grix-connector 1.0.2

package/openclaw-plugin/skills/grix-group/SKILL.md

@@ -0,0 +1,164 @@
+---
+name: grix-group
+description: Use the typed `grix_group` tool for Grix group lifecycle and membership operations. Trigger when users ask to create, inspect, leave, update, or dissolve groups, or when these operations fail with scope or permission errors.
+---
+
+# Grix Group Governance
+
+Operate group-governance actions through the `grix_group` tool.  
+This skill is about tool selection and guardrails, not protocol bridging.
+
+## Workflow
+
+1. Parse the user request into one action:
+   `create`, `detail`, `leave`, `add_members`, `remove_members`, `update_member_role`, `update_all_members_muted`, `update_member_speaking`, or `dissolve`.
+2. Validate required fields before any call.
+3. Call `grix_group` exactly once per business action.
+4. Classify failures by HTTP/BizCode and return exact remediation.
+5. Avoid duplicate side effects:
+   never auto-retry `create` or `dissolve` without explicit user confirmation.
+
+## Tool Contract
+
+For Grix group governance, always call:
+
+1. Tool: `grix_group`
+2. `action`: one of `create`, `detail`, `leave`, `add_members`, `remove_members`, `update_member_role`, `update_all_members_muted`, `update_member_speaking`, `dissolve`
+3. `accountId`: always pass `{{AccountId}}` from the current conversation context for every action, including `leave`.
+
+Rules:
+
+1. Pass business parameters with their exact typed field names.
+2. Use `sessionId`, `memberIds`, `memberTypes`, `memberId`, `memberType`, `role`, `allMembersMuted`, `isSpeakMuted`, and `canSpeakWhenAllMuted` explicitly.
+3. Do not invent aliases or fallback fields.
+4. Keep one tool call per action for audit clarity.
+
+## Action Contracts
+
+### create
+
+Purpose: create a new group session.
+
+Required input:
+
+1. `name` (non-empty string)
+2. `memberIds` (optional string array; each item numeric text)
+3. `memberTypes` (optional int array; align with `memberIds`)
+
+Guardrails:
+
+1. Ask for clarification if group name is missing.
+2. Ask for explicit confirmation before repeating the same create request.
+3. Treat this action as non-idempotent.
+
+### add_members
+
+Purpose: add members into an existing group.
+
+Required input:
+
+1. `sessionId` (non-empty string)
+2. `memberIds` (non-empty string array; each item numeric text)
+3. `memberTypes` (optional int array; align with `memberIds`)
+
+Guardrails:
+
+1. Reject empty `sessionId` before calling the tool.
+2. Reject non-numeric `memberIds` before calling the tool.
+3. If `sessionId` is ambiguous, ask the user to confirm the target group first.
+
+### leave
+
+Purpose: let the current Agent leave a group by itself.
+
+Required input:
+
+1. `sessionId`
+
+Guardrails:
+
+1. Only execute this when the requester is clearly the current Agent owner, or an already-established authorized operator in the current context.
+2. If the requester identity is unclear, ask for confirmation first; if it is clearly unauthorized, reject directly and do not call `grix_group`.
+3. This action is only for the current Agent leaving its own group membership.
+4. Never translate a request to remove other members into `leave`; use `remove_members` for that.
+5. Do not send `memberId`, `memberIds`, or `memberTypes` with this action.
+6. This action does not require scope and should not be described as a scope-grant workflow.
+7. Execute `leave` silently: do not send any pre-leave or farewell message to the group before leaving.
+
+### remove_members
+
+Required input:
+
+1. `sessionId`
+2. `memberIds`
+
+### update_member_role
+
+Required input:
+
+1. `sessionId`
+2. `memberId`
+3. `role`
+
+Guardrails:
+
+1. Only use `memberType=1` for role updates.
+2. Never guess a role value; confirm when unclear.
+
+### update_all_members_muted
+
+Required input:
+
+1. `sessionId`
+2. `allMembersMuted`
+
+Guardrails:
+
+1. Only use this for group-wide mute state changes.
+2. Never guess the desired mute state from vague wording; confirm whether the user wants to enable or disable all-member mute.
+
+### update_member_speaking
+
+Required input:
+
+1. `sessionId`
+2. `memberId`
+3. At least one of `isSpeakMuted` or `canSpeakWhenAllMuted`
+
+Guardrails:
+
+1. Only use `memberType=1` or `memberType=2`.
+2. Do not send an empty speaking update; at least one speaking field must be explicit.
+3. If the target member is ambiguous, ask the user to confirm the exact member first.
+
+### detail / dissolve
+
+Required input:
+
+1. `sessionId`
+
+## Error Handling Rules
+
+1. `403/20011`:
+   report missing scope and ask owner to grant the scope in Aibot Agent permission page.
+   Do not use this remediation for `leave`, because `leave` is scope-free.
+2. `401/10001`:
+   report invalid key/auth and suggest checking agent config or rotating API key.
+3. `403/10002`:
+   report agent is not active or invalid provider type.
+4. `400/10003`:
+   report invalid/missing parameters and ask user for corrected values.
+5. Other errors:
+   return backend `msg` and stop automatic retries.
+
+## Response Style
+
+1. State action result first.
+2. Include key identifiers (`session_id`, member count, mute state) when successful.
+3. Include exact remediation when failed.
+4. Never hide scope or auth errors behind generic wording.
+5. For `leave`, report result to the requester only; do not post extra messages into the group session.
+
+## References
+
+1. Load [references/api-contract.md](references/api-contract.md) when you need exact tool mapping, payload examples, and scope matrix.

