Wallet app launching
Devnet MVP
public prototype and validation track
OffAir reserve
capacity-backed offline promise limits
Solana audit
claim, settlement, and penalty record layer
Start with the investor pitch, then use the links below for real-device online, hybrid, offline promise creation, and reconnect sync evidence.
Why OffAir is different
Category
Usually optimizes for local handoff UX and treats the offline exchange like a wallet-to-wallet payment surface.
OffAir
Makes the offline object explicit: a signed promise bounded by policy, reserve capacity, local trust state, and a claim lifecycle.
OffAir competes on risk architecture and settlement accountability, not only on wallet UX.
SOL-native posture
The MVP uses SOL rather than USDC, USDT, BRZ, or other fiat-backed assets, avoiding an early stablecoin redemption narrative.
Users control wallet keys and sign their own transfers or promises; OffAir is not positioned as a custody provider or stored-value product.
The protocol does not promise fiat parity, redemption, or stored-value stability for merchants or users.
The offline object is closer to a programmable digital check: a promise with explicit counterparty risk and later on-chain clearing.
OffAir should never claim there is no regulatory risk. The responsible claim is narrower: no fiat custody, no redemption promise, no issued fiat-backed asset, and no promise that an offline exchange is final settlement.
Why it exists
If either side can reach the chain path, the experience converges toward direct submission and familiar instant-payment behavior.
When both sides are offline, the sender issues a signed promise with policy limits, local risk scoring, and later reconciliation.
The source code, mobile wallet, FastAPI service, shared protocol, and native Solana program are published as one inspectable monorepo.
Online mode
Online route
Wallet signs a Solana transfer or OffAir promise.
Policy and capacity limits gate the transaction before handoff.
Offline mode
Offline promise
NFC bootstraps the peer session and BLE carries the encrypted payload.
Receipts, journals, and promise state sync when a device returns online.
Mobile flow
Watch the wallet move through the protocol.
App launch
OffAir MVP demo
OffAir test flow
OffAir short demos playlist
App launch
The phone wakes up with a launch-screen moment, then the app expands into the payment flow.
Online
The phone starts with a live wallet route: signed transfer intent, policy check, and immediate submission.
Offline
The display switches to an OffAir promise with limits, identity material, and local risk context.
Transport
The stage shifts into device-to-device exchange, showing the local handoff path without mobile data.
Sync
The phone returns online, syncs receipts, validates chained hashes, and prepares the settlement path.
Videos
The final chapter turns the device horizontal so demo videos can sit naturally around the product story.
Risk protocol
The OffAir reserve establishes how much value a wallet can safely promise before reconnecting.
Reserve-backed capacity
Device state, risk snapshots, transfer amount, and count limits are checked before the payload leaves the sender.
Policy before handoff
Chained local records make replacement, replay, gaps, and inconsistent receipts visible during reconciliation.
Auditable evidence
Global sanctions use a 32-byte Merkle Root for active state and compact append-only LISTED/DELISTED event pages for history.
Scalable governance memory
System map
Mnemonic custody, Solana intent signing, NFC bootstrap, BLE transfer, local journals, readiness checks, and trust prompts.
React Native / Expo
Canonical hashes, policy gates, risk snapshots, wallet identity material, and offline transfer envelopes.
TypeScript package
Device registration, policy fetch, budget provisioning, pending transaction sync, logs, risk, and reconciliation metadata.
FastAPI
Native Solana program accounts for wallet profiles, promise claims, reserves, metadata, settlement batches, and penalties.
Solana native
Risk model
Maximum amount, transfer count, allowance capacity, and device state are checked before an offline promise leaves the wallet.
Wallet, device, and post-quantum signature bundles bind each promise to canonical payloads and peer receipts.
Local histories use chained hashes so reconciliation can detect gaps, replacement, replay, and inconsistent settlement.
The beta track expands risk scoring, anti-fraud rules, and smart-contract driven limit reductions for repeated default behavior.
Mainnet-ready roadmap
Current
Next
Later