Remote settings & env

Push settings to devices from the dashboard — global, per-device, breakpoint patterns, paused domains, and environment variables.

The dashboard pushes settings to your devices in real time — connection type, which hosts get decrypted, breakpoint patterns, paused domains, an external proxy, and reusable environment variables. Every change fans out over Realtime, so devices pick it up without a reconnect.

Global vs per-device

Most settings exist at two scopes:

  • Global — the fleet-wide defaults, on the Settings page. Global edits autosave about half a second after your last change.
  • Per-device — overrides on Devices → ‹device› → Settings (and the device's other tabs). A device override changes that one device without touching anyone else.

How they merge

For SSL-proxying domains the device override unions with the global list — a device adds to the global set rather than replacing it. Other fields override: the more specific value wins.

Connection type resolves through a most-specific-wins chain (via effective_settings_for_device):

device override  →  your user default  →  global default  →  vpn

So a device with no override inherits your account's default; if you haven't set one, it falls back to the global default; and absent that, to vpn.

deviceuserglobalvpn

Global settings

The Settings page groups the fleet-wide defaults:

  • GeneralInspect All Requests (capture every connection, not only SSL-proxied hosts), MITM All Hosts (proxy-server only — intercept every HTTPS host), the default connection type (vpn / pac), and your default connection type for your own account.
  • SSL Proxying — the SSL Proxying Domains whose HTTPS gets decrypted (*.example.com matches subdomains), an Ignore Hosts list (suppress only the log emit), and the applied service groups.
  • NetworkDNS Servers.
  • External Proxy — an upstream HTTP proxy with a per-country picker (also settable per device — see Devices).
  • MaintenanceRestart proxy-server, broadcast over Realtime so systemd respawns it with no SSH.

Related settings pages

  • Breakpoints — request/response pause patterns. See Breakpoints & resend.
  • Pausespassthrough hosts the proxy-server skips entirely (MITM, inspection, logging, and breakpoints). Stronger than Ignore Hosts; proxy-server (PAC) mode only.
  • Protobuf Schemas — upload .proto files and map hosts to message types so protobuf bodies render in the inspector's Decoded mode.

Environment variables

Store reusable KEY=VALUE pairs once — credentials, tokens, base URLs — and reference them as {{VAR}} placeholders instead of retyping. They live at two scopes:

ScopeWhere
Global envSettings → Environment — shared by every device.
Per-device envDevices → ‹device› → Env tab — overrides the global value of the same key.

The format is a standard .env: KEY=VALUE, one per line, # comments, and export / quotes accepted on import. Values are masked in the UI — click the eye to reveal one. You can copy a single KEY=VALUE, Copy all to serialize the whole set, or import from a .env file or a paste (existing keys updated, new keys appended).

Effective merge

The effective set for a device is { ...global, ...device } — a device's own value wins over the global one of the same name. The device's Env tab shows how many globals it inherits and flags any it overrides.

Using {{VAR}}

When you resend a captured request, any {{KEY}} in the URL, header values, or body is replaced with the device's effective value just before the request leaves:

http
POST https://{{API_HOST}}/login
Authorization: Bearer {{API_TOKEN}}
 
{ "user": "{{LOGIN_USER}}", "pass": "{{LOGIN_PASS}}" }

Substitution happens server-side, so the stored secret is resolved at send time rather than living in the editor — and unknown placeholders are left untouched so a typo is visible rather than silently blanked. The same resolution applies when BusyBro or MCP drives a device's browser, so a stored password never reaches the model.

Heads up: Treat env values as secrets. They're stored in the same RLS-protected settings rows as the rest of your config, masked in the UI and redacted in assistant output — but anyone who can edit a device's settings can set its env, and a resend or agent action will use it.

A note on the overlay

Every settings page opens as an overlay on top of the live feed, not a separate route. The dashboard never unmounts, so opening one doesn't flash the feed away and closing it never refreshes the feed or reconnects Realtime — the address bar still tracks the page, but day to day it's a local-state flip.

Most settings sections are capability-gated — see Roles & permissions.

DevicesRoles & permissions