# dexgate setup prompts for your agent

Use these with **your** coding agent (OpenClaw, Codex, Grok, Claude Code, Cursor, Copilot, etc.).
Canonical page: https://dexgate.ai/docs/setup-prompts/

## Rules

- Prefer linked dexgate docs over memory or guesswork.
- Do not invent `tenantId`, tokens, plan entitlements, or Passport success.
- Never commit secrets or expose port `8001` on the public internet.
- Free success = local hard gate (`governed: false`). Paid success = real PDP path (not mock, not still `local-hardening`).
- Observe authorize traffic on the PDP dashboard before inventing a large policy catalog.

---

## 1. Free first success

```
You are helping me evaluate dexgate free local hardening for a coding agent.

Constraints:
- Follow only these docs (prefer them over memory or guesswork):
  - https://dexgate.ai/get-started/
  - https://dexgate.ai/adapters/
  - https://dexgate.ai/docs/openclaw/quickstart/  (recommended free path)
  - https://dexgate.ai/docs/codex/quickstart/
  - https://dexgate.ai/docs/setup-prompts/
- Do not invent API keys, tenant IDs, PDP URLs, or claim a paid/Passport path. Free mode has no SDE PDP and no production Passport.
- Prefer the least invasive install for my OS. Ask which runtime I use if unclear (OpenClaw recommended; Codex mature beta; Grok/Claude/Cursor/Copilot early beta).
- High-consequence actions (e.g. git push, deploy-class, unrestricted shell) should stay blocked free with an upgrade CTA. Everyday read / limited edit / tests should still work.

Tasks:
1. Confirm my agent runtime and OS.
2. Install or wire the matching free adapter using the official quickstart for that runtime.
3. Run the local hardening / check command for that adapter.
4. Stop when we have real command output showing PASS (or equivalent) and governed: false / source local-hardening (or adapter-equivalent free baseline).
5. Summarize: what works free, what is blocked free, and the single next step if I later want paid pilot (minimum setup doc).

If a step fails, show the exact error and the doc section that applies—do not invent a workaround that disables the free wall.
```

---

## 2. Paid pilot wire-up (minimum topology)

```
You are helping me complete dexgate paid pilot first success (minimum Production topology).

Constraints:
- Canonical docs only:
  - https://dexgate.ai/docs/dexgate/minimum-setup/
  - https://dexgate.ai/docs/enterprise-rollout/
  - https://dexgate.ai/docs/setup-prompts/
  - Adapter free docs I already used for baseline
- Topology: ONE Linux Docker host for SDE PDP + ONE agent host (can be Windows/macOS/Linux). Do not start multi-host mesh or multi-adapter expansion.
- Secrets (tenantId, gatewayId, environment, pdpUrl, PDP_AUTH_TOKEN, admin bearer) come from the customer console Downloads / runtime secrets package I provide. Never invent tokens or claim entitlement I did not purchase.
- Do not publish port 8001 to the public internet. Prefer localhost or SSH tunnel.
- Paid success is a real PDP decision path—not mock PDP, not still source: local-hardening.

Tasks:
1. Confirm free baseline already passed on my adapter.
2. Walk console: password → Downloads (runtime bundle, config, secrets, bootstrap, checksums) using values I paste or files I open—do not fabricate secrets.
3. On the Linux Docker host: bootstrap, then curl http://localhost:8001/healthz → expect ok.
4. On the agent host: configure adapter with the five values from secrets; run the paid check for my adapter (e.g. openclaw-trusted-mode-check --json).
5. Stop when healthz is ok AND check shows a governed/paid path (not local-hardening).
6. List Day-2 verify steps next (dashboard + console Deployments + one evidence row).

If I only have Windows and no Linux Docker path yet, stop and explain the Linux requirement instead of faking a paid path.
```

