Skip to main content
Devin CLI uses JSON files (with comment support) for configuration. This page documents all available options.

File Locations

On Windows, the user config path is %APPDATA%\devin\config.json (e.g. C:\Users\<you>\AppData\Roaming\devin\config.json), not ~\.config\devin\config.json.

Full Config Reference


Options Reference

Options marked with User only can only be set in the user config (~/.config/devin/config.json; %APPDATA%\devin\config.json on Windows). Only permissions, mcpServers, read_config_from, and hooks are available in project configs.

agent (user only)

theme_mode (user only)

permissions

See Permissions for full documentation.

mcpServers

Map of server name to server configuration. Supports both local command (stdio) and remote HTTP servers. See MCP Configuration.

show_path (user only)

Show the current working directory path in the input border. When enabled, the top border of the input box displays your prettified CWD (e.g. ~/projects/my-app).

unicode_mode (user only)

Controls whether the terminal UI uses Unicode symbols or ASCII-safe fallbacks. Set to "ascii" if your terminal or font does not render Unicode glyphs correctly (e.g. the ⏺ symbol appearing as a box).

show_hints (user only)

Show occasional tips between turns (e.g. “Did you know: Use /model to switch between available models”). Useful for discovering CLI features; set to false to suppress them once you’re familiar.

include_gitignored_files (user only)

Include gitignored files in @ tab completion results. When enabled, files matching .gitignore patterns will appear in @ mention completions. This is useful if you store documentation or other files in gitignored directories that you want to reference.

respect_gitignore (user only)

Control whether the agent respects .gitignore when reading or writing files via tools. When enabled, tool calls that access gitignored paths are blocked. This is separate from include_gitignored_files, which only affects @ tab completion.

attribution (user only)

Control whether the agent adds Devin attribution to the commits and pull requests it creates. When enabled, commit and PR bodies include a Generated with [Devin] line and a Co-Authored-By: Devin trailer. Set to false to omit both so no Devin attribution is added.

auto_update (user only)

Control background auto-update on macOS and Linux. When enabled, new releases are downloaded and activated while Devin CLI runs, so the next invocation of devin picks up the latest version automatically. The currently running session is unaffected — a swap of the current symlink only takes effect on the next launch. The update is designed to be safe against interruption: every filesystem step is staged to a temp path and promoted with an atomic rename, and concurrent updaters are serialized with a file lock. Quitting mid-update cannot leave the installation in a broken state — you’ll just come back up on the old version. Only applies to self-managed installations (curl | bash on macOS/Linux). Installations bundled with another product (e.g. Windsurf) ignore this setting and update through their parent application.

notify

Control terminal notifications when the agent finishes or needs user input. The CLI writes a BEL character (triggers terminal bell / visual bell), an OSC 9 escape sequence (triggers a system notification in iTerm2 and compatible terminals), and an OSC 777 sequence (desktop notification in rxvt-unicode and other terminals). Terminals that do not recognize these sequences safely ignore them.

read_config_from

Control importing from other AI tool configurations: Set to false to disable a specific import. null is treated as true.

proxy (user only)

Configure how the CLI routes its own outbound HTTP/HTTPS traffic (API calls, updates, MCP servers, etc.). This does not affect sandbox child-process networking (see sandbox below). The mode field selects the proxy strategy: Example — corporate proxy:
Example — disable proxy:

sandbox (user only)

Sandbox network filtering is currently unstable. If you need this feature, please reach out to your account representative for stability timelines.
Configure domain-level network filtering for the sandbox. When --sandbox is active and domain filtering is configured, a managed network proxy starts on loopback and the sandbox restricts all child traffic to route through it.
For a complete overview of how the sandbox works — including enterprise enforcement and how enterprise and user settings interact — see the Sandbox documentation.
The --sandbox flag enforces the active Read and Write permission scopes at the OS level. Writable roots are derived from granted Write(...) scopes plus workspace directories; readable roots come from Read(...) scopes (with platform defaults always readable). Scopes granted mid-session dynamically expand the sandbox for subsequent commands.
If --sandbox is passed but sandbox resolution fails (e.g., sandboxing tools are unavailable on the current platform), the CLI will refuse to start rather than running unsandboxed. This fail-closed behavior ensures the security intent of --sandbox is never silently bypassed.
Domain pattern syntax: Example:
Domain filtering applies when the sandbox is active (--sandbox). Without --sandbox, the sandbox section is ignored.
For enterprise teams, admins can override domain lists via Team Settings. Enterprise allowlists are authoritative (they replace your local allowed_domains), while enterprise denylists are additive (merged with your local denied_domains).

JSON with Comments

Config files support JavaScript-style comments: