[Docs] Add Vault SDK documentation and guides

[joaquim-verges]

---

PR-Codex overview

This PR introduces a new TypeScript SDK section in the sidebar and enhances documentation for the Vault SDK, including installation instructions, guides for managing EOAs, signing transactions, and access tokens.

Detailed summary

• Added a new section for TypeScript SDK in the sidebar.tsx.
• Created installation instructions in page.mdx.
• Added guides for:
  • Creating and managing EOAs.
  • Signing transactions and messages.
  • Managing access tokens.
• Provided API reference details in api-reference/page.mdx.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• Documentation
  • Introduced comprehensive Vault SDK documentation covering overview, installation, API reference, and detailed guides on creating/managing EOAs, signing transactions and messages, and managing access tokens.
  • Included practical TypeScript examples, usage scenarios, and best practices throughout the new documentation.
• New Features
  • Added a new "TypeScript SDK" section to the sidebar for streamlined navigation to Vault SDK resources and guides.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 90ab5f0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[joaquim-verges]

• [Docs] Add Vault SDK documentation and guides #7054 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	56.57 KB (0%)	1.2 s (0%)	241 ms (+233.94% 🔺)	1.4 s
thirdweb (cjs)	309.52 KB (0%)	6.2 s (0%)	634 ms (+12.23% 🔺)	6.9 s
thirdweb (minimal + tree-shaking)	5.69 KB (0%)	114 ms (0%)	88 ms (+2088.52% 🔺)	202 ms
thirdweb/chains (tree-shaking)	531 B (0%)	11 ms (0%)	19 ms (+1011.51% 🔺)	30 ms
thirdweb/react (minimal + tree-shaking)	19.5 KB (0%)	390 ms (0%)	74 ms (+293.41% 🔺)	464 ms

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.59%. Comparing base (6104401) to head (90ab5f0).
Report is 12 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7054      +/-   ##
==========================================
- Coverage   55.81%   55.59%   -0.22%     
==========================================
  Files         900      901       +1     
  Lines       57848    58121     +273     
  Branches     4067     4064       -3     
==========================================
+ Hits        32288    32313      +25     
- Misses      25454    25703     +249     
+ Partials      106      105       -1     

Flag	Coverage Δ
packages	55.59% <ø> (-0.22%)	⬇️

see 10 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
docs-v2	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 21, 2025 2:09am

4 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
login	⬜️ Skipped (Inspect)			May 21, 2025 2:09am
thirdweb_playground	⬜️ Skipped (Inspect)			May 21, 2025 2:09am
thirdweb-www	⬜️ Skipped (Inspect)			May 21, 2025 2:09am
wallet-ui	⬜️ Skipped (Inspect)			May 21, 2025 2:09am

[coderabbitai]

Walkthrough

This update introduces comprehensive documentation for the Vault SDK, including an overview, installation instructions, API reference, and detailed guides for managing EOAs, signing operations, and handling access tokens. The sidebar navigation is extended to include a new "TypeScript SDK" section, organizing the new documentation and guides for easier access.

Changes

File(s)	Change Summary
apps/portal/src/app/vault/sdk/page.mdx	Added an overview documentation page introducing the Vault SDK, its features, use cases, and a basic usage example.
apps/portal/src/app/vault/sdk/installation/page.mdx	Added installation and setup instructions for the Vault SDK, including runtime requirements, dependency notes, polyfill guidance, and client initialization steps.
apps/portal/src/app/vault/sdk/api-reference/page.mdx	Added a detailed API reference documenting all main SDK functions, grouped by capability, with tables and code examples for each function.
apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx apps/portal/src/app/vault/sdk/guides/creating-eoas/page.mdx apps/portal/src/app/vault/sdk/guides/signing/page.mdx	Added three new step-by-step guides: managing access tokens, creating/managing EOAs, and signing transactions/messages, each with prerequisites, example code, and best practices.
apps/portal/src/app/vault/sidebar.tsx	Updated the sidebar to add a "TypeScript SDK" section with links to the new overview, installation, API reference, and guides. Imported the Code2Icon for the new section.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Sidebar
    participant DocsPages