---

## 3. Observe agent requests, then configure

```
You are helping me use the dexgate SDE / PDP dashboard to observe real agent authorize traffic before we invent a large managed policy set.

Constraints:
- Docs:
  - https://dexgate.ai/docs/enterprise-rollout/
  - https://dexgate.ai/docs/dexgate/minimum-setup/
  - https://dexgate.ai/docs/setup-prompts/
- Dashboard (local default): http://localhost:8001/dashboard on the PDP host, or SSH tunnel:
  ssh -L 8001:localhost:8001 <user>@<pdp-host>
- Authenticate with the runtime admin token (e.g. PDP_ADMIN_BEARER_TOKEN) from my secrets package—do not invent one. Keep 8001 private.
- Free evaluation has no SDE dashboard; this phase is paid pilot only.
- Do not recommend publishing the dashboard on the public internet.
- Prefer observe → note patterns → small policy changes. Do not design a company-wide policy catalog from imagination.

Tasks:
1. Confirm healthz and that my adapter is in PDP / paid mode.
2. Help me open the dashboard (local or tunnel) and identify where authorize / decision activity appears.
3. While I (or the pilot team) use the agent normally, help me log:
   - tool / action names seen
   - allow vs deny
   - Passport present / missing / refused
   - surprises (noisy tools, unexpected denials)
4. Produce a short "what to manage next" list (max 5 items) grounded only in observed traffic.
5. Explicitly separate: customer console (/console/) vs SDE dashboard (:8001) vs any internal company-ops product (not for customers).

If the dashboard is empty, troubleshoot connectivity and adapter mode before changing policy.
```

---

## 4. Day-2 verify (paid pilot success)

```
You are helping me complete Day-2 verification for a dexgate paid pilot.

Success criteria (all must be real, not invented):
1. curl http://localhost:8001/healthz (or tunneled equivalent) returns ok.
2. Adapter paid check shows a governed path—not source: local-hardening, not mock-only PDP.
3. Customer console Deployments (or equivalent) looks healthy for this pilot.
4. After one gated action, decision/Passport history exists (console evidence and/or local dashboard on :8001).

Docs:
- https://dexgate.ai/docs/dexgate/minimum-setup/
- https://dexgate.ai/docs/enterprise-rollout/
- https://dexgate.ai/docs/setup-prompts/

Tasks:
1. Run through the four checks above in order. For each, ask me for real command/UI output if you cannot run it.
2. Mark PASS / FAIL with the evidence snippet.
3. If FAIL, give the smallest fix tied to docs (token, pdpUrl, free mode left on, wrong host, tunnel, etc.).
4. When all PASS, write a 5-bullet pilot handoff for platform + security (what is in scope, what is still free-blocked, where to watch authorize traffic, rollback = free-only or uninstall adapter).

Do not expand to multi-runtime or multi-environment mesh until Day-2 is boringly repeatable.
```

---

## 5. Troubleshoot free vs paid confusion

```
You are diagnosing whether my dexgate setup is still on the free local hard gate or on the paid SDE PDP path.

Constraints:
- Docs: https://dexgate.ai/get-started/ , https://dexgate.ai/docs/dexgate/minimum-setup/ , https://dexgate.ai/faq/ , https://dexgate.ai/docs/setup-prompts/
- Free: local wall only; governed: false / source local-hardening; no org-wide authorize stream.
- Paid: adapter points at real pdpUrl with token; decisions and Passports (or explicit denies) come from PDP; monitor at http://localhost:8001/dashboard when the runtime is up.
- Never invent secrets. Never recommend turning off the free wall "to make demos pass" without replacing it with a real PDP path.

I will paste: adapter check JSON, env/config (redact secrets), healthz output if any, and what I expected.

Tasks:
1. Classify my current path: FREE_ONLY | PAID_WIRED_BUT_FAILING | PAID_OK | UNKNOWN.
2. List the three most likely root causes with how to prove each.
3. Give a single next command or UI check—not a laundry list.
4. If I need human pilot help, point me to https://dexgate.ai/founding-teams/ or https://dexgate.ai/contact/ .
```
