[Docs] Add Vault SDK documentation and guides

[joaquim-verges]

---

PR-Codex overview

This PR introduces new documentation and features for the Vault SDK, enhancing its usability for developers by adding guides, installation instructions, and a new section in the sidebar.

Detailed summary

• Added TypeScript SDK section to the sidebar with links to Overview, Installation, API Reference, and Guides.
• Created installation guide covering package installation and peer dependencies.
• Added guides for creating and managing Externally Owned Accounts (EOAs), signing transactions, and managing access tokens.
• Enhanced API Reference section detailing client utilities, service accounts, EOAs, access tokens, and utility functions.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• Documentation
  • Introduced comprehensive Vault SDK documentation covering overview, installation, API reference, and detailed guides on creating/managing EOAs, signing transactions and messages, and managing access tokens.
  • Included practical TypeScript examples, usage scenarios, and best practices throughout the new documentation.
• New Features
  • Added a new "TypeScript SDK" section to the sidebar for streamlined navigation to Vault SDK resources and guides.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 973cd56

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[joaquim-verges]

• [Docs] Add Vault SDK documentation and guides #7054 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	56.57 KB (0%)	1.2 s (0%)	200 ms (+44.33% 🔺)	1.4 s
thirdweb (cjs)	309.52 KB (0%)	6.2 s (0%)	1.2 s (-2.4% 🔽)	7.3 s
thirdweb (minimal + tree-shaking)	5.69 KB (0%)	114 ms (0%)	45 ms (+433.13% 🔺)	159 ms
thirdweb/chains (tree-shaking)	531 B (0%)	11 ms (0%)	10 ms (+96.28% 🔺)	20 ms
thirdweb/react (minimal + tree-shaking)	19.5 KB (0%)	390 ms (0%)	64 ms (+171.21% 🔺)	454 ms

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.59%. Comparing base (6104401) to head (973cd56).
Report is 7 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7054      +/-   ##
==========================================
- Coverage   55.81%   55.59%   -0.22%     
==========================================
  Files         900      901       +1     
  Lines       57848    58121     +273     
  Branches     4067     4064       -3     
==========================================
+ Hits        32288    32313      +25     
- Misses      25454    25703     +249     
+ Partials      106      105       -1     

Flag	Coverage Δ
packages	55.59% <ø> (-0.22%)	⬇️

see 10 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 20, 2025 10:09pm

4 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
login	⬜️ Skipped (Inspect)			May 20, 2025 10:09pm
thirdweb_playground	⬜️ Skipped (Inspect)			May 20, 2025 10:09pm
thirdweb-www	⬜️ Skipped (Inspect)			May 20, 2025 10:09pm
wallet-ui	⬜️ Skipped (Inspect)			May 20, 2025 10:09pm

[coderabbitai]

Walkthrough

This update introduces comprehensive documentation for the Vault SDK, including an overview, installation instructions, API reference, and detailed guides for managing EOAs, signing operations, and handling access tokens. The sidebar navigation is extended to include a new "TypeScript SDK" section, organizing the new documentation and guides for easier access.

Changes

File(s)	Change Summary
apps/portal/src/app/vault/sdk/page.mdx	Added an overview documentation page introducing the Vault SDK, its features, use cases, and a basic usage example.
apps/portal/src/app/vault/sdk/installation/page.mdx	Added installation and setup instructions for the Vault SDK, including runtime requirements, dependency notes, polyfill guidance, and client initialization steps.
apps/portal/src/app/vault/sdk/api-reference/page.mdx	Added a detailed API reference documenting all main SDK functions, grouped by capability, with tables and code examples for each function.
apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx apps/portal/src/app/vault/sdk/guides/creating-eoas/page.mdx apps/portal/src/app/vault/sdk/guides/signing/page.mdx	Added three new step-by-step guides: managing access tokens, creating/managing EOAs, and signing transactions/messages, each with prerequisites, example code, and best practices.
apps/portal/src/app/vault/sidebar.tsx	Updated the sidebar to add a "TypeScript SDK" section with links to the new overview, installation, API reference, and guides. Imported the Code2Icon for the new section.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Sidebar
    participant DocsPages

