1 Hello

Say hello to your Seed.

Your laptop reaches the device over Bluetooth — quiet, short-range, no joining its Wi-Fi.

On iPhone or iPad? Set up over Wi-Fi instead →

2 Verify

Is this really your Seed?

Your device just signed a random number from this page — only the real one could.

Does this match the code printed on your device?

3 Wi-Fi

Get it online.

Pick your network and type the password. It's sealed to your Seed's key before it leaves this page.

4 Done

Make it yours.

Claim binds the Seed to your account. From now on, only you can reach it — from any browser, anywhere.

Wi-Fi setup

Set up over Wi-Fi.

Your browser can't talk to Bluetooth devices — that's normal on iPhone, iPad, and Firefox. Set up directly through your Seed's own Wi-Fi instead.

  1. Open Wi-Fi settings and join the network named Cognitum-XXXX — its name and password are on your Seed's label or QR.
  2. Your phone should pop the setup page open. If not, open http://192.168.4.1 in your browser.
  3. Confirm the fingerprint, pick your home Wi-Fi, and claim — the steps are identical to Bluetooth setup, just served from the device.
  4. When it finishes, the Seed leaves its hotspot and joins your Wi-Fi. Rejoin your network here to manage it from anywhere.

← Use Bluetooth instead

What's happening?

Why Bluetooth?

Bluetooth lets your laptop reach the Seed over a short, separate radio — your normal Wi-Fi stays connected the whole time. This page is also locked down so it literally can't make any other network request beyond its own origin.

On iPhone or iPad, browsers can't use Bluetooth — so we offer a Wi-Fi setup path that joins the Seed's own hotspot instead.

What's a fingerprint?

It's a short, mathematical summary of your Seed's public key. The device just signed a brand-new random number with its private key, and we verified the signature here — only the real Seed could produce it. A look-alike nearby would fail this check.

Compare the eight bytes above to the code printed on your Seed (or its QR sticker). If they match, it's really yours.

"Sealed" means encrypted to your Seed.

Before your Wi-Fi password leaves this page, it's encrypted using a key only your specific Seed can open (libsodium's crypto_box_seal). The Bluetooth radio, this page's host, and anyone watching the wire see only ciphertext.

Open DevTools → Network. You'll see nothing leaves the page — the browser blocks any other request by policy (connect-src 'none').

What does claiming do?

Your Seed records that you are its owner, and the cloud creates a private address just for it — your-seed.shaal.dev. From then on, that address is gated by your login: only you get in. No app, no VPN, no certificate to install. Resetting the device clears the binding.

The activity log.

A plain play-by-play of what each step is doing — useful for understanding or debugging. Everything here is normal output from your setup.