Small updates to the t3 doc, add v1.5.1 to network releases

src/pages/guide/node/network-upgrades.mdx

@@ -15,6 +15,7 @@ For detailed release notes and binaries, see the [Changelog](/changelog).
 
 | Release | Date | Network | Description | Priority |
 |---------|------|---------|-------------|----------|
+| [v1.5.1](https://github.com/tempoxyz/tempo/releases/tag/v1.5.1) | Mar 29, 2026 | Moderato + Mainnet | Security patch for RPC endpoints that accept `stateOverride`, including `eth_call` and `debug_traceCall`. This release is required for RPC providers and other public RPC nodes, and low priority for validators. | <Badge variant="amber">RPC only</Badge> |
 | [v1.5.0](https://github.com/tempoxyz/tempo/releases/tag/v1.5.0) | Mar 26, 2026 | Moderato + Mainnet | Required for T2; implements compound transfer policies (TIP-1015), permit support for TIP-20 (TIP-1004), ValidatorConfig V2 (TIP-1017), and 14 audit-driven bug fixes (TIP-1036) | <Badge variant="red">Required</Badge> |
 | [v1.4.3](https://github.com/tempoxyz/tempo/releases/tag/v1.4.3) | Mar 18, 2026 | Moderato + Mainnet | Fixes gas price oracle poisoning that caused inflated fee estimates for wallet transactions | <Badge variant="yellow">Recommended</Badge> |
 | [v1.4.2](https://github.com/tempoxyz/tempo/releases/tag/v1.4.2) | Mar 16, 2026 | Moderato + Mainnet | Strict payment calldata validation in the transaction pool and block builder, rejecting malformed payment transactions earlier | <Badge variant="yellow">Recommended</Badge> |

src/pages/protocol/upgrades/t3.mdx

@@ -41,23 +41,26 @@ T3 is Tempo's next network upgrade. It introduces the following changes:
 
 Partners that create or update access keys should upgrade to a T3-compatible SDK release before activation.
 
-T3 introduces one breaking change for access-key integrations.
+For most integrators, no action is needed beyond upgrading to T3-compatible tooling. Existing authorized access keys keep working, and Tempo Transactions that use `key_authorization` keep working.
 
 ### Breaking change for access-key integrations
 
-**What stays the same:** Existing authorized access keys continue to work after T3 activates. Tempo Transactions that provision a new access key through `key_authorization` also continue to work.
-
-**What changes:** T3 replaces the legacy `AccountKeychain.authorizeKey(...)` ABI with the new TIP-1011 authorization format. This only affects flows that create access keys onchain. Access keys created through `KeyAuthorizations` in Tempo Txs don't break.
+The only integrations that need code changes are ones that call `AccountKeychain.authorizeKey(...)` directly onchain. Before T3, those flows used the legacy authorization ABI. After T3, they must use the TIP-1011 authorization format with the updated `authorizeKey(...)` arguments. Legacy calls fail with `LegacyAuthorizeKeySelectorChanged`, sometimes surfaced as `LegacyAuthorizeKeySelectorChanged(newSelector: 0x980a6025)`.
 
 **Before activation:** Integrations must continue using the legacy `AccountKeychain.authorizeKey(...)` ABI. The TIP-1011 authorization format is not yet valid onchain.
 
-**After activation:** Integrations must use the TIP-1011 authorization format. Legacy calls fail with `LegacyAuthorizeKeySelectorChanged`, sometimes surfaced as `LegacyAuthorizeKeySelectorChanged(newSelector: 0x980a6025)`.
+**After activation:** Integrations must use the TIP-1011 authorization format.
+
+T3 also adds one new execution restriction: access-key-signed transactions can no longer create contracts. If your product used access keys for deployments, factory calls, or module-install flows that create contracts, those transactions must move to a Root Key path.
+
+If you support both pre-T3 and post-T3 networks at the same time, branch on network version or activation timestamp. The old authorization ABI only works before T3. The new authorization ABI only works after T3.
 
-Affected flows include:
+### Migration checklist
 
-- direct onchain calls to `AccountKeychain.authorizeKey(...)`
-- key rotation or re-authorization flows that still submit the legacy `authorizeKey(...)` calldata
-- SDKs, backend services, or admin scripts that still encode the legacy `authorizeKey(...)` call
+- upgrade to a T3-compatible SDK mentioned below
+- regenerate contract bindings or replace handcrafted encoders for `authorizeKey(...)`
+- move any access-key contract-creation flows to a Root Key path
+- test key creation, key rotation, and recovery flows on Moderato after T3 activates
 
 ## Compatible SDK releases