Tally is a mobile app that turns any contactless bank card into a hardware signing key for a Solana wallet. Available for Android and iOS.
In medieval England, tax debts were recorded on a wooden stick. The stick was notched to show the amount owed, then split lengthwise down the middle. The government kept one half. The taxpayer kept the other. When it was time to settle, both halves had to be present and the notches had to match. Neither party could alter their half without the fraud being immediately obvious.
That's a 2-of-2 split. It's also the security model behind Tally. One half lives in your Android Keystore, gated by your biometric. The other is derived from your bank card every time you tap. Neither half is the key. The key doesn't exist until both are present, and it stops existing 500 milliseconds later.
How it started
When Solflare launched their Shield card, I paid attention. Hardware security in a mobile wallet, a physical object as the second factor. The idea was right. But it required a dedicated card, a piece of hardware specifically manufactured for the purpose.
I had a different question. My bank card already has an NFC chip. My phone already has an NFC reader. What if the card I already carry everywhere is enough?
So I spent a weekend reading the EMV spec, the communication protocol that every contactless card uses, and built something that extracts a card number, a hardware UID, and an expiry date from any Visa or Mastercard tap. Runs it through Argon2id. Produces a deterministic 32-byte key. Tap the card, get the same key every time. Never stored anywhere. Gone the moment you pull the card away.
The expired card thing is real, by the way. An expired card can't pay for your coffee. It still has a chip, it still has a UID, it still produces the same key it always did. It just can't fund anything. Which means it's actually more secure as a signing key, because someone who finds it in a drawer can't do anything with it except prove they were there.
What the key actually does
Combine the card-derived shard with a biometric-gated shard from the Android Keystore and you have a clean 2-of-2: something you have and something you are. Neither alone is worth anything. Together, they reconstruct the master seed in RAM. Argon2id with 32 iterations and 2MB memory hardness, XOR'd with the biometric shard, into an Ed25519 keypair. Under 500ms, then it's wiped. Nothing in plaintext on the device, nothing on any server, ever.
Why this matters for AI agents
Once the signing flow was working, the next obvious question was: what do you do with a clean authorization primitive?
AI agents need to spend money. The standard approach is to give the agent a private key and hope nothing goes wrong. That's not paranoia, that's just how every agent wallet works today. The key lives somewhere, and wherever it lives is the attack surface.
Tally's approach: the agent gets a session wallet with a fixed budget. To fund it, you tap your card once. The agent spends from the session wallet, never touches the vault. When the task ends, everything sweeps back automatically. The session key exists, does its job, and becomes worthless.
The card tap is the authorization. Not a password. Not a seed phrase. A physical object in your hand, combined with your fingerprint, producing a cryptographic proof that you were present and you said yes.
What's live right now
When an agent hits a paywalled API and gets a 402 back, it doesn't stop. It calls Tally's Python skill to request funding. The skill sends a Telegram notification to your phone with the amount and a description of what the agent is trying to do.
You tap the button in that message. It opens a deep link directly into the Tally app, showing a confirmation screen with the amount and the request details. No password, no seed phrase. You tap your card. That's the approval.
The session wallet was already set up when you connected the agent in the Tally app. You copied the .env block once, dropped it into the agent's integration folder, and that's it. The agent knows its wallet. When the card tap approves the spend, funds move to that wallet. The agent monitors on-chain, picks up the balance, and retries the paywalled request. When the task ends, remaining funds sweep back to the vault automatically.
The full agent lifecycle is confirmed on Solana mainnet: fund, task, return. Real USDC, real verification, real sweep.
The card in your pocket was always a signing key. Tally is the software that finally uses it.