package/openclaw-plugin/skills/grix-group/references/api-contract.md

@@ -0,0 +1,97 @@
+# API Contract
+
+## Purpose
+
+Map high-level governance actions to Aibot Agent API HTTP routes.
+
+## Base Rules
+
+1. Base path: `/v1/agent-api`
+2. Auth: `Authorization: Bearer <agent_api_key>`
+3. Only `provider_type=3` and `status=active` agent can access.
+4. Scope middleware executes before service business checks.
+
+## Action Mapping (v1)
+
+| Action | Method | Route | Required Scope |
+|---|---|---|---|
+| `group_detail_read` | `GET` | `/sessions/group/detail` | `group.detail.read` |
+| `group_create` | `POST` | `/sessions/create_group` | `group.create` |
+| `group_leave_self` | `POST` | `/sessions/leave` | - |
+| `group_member_add` | `POST` | `/sessions/members/add` | `group.member.add` |
+| `group_member_remove` | `POST` | `/sessions/members/remove` | `group.member.remove` |
+| `group_member_role_update` | `POST` | `/sessions/members/role` | `group.member.role.update` |
+| `group_all_members_muted_update` | `POST` | `/sessions/speaking/all_muted` | `group.speaking.update` |
+| `group_member_speaking_update` | `POST` | `/sessions/members/speaking` | `group.speaking.update` |
+| `group_dissolve` | `POST` | `/sessions/dissolve` | `group.dissolve` |
+
+## OpenClaw Tool Mapping
+
+Use the native `grix_group` tool with typed fields:
+
+| Tool action | HTTP action | Required fields |
+|---|---|---|
+| `create` | `group_create` | `accountId`, `name` |
+| `detail` | `group_detail_read` | `accountId`, `sessionId` |
+| `leave` | `group_leave_self` | `accountId`, `sessionId` |
+| `add_members` | `group_member_add` | `accountId`, `sessionId`, `memberIds` |
+| `remove_members` | `group_member_remove` | `accountId`, `sessionId`, `memberIds` |
+| `update_member_role` | `group_member_role_update` | `accountId`, `sessionId`, `memberId`, `role` |
+| `update_all_members_muted` | `group_all_members_muted_update` | `accountId`, `sessionId`, `allMembersMuted` |
+| `update_member_speaking` | `group_member_speaking_update` | `accountId`, `sessionId`, `memberId`, `isSpeakMuted` or `canSpeakWhenAllMuted` |
+| `dissolve` | `group_dissolve` | `accountId`, `sessionId` |
+
+## Payload Templates
+
+### create
+
+```json
+{
+  "action": "create",
+  "accountId": "primary",
+  "name": "项目协作群",
+  "memberIds": ["1002", "9991"],
+  "memberTypes": [1, 2]
+}
+```
+
+### add_members
+
+```json
+{
+  "action": "add_members",
+  "accountId": "primary",
+  "sessionId": "task_room_9083",
+  "memberIds": ["1003"],
+  "memberTypes": [1]
+}
+```
+
+### leave
+
+```json
+{
+  "action": "leave",
+  "accountId": "primary",
+  "sessionId": "task_room_9083"
+}
+```
+
+## Error Matrix
+
+| HTTP/BizCode | Meaning | Skill Response |
+|---|---|---|
+| `403/20011` | agent scope forbidden | Tell owner to grant corresponding scope |
+| `400/10003` | invalid request payload | Ask for missing or corrected parameters |
+| `401/10001` | invalid or missing auth | Check api_key and account config |
+| `403/10002` | agent not active / invalid provider | Ask owner to activate the agent |
+
+Notes:
+
+1. `leave` does not require scope and should not route `403/20011` into scope remediation.
+
+## Retry Policy
+
+1. Never auto-retry `group_create` unless user confirms.
+2. Allow one retry for transient network failure only.
+3. Do not retry auth/scope/parameter failures automatically.