    User->>Sidebar: Navigates to "TypeScript SDK"
    Sidebar->>DocsPages: Provides links (Overview, Installation, API Reference, Guides)
    User->>DocsPages: Selects a documentation or guide link
    DocsPages->>User: Displays selected documentation content (Overview, Installation, API Reference, Guide)

Loading

sequenceDiagram
    participant Developer
    participant VaultSDKDocs

    Developer->>VaultSDKDocs: Reads Overview for high-level understanding
    Developer->>VaultSDKDocs: Reads Installation to set up SDK
    Developer->>VaultSDKDocs: Uses API Reference for function details
    Developer->>VaultSDKDocs: Follows Guides for step-by-step workflows (EOAs, Signing, Access Tokens)

Loading

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f85db1f and 973cd56.

📒 Files selected for processing (1)

• apps/portal/src/app/vault/sdk/installation/page.mdx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/portal/src/app/vault/sdk/installation/page.mdx

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Unit Tests
• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

apps/portal/src/app/vault/sdk/installation/page.mdx (1)

48-48: Fix missing verb in sentence.

There's a grammatical error in this sentence - missing a verb before "a baseUrl".

-`createVaultClient` uses your secret key to establish a connection to the thirdweb vault instance. You can also a baseUrl that points to your own vault instance. Cache the resulting `vault` object and reuse it for all subsequent operations.
+`createVaultClient` uses your secret key to establish a connection to the thirdweb vault instance. You can also specify a baseUrl that points to your own vault instance. Cache the resulting `vault` object and reuse it for all subsequent operations.

🧹 Nitpick comments (7)

apps/portal/src/app/vault/sdk/guides/signing/page.mdx (3)

3-3: Add comma after introductory phrase for clarity.
The sentence "In this guide we will request signatures from the Vault for common payload types:" reads more clearly as "In this guide, we will request signatures from the Vault for common payload types:".

🧰 Tools

🪛 LanguageTool

[typographical] ~3-~3: It appears that a comma is missing.
Context: ...igning Transactions & Messages In this guide we will request signatures from the Vau...

(DURING_THAT_TIME_COMMA)

---

18-35: Clarify use of top-level await or wrap in async context.
These code snippets use await at the top level (e.g., const client = await createVaultClient(...)), which may require an environment with top-level await support. Consider wrapping them in an async function or adding a note that the examples assume such support.

---

90-99: Include client initialization context in EIP-1559 signing example.
The snippet references client without showing how it is obtained. For consistency, either import and initialize the client in this block or add a note such as "Assuming client is created as shown above."

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (3)

3-3: Consider removing unnecessary hyphen.
In "finely-scoped permissions," the adverb "finely" does not require a hyphen before "scoped". You may prefer "finely scoped permissions" for consistency with common style guides.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

---

49-58: Unify client parameter usage across snippets.
The base token and listing/revocation examples use { client }, whereas the SAT example uses vaultClient: client. To avoid confusion, standardize the parameter name (e.g., always { client }).

---

71-78: Clarify client initialization for listing and revoking.
These snippets reference client without demonstrating its creation. Consider adding a comment like "Assuming client is created as shown above" or including the initialization snippet for clarity.

apps/portal/src/app/vault/sdk/api-reference/page.mdx (1)

14-17: Include import for ping.
The snippet calls ping({ client, request: ... }) but doesn't import it. Add import { createVaultClient, ping } from "@thirdweb-dev/vault-sdk"; or a separate import for ping to avoid confusion.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6104401 and f85db1f.

📒 Files selected for processing (7)

• apps/portal/src/app/vault/sdk/api-reference/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/guides/creating-eoas/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/guides/signing/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/installation/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/page.mdx (1 hunks)
• apps/portal/src/app/vault/sidebar.tsx (2 hunks)

🧰 Additional context used

🪛 LanguageTool

apps/portal/src/app/vault/sdk/page.mdx

[misspelling] ~19-~19: This word is normally spelled as one.
Context: ...Create EOAs (wallets)* – generate new non-custodial accounts inside the Vault. 3. **Sign pa...

