Configuration

PizzaPi loads configuration from two JSON files merged together — project-local settings win over global ones:

File	Scope
`~/.pizzapi/config.json`	Global — applies to all projects
`.pizzapi/config.json`	Project-local — overrides global for this project

You can also override any setting with environment variables.

Config File Reference

// ~/.pizzapi/config.json  (or  .pizzapi/config.json in your project)
{
  // API key issued by the relay server during `pizzapi setup`
  "apiKey": "pk_live_abc123...",

  // WebSocket URL of the relay server.
  // Set to "off" to disable the relay entirely (no setup wizard, no streaming).
  // Default: ws://localhost:7492 (the pizzapi web default port)
  "relayUrl": "wss://relay.example.com",

  // Replace the default system prompt entirely
  "systemPrompt": "You are a helpful coding assistant.",

  // Append to the default system prompt without replacing it
  "appendSystemPrompt": "Always write tests for new code.",

  // Override the agent config directory (skills, extensions, etc.)
  // Default: ~/.pizzapi
  "agentDir": "~/.pizzapi",

  // Additional skill paths — merged on top of the default locations:
  //   ~/.pizzapi/skills/  and  <cwd>/.pizzapi/skills/
  "skills": [
    "~/my-custom-skills",
    "/absolute/path/to/skills"
  ],

  // Trust gate: allow project-local hooks (.pizzapi/config.json) to run.
  // Must be in the GLOBAL config (project configs cannot self-authorize).
  "allowProjectHooks": false,

  // Project-local Claude Code plugins that have been explicitly trusted.
  // Each entry is the absolute path to the plugin root directory.
  // Managed via `pizza plugins trust <path>` / `pizza plugins untrust <path>`.
  // Must be in the GLOBAL config (project configs cannot self-authorize).
  "trustedPlugins": [
    "/home/user/projects/my-app/.pizzapi/plugins/my-linter"
  ],

  // Timeout (ms) for each MCP server's tools/list call (default: 30000).
  // Set to 0 to disable.
  "mcpTimeout": 30000,

  // Show warnings when startup is slow (default: true).
  // Set to false to suppress slow-startup notifications.
  "slowStartupWarning": true,

  // OS-level sandbox configuration.
  // mode: "none" | "basic" (default) | "full"
  // All other fields are srt-native overrides merged on top of the preset.
  "sandbox": {
    "mode": "full",
    "network": {
      "allowedDomains": ["*.github.com", "api.anthropic.com"]
    },
    "filesystem": {
      "denyRead": ["~/.kube"],
      "allowWrite": [".", "/tmp"],
      "denyWrite": [".env.production"]
    }
  }
}

All Options

Key	Type	Default	Description
`apiKey`	`string`	—	API key for authenticating with the relay server. Issued during `pizzapi setup`.
`relayUrl`	`string`	`ws://localhost:7492`	WebSocket URL of the relay server. Set to `"off"` to disable relay entirely.
`systemPrompt`	`string`	(pi default)	Fully replace the default system prompt
`appendSystemPrompt`	`string`	—	Append to the default system prompt
`agentDir`	`string`	`~/.pizzapi`	Agent config directory (skills, extensions, etc.)
`skills`	`string[]`	`[]`	Additional skill directories. Supports `~` expansion.
`allowProjectHooks`	`boolean`	`false`	Trust gate: allow project-local hooks to run. Global config only.
`trustedPlugins`	`string[]`	`[]`	Trusted Claude Code plugin paths. Global config only. Managed via `pizza plugins trust`.
`oauthClientName`	`string`	`"PizzaPi"`	Global default `client_name` for MCP OAuth registration. Can also be set per-server in `mcpServers` entries. Per-server values take precedence. See Client Name Override.
`mcpTimeout`	`number`	`30000`	Timeout (ms) for each MCP server’s `tools/list` call during startup. Set to `0` to disable. See Safe Mode.
`sandbox`	`object`	(see below)	OS-level sandbox config. See Agent Sandbox.
`sandbox.mode`	`string`	`"basic"`	Preset: `"none"`, `"basic"`, or `"full"`.
`sandbox.network.allowedDomains`	`string[]`	`[]` (full) / unset (basic)	Domains the agent may reach. Required for outbound access in `full` mode.
`sandbox.network.deniedDomains`	`string[]`	`[]`	Domains explicitly blocked.
`sandbox.filesystem.denyRead`	`string[]`	merged with preset	Additional paths blocked from reading.
`sandbox.filesystem.allowWrite`	`string[]`	`[".", "/tmp"]`	Paths allowed for writing (replaces preset when set).
`sandbox.filesystem.denyWrite`	`string[]`	merged with preset	Additional paths blocked from writing.
`slowStartupWarning`	`boolean`	`true`	Show warnings when startup takes longer than expected (slow MCP servers, etc.). See Safe Mode.
`subagent.maxParallelTasks`	`number`	`8`	Max tasks in a single parallel subagent call. Global config only.
`subagent.maxConcurrency`	`number`	`4`	Max concurrent agent sessions running simultaneously. Global config only.
`providerSettings`	`object`	—	Provider-specific settings. See Web Search below.

