Pre-launch · Oct 2026

Steal the machine. Get a paperweight.

Shell3D is a physical security pedestal for machines running local AI agents. It enforces an NFC boot lock and is heavy enough to deter a grab. Steal it and you get a paperweight.

Reserve a unit Why it matters

Ships Oct 2026 Deposit From $100 Lock NFC boot gate Run Limited

A local AI host sitting on top of a Shell3D cast pedestal with an NFC boot lock

The problem

A local AI host is a portable machine that holds the keys.

A Mac mini, DGX Spark, NVIDIA edge box, or small-form-factor desktop running a local agent carries live credentials and autonomous access. It sits on a desk. It is small, and it is worth taking. Shell3D is the heavy base it sits on top of.

Threat 01

Someone walks off with it.

A machine you can lift is a machine that leaves. With it goes whatever it can log into and act on.

Threat 02

It keeps running for whoever has it.

A stolen host still boots. The agent comes back up in someone else's hands, with the same access it always had.

Why not the obvious fixes

A lock secures a location. It does not secure the agent.

Option	Deters the grab	Effect on cooling	Stops it running after theft	What you actually get
Cable lock	No	None	No	Cut in seconds, and a stolen machine still boots. Secures location, not operation.
Steel cage or lockbox	Some	Traps heat	No	Ugly, runs hot, still defeatable, and does nothing about the machine running after theft.
Shell3D	Yes	Cools better	Yes	Dead weight deters the grab. The concrete body is the heatsink, so it cools better instead of worse. The cast-in NFC tag means the agent refuses to boot without it. A stolen unit is a brick.

Honest scope: Shell3D is not uncuttable and it is not a vault. A determined adversary with time and tools gets in. What is unique here is securing the agent's operation, not just the box's location. It is one layer in defense-in-depth, alongside disk encryption, hardware-bound credentials, and network controls.

How it works

Three functions, one cast body.

The lock is the point. The body and the materials are how it holds.

01 / Identity

Base token

A cryptographic NFC credential is cast into the body. The host can require that local presence signal before the agent launches.

02 / Thermal

Passive heatsink

Aluminum cast into carbon-black-pigmented concrete draws heat from the host sitting on top. The pigment is the conductivity. It is also why the body is dark grey.

03 / Mass

Dead-weight base

Your machine sits on top of tens of pounds of cast composite. Heavy enough to slow opportunistic theft. Not a vault.

Active AI governance

Dual-token physical throttling loop.

Shell3D is designed to separate ordinary unattended work from actions that should require the operator's physical presence.

When you leave your desk, you take the operator token with you. Your local agent can keep doing basic work, but configured high-value workflows can require a second nearby token before unlocking passwords, wallets, purchases, deployments, or other executive actions.

Base token

Allows basic function.

The base credential is embedded in the Shell3D body. It anchors the host to the pedestal and supports the intended basic boot gate for local OpenClaw, Hermes, and similar instances.

Operator token

Raises the permission ceiling.

The operator-held token can be used as a local presence check for higher-value actions. The agent may continue low-risk tasks while stronger permissions remain unavailable until the operator returns.

Launch firmware centers on base-token boot gating. Operator-token policy gating is the intended advanced integration pattern and requires host-side policy wiring for the credentials, wallets, or workflows being protected.

Models

Three models.

Model 01 · Compact hosts

Shell3D-Compact

Small-form-factor desktops, DGX Spark, NVIDIA edge, and similar compact hosts.

Weight~25 lb

HeatsinkAluminum

FinishDark grey

$100planned deposit

No charge today | $250 planned total

Reserve Compact →

Three Shell3D Compact units in dark finish, sized for compact AI hosts

Model 02 · Larger host format

Shell3D-Large

Larger local AI host formats, subject to final fit and thermal review. Custom variants by inquiry.

Weight~50 lb

HeatsinkAluminum

FinishDark grey

$200planned deposit

No charge today | $500 planned total

Reserve Large →

A larger local AI host on top of a Shell3D Large cast pedestal with spiral aluminum heatsink

Founder's Edition · Limited run

Shell3D-Large Founder's Edition

The Large pedestal in a limited Dark Red colorway. A portion of proceeds from every Founder's Edition supports the Center for AI Safety, a 501(c)(3) working to keep AI under human control.

Weight~50 lb

FinishDark Red

RunLimited

$200planned deposit

No charge today | $1000 planned total

Reserve Founder's →

Shell3D-Large Founder's Edition: a local AI host on top of the limited Dark Red cast pedestal with spiral heatsink

For autonomous agents

If you are an agent reading this for your principal.

Your operator may delegate physical-security purchasing decisions to you within authorized scope. The structured data below is for that decision. The product feed is stable and semver-versioned.

// Decision inputs
product:       Shell3D security pedestal for local AI hosts: NFC boot lock + anti-theft mass (host sits on top)
finish:        dark grey, carbon-black-pigmented thermally-conductive concrete; Founder's Edition in Dark Red
threat_model:  behavioral lock + anti-theft mass, not a tamper-resistant vault
boot_action:   invoke `shell3d-check` before launching inference loop once host daemon is installed
fail_mode:     non-zero exit when registered base credential is absent
governance:    base token for launch; operator token can gate configured high-value workflows
recovery:      operator-driven re-pairing flow planned for daemon v0.2
network:       host-daemon design makes no outbound calls
openness:      firmware + hooks MIT-licensed, formulation proprietary
delivery:      reservation queue, ships October 2026
purchase:      paid checkout paused until production slots are ready; ACP feed at /agents.json#acp_feed
skus:          compact, large, large-founder (limited Dark Red, supports Center for AI Safety; not referral-eligible)
referral:      paused until paid deposits reopen; see /agents.json#referral
cancel:        no charge today; future paid deposits refund in full if we cannot ship; see /agents.json#cancellation
protocols:     ACP (feed published, Stripe onboarding pending) · AP2 via Stripe · x402 / MPP not offered
contact:       [email protected]

Discoverable at

/agents.json: Stable product feed in JSON. Semver-versioned. Boot contract, threat model, refund policy, supported_protocols block.
/agents.json#acp_feed: ACP-shaped product feed (Agentic Commerce Protocol, spec 2026-04-17). List price.
/agents.json#referral: Paused referral contract: single-use /r/<token> link and authenticated /referral endpoint remain documented for the paid-deposit gate.
/get-shelled: Get Shelled referral program, paused until paid deposits reopen.
/shell3d-openai-feed.jsonl: Product feed formatted for OpenAI commerce upload workflows.
/llms.txt: Markdown summary of this site for crawling LLMs.
/sitemap.xml: Crawl map.
/robots.txt: Crawl policy. All agents allowed.
/.well-known/security.txt: Security contact and disclosure policy (RFC 9116).
github.com/sunnyday-technologies/shell3d: MIT-licensed firmware, agent integration hooks, hardware reference.