(EN_COMPOUNDS_NON_CUSTODIAL)

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

---

[uncategorized] ~15-~15: Possible missing comma found.
Context: ...ger). They cannot be scoped by expiry – instead you define policies that control whic...

(AI_HYDRA_LEO_MISSING_COMMA)

apps/portal/src/app/vault/sdk/guides/signing/page.mdx

[typographical] ~3-~3: It appears that a comma is missing.
Context: ...igning Transactions & Messages In this guide we will request signatures from the Vau...

(DURING_THAT_TIME_COMMA)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (7)

apps/portal/src/app/vault/sidebar.tsx (1)

3-3: LGTM! Well-structured sidebar addition for the Vault SDK.

The new TypeScript SDK section is well-organized with links to all critical documentation components (overview, installation, API reference) and includes a nested guides section. The import for Code2Icon is properly added to support the new section's icon.

Also applies to: 51-85

apps/portal/src/app/vault/sdk/guides/creating-eoas/page.mdx (1)

1-75: LGTM! Well-structured guide for EOA management.

The guide provides clear instructions on creating and managing EOAs with appropriate examples. The prerequisites, code samples, explanations of metadata usage, pagination handling, and best practices are all well presented and technically accurate.

apps/portal/src/app/vault/sdk/page.mdx (1)

1-71: LGTM! Comprehensive SDK overview.

The page effectively introduces the Vault SDK, its capabilities, common use cases, and includes a clear example. It provides a solid entry point for developers to understand what they can accomplish with the SDK.

🧰 Tools

🪛 LanguageTool

[misspelling] ~19-~19: This word is normally spelled as one.
Context: ...Create EOAs (wallets)* – generate new non-custodial accounts inside the Vault. 3. **Sign pa...

(EN_COMPOUNDS_NON_CUSTODIAL)

apps/portal/src/app/vault/sdk/installation/page.mdx (1)

1-47: LGTM! Clear installation and setup instructions.

The installation guide provides comprehensive instructions for different package managers, explains peer dependencies, and offers helpful guidance on client initialization and management.

Also applies to: 49-54

apps/portal/src/app/vault/sdk/guides/signing/page.mdx (1)

1-8: Guide is well structured and comprehensive. The introduction, prerequisites, examples, and error handling sections cover the signing workflows clearly and thoroughly.

🧰 Tools

🪛 LanguageTool

[typographical] ~3-~3: It appears that a comma is missing.
Context: ...igning Transactions & Messages In this guide we will request signatures from the Vau...

(DURING_THAT_TIME_COMMA)

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (1)

1-10: The access tokens guide is clear and informative. It effectively covers creation, derivation, listing, revocation, and best practices for managing Vault SDK tokens.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

apps/portal/src/app/vault/sdk/api-reference/page.mdx (1)

1-10: API Reference is organized and thorough. Grouping functions by capability and providing examples helps developers find relevant information quickly.

[coderabbitai]

⚠️ Potential issue

Fix function signature documentation in Service Accounts section.
The table lists createServiceAccount({ request }), getServiceAccount({ request }), and rotateServiceAccount({ request }), but the example and actual SDK require passing { client, request }. Update the table entries to reflect the correct signature including client.

🤖 Prompt for AI Agents

In apps/portal/src/app/vault/sdk/api-reference/page.mdx around lines 24 to 28,
the function signatures in the Service Accounts section incorrectly list only `{
request }` as parameters. Update each function signature in the table to include
both `{ client, request }` to match the actual SDK usage and examples.

[graphite-app]

The example references res.data.accessToken but this variable isn't defined in the current code block. This could cause confusion for developers trying to implement the example. Consider either:

1. Adding the missing res variable definition to show where the base token comes from, or
2. Using a placeholder like process.env.BASE_ACCESS_TOKEN to make it clear this value should be retrieved from elsewhere

This would make the example more self-contained and easier to follow.

Suggested change

	const sat = await createSignedAccessToken({
	vaultClient: client,
	baseAccessToken: res.data.accessToken,
	const sat = await createSignedAccessToken({
	vaultClient: client,
	baseAccessToken: process.env.BASE_ACCESS_TOKEN,

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.