Web Search

PizzaPi can add web search tools to supported providers, giving the agent the ability to search the web during conversations.

Anthropic uses Anthropic’s server-side web_search_20250305 tool type.
Ollama Cloud registers web_search and web_fetch tools that call Ollama’s REST APIs with your Ollama Cloud credentials.

Configuration

Add a providerSettings block to ~/.pizzapi/config.json:

{
  "providerSettings": {
    "anthropic": {
      "webSearch": {
        "enabled": true,
        "maxUses": 5,
        "allowedDomains": ["docs.python.org", "developer.mozilla.org"],
        "blockedDomains": ["example.com"]
      }
    }
  }
}

Key	Type	Default	Description
`enabled`	`boolean`	`false`	Enable web search for Anthropic models.
`maxUses`	`number`	`5`	Maximum number of searches per request.
`allowedDomains`	`string[]`	—	Only return results from these domains.
`blockedDomains`	`string[]`	—	Never return results from these domains.

For Ollama Cloud, enable web search under providerSettings["ollama-cloud"].webSearch:

{
  "providerSettings": {
    "ollama-cloud": {
      "webSearch": {
        "enabled": true,
        "maxResults": 5,
        "maxContentChars": 8000,
        "maxLinks": 100
      }
    }
  }
}

Key	Type	Default	Description
`enabled`	`boolean`	`false`	Register Ollama `web_search` and `web_fetch` tools.
`maxResults`	`number`	`5`	Default number of search results to request from Ollama (`1`–`10`).
`maxContentChars`	`number`	`8000`	Truncate fetched page content to this many characters (`1`–`100000`).
`maxLinks`	`number`	`100`	Truncate fetched page links to this many entries (`1`–`1000`).

Environment Variables

You can also enable web search via environment variables (these take precedence if the config values are not already set):

Variable	Description
`PIZZAPI_WEB_SEARCH`	Set to `1` to enable web search.
`PIZZAPI_WEB_SEARCH_MAX_USES`	Max searches per request (default: `5`).
`PIZZAPI_WEB_SEARCH_ALLOWED_DOMAINS`	Comma-separated list of allowed domains.
`PIZZAPI_WEB_SEARCH_BLOCKED_DOMAINS`	Comma-separated list of blocked domains.
`PIZZAPI_OLLAMA_WEB_SEARCH`	Set to `1` to enable Ollama Cloud web tools.
`PIZZAPI_OLLAMA_WEB_SEARCH_MAX_RESULTS`	Default Ollama search results per request (`1`–`10`, default: `5`).
`PIZZAPI_OLLAMA_WEB_FETCH_MAX_CONTENT_CHARS`	Max chars for fetched page content (`1`–`100000`, default: `8000`).
`PIZZAPI_OLLAMA_WEB_FETCH_MAX_LINKS`	Max links from fetched pages (`1`–`1000`, default: `100`).

Environment Variables

Every config option can also be set as an environment variable. Environment variables take effect for the current process only and do not override saved config values in JSON files — the JSON is loaded first, then env vars for the relay connection are applied on top.

