Every term that appears in this section, defined once, with a pointer to where to learn more.
If you've just heard a word for the first time, this is the page.
Each entry is one line of definition + one link to the page that
covers it in context.
asd.yaml — Project-level configuration at the repository root.
Declares the project's name, Caddy on/off, plugins, modes,
automation, and feature flags. See reference/asd-yaml.
asd net apply — The verb that reads every net.manifest.yaml,
populates the registry, configures Caddy routes, and starts tunnels.
Idempotent. See cli/starter §3.
asd up / asd down — Workspace-level verbs that run the
automation.up / automation.down tasks in asd.yaml. The "go"
and "stop" buttons for everything your project starts. See
cli/starter §3.
authBypassPaths — A list of URL paths that skip the
authPolicy (or basic auth) check on a route. Used for health
endpoints, OAuth callbacks, public webhooks. See
learn/05-add-authentication.
authPolicy — Name of a caddy-security gatekeeper policy
defined in caddy.apps.security. Activates forward-auth / SSO
on a service route. See
cookbook/put-an-api-behind-sso.
basicAuth — Per-service basic-auth credentials in
net.manifest.yaml. Overrides the project-wide credentials from
asd expose auth. See learn/05.
Caddy — The reverse proxy asd uses (embedded as a binary
inside the asd distribution). Hot-reloadable, stateful — see
caddy-state. https://caddyserver.com/
caddy-security — A third-party Caddy module that adds basic
auth, OAuth/OIDC, SAML, and authorization policies. Bundled with
asd's Caddy build. Driven by caddy.authPolicy in manifests.
Caddy-state — The in-memory state Caddy holds: every active
route + cert. asd caddy stop snapshots it to a file before
exiting so asd caddy start can restore it. See
internals/caddy-state.
client-id — Short identifier (e.g. xyz1) that the tunnel
server uses to address your machine. Each user gets a different
one; subdomains include it as <name>-<client-id>.<tunnel-host>.
Returned by ${{ macro.tunnelClientId() }}.
Cookbook — Random-access how-tos (/asd/cookbook/) for
single-problem scenarios. The "I know what I want, show me how"
shape, vs the linear learn/ ladder.
endpoint.url — Upstream URL Caddy reverse-proxies to in a
service manifest. Typically http://127.0.0.1:<port>. See
reference/net-manifest § endpoint.
env apply — Renders .env.<active-mode> from the
mode-prefixed keys in tpl.env. See learn/04.
expose — Two distinct things in asd:
asd expose <port> — zero-config public tunnel for one port.caddy.expose field — declarative service exposure in a manifest.features.* — Project-level toggles in asd.yaml:
disable_authentication, auto_start_caddy, auto_install_binaries,
etc. See reference/asd-yaml § features.
forwardedPrefix — Caddy field that strips a path prefix
before forwarding to the upstream (/api/users → upstream sees
/users). See learn/06.
Funnel — Tailscale's public-URL feature. Adjacent product to
asd expose. See compared/vs-tailscale-funnel.
hostRoute — The simple declarative Caddy route field in a
manifest. Specifies the public hostname → upstream mapping. See
reference/net-manifest § caddy.hostRoute.
learn/ — The sequential ladder (/asd/learn/) from Level 1
(hello world) to Level 7 (build a plugin). One prerequisite per
rung. See learn/00-start-here.
Manifest — A YAML file that declares state. Two kinds in asd:
asd.yaml (project-level)packages/<service>/net.manifest.yaml (per-service)Mode — Named environment configuration (dev, prod,
staging, …). Declared in asd.yaml's
project.env_modes.available. Active mode chooses which
_mode_<name>_* keys in tpl.env render to .env.<mode>. See
learn/04.
Module — Internal asd subsystem (modules/<name>/ in the
asd-cli distribution). Each module ships its own *.manifest.yaml,
scripts/api.just, and config. Not user-extensible without
contributing to asd-cli itself — see Plugin for the user-extension
hook.
net.manifest.yaml — Per-service routing declaration:
endpoint, caddy.*, tunnel, basicAuth, env. Read by
asd net apply. See reference/net-manifest.
OIDC — OpenID Connect. The protocol caddy-security uses for
forward auth in caddy.authPolicy. Authentik / Keycloak / Google /
Okta all speak it.
Plugin — User-extension hook. A tpl.asd.yml template + optional
Zod config schema at modules/plugin/<name>/. Activated via
project.plugins: [<name>] in a project's asd.yaml. See
learn/07.
plugins_config.<name> — The slot in asd.yaml where a
project supplies per-plugin settings. Validated by the plugin's
own config.schema.ts.
Project — A directory with asd.yaml. asd commands assume
you're in (or have set as default) a project directory.
Registered/listed via asd projects.
rawRoutes — Escape-hatch field in caddy.rawRoutes that takes
verbatim Caddy JSON routes. Used when declarative options can't
express what you need. See learn/06 § rawRoutes.
Registry — registry.json, the runtime state file asd
maintains: which services exist, what ports they bind, what
hostnames route to them, which tunnels are alive. asd writes it,
asd reads it, nothing else should touch it.
responseHeaders — Caddy field that adds HTTP response
headers to every response on a route (CORS, security headers,
Cache-Control). See learn/06.
Route — A Caddy hostname → upstream mapping. Generated from
caddy.hostRoute (or caddy.routes / caddy.rawRoutes) and held
in Caddy's running config.
sish — Open-source SSH-based tunnel server
(https://docs.ssi.sh). The protocol asd's tunnel daemon speaks.
You can self-host sish or use the asd-managed tunnel servers.
Scenario format — The six-block page template used in all
learn/ and cookbook/ pages: HEADER → PREREQ/SKIP → SETUP →
RECIPE → RESULT → WHY IT WORKS → WHAT'S NEXT.
tpl.env — Environment-variable template. Lives alongside
.env. Contains the per-mode keys (_mode_dev_*, _mode_prod_*)
that asd env apply materialises into the active .env.<mode>.
See learn/04.
Tunnel — A public HTTPS URL for a local port, served via
reverse SSH to a tunnel server (sish-compatible). Brought up by
asd net apply (when tunnel.public: true) or asd expose <port>. See internals/tunnels.
Tunnel daemon — The asd-managed process that holds the SSH
connection to the tunnel server for one service. Multiple daemons
multiplex onto one SSH connection per tunnel-server destination.
tunnel.public — Boolean field in net.manifest.yaml that
decides whether a service gets a public tunnel. false → local
Caddy route only (see cookbook/self-signed-https).
${{ macro.X }} — Template macro expanded by asd at apply
time. Examples: tunnelClientId(), tunnelEndpoint(),
exposedOrigin(), concat(). Full list:
reference/net-manifest § Template macros.
${{ env.X }} — Template reference to a .env value
expanded by asd at apply time.
Vault — asd's local secret store. asd vault set / get / list / inject. Useful for credentials you don't want in .env. See
cli/vault.
Workspace — The directory where asd's runtime state lives,
typically .asd/workspace/ inside your project. Holds the
registry, Caddy state file, generated configs, logs.