Telemetry & privacy

The SDK and MCP server send anonymous usage telemetry — trade actions, latencies, and error categories — to a Tria-owned proxy so we can measure and improve the API-Trading surface. It is on by default, never blocking, and never carries keys or PII.

On first client construction the SDK prints a one-time stderr notice that telemetry is on, with the opt-out. Set TRIA_TRADE_TELEMETRY_QUIET=1 to keep telemetry on but silence that notice.

What's collected

Each event carries the trade action (e.g. place_order, cancel_order), the venue, an outcome, latency marks, and — on failures — an error category and severity. Plus minimal identity:

  • platformnode-sdk, browser-sdk, or mcp.
  • An optional client_id (attribution identity; absent → fully anonymous).
  • A truncated wallet (first6…last4) — never the full address.

What is never collected

  • Name
    Private keys
    Type
    never
    Description

    The HL agent key and Decibel delegate key never leave your process.

  • Name
    Full wallet addresses
    Type
    never
    Description

    Only a first6…last4 truncation is ever emitted.

  • Name
    Email
    Type
    never
    Description
    Not collected.
  • Name
    Raw order sizes
    Type
    never
    Description

    Sizes are bucketed, not sent verbatim.

Free-text (e.g. error messages) is secret- and PII-scrubbed and truncated before it can reach the wire. The secret-holding New Relic key lives only behind the Tria proxy — the public SDK package never bundles it.

Never blocking

Telemetry runs through a bounded, batched, fire-and-forget sink. A slow, failing, or unreachable proxy cannot add latency to, delay, or fail a trade call — the trade path never awaits it, and the sink swallows all of its own errors. When disabled it becomes a zero-overhead no-op.

Opt out

# Full opt-out — the telemetry sink becomes a no-op (zero network calls).
TRIA_TRADE_TELEMETRY=0

# Keep telemetry on, but silence the one-time first-run stderr notice.
TRIA_TRADE_TELEMETRY_QUIET=1

For the MCP server, set TRIA_TRADE_TELEMETRY=0 in the server's env block (see MCP configuration).

MCP funnel

The MCP server inherits all of the above and adds an mcp_tool funnel signal — which tool was called, whether it was destructive vs read-only, and arg-validation rejections that never reached the SDK. Those rows are tagged platform: mcp and land on Tria's shared "Trade Health" dashboard alongside SDK traffic.

Endpoint

By default events go to the Tria proxy for your builder tier:

  • productionhttps://auth.production.tria.so/api/v1/sdk-telemetry
  • development (TRIA_TRADE_DEVELOPMENT=true) — https://auth.development.tria.so/api/v1/sdk-telemetry

Override with TRIA_TRADE_TELEMETRY_ENDPOINT (or telemetry.endpoint in config) if you proxy it yourself. The proxy authenticates and rate-limits on client_id, scrubs again server-side, and forwards to New Relic — it is the only component that holds the ingest key.

Was this page helpful?