ... },
  "tools": { ... },
  "auth": { ... },
  "skills": { ... },
  "cron": { ... }
}
Changes made via the web UI (PUT /api/config) are written atomically (write to .tmp, then rename).

LLM providers

Sorat supports multiple LLM providers. Each provider has:
FieldDescription
idUUID (auto-generated)
nameDisplay name (e.g. “OpenAI”)
endpointBase URL (e.g. https://api.openai.com/v1)
api_keyAPI key for authentication
auth_method"api_key" (default) or "oauth"
oauth_providerOAuth provider identifier (e.g. "google-antigravity")

Provider examples

{
  "name": "OpenAI",
  "endpoint": "https://api.openai.com/v1",
  "api_key": "sk-..."
}
Set llm.active_provider_id to the UUID of the provider you want to use, and llm.active_model to the model name.

LLM settings

FieldTypeDefaultDescription
active_provider_idstring""UUID of the active provider
active_modelstring"gemini-2.0-flash"Model identifier
temperaturefloat0.7Sampling temperature (0.0–2.0)
max_tokensint4096Maximum output tokens

Server settings

FieldTypeDefaultDescription
portint8080HTTP server port
hoststring"0.0.0.0"Bind address
auth_tokenstring""Static bearer token (alternative to user auth)
open_browser_on_startboolfalseAuto-open web UI on startup

Agent settings

FieldTypeDefaultDescription
namestring"Sorat"Agent display name
max_iterationsint30Max tool-call iterations per request
memory_enabledbooltrueEnable persistent memory

Retry settings

FieldTypeDefaultDescription
retry.max_retriesint3Max LLM call retries (0 = disabled)
retry.base_delay_msint1000Initial retry delay
retry.max_delay_msint30000Maximum retry delay

Tools settings

Each tool category can be independently enabled or disabled. See Tools Reference for details.
SectionKey fields
shellwhitelist_enabled, whitelist[]
filesystemenabled
webenabled
systemenabled
memoryenabled

Shell whitelist

By default, the shell tool runs in unrestricted mode (whitelist_enabled: false). When whitelist_enabled: true, only commands in the whitelist array may be executed. If the whitelist is empty with whitelist_enabled: true, shell access is fully disabled. Default whitelist (used when enabled):
["ls", "cat", "echo", "pwd", "whoami", "ps", "df", "find", "grep", "git", "curl"]

Filesystem confinement

The filesystem tool is confined to ~/.sorat/workspace/. All paths are resolved relative to the workspace root, and traversal attempts (..) are blocked.

Skills settings

FieldTypeDefaultDescription
skills.enabledbooltrueEnable the skills system
skills.registry_urlstring"https://clawhub.ai"Default skill registry URL

Cron settings

FieldTypeDefaultDescription
cron.enabledbooltrueEnable the cron scheduler

Authentication

FieldDescription
auth.emailUser email
auth.password_hashbcrypt hash
auth.role"super_admin", "admin", or "user"
auth.session_tokenActive session token
auth.token_expiryToken expiry (RFC 3339)
When no password is set, Sorat runs in setup mode — all requests are allowed until a user registers via POST /api/auth/register.

Hot-reload

When configuration is updated via the admin API, Sorat calls reinitAgent() which creates an entirely new ADK agent (runner + session service + tools).
This resets the in-memory ADK session service — all active ADK sessions are lost. Persisted session messages on disk are preserved.
Changes that trigger reinit: config, persona, soul, tools, and skills updates.