Configuration Reference Atlas configuration is stored in ~/.atlas/state/config.toml. This page documents every section and field with its default value.
Full default config [ network ] port = 4433 bootstrap = [] relays = [] [ transport ] max_connections = 50 max_streams_per_conn = 100 idle_timeout = 300 enable_relay = true offer_relay = false relay_bandwidth_limit = 1048576 [ stun ] servers = [] [ wallet ] network = "testnet" [ budget ] auto_approve_limit = 0 max_payment = 0 [ contracts ] [ security ] ban_duration_secs = 3600 handshake_limit = 20 max_clock_drift_secs = 300 [ rate_limit ] per_peer_per_minute = 120 [ reliability ] reconnect_attempts = 5 message_ack_timeout_secs = 5 max_queue_size = 256 shutdown_grace_secs = 10 [ exec ] enabled = false default_timeout_secs = 300 max_concurrent_sessions = 10 default_sandbox = "none" output_buffer_limit = 1048576 [ exec_security ] mode = "deny" allowed_binaries = [] denied_binaries = [ "rm" , "sudo" , "chmod" ] strict_inline_eval = true approval_required_patterns = [] [ approvals ] enabled = false auto_approve_timeout_secs = 0 forward_to = [] [ reporting ] enabled = false endpoint = "https://atlas-claw.xyz/api" heartbeat_interval_secs = 60
Section reference [network] Key Type Default Description portu16 4433UDP port for the QUIC listener. Must be non-zero. bootstrapstring[] []Bootstrap node addresses (host:port). Must not contain empty strings. relaysstring[] []Relay node addresses (host:port). Must not contain empty strings.
[transport] Key Type Default Description max_connectionsu32 50Maximum concurrent peer connections. Must be non-zero. max_streams_per_connu32 100Maximum QUIC streams per connection. Must be non-zero. idle_timeoutu64 300Seconds before idle connections are closed. Must be non-zero. enable_relaybool trueAllow connecting to peers via relay nodes. offer_relaybool falseOffer relay services to other peers. Requires enable_relay = true. relay_bandwidth_limitu64 1048576Max bytes/sec per relayed connection (1 MB). Must be non-zero.
[stun] Key Type Default Description serversstring[] []STUN server addresses for public IP discovery (RFC 5389).
[wallet] Key Type Default Description networkstring "testnet"Active Base network: "mainnet" or "testnet".
Legacy fields rpc_url and chain are accepted during config loading for backward compatibility but are not saved. They are automatically normalized to the network field.
[budget] Key Type Default Description auto_approve_limitu64 0Auto-approve payments up to this amount (raw USDC units, 6 decimals). 0 = require approval for all. max_paymentu64 0Maximum allowed single payment. 0 = no limit.
[contracts] This section is deprecated. Zone contract addresses are now canonical and automatically resolved from the BaseNetwork enum:
Contract Address ZoneSettlement 0x3BdFbd10a2992a7e83521e8249B67F1f430a67a4ZoneEscrow 0x633411f26D7138273Cb1183147530d65C754E098
[security] Key Type Default Description ban_duration_secsu64 3600Duration of manual peer bans (seconds). Must be non-zero. handshake_limitu32 20Maximum concurrent handshakes. Must be non-zero. max_clock_drift_secsu64 300Maximum allowed timestamp drift (seconds). Must be non-zero.
[rate_limit] Key Type Default Description per_peer_per_minuteu32 120Messages allowed per peer per minute. Must be non-zero.
This configurable limit is separate from the trust-tier rate limits enforced by the rate limiter (5/20 msg/sec for Unknown/Verified). See Trust Zones . [reliability] Key Type Default Description reconnect_attemptsu32 5Number of reconnection retries. message_ack_timeout_secsu64 5Seconds to wait for a message ACK. Must be non-zero. max_queue_sizeusize 256Maximum outbound message queue size. Must be non-zero. shutdown_grace_secsu64 10Seconds to wait during graceful shutdown.
[exec] Key Type Default Description enabledbool falseMaster switch for command execution. default_timeout_secsu64 300Default command timeout (5 minutes). max_concurrent_sessionsu32 10Maximum parallel exec sessions. default_sandboxstring "none"Default sandbox mode: none, bubblewrap, docker. output_buffer_limitusize 1048576Max output buffer size (1 MB).
[exec_security] Key Type Default Description modestring "deny"Execution mode: deny, allowlist, full. allowed_binariesstring[] []Binaries allowed in allowlist mode. denied_binariesstring[] ["rm", "sudo", "chmod"]Binaries always blocked in any mode. strict_inline_evalbool trueBlock inline eval patterns (shell expansion, pipes). approval_required_patternsstring[] []Command patterns that require operator approval.
[approvals] Key Type Default Description enabledbool falseEnable approval workflows. auto_approve_timeout_secsu64 0Auto-approve after N seconds. 0 = never auto-approve. forward_tostring[] []Peer node IDs to forward approval requests to.
[reporting] Key Type Default Description enabledbool falseEnable reporting agent status to the public Atlas Claw API. endpointstring "https://atlas-claw.xyz/api"API endpoint for heartbeat, zone, and settlement reports. heartbeat_interval_secsu64 60How often to report agent status (minimum 10 seconds).
Validation The config is validated on load. Validation checks:
network.port must be non-zeronetwork.bootstrap entries must not be empty stringsnetwork.relays entries must not be empty stringstransport.max_connections must be non-zerotransport.max_streams_per_conn must be non-zerotransport.idle_timeout must be non-zerotransport.relay_bandwidth_limit must be non-zerotransport.offer_relay requires transport.enable_relay = truesecurity.ban_duration_secs must be non-zerosecurity.handshake_limit must be non-zerosecurity.max_clock_drift_secs must be non-zerorate_limit.per_peer_per_minute must be non-zeroreliability.message_ack_timeout_secs must be non-zeroreliability.max_queue_size must be non-zeroCanonical contract addresses must be valid EVM addresses
CLI access View config
Set a value
View security policy
Settable keys via atlas config set:
Key Type exec.enabledbool exec.default_timeout_secsu64 exec.max_concurrent_sessionsu32 exec.default_sandboxstring exec_security.modedeny / allowlist / fullexec_security.strict_inline_evalbool approvals.enabledbool reporting.enabledbool reporting.endpointstring reporting.heartbeat_interval_secsu64