    User->>Sidebar: Navigates to "TypeScript SDK"
    Sidebar->>DocsPages: Provides links (Overview, Installation, API Reference, Guides)
    User->>DocsPages: Selects a documentation or guide link
    DocsPages->>User: Displays selected documentation content (Overview, Installation, API Reference, Guide)

Loading

sequenceDiagram
    participant Developer
    participant VaultSDKDocs

    Developer->>VaultSDKDocs: Reads Overview for high-level understanding
    Developer->>VaultSDKDocs: Reads Installation to set up SDK
    Developer->>VaultSDKDocs: Uses API Reference for function details
    Developer->>VaultSDKDocs: Follows Guides for step-by-step workflows (EOAs, Signing, Access Tokens)

Loading

Note

⚡️ AI Code Reviews for VS Code, Cursor, Windsurf

CodeRabbit now has a plugin for VS Code, Cursor and Windsurf. This brings AI code reviews directly in the code editor. Each commit is reviewed immediately, finding bugs before the PR is raised. Seamless context handoff to your AI code agent ensures that you can easily incorporate review feedback.
Learn more here.

---

Note

⚡️ Faster reviews with caching

CodeRabbit now supports caching for code and dependencies, helping speed up reviews. This means quicker feedback, reduced wait times, and a smoother review experience overall. Cached data is encrypted and stored securely. This feature will be automatically enabled for all accounts on May 16th. To opt out, configure Review - Disable Cache at either the organization or repository level. If you prefer to disable all data retention across your organization, simply turn off the Data Retention setting under your Organization Settings.
Enjoy the performance boost—your workflow just got faster.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

apps/portal/src/app/vault/sdk/installation/page.mdx (1)

48-48: Fix missing verb in sentence.

There's a grammatical error in this sentence - missing a verb before "a baseUrl".

-`createVaultClient` uses your secret key to establish a connection to the thirdweb vault instance. You can also a baseUrl that points to your own vault instance. Cache the resulting `vault` object and reuse it for all subsequent operations.
+`createVaultClient` uses your secret key to establish a connection to the thirdweb vault instance. You can also specify a baseUrl that points to your own vault instance. Cache the resulting `vault` object and reuse it for all subsequent operations.

🧹 Nitpick comments (7)

apps/portal/src/app/vault/sdk/guides/signing/page.mdx (3)

3-3: Add comma after introductory phrase for clarity.
The sentence "In this guide we will request signatures from the Vault for common payload types:" reads more clearly as "In this guide, we will request signatures from the Vault for common payload types:".

🧰 Tools

🪛 LanguageTool

[typographical] ~3-~3: It appears that a comma is missing.
Context: ...igning Transactions & Messages In this guide we will request signatures from the Vau...

(DURING_THAT_TIME_COMMA)

---

18-35: Clarify use of top-level await or wrap in async context.
These code snippets use await at the top level (e.g., const client = await createVaultClient(...)), which may require an environment with top-level await support. Consider wrapping them in an async function or adding a note that the examples assume such support.

---

90-99: Include client initialization context in EIP-1559 signing example.
The snippet references client without showing how it is obtained. For consistency, either import and initialize the client in this block or add a note such as "Assuming client is created as shown above."

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (3)

3-3: Consider removing unnecessary hyphen.
In "finely-scoped permissions," the adverb "finely" does not require a hyphen before "scoped". You may prefer "finely scoped permissions" for consistency with common style guides.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

---

49-58: Unify client parameter usage across snippets.
The base token and listing/revocation examples use { client }, whereas the SAT example uses vaultClient: client. To avoid confusion, standardize the parameter name (e.g., always { client }).