Variable	Equivalent config key	Notes
`PIZZAPI_API_KEY`	`apiKey`
`PIZZAPI_RELAY_URL`	`relayUrl`	Set to `off` to disable relay for this invocation
`PIZZAPI_NO_MCP`	—	Set to `1` to skip MCP servers (Safe Mode)
`PIZZAPI_NO_PLUGINS`	—	Set to `1` to skip plugin loading (Safe Mode)
`PIZZAPI_NO_HOOKS`	—	Set to `1` to skip hook execution (Safe Mode)
`PIZZAPI_NO_RELAY`	—	Set to `1` to skip relay connection (Safe Mode)
`PIZZAPI_SANDBOX`	`sandbox.mode`	Override sandbox mode: `none`, `basic`, or `full` (Sandbox)
`PIZZAPI_NO_SANDBOX`	—	Set to `1` to disable sandbox (shorthand for `none`) (Sandbox)

Example:

export PIZZAPI_API_KEY="pk_live_abc123..."
export PIZZAPI_RELAY_URL="wss://relay.example.com"
pizzapi

Disable the relay for one invocation:

PIZZAPI_RELAY_URL=off pizzapi

Disable the relay permanently (no env var needed each time):

{
  "relayUrl": "off"
}

pizzapi setup saves your API key to ~/.pizzapi/config.json but does not persist the relay URL. If you connect to a non-default relay (anything other than localhost:7492), manually add "relayUrl" to your config after setup:

{
  "apiKey": "pk_live_...",
  "relayUrl": "wss://your-relay.example.com"
}

Pi Agent Settings

In addition to PizzaPi’s own config, the underlying pi agent has its own settings file for model defaults, compaction, retry behavior, and UI preferences. These are separate from ~/.pizzapi/config.json:

File	Scope
`~/.pi/agent/settings.json`	Global pi settings
`.pi/settings.json`	Project-local pi settings (overrides global)

Edit directly or use the /settings command inside a session.

Key Settings

{
  "defaultProvider": "anthropic",
  "defaultModel": "claude-sonnet-4-20250514",
  "defaultThinkingLevel": "medium",
  "compaction": {
    "enabled": true,
    "reserveTokens": 16384,
    "keepRecentTokens": 20000
  },
  "retry": {
    "enabled": true,
    "maxRetries": 3,
    "baseDelayMs": 2000,
    "maxDelayMs": 60000
  },
  "enabledModels": ["claude-*", "gpt-4o"]
}

See Providers & Models for model configuration and Sessions & Context for compaction and session settings.

Merge Order

When PizzaPi starts, config is resolved in this order (later entries win):

Built-in defaults
~/.pizzapi/config.json (global)
<cwd>/.pizzapi/config.json (project-local)
Environment variables (PIZZAPI_API_KEY, PIZZAPI_RELAY_URL)

Skills Search Paths

PizzaPi automatically looks for skills in these locations (all merged):

~/.pizzapi/skills/ — your global personal skills
<cwd>/.pizzapi/skills/ — project-local skills
Any paths listed in the skills config array

See the Skills & Extensions guide for how to write and use skills.

Example: Per-Project Configuration

Create .pizzapi/config.json in your project root to customize behavior for that repo:

{
  "appendSystemPrompt": "This is a Next.js 15 project using the App Router. Always use TypeScript.",
  "skills": [
    ".pi/skills"
  ]
}

Commit this file to share it with your team — just keep apiKey out of project-local config (use the global file or environment variables instead).

Web Hub Configuration

The pizza web command has its own separate config file at ~/.pizzapi/web/config.json for managing the self-hosted relay server. This is distinct from the CLI config above.

# View current web hub config
pizzapi web config

# Set values
pizzapi web config set port 9000
pizzapi web config set extraOrigins "https://example.com"
pizzapi web config set vapidSubject "mailto:ops@example.com"

Key	Default	Description
`port`	`7492`	Host port to expose the web UI on
`vapidSubject`	`mailto:admin@pizzapi.local`	VAPID subject for web push notifications
`extraOrigins`	(none)	Extra allowed CORS origins, comma-separated

CLI flags like --port and --origins also persist to this config file automatically.

See the CLI Reference and Self-Hosting guide for more details.