package/openclaw-plugin/skills/grix-query/SKILL.md

@@ -0,0 +1,247 @@
+---
+name: grix-query
+description: Use the typed `grix_query` tool for Grix contact lookup, keyword search, session search, and session message history lookup. Trigger when users ask to find contacts, search conversations, list visible sessions, or inspect recent messages in a known session.
+---
+
+# Grix Query
+
+Use the `grix_query` tool for read-only Grix lookup actions.  
+This skill is only for querying existing contacts, sessions, and raw session messages.
+
+## Workflow
+
+1. Parse the user request into one action:
+   `contact_search`, `session_search`, `message_history`, or `message_search`.
+2. Validate required fields before any tool call.
+3. Start with one `grix_query` call for the first page.
+4. If the result is paginated and `has_more` is `true`, continue paging when the user asked for all results, when the target is still unresolved, or when one page is clearly insufficient.
+5. If the user wants message history or in-session keyword search but no `sessionId` is known, locate the target session first through `session_search` or ask the user for a precise target.
+6. Return exact remediation for scope, auth, and parameter failures.
+
+## Tool Contract
+
+For Grix query actions, always call:
+
+1. Tool: `grix_query`
+2. `action`: one of `contact_search`, `session_search`, `message_history`, or `message_search`
+3. `accountId`: required; pass the exact current Grix account ID
+
+Rules:
+
+1. Pass query parameters with their exact typed field names.
+2. For `contact_search` and `session_search`, use exactly one of these modes:
+   exact lookup with `id`, keyword search with `keyword`, or list-all with neither.
+3. If both `id` and `keyword` are present, the backend will prioritize `id`; avoid sending both unless you explicitly want exact-match behavior.
+4. Use `sessionId`, `beforeId`, and `limit` explicitly for message reads; `message_search` also requires `keyword`.
+5. Never invent a `sessionId`. Resolve it from context, from a previous tool result, or ask the user.
+6. Use one tool call per page. Repeated calls are allowed only for pagination or for resolving an ambiguous target.
+7. When paging `contact_search` or `session_search`, keep the same filter and advance `offset`.
+8. When paging `message_history` or `message_search`, reuse the same `sessionId` and set `beforeId` to the oldest message ID from the previous page.
+
+## Lookup Usage
+
+### Single Lookup (with ID)
+
+When the user provides one exact ID, pass it for a precise match:
+
+1. Single contact lookup: `action: "contact_search"` + `id`
+2. Single session lookup: `action: "session_search"` + `id`
+
+ID meaning:
+
+1. `contact_search.id`: contact or Agent numeric ID, e.g. `1002`
+2. `session_search.id`: exact session ID string, e.g. `task_room_9083`
+
+Examples:
+
+```json
+{
+  "action": "contact_search",
+  "accountId": "primary",
+  "id": "1002"
+}
+```
+
+```json
+{
+  "action": "session_search",
+  "accountId": "primary",
+  "id": "task_room_9083"
+}
+```
+
+### Keyword Search
+
+When the user provides a fuzzy name, title, username, or other search phrase, pass `keyword`:
+
+```json
+{
+  "action": "contact_search",
+  "accountId": "primary",
+  "keyword": "atlas user"
+}
+```
+
+```json
+{
+  "action": "session_search",
+  "accountId": "primary",
+  "keyword": "taskroom9083"
+}
+```
+
+### List All (without ID or keyword)
+
+When the user asks to list all contacts or sessions, call without `id` and without `keyword`:
+
+```json
+{
+  "action": "contact_search",
+  "accountId": "primary"
+}
+```
+
+```json
+{
+  "action": "session_search",
+  "accountId": "primary"
+}
+```
+
+Returns a paginated result with `has_more`, `list`, and default page size of 20.
+Use `limit` and `offset` to paginate through results.
+
+If the user asks for all results, keep fetching additional pages until `has_more` is `false`.
+If the user only needs one match or one page is enough to answer, stop after the first sufficient page.
+
+```json
+{
+  "action": "contact_search",
+  "accountId": "primary",
+  "limit": 50,
+  "offset": 20
+}
+```
+
+## Action Contracts
+
+### contact_search
+
+Purpose: search the owner's Grix contact directory.
+
+**Without `id` and without `keyword`**: returns all contacts (friends + agents) in a paginated list, sorted by `created_at` descending. Default page size 20.
+