---

71-78: Clarify client initialization for listing and revoking.
These snippets reference client without demonstrating its creation. Consider adding a comment like "Assuming client is created as shown above" or including the initialization snippet for clarity.

apps/portal/src/app/vault/sdk/api-reference/page.mdx (1)

14-17: Include import for ping.
The snippet calls ping({ client, request: ... }) but doesn't import it. Add import { createVaultClient, ping } from "@thirdweb-dev/vault-sdk"; or a separate import for ping to avoid confusion.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6104401 and f85db1f.

📒 Files selected for processing (7)

• apps/portal/src/app/vault/sdk/api-reference/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/guides/creating-eoas/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/guides/signing/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/installation/page.mdx (1 hunks)
• apps/portal/src/app/vault/sdk/page.mdx (1 hunks)
• apps/portal/src/app/vault/sidebar.tsx (2 hunks)

🧰 Additional context used

🪛 LanguageTool

apps/portal/src/app/vault/sdk/page.mdx

[misspelling] ~19-~19: This word is normally spelled as one.
Context: ...Create EOAs (wallets)* – generate new non-custodial accounts inside the Vault. 3. **Sign pa...

(EN_COMPOUNDS_NON_CUSTODIAL)

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

---

[uncategorized] ~15-~15: Possible missing comma found.
Context: ...ger). They cannot be scoped by expiry – instead you define policies that control whic...

(AI_HYDRA_LEO_MISSING_COMMA)

apps/portal/src/app/vault/sdk/guides/signing/page.mdx

[typographical] ~3-~3: It appears that a comma is missing.
Context: ...igning Transactions & Messages In this guide we will request signatures from the Vau...

(DURING_THAT_TIME_COMMA)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (7)

apps/portal/src/app/vault/sidebar.tsx (1)

3-3: LGTM! Well-structured sidebar addition for the Vault SDK.

The new TypeScript SDK section is well-organized with links to all critical documentation components (overview, installation, API reference) and includes a nested guides section. The import for Code2Icon is properly added to support the new section's icon.

Also applies to: 51-85

apps/portal/src/app/vault/sdk/guides/creating-eoas/page.mdx (1)

1-75: LGTM! Well-structured guide for EOA management.

The guide provides clear instructions on creating and managing EOAs with appropriate examples. The prerequisites, code samples, explanations of metadata usage, pagination handling, and best practices are all well presented and technically accurate.

apps/portal/src/app/vault/sdk/page.mdx (1)

1-71: LGTM! Comprehensive SDK overview.

The page effectively introduces the Vault SDK, its capabilities, common use cases, and includes a clear example. It provides a solid entry point for developers to understand what they can accomplish with the SDK.

🧰 Tools

🪛 LanguageTool

[misspelling] ~19-~19: This word is normally spelled as one.
Context: ...Create EOAs (wallets)* – generate new non-custodial accounts inside the Vault. 3. **Sign pa...

(EN_COMPOUNDS_NON_CUSTODIAL)

apps/portal/src/app/vault/sdk/installation/page.mdx (1)

1-47: LGTM! Clear installation and setup instructions.

The installation guide provides comprehensive instructions for different package managers, explains peer dependencies, and offers helpful guidance on client initialization and management.

Also applies to: 49-54

apps/portal/src/app/vault/sdk/guides/signing/page.mdx (1)

1-8: Guide is well structured and comprehensive. The introduction, prerequisites, examples, and error handling sections cover the signing workflows clearly and thoroughly.

🧰 Tools

🪛 LanguageTool

[typographical] ~3-~3: It appears that a comma is missing.
Context: ...igning Transactions & Messages In this guide we will request signatures from the Vau...

(DURING_THAT_TIME_COMMA)

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (1)

1-10: The access tokens guide is clear and informative. It effectively covers creation, derivation, listing, revocation, and best practices for managing Vault SDK tokens.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

apps/portal/src/app/vault/sdk/api-reference/page.mdx (1)

1-10: API Reference is organized and thorough. Grouping functions by capability and providing examples helps developers find relevant information quickly.

