Configuration Layers
From highest to lowest priority:| Priority | Source | Notes |
|---|---|---|
| 1 (highest) | Organization / Team Settings | Cannot be overridden |
| 2 | Session (interactive approvals) | In-memory only |
| 3 | Project Local (.devin/config.local.json) | Personal, gitignored |
| 4 | Project (.devin/config.json) | Shared with team |
| 5 (lowest) | User (~/.config/devin/config.json; %APPDATA%\devin\config.json on Windows) | Your defaults |
When to Use Each Level
User config
User config
Path:
~/.config/devin/config.json (%APPDATA%\devin\config.json on Windows)Use for personal preferences that apply everywhere:- Default model preference
- Theme preference
- Personal MCP servers (e.g., your own API keys)
- Global permission grants
Project config
Project config
Path:
.devin/config.jsonUse for team standards committed to the repository. Only permissions, mcpServers, read_config_from, and hooks are available at this level:- Shared MCP servers (with non-secret config)
- Team permission policies
- Import settings
- Lifecycle hooks
Project local config
Project local config
Path:
.devin/config.local.jsonUse for personal overrides that shouldn’t be committed:- API keys and secrets
- Personal tool preferences for this project
- Permission overrides
Organization settings
Organization settings
Managed by your enterprise admin through the team settings dashboard. These settings cannot be overridden by individual users and enforce organization-wide policies like model restrictions and MCP server allowlists.
What’s Available at Each Level
Not all settings can be set at the project level. Project configs (.devin/config.json and .devin/config.local.json) support:
| Setting | User config | Project config |
|---|---|---|
permissions | ✓ | ✓ |
mcpServers | ✓ | ✓ |
read_config_from | ✓ | ✓ |
hooks | ✓ | ✓ |
agent (model) | ✓ | ✗ |
theme_mode | ✓ | ✗ |
unicode_mode | ✓ | ✗ |
show_path | ✓ | ✗ |
include_gitignored_files | ✓ | ✗ |
sandbox | ✓ | ✗ |
~/.config/devin/config.json; %APPDATA%\devin\config.json on Windows) and do not participate in the precedence hierarchy above.
How Merging Works
The precedence table above only applies to settings that support multiple levels (permissions, mcpServers, read_config_from, hooks).
Permissions
Permission lists are merged (combined) across levels. A denial at a higher level cannot be overridden by an allow at a lower level. For example, if your organization deniesExec(sudo), adding Exec(sudo) to your user allow list has no effect — the organization denial always wins. However, other permissions like Read(**) at the project level are applied normally.
MCP Servers
MCP server configs are merged by name. A server defined at a higher level overrides the same-named server at a lower level. For example, if both your user config and project config define a “github” server, the project config version wins because it has higher priority than user config.Hooks
Hooks are collected from all sources and all run. A hook defined in the user config runs alongside hooks defined in the project config — they do not override each other.Project Root Detection
Devin for Terminal finds your project root by looking for a.git or .jj directory, walking up from your current working directory. Project config (.devin/) is loaded from the project root.
If you have nested
.devin/ directories (e.g., in a monorepo), subdirectory configs take precedence over ancestor configs.File Discovery Summary
| File | Found by | Shared? |
|---|---|---|
~/.config/devin/config.json | XDG path | No |
.devin/config.json | Walking up from cwd | Yes (committed) |
.devin/config.local.json | Walking up from cwd | No (gitignored) |
.devin/skills/*/SKILL.md | Project root | Yes (committed) |
~/.config/devin/skills/*/SKILL.md | XDG path | No |
AGENTS.md | Project root | Yes (committed) |
Windows: Paths shown as
~/.config/devin/ use the XDG convention for Linux/macOS. On Windows, these resolve to %APPDATA%\devin\ (typically C:\Users\<YourUser>\AppData\Roaming\devin\).