Join Waitlist ↓
Mobile App · Solana Mainnet · NFC · x402

Your card
is the key.

Tap your card, no passwords, no keys.

Tally is a mobile app that turns any contactless bank card into a hardware signing key for a Solana wallet. Android available today; iOS in active development.

Every crypto wallet has the same problem. The private key lives somewhere, and wherever it lives is the attack surface. Hardware wallets solved custody but created friction. You need a device. You have to carry it. Lose it and you're locked out.

The card in your wallet already has an NFC chip. Tally reads it via full EMV APDU chain, runs it through Argon2id with your biometric, and derives a signing key in RAM. Under 500ms, then it wipes. Nothing persists on any server, ever. Any contactless card works, including expired ones.

We built this for AI agents, where the private key problem is worse. An agent gets a funded session wallet per task, authorized by a card tap. The vault key never leaves the device. The session key has a budget cap, and when the task ends, funds sweep back automatically. x402 micropayments are live on Solana mainnet. The physical card is the only thing that can authorize a spend.

TALLY
UPTIME
00:00:00
BIO_STREAM.SHRD
🫆
💳
CARD_STREAM.SHRD
RECONSTRUCTING SOLANA MASTER KEY...
PROTOCOL
ISO/IEC 14443-4
Detected
STATE
Entropy Extraction:
100%
TARGET ADDRESS
7xPq...9Wk2
ENCRYPTION
Argon2id · XOR · Ed25519
Security Warning
Volatile RAM Only. No Persistence. Any interruption will purge the cache.
Demo Video ↗ Repo ↗
For developers Android APK ↓ Android debug build. Requires a real contactless bank card (Visa / Mastercard) to sign transactions. Android (Mock NFC) ↓ Same app, no card required. Simulates a card tap automatically, for testing on devices without NFC. iOS — in development Apple's Core NFC restricts EMV access to apps that declare every card AID upfront and ship a custom plugin built on NFCTagReaderSession. We're working through it. Drop your email in the waitlist below to be told when the build is ready. Integration x402 Endpoint
// Live x402 endpoint. Run it yourself.
$
curl https://tally.lll.mk/api/signal

You'll get a 402 with the payment wallet in the response. That's the x402 protocol in action. An agent sends 0.1 USDC to that address, retries with the tx signature, and gets the signal back. The whole flow is in tally_integration/.

How it works
01 / Key derivation
💳
Card tap = signing key

NFC reads the card via full EMV APDU chain. Combined with your biometric via Argon2id, it reconstructs the master seed in RAM. 500ms. Then it's gone. Nothing stored on any server. Nothing in plaintext on the device.

02 / Agent funding
🤖
Session wallets for agents

Agent requests funding. Telegram notification arrives with the amount and task visible before you approve. Card tap. Session wallet funded with exactly what you approved. The session key copies once to the agent's .env. Isolated, capped, swept back automatically when the task ends.

03 / x402 Payments
Pay paywalled APIs on-chain

Agent hits a 402. Payment wallet in headers. 0.1 USDC moves on-chain. Server verifies independently. Signal returned. No API key, no OAuth, no custody. Just a blockchain receipt.

Confirmed on mainnet
Full hardware wallet Vault creation, SOL + USDC send/receive, Jupiter swap, QR scanner, emergency sweep
Three session wallet types Agent (SK shown once), Personal (SK stays on device), Burner (SK shown once)
Full agent lifecycle Fund, task, return. Confirmed with real USDC on mainnet.
x402 end-to-end Agent hits paywall. Card tap. USDC on-chain. Tx verified. Signal returned.
HMAC-signed deep links Every Telegram notification signed and verified on open, ±5 min timestamp window
ATA rent reclaim USDC account closed on sweep, ~$0.17 recovered per session automatically
Tech stack
Mobile
Ionic Capacitor · React · TypeScript · Android
Crypto
Argon2id (32 iter, 2MB) · XOR split · Ed25519/TweetNaCl · BIP39
NFC
Full EMV APDU chain · ISO 14443-4 · stale-tag flush
Chain
Solana mainnet · SPL token (USDC) · Jupiter VersionedTransaction
Agent
Python skill · Telegram bot · HMAC-SHA256 signed deep links
x402 Server
Next.js · Vercel · tally-signal ↗
What's next
In progress
On-chain constrained signer
A Solana program that enforces spend caps and program whitelists at the protocol level. Even a stolen session key cannot exceed the cap or call non-whitelisted programs.
Planned
Policy taps
One tap authorizes a class of work, not just a single transaction. The card sets a time-bounded budget. The agent runs autonomously within it.
Planned
Card tap as proof of human presence
Every authorization produces a signed attestation that a real person with a real card approved this spend. Travels with the task through multi-agent pipelines as a verifiable credential.
Planned
UID-only card derivation
Replace PAN-based key derivation with the card's hardware serial number only. Same security model, no card number ever read. Designed for deployments where PCI compliance is a hard requirement.
Planned
Self-hosted x402 gateway
Run your own x402 endpoint backed by Tally's card-tap authorization. Agents pay per request, humans stay in the loop. No third-party proxy, no shared infrastructure.