[coderabbitai]

⚠️ Potential issue

Fix function signature documentation in Service Accounts section.
The table lists createServiceAccount({ request }), getServiceAccount({ request }), and rotateServiceAccount({ request }), but the example and actual SDK require passing { client, request }. Update the table entries to reflect the correct signature including client.

🤖 Prompt for AI Agents

In apps/portal/src/app/vault/sdk/api-reference/page.mdx around lines 24 to 28,
the function signatures in the Service Accounts section incorrectly list only `{
request }` as parameters. Update each function signature in the table to include
both `{ client, request }` to match the actual SDK usage and examples.

[graphite-app]

The #authorization anchor link doesn't have a corresponding target in the document. Either add a section explaining the Authorization struct with the proper anchor ID, or remove the link formatting from the reference. This will prevent users from encountering a broken link when they click on it.

Suggested change

	| `signAuthorization` | Sign an [`Authorization`](#authorization) struct used by some L2s / account-abstraction schemes. |
	| `signAuthorization` | Sign an `Authorization` struct used by some L2s / account-abstraction schemes. |

Spotted by Diamond

Is this helpful? React 👍 or 👎 to let us know.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (2)

3-3: Refine hyphen usage in the compound modifier
Remove the unnecessary hyphen in “finely-scoped,” since adverbs ending in “-ly” do not require a hyphen.

- Access tokens let you delegate finely-scoped permissions to services, cron jobs or external partners without sharing the admin key.
+ Access tokens let you delegate finely scoped permissions to services, cron jobs or external partners without sharing the admin key.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

---

67-67: Correct hyphenation of “untrusted”
“un-trusted” should be one word.

- Send SATs to un-trusted environments (browser, serverless) – they only work until the expiry timestamp and can be revoked centrally by revoking their base token.
+ Send SATs to untrusted environments (browser, serverless) – they only work until the expiry timestamp and can be revoked centrally by revoking their base token.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 973cd56 and 90ab5f0.

📒 Files selected for processing (1)

• apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (1 hunks)

🧰 Additional context used

🪛 LanguageTool

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx

[uncategorized] ~3-~3: Although a hyphen is possible, it is not necessary in a compound modifier in which the first word is an adverb that ends in ‘ly’.
Context: ... Tokens Access tokens let you delegate finely-scoped permissions to services, cron jobs or e...

(HYPHENATED_LY_ADVERB_ADJECTIVE)

⏰ Context from checks skipped due to timeout of 90000ms (6)

• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (1)

apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx (1)

73-95: ⚠️ Potential issue

Close the code fence for the list & revoke example
The list/revoke code block also needs a closing ``` fence after the revoke call.

     await revokeAccessToken({
       client,
       request: {
         auth: { adminKey: process.env.VAULT_ADMIN_KEY! },
         options: { id: tokenId },
       },
     });
+  ```

Likely an incorrect or invalid review comment.

[coderabbitai]

⚠️ Potential issue

Close the code fence for the signed access token (SAT) example
The SAT snippet starts with ts but lacks a closing fence. Add it right after the console.log(sat); to ensure proper rendering.

   console.log(sat);
+  ```

🤖 Prompt for AI Agents

In apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx around lines 49
to 64, the TypeScript code block for the signed access token example starts with
a ```ts fence but is missing the closing ``` fence. Add the closing ``` fence
immediately after the line containing console.log(sat); to properly close the
code block and ensure correct markdown rendering.

[coderabbitai]

⚠️ Potential issue

Close the code fence for the base token example
The opening ```ts block at line 17 is not closed, which will break MDX parsing. Add a closing fence after the console.log call.

   console.log("base token", res.data.accessToken);
+  ```

🤖 Prompt for AI Agents

In apps/portal/src/app/vault/sdk/guides/access-tokens/page.mdx between lines 17
and 41, the TypeScript code block starting with ```ts is not closed, causing MDX
parsing errors. Add a closing code fence ``` immediately after the console.log
statement to properly close the code block.