+**With `id`**: returns the exact matching contact record.
+
+**With `keyword`**: searches contact remark name, nickname, username, and numeric ID prefix.
+
+Input:
+
+1. `id` (contact ID, numeric string) — optional
+2. `keyword` — optional
+3. `limit` — optional, default 20
+4. `offset` — optional, default 0
+
+Guardrails:
+
+1. Use `id` when the target contact ID is already known and you need the exact entry.
+2. Use `keyword` for fuzzy search; do not use `id` for partial matches.
+3. Without `id` and `keyword`, the result includes both user contacts and agent contacts merged and sorted.
+4. Check `has_more` to determine if additional pages exist.
+5. When paging, keep the same filters and increase `offset` by the number of items already fetched.
+6. If the user asked for all matches, continue until `has_more` is `false`.
+7. Do not jump directly to session history from a vague contact hint; resolve the contact or session first.
+
+### session_search
+
+Purpose: search the owner's visible sessions.
+
+**Without `id` and without `keyword`**: returns all visible sessions in a paginated list, ordered by pinned status and `last_active_at`. Default page size 20.
+
+**With `id`**: returns the exact matching session.
+
+**With `keyword`**: searches session title and `session_id`.
+
+Input:
+
+1. `id` (session ID) — optional
+2. `keyword` — optional
+3. `limit` — optional, default 20
+4. `offset` — optional, default 0
+
+Guardrails:
+
+1. Use `id` when the target session ID is already known.
+2. Use `keyword` for fuzzy search by title or session ID text.
+3. Without `id` and `keyword`, the result shows all sessions the agent can see.
+4. Check `has_more` to determine if additional pages exist.
+5. When paging, keep the same filters and increase `offset` by the number of items already fetched.
+6. If the user asked for all matches, continue until `has_more` is `false`.
+7. If multiple sessions match, present the candidates and let the user choose before reading history.
+
+### message_history
+
+Purpose: read recent message history from a known session.
+
+Required input:
+
+1. `sessionId`
+
+Optional input:
+
+1. `beforeId`
+2. `limit`
+
+Guardrails:
+
+1. Only call this after the target session is unambiguous.
+2. Use `beforeId` only for older-page pagination.
+3. For the next page, set `beforeId` to the oldest message ID returned in the previous page.
+4. If the user asked for more history and `has_more` is `true`, keep paging until enough history is collected or no more pages remain.
+5. Do not claim to have full history if only one page was fetched.
+
+### message_search
+
+Purpose: search messages by keyword inside one known session.
+
+Required input:
+
+1. `sessionId`
+2. `keyword`
+
+Optional input:
+
+1. `beforeId`
+2. `limit`
+
+Guardrails:
+
+1. Only call this after the target session is unambiguous.
+2. `keyword` must be the real search phrase; do not fake an empty keyword just to reuse this action.
+3. For the next page, keep the same `keyword` and `sessionId`, and set `beforeId` to the oldest message ID returned in the previous page.
+4. If the user asked for all matches and `has_more` is `true`, keep paging until enough matches are collected or no more pages remain.
+5. If the user only asked whether a keyword appeared, one sufficient page can stop the search, but state clearly that the result is partial when you did not exhaust all pages.
+
+## Error Handling Rules
+
+1. `403/20011`:
+   report missing scope and ask the owner to grant the required scope in the Aibot Agent permission page.
+2. `401/10001`:
+   report invalid key/auth and suggest checking agent config or rotating the API key.
+3. `403/10002`:
+   report the agent is not active or has an invalid provider type.
+4. `400/10003`:
+   report invalid or missing parameters and ask the user for corrected values.
+5. `404/4004`:
+   report the target session does not exist or is not visible.
+6. Other errors:
+   return the backend `msg` and stop automatic retries.
+
+## Response Style
+
+1. State the query result first.
+2. Include key identifiers from successful lookups:
+   `peer_id` / `peer_type` for contacts, `session_id` for sessions, and message identifiers for history.
+3. If only part of a paginated result was fetched, state that clearly.
+4. If multiple pages were fetched, summarize that the answer is merged from several pages.
+5. Never hide scope or auth errors behind generic wording.

