The human-approval layer for agentic spending on Solana. Your card is the key.
Tally turns the contactless card already in your pocket into a hardware key for a Solana wallet. It reads the card over NFC, runs it through Argon2id with your biometric, and derives the signing key in RAM for under 500ms before wiping it. No seed phrase exists anywhere. Live on Android today, iOS in development.
AI agents can pay for things on their own now, and that creates a question nobody had to ask before: how do you prove a human actually approved what an agent spends? Hand an agent your keys and it can drain everything. Give it a software spending limit and you are trusting code that can be bugged, bypassed, or prompt-injected. Neither one is proof.
Tally makes approval physical. Name an agent, set a cap and an expiry, tap your card once. The agent gets its own stable key, never yours, a budget it cannot exceed, and a soulbound on-chain identity carrying cryptographic proof that a human authorized its spending. Any counterparty can verify that proof straight from the key the agent pays with. Funds stay in your vault until the agent draws them, you can revoke at any time, and x402 micropayments are live on Solana mainnet.
And with no agents in the picture, it is still the wallet with nothing to steal: no seed phrase, no stored key, both your card and your fingerprint required for every signature.
You'll get a 402 with the payment wallet in the response. That's the x402 protocol in action. An agent sends 0.1 USDC to that address, retries with the tx signature, and gets the signal back. The whole flow is in tally_integration/.
NFC reads the card via full EMV APDU chain. Combined with your biometric via Argon2id, it reconstructs the master seed in RAM. 500ms. Then it's gone. Nothing stored on any server. Nothing in plaintext on the device.
Agent requests funding. Telegram notification arrives with the amount and task visible before you approve.
Card tap. Session wallet funded with exactly what you approved.
The session key copies once to the agent's .env. Isolated, capped,
swept back automatically when the task ends.
Agent hits a 402. Payment wallet in headers. 0.1 USDC moves on-chain. Server verifies independently. Signal returned. No API key, no OAuth, no custody. Just a blockchain receipt.
tally.lll.mk/api/attest/verify.