Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tallyforagents.com/llms.txt

Use this file to discover all available pages before exploring further.

Tally is in active development. This page logs notable changes — new endpoints, new SDK methods, behavior changes, deprecations — so you can track what’s safe to depend on and what’s recently moved. Entries are reverse-chronological. Significant breaking changes will get their own callout; minor improvements roll up into the date entry.

2026-05-18 — Public preview launch

The initial docs site and TypeScript SDK v0 go live alongside the dashboard at tallyforagents.com. The product is end-to-end functional on Base Sepolia (testnet); live mode is partially built and ships later.

Added

  • Dashboard — sign-in flow with auto-provisioned account and test-mode wallet on first login; full operational surface at /{slug}/overview with balance charts, top wallets, top agents, recent activity.
  • Wallets — Privy server wallets owned by the account; auto-provisioned on sign-in; additional wallets creatable from the dashboard.
  • Agents — register stable identifiers per autonomous unit you run; per-agent attribution and analytics; status reflects active vs no-permissions.
  • Permissions — passkey-signed policies bounding what each agent can do (per-tx max, daily cap, recipient allowlist, contract allowlist, expiry). Policy enforcement happens inside Privy’s secure enclave.
  • Payments via SDKtally.payments.create() for outbound USDC transfers with two-layer enforcement (Tally pre-check + Privy enclave). Idempotency keys, structured error codes, lazy chain refresh via tally.payments.get().
  • Webhooks — six event types (payment.created, payment.confirmed, payment.failed, inbound.received, permission.granted, permission.revoked) with HMAC-SHA256 signatures (t=…,v1=…), exponential retry schedule (1m → 5m → 15m → 1h → 6h, 6 attempts), 10-second per-attempt timeout, manual replay from the dashboard.
  • API key rotation — 24-hour grace window when rotating; old key keeps authenticating while you roll the fleet. Distinct from hard revoke (immediate). Leaked-key scanner watches public commits.
  • Agent permission rotation — swap a permission’s signing key while keeping policy bounds identical; in-place policy edits for changing terms without rotation.
  • Test mode and live mode partitioning — Stripe-style separation by API key prefix (tly_test_… / tly_live_…). Test mode is fully functional on Base Sepolia today; live mode opt-in lands later.
  • TypeScript SDK@tallyforagents/sdk with agents.upsert/list/get, payments.create/get, webhooks.verifySignature. Typed exception hierarchy (AuthenticationError, NotFoundError, ValidationError, RateLimitError, ConflictError, TallyError).
  • REST API at /v1/* — 5 endpoints (POST /v1/agents, GET /v1/agents, GET /v1/agents/{id}, POST /v1/payments, GET /v1/payments/{id}). Bearer-token auth, mode encoded in key prefix, per-key rate limits (60/min default, 30/min on payments).
  • Documentation surface — Get Started, Concepts, Guides, API reference, SDK reference, Ops. Everything grounded in the actual implementation; gaps explicitly flagged.

Coming next

Tracked in BUILD_LOG.md (the “SDK gaps queued from the docs rewrite” section). Highlights:
  • tally.wallets.list() / tally.wallets.create() — programmatic wallet management.
  • tally.permissions.list({ agent_id? }) — inspect active permissions and remaining allowance from code.
  • tally.permissions.revoke() / tally.permissions.update() — server-prepare → user-confirm flows, since revocation needs the wallet owner’s passkey.
  • tally.payments.list({ filters? }) — filterable payment history.
  • tally.agents.delete() — soft-delete with 409 on agents that have active permissions.
  • tally.webhooks.list() / create() / revoke() — endpoint management.
  • Webhook secret rotation with 24h grace window (parity with API key rotation).
  • Live mode opt-in flow and Base mainnet support.
  • ERC-4337 smart-wallet upgrade path (server wallet becomes the signer; trust model carries forward).

Known caveats

  • Idempotency is forgiving. Reusing an idempotency_key with a different payload returns the original payment without revalidating — make sure your key derivation is tied to the payload, not just the operation.
  • Live mode isn’t wired up yet. getDashboardMode() is hardcoded to "test" and no tly_live_ keys are issued. Test mode is fully functional.
  • @tallyforagents/sdk is internal-only today. It’s not yet published to npm; consume it from the monorepo for now.

How to read this changelog

  • Added — new endpoints, SDK methods, dashboard features, webhook event types.
  • Changed — behavior shifts in existing surfaces. If the change could break working code, it’ll be called out as a breaking change.
  • Fixed — bug fixes worth mentioning (silent fixes don’t make the log).
  • Deprecated — surfaces that still work but will be removed. Each deprecation entry includes a target removal date.
  • Coming next — things on the immediate roadmap. No promises on timing; included so you can plan around them.
Subscribe to releases on GitHub to be notified when entries land.