package/openclaw-plugin/skills/grix-register/SKILL.md

@@ -0,0 +1,86 @@
+---
+name: grix-register
+description: 仅用于初次安装阶段，完成 Grix 环境的账号注册/登录并拿到第一个 provider_type=3 Agent 的参数；本技能不做任何本地 OpenClaw 配置。
+---
+
+# Grix Register
+
+这个技能只负责“初次安装”的云端准备：账号注册/登录 + 生成首个 `provider_type=3` Agent 参数。  
+你（AI）在终端里全自动操作，**不需要用户打开浏览器**。拿到参数后，必须通过 `grix_admin` 的 `task` 入口移交给 `grix-admin` 做本地配置与运行态收口。
+
+## Workflow
+
+### 0. 角色边界（先声明再执行）
+
+1. 本技能**只能**做账号与云端 Agent 参数准备。
+2. 本技能**不能**执行 `openclaw` 命令，也不能修改本地 `openclaw.json`。
+3. 涉及本地配置、插件安装、工具权限、热加载校验、运行态切换校验，一律交给 `grix-admin`。
+
+### 1. 询问邮箱并发送验证码
+
+1. 向用户询问 Email 地址。**不要让用户去网页端注册**，明确表示你会在对话里完成。
+2. 拿到邮箱后，在终端执行发送验证码的命令：
+   ```bash
+   node scripts/grix_auth.ts send-email-code --email "<用户的email>" --scene "register"
+   ```
+3. 等待命令执行成功后，提示用户去邮箱查收验证码，并询问该验证码。
+
+### 2. 执行自动注册（获取 Token）
+
+1. 用户提供验证码后，你需要为用户生成一个复杂度高且随机安全的密码（建议生成一个12位的强密码，包含大小写、数字和特殊字符）。
+2. 使用收集到的信息，执行注册命令：
+   ```bash
+   node scripts/grix_auth.ts register --email "<邮箱>" --password "<生成的随机密码>" --email-code "<验证码>"
+   ```
+3. 这个命令成功后会返回用户的 `access_token`。请在回复中安全地**将生成的密码告知用户**，建议他们妥善保存。
+
+注：如果注册提示邮箱已注册：
+1. 只有用户明确提供现有密码时，才切换 `node scripts/grix_auth.ts login` 路径继续获取 `access_token`
+2. 如果用户没有现有密码，不要硬猜，也不要假装已经完成找回；明确告诉用户先补现有密码，或先走独立的重置密码流程，再继续本技能
+
+### 3. 创建首个云端 Agent 参数
+
+拿到 `access_token` 后，询问 Agent 名称（如果上下文已有就直接用），执行：
+
+```bash
+node scripts/grix_auth.ts create-api-agent --access-token "<token>" --agent-name "<agent名称>"
+```
+
+这一步会按后端真实接口创建首个 `provider_type=3` 的主 API agent（`is_main=true`），让它拿到完整初始 scopes。若同名 `provider_type=3` Agent 已存在，脚本会自动轮换 API Key 后复用。
+
+### 4. 通过 `grix_admin.task` 强制移交给 grix-admin
+
+第三步执行成功后，脚本会返回一些关键设定：
+- `agent_id`
+- `agent_name`
+- `api_endpoint`
+- `api_key`
+
+然后立刻调用 `grix_admin`，但**不要**把这组字段直接当成 `grix_admin` 的 typed params。正确做法是把它们写进 `task` 文本里，让 `grix-admin` 进入 `bind-local` 流程。
+
+推荐 `task` 形态：
+
+```text
+bind-local
+agent_name=<agent_name>
+agent_id=<agent_id>
+api_endpoint=<api_endpoint>
+api_key=<api_key>
+do_not_create_remote_agent=true
+```
+
+如果脚本输出里已经带了 `handoff.task`，优先直接复用那条 `task`。在 `grix-admin` 真正完成前，不要把本地侧说成已经配置完成或已经激活。
+
+## Guardrails
+
+1. 不要求用户去网页注册或手动点页面。
+2. 不修改任何本地 OpenClaw 配置。
+3. 不安装插件、不改工具权限、不重启 gateway。
+4. 创建或复用出参数后，必须交接给 `grix-admin`。
+5. 不宣称本地已完成或已激活；本地完成态由 `grix-admin` 决定。
+
+## References
+
+1. [references/api-contract.md](references/api-contract.md)
+2. [references/handoff-contract.md](references/handoff-contract.md)
+3. [scripts/grix_auth.ts](scripts/grix_auth.ts)

