9. Diagnostics & Privacy
Diagnostics log
Rayu records runtime bugs, issues, and vulnerabilities to a structured, append-only log so problems can be reviewed and fixed later:
<config-home>/diagnostics.jsonl # e.g. ~/.rayu/diagnostics.jsonl
Each line is a JSON record:
{"ts":"2026-06-01T00:12:13.711Z","kind":"bug","severity":"medium", "code":"rayu_config.parse_failed","message":"providers.json could not be parsed; starting from empty config", "context":{"error":"Expected property name..."}}
Examples of what's captured
Controls
Secrets (API keys, tokens) are never written to diagnostics — providers are referenced by id, not key value.
Reviewing the log
cat ~/.rayu/diagnostics.jsonl | jq . # all records jq 'select(.kind=="vulnerability")' ~/.rayu/diagnostics.jsonl # just vulnerabilities
Privacy & network posture
Rayu is telemetry-off by default. Privacy levels:
no-telemetry(default) — analytics/telemetry disabled.essential-traffic— all nonessential network traffic disabled (telemetry + auto-update, release notes, model-capability fetches, feature flags). Automatically applied when an OpenAI-compatible provider is active, so Rayu makes no calls to Anthropic when you're using NVIDIA/DeepSeek/etc.
The only outbound calls during normal use go to the provider endpoint you configured (and any MCP servers you add). Project code/secrets are not sent anywhere else.
Next: Troubleshooting →