Devin for Terminal uses JSON files (with comment support) for configuration. This page documents all available options.
File Locations
| File | Purpose |
|---|
~/.config/devin/config.json | User-wide settings |
.devin/config.json | Project settings (committed) |
.devin/config.local.json | Project local overrides (gitignored) |
On Windows, the user config path is %APPDATA%\devin\config.json (e.g. C:\Users\<you>\AppData\Roaming\devin\config.json), not ~\.config\devin\config.json.
Full Config Reference
User config
Project config
// ~/.config/devin/config.json
{
// Agent behavior
"agent": {
"model": "claude-opus-4-6-thinking", // Default model
"show_history_on_continue": true // Show messages when resuming
},
// Theme
"theme_mode": null, // "light", "dark", "16color", "nocolor", or null (auto)
// Permissions
"permissions": {
"allow": [],
"deny": [],
"ask": []
},
// MCP servers
"mcpServers": {},
// Display
"show_path": false, // Show CWD in input border
"unicode_mode": "auto", // "auto", "unicode", or "ascii"
// File completion
"include_gitignored_files": false, // Include gitignored files in @ completions
// File access
"respect_gitignore": false, // Block tool access to gitignored paths
// Notifications
"notify": "smart", // "never" | "smart" | "always" — terminal notifications
// Sandbox network filtering
"sandbox": {
"allowed_domains": [], // Domain allowlist (empty = no filtering)
"denied_domains": [], // Domain denylist (takes precedence)
"network_mode": "full" // "full" or "limited" (GET/HEAD/OPTIONS only)
},
// Import settings from other tools
"read_config_from": {
"cursor": true,
"windsurf": true,
"claude": true
}
}
// .devin/config.json
{
// Permissions
"permissions": {
"allow": [],
"deny": [],
"ask": []
},
// MCP servers
"mcpServers": {},
// Import settings from other tools
"read_config_from": {
"cursor": true,
"windsurf": true,
"claude": true
}
}
Options Reference
Options marked with User only can only be set in the user config (~/.config/devin/config.json; %APPDATA%\devin\config.json on Windows). Only permissions, mcpServers, read_config_from, and hooks are available in project configs.
agent (user only)
| Option | Type | Default | Description |
|---|
model | string | "claude-opus-4-6-thinking" | Default AI model |
show_history_on_continue | boolean | true | Show previous messages when resuming a session |
theme_mode (user only)
| Value | Behavior |
|---|
null | Auto-detect (asks on first run) |
"light" | Light theme |
"dark" | Dark theme |
"16color" | Dark theme quantized to 16 ANSI colors (respects terminal color scheme) |
"nocolor" | No color output (monochrome, useful for VT100 terminals) |
permissions
See Permissions for full documentation.
{
"permissions": {
"allow": ["Read(**)", "Exec(git)"],
"deny": ["Exec(sudo)"],
"ask": ["Write(**/.env*)"]
}
}
mcpServers
Map of server name to server configuration. Supports both local command (stdio) and remote HTTP servers. See MCP Configuration.
{
"mcpServers": {
"server-name": {
"command": "executable",
"args": ["arg1", "arg2"],
"env": { "KEY": "value" }
},
"remote-server": {
"url": "https://mcp.example.com/mcp",
"transport": "http"
}
}
}
show_path (user only)
Show the current working directory path in the input border. When enabled, the top border of the input box displays your prettified CWD (e.g. ~/projects/my-app).
| Value | Behavior |
|---|
false | Hidden (default) |
true | Show CWD path in input border |
unicode_mode (user only)
Controls whether the terminal UI uses Unicode symbols or ASCII-safe fallbacks. Set to "ascii" if your terminal or font does not render Unicode glyphs correctly (e.g. the ⏺ symbol appearing as a box).
| Value | Behavior |
|---|
"auto" | Detect Unicode support from environment (default) |
"unicode" | Always use Unicode symbols |
"ascii" | Always use ASCII-safe characters |
include_gitignored_files (user only)
Include gitignored files in @ tab completion results. When enabled, files matching .gitignore patterns will appear in @ mention completions. This is useful if you store documentation or other files in gitignored directories that you want to reference.
| Value | Behavior |
|---|
false | Exclude gitignored files from completions (default) |
true | Include gitignored files in @ completions |
respect_gitignore (user only)
Control whether the agent respects .gitignore when reading or writing files via tools. When enabled, tool calls that access gitignored paths are blocked. This is separate from include_gitignored_files, which only affects @ tab completion.
| Value | Behavior |
|---|
false | Agent can access all files regardless of .gitignore (default) |
true | Block tool access to gitignored paths |
notify
Control terminal notifications when the agent finishes or needs user input. The CLI writes a BEL character (triggers terminal bell / visual bell), an OSC 9 escape sequence (triggers a system notification in iTerm2 and compatible terminals), and an OSC 777 sequence (desktop notification in rxvt-unicode and other terminals). Terminals that do not recognize these sequences safely ignore them.
| Value | Behavior |
|---|
"never" | No notifications |
"smart" | Notify only when the terminal window is unfocused (uses OSC focus reporting) (default) |
"always" | Notify on every qualifying event regardless of focus |
read_config_from
Control importing from other AI tool configurations:
| Option | Type | Default | Description |
|---|
cursor | boolean/null | true | Import from .cursorrules, .cursor/rules/ |
windsurf | boolean/null | true | Import from .windsurf/rules/ |
claude | boolean/null | true | Import from .claude/ |
false to disable a specific import. null is treated as true.
sandbox (user only)
Sandbox network filtering is currently unstable. If you need this feature, please reach out to your account representative for stability timelines.
--sandbox is active and domain filtering is configured, a managed network proxy starts on loopback and the sandbox restricts all child traffic to route through it.
The --sandbox flag enforces the active Read and Write permission scopes at the OS level. Writable roots are derived from granted Write(...) scopes plus workspace directories; readable roots come from Read(...) scopes (with platform defaults always readable). Scopes granted mid-session dynamically expand the sandbox for subsequent commands.
If --sandbox is passed but sandbox resolution fails (e.g., sandboxing tools are unavailable on the current platform), the CLI will refuse to start rather than running unsandboxed. This fail-closed behavior ensures the security intent of --sandbox is never silently bypassed.
| Option | Type | Default | Description |
|---|
allowed_domains | string[] | [] | Domain patterns allowed through the proxy. When non-empty, only matching domains are allowed (allowlist mode) |
denied_domains | string[] | [] | Domain patterns always blocked. Deny rules take precedence over allow rules |
network_mode | string | "full" | "full" allows all HTTP methods; "limited" allows only GET/HEAD/OPTIONS |
| Pattern | Matches |
|---|
example.com | Exact match only |
*.example.com | Any subdomain (not the apex) |
**.example.com | Apex domain and any subdomain |
{
"sandbox": {
"allowed_domains": [
"github.com",
"**.npmjs.org",
"**.crates.io",
"**.pypi.org"
],
"denied_domains": ["evil.example.com"],
"network_mode": "full"
}
}
Domain filtering applies when the sandbox is active (--sandbox). Without --sandbox, the sandbox section is ignored.
For enterprise teams, admins can override domain lists via Team Settings. Enterprise allowlists are authoritative (they replace your local allowed_domains), while enterprise denylists are additive (merged with your local denied_domains).
Config files support JavaScript-style comments:
{
// Line comments
"agent": {
"model": "sonnet" // Inline comments
},
/* Block
comments */
"permissions": {}
}