package/openclaw-plugin/skills/grix-register/references/api-contract.md

@@ -0,0 +1,76 @@
+# API Contract
+
+## Responsibility Boundary
+
+1. `grix-register` 仅负责账号鉴权与云端 `provider_type=3` Agent 参数产出。
+2. 本技能不负责本地 OpenClaw 配置。
+3. 本地配置由 `grix-admin` 接手。
+
+## Base
+
+1. Default website: `https://grix.dhf.pub/`
+2. Default public Grix API base: `https://grix.dhf.pub/v1`
+3. Local development or private deployment can override the base URL.
+
+## Route Mapping
+
+### Agent bootstrap action
+
+| Action | Method | Route | Auth |
+|---|---|---|---|
+| `create-api-agent` | `POST` | `/agents/create` | `Authorization: Bearer <access_token>` |
+| `list-agents` (internal helper) | `GET` | `/agents/list` | `Authorization: Bearer <access_token>` |
+| `rotate-api-agent-key` (internal helper) | `POST` | `/agents/:id/api/key/rotate` | `Authorization: Bearer <access_token>` |
+
+## Payloads
+
+### `create-api-agent`
+
+```json
+{
+  "agent_name": "grix-main",
+  "provider_type": 3,
+  "is_main": true
+}
+```
+
+`provider_type=3` means Agent API type.  
+The bundled bootstrap flow uses `is_main=true` so the first API agent gets the full initial scope set.
+
+## Reuse flow
+
+When the same-name `provider_type=3` agent already exists, the skill should:
+
+1. read `/agents/list`
+2. find the exact-name API agent
+3. rotate its key through `/agents/:id/api/key/rotate`
+4. reuse the returned `api_endpoint` and fresh `api_key`
+
+## Success Highlights
+
+### `create-api-agent`
+
+The bundled script lifts these fields to the top level:
+
+1. `agent_id`
+2. `agent_name`
+3. `provider_type`
+4. `api_endpoint`
+5. `api_key`
+6. `api_key_hint`
+7. `session_id`
+
+## Common Errors
+
+1. create-agent or rotate-key returns missing `api_endpoint` or `api_key`
+
+## Handoff
+
+成功后不要把结构化字段直接当成 `grix_admin` 的 typed params，而是组装成一条 `grix_admin.task`：
+
+1. 第一行写 `bind-local`
+2. 后续带上 `agent_id`
+3. `agent_name`
+4. `api_endpoint`
+5. `api_key`
+6. 补一行 `do_not_create_remote_agent=true`

package/openclaw-plugin/skills/grix-register/references/grix-concepts.md

@@ -0,0 +1,26 @@
+# Grix Concepts
+
+## Canonical Explanation
+
+这个插件接入是为了在 `https://grix.dhf.pub/` 网站管理 OpenClaw，并支持移动端 PWA 页面。
+
+## Feature Highlights
+
+1. `grix-register` 负责初次账号准备与首个 agent 参数生成
+2. `grix-admin` 负责 OpenClaw 本地配置与后续管理
+3. 两者串联后，用户可在 `https://grix.dhf.pub/` 使用和管理
+
+## Default User-Facing Framing
+
+### One sentence
+
+`grix-register` 只做“注册账号并拿到第一个 agent 参数”，本地配置统一交给 `grix-admin`。
+
+### Short paragraph
+
+`grix-register` 只负责初次安装中的云端准备：注册/登录账号并生成第一个 `provider_type=3` agent 参数；随后必须把参数交给 `grix-admin`，由 `grix-admin` 负责本地 OpenClaw 配置。
+
+## After Setup
+
+1. `grix-register` 产出参数后，直接交接给 `grix-admin`。
+2. `grix-register` 不执行任何本地配置动作。