Ask2DoAsk2Do
Get started

Install the sidecar

The sidecar is a single 14 MB Go binary that runs on your infrastructure. It holds your DB credentials and answers cloud queries in-place — the cloud orchestrator never has direct access to your data.

One-line install (Linux + macOS)

bash
curl -sSL https://cdn.ask2do.com/sidecar/install.sh | sh

The script auto-detects your OS and CPU, downloads the matching binary, installs it to /usr/local/bin/ask2do-sidecar, and creates a systemd unit on Linux.

Required env

Put these on the host you ran the installer on. On Linux, the systemd unit reads /etc/ask2do.env:

bash
ASK2DO_TENANT_KEY="ad_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
ASK2DO_DB_DSN="postgres://USER:PASS@HOST:5432/YOUR_DB?sslmode=require"

The sidecar accepts both Postgres and MySQL DSNs:

bash
# Postgres
postgres://user:pass@host:5432/db?sslmode=require

# MySQL
mysql://user:pass@host:3306/db?tls=true

Optional env

bash
ASK2DO_CLOUD_URL="wss://cloud.ask2do.com"     # default; override for self-hosted
ASK2DO_AUTO_UPDATE=0                            # disable signed auto-update
ASK2DO_INDEX_PATH=/var/lib/ask2do/index.json    # repo index for code search
ASK2DO_REPO_PATH=/path/to/your/codebase         # enables /search_code tool

Start the service

bash
# Linux (systemd)
sudo systemctl enable --now ask2do-sidecar
sudo systemctl status ask2do-sidecar

# macOS or no systemd
ask2do-sidecar &

Verify it's connected

The sidecar logs sidecar registered on a successful connect. Tail the journal:

bash
sudo journalctl -u ask2do-sidecar -f

Auto-update

On startup and every 12 hours, the sidecar pings cloud's release manifest and self-updates if a newer signed build exists. The cloud signs every release with an Ed25519 key embedded into your binary at build time — no compromise of the update channel can push an unsigned binary.

To opt out: set ASK2DO_AUTO_UPDATE=0. You can update manually by re-running the curl installer.

Troubleshooting

invalid tenant key in logs

You pasted the wrong key, or the key was revoked. Verify in your portal; rotate it if needed.

connection refused on DB

The sidecar can't reach your DB. Check ASK2DO_DB_DSN, the firewall between the sidecar host and your DB, and the SSL settings (sslmode for Postgres, tls for MySQL).

Service exits immediately

A required env var is missing or the binary couldn't parse one. Run journalctl -u ask2do-sidecar -n 50 — the last line names the missing variable.

audit: EnsureTable failed

Your DB role lacks CREATE TABLE. See the audit log docs to create the table manually with elevated permissions, then restart.

Next steps

With the sidecar running, your panel needs a token endpoint that exchanges your tenant key for short-lived JWTs the widget uses. Backend integration →