Per-service access flags (openbug.yaml)
Each service has an openbug.yaml with two key flags:
logs_available(boolean)- If
true, the AI can call log tools for this service:read_logs,tail_logs,grep_logs,get_recent_errors. - If
false, these tools are denied, and the AI can only work with log text embedded directly in your question.
- If
code_available(boolean)- If
true, the AI can call code tools for this service:read_file,grep_search. - If
false, these tools are denied, and the AI cannot read or search your codebase for that service.
- If
- If access is allowed, the tool runs locally and the result is sent back.
- If access is denied, the CLI posts a denial message instead of running the tool, and the AI continues with limited context.
Environment-specific patterns
You can use the same projectid across environments but tune flags per service:
- Development
- Typical:
logs_available: true,code_available: true - AI can both inspect logs and read/search code to propose fixes.
- Typical:
- Staging / Pre-production
- Possible:
logs_available: true,code_available: trueorfalsedepending on sensitivity.
- Possible:
- Production
- Typical:
logs_available: true,code_available: false - AI can analyze operational logs for incidents without reading production code.
- Typical:
Project and cluster boundaries
- Project ID (
id) groups services into a logical app. - Service ID (
window_id) identifies a specific service instance within that app.
debug) shares only:
- Service metadata:
id,name,description,path,window_id. - Access flags:
logs_available,code_available.
Credential management
Authentication to the OpenBug debugging service is via an API key stored in~/.openbug/config:
- Set this once per machine with
debug login your-api-key. - Each API key is tied to usage visible in the OpenBug dashboard.
If you need to rotate a key:
- Create a new key in the OpenBug dashboard.
- Run
debug login <new-api-key>to update~/.openbug/config. - If you no longer want the old key to be usable, delete it from the OpenBug dashboard (app.openbug.build).