One card tap proves a human approved the agent, caps what it can spend on-chain, and binds that approval to every payment it settles.
The x402 rails answer one question well: did the payment go through. exact, upto, batch-settlement.
Did a real human authorize this agent? Is the authority bounded? Can anyone verify it without trusting the agent or the facilitator?
In June 2026, Mastercard's Agent Pay for Machines began issuing agents human-granted, capped spending permissions, recorded on-chain, including on Solana.
The key is any contactless card you already carry, or an NFC tag. Even an expired card works, so the cautious can use a dead one and never expose a live card.
The seed is split 2-of-2 between the phone's secure enclave and a shard derived from the factor you tap.
The full key exists in memory for under half a second, then it is wiped.
Nothing sensitive is stored. The phone or the card alone reconstructs nothing.
Master_Seed = Bio_Shard ⊕ Card_Shard
Everything you expect: self-custody send and receive, hardware-gated signing, the seed never exposed.
Earn is built in: stake SOL, earn on USDC, and swap, without leaving the wallet.
Hidden vaults: passphrase-gated wallets that store nothing. Deniable and portable.
A built-in dApp browser signs for any Solana dApp with a card tap.
A signed proof of presence: a human authorized this agent to spend up to X until T.
An on-chain allowance enforces the cap and expiry. The agent only ever draws within it. The principal stays in the vault.
The facilitator verifies the draw and settles it over standard x402 rails.
A counterparty verifies the whole chain offline. No trust in Tally, and no trust in the agent's self-report.
Every spending grant is a signed attestation: this human approved this agent, up to X, until T. Devnet-proven, with a live public verifier.
The agent carries a verifiable on-chain identity, built on Metaplex's agent-registry standard, with soulbound credentials via mpl-core.
Tally's human-intent proof plugs into the emerging agent-identity stack instead of being a proprietary token.
The payment rails are becoming open standards on Solana, and the Solana Foundation is shipping them. We ride those rails instead of competing with them. The layer that proves a human authorized the agent is the empty slot, and it is ours.
A real x402 endpoint on Solana. A 402, real USDC, anyone can curl it.
Card-tap signing for sends, and for any Solana dApp through an in-app browser.
The attestation runs on devnet, with a public verifier at tally.lll.mk/api/attest/verify.
Contributing to the x402 payment spec and Solana's on-chain allowance programs.
curl -i https://tally.lll.mk/api/signal
→ HTTP/2 402 · x-payment-amount: 0.1 · USDC
Independent review of the split, the allowance path, and the facilitator.
The full agent-payment flow live, beyond the signal endpoint.
Any agent builder drops in the human-approval layer in a few lines.