Documentation Index
Fetch the complete documentation index at: https://docs.devin.ai/llms.txt
Use this file to discover all available pages before exploring further.
This is the full field reference for blueprints. For an introduction to blueprints and how they fit into Devin’s environment, see Declarative environment configuration.
Overview
A blueprint has three top-level sections:| Section | Purpose | Executed? |
|---|---|---|
initialize | Install system tools, language runtimes, global CLIs | Yes, during each build |
maintenance | Install and update project dependencies | Yes, during builds. Surfaced to the agent at session start (not auto-executed). |
knowledge | Tell Devin how to lint, test, build, and other project-specific info | No, provided as reference |
initialize runs during builds only. Results are saved in the snapshot. maintenance runs during builds (after initialize). At the start of every session, maintenance commands are not auto-executed — instead, they are surfaced to the agent as context so it knows which dependency commands to run if needed (e.g. after pulling latest code). Commands should still be fast and incremental. Builds run automatically when your blueprint changes and periodically (every ~24 hours).
initialize
Useinitialize for installing tools and runtimes that don’t depend on the specific state of your code: language runtimes, system packages, global CLIs.
Simple form
For straightforward shell commands, use a block scalar:Structured form
For named steps, environment variables, or GitHub Actions, use a list:run.
When to use initialize vs maintenance
Put in initialize | Put in maintenance |
|---|---|
| Language runtime installation | npm install / pip install |
System packages (apt-get) | bundle install |
| Global CLI tools | go mod download |
| One-time configuration | Dependency cache updates |
GitHub Actions (setup-python, etc.) | Repo-specific setup scripts |
initialize; dependency commands that track your code’s lock files go in maintenance.
maintenance
Usemaintenance for dependency installation and other commands that should run after your code is cloned. These commands run during builds and are surfaced to the agent at session start so it can re-run them if dependencies have changed. This is where npm install, pip install, uv sync, and similar commands belong.
For repo-level blueprints,
maintenance commands run from the repository root directory. For org-level blueprints, they run from the home directory (~).knowledge
Theknowledge section is not executed. It provides reference information that Devin uses when working in your project. This is how you tell Devin the correct commands for linting, testing, building, and any other project-specific workflows.
| Field | Type | Description |
|---|---|---|
name | string | Identifier for this knowledge item (e.g., lint, test, build) |
contents | string | Free-form text with commands, instructions, or notes |
name field is a label. By convention, lint, test, and build are the standard names. Devin references these when verifying its work. You can add any additional knowledge items with custom names:
Step types
Each step ininitialize or maintenance uses one of two types: shell commands (run) or GitHub Actions (uses).
Shell commands (run)
Execute arbitrary shell commands in bash:
| Field | Type | Description |
|---|---|---|
name | string (optional) | Human-readable label for the step |
run | string | Shell command(s) to execute |
env | map (optional) | Extra environment variables for this step |
- Commands run in bash. If any command in a multi-line script fails, the entire step stops immediately.
- Org-level blueprints execute in the home directory (
~). - Repo-level blueprints execute in the cloned repository root.
- Each step has a timeout of 1 hour.
- Secrets are automatically available as environment variables.
GitHub Actions (uses)
Run Node.js-based GitHub Actions directly in your blueprint:
| Field | Type | Description |
|---|---|---|
name | string (optional) | Human-readable label for the step |
uses | string | GitHub Action reference |
with | map (optional) | Input parameters for the action |
env | map (optional) | Extra environment variables for this step |
github.com/ prefix and @<ref> suffix are both required. The ref is typically a version tag like v5.
Commonly used actions:
| Action | Purpose | Example with |
|---|---|---|
github.com/actions/setup-python@v5 | Install Python | python-version: "3.12" |
github.com/actions/setup-node@v4 | Install Node.js | node-version: "20" |
github.com/actions/setup-go@v5 | Install Go | go-version: "1.22" |
github.com/actions/setup-java@v4 | Install Java/JDK | java-version: "21", distribution: "temurin" |
github.com/gradle/actions/setup-gradle@v4 | Install Gradle | (none) |
github.com/ruby/setup-ruby@v1 | Install Ruby | ruby-version: "3.3" |
with values work:
Values passed via with are provided to the action as inputs, following the same conventions as GitHub Actions workflows. All values are converted to strings.
setup-python adds the Python binary to PATH, which remains available for all later steps and in maintenance.
run vs uses: which to use
Use run when… | Use uses when… |
|---|---|
Installing system packages (apt-get) | Setting up language runtimes (Python, Node, Go, Java, Ruby) |
| Running project-specific scripts | An official GitHub Action exists for what you need |
| Configuring files or environment | You want automatic version management and caching |
| The command is simple and self-contained | You’d use the same Action in a GitHub Actions workflow |
uses for language runtimes and run for everything else.
Environment variables and secrets
Step-level environment variables
Any step can define extra environment variables with theenv field:
Cross-step environment variables ($ENVRC)
To propagate environment variables across steps, write them to the $ENVRC file:
$ENVRC are automatically exported and available to all subsequent steps and the Devin session. This works similarly to $GITHUB_ENV in GitHub Actions.
Secrets
Secrets configured in the Devin UI (via the Secrets tab in each blueprint editor) are automatically injected as environment variables. You don’t declare them in your blueprint. Just reference them by name (e.g.,$MY_SECRET).
Secrets are injected before every step runs during builds and re-injected at the start of every session. They are scrubbed from the snapshot image itself, so credentials are never baked into saved machine images.
- Organization secrets: Available as environment variables in every step across all blueprints in the org. Set these in the Secrets tab of the org-wide blueprint editor.
- Enterprise secrets: Merged with org secrets (org secrets take precedence on name collisions). Available across all orgs in the enterprise.
- Repository secrets: Written to a per-repo file at
/run/repo_secrets/{owner/repo}/.env.secrets. During builds, repo secrets are automatically sourced before that repo’s blueprint steps run. At session time, Devin sources them when working in the repo. Configure these in the Secrets tab of the repository’s blueprint editor.
Build-only secrets: Secrets marked as “build only” are available during snapshot builds but removed before the snapshot is saved. Use these for credentials needed only at build time (e.g., downloading private artifacts during
initialize).File attachments
You can upload files (like.npmrc, settings.xml, configuration files) through the blueprint editor. Uploaded files are written to ~/.files/ and an environment variable is set pointing to each file’s path:
FILE_.
Use file attachments in your blueprint steps:
Git-based blueprints
Git-based blueprints are not currently supported. This feature is coming soon. You’ll be able to store blueprints in your repository and have builds trigger automatically when they change. For now, configure blueprints through the UI at Settings > Environment > Blueprints.
Complete example
For how blueprints compose across tiers (enterprise → org → repo), build statuses, repository states, and what triggers a rebuild, see Builds and sessions on the Declarative configuration page.