New engine docs

apps/portal/src/app/Header.tsx

@@ -45,6 +45,10 @@ const links = [
 ];
 
 const toolLinks = [
+  {
+    name: "Vault",
+    href: "/vault",
+  },
   {
     name: "Chain List",
     href: "https://thirdweb.com/chainlist",

apps/portal/src/app/connect/pay/fees/page.mdx

@@ -24,7 +24,6 @@ You can configure who pays the protocol fee for buy or sell transactions by spec
 
 See full reference for [`buy`](https://portal.thirdweb.com/references/typescript/v5/buy/prepare) and [`sell`](https://portal.thirdweb.com/references/typescript/v5/sell/prepare). 
 
-
 #### Setting fees on transfers or purchase mode
 
 You can configure who pays the protocol fee for transfers or purchase mode using the `feePayer` setting. This affects the 

apps/portal/src/app/engine/configure-wallets/aws-kms/page.mdx

@@ -0,0 +1,45 @@
+import { Callout } from '@doc';
+
+export const metadata = {
+    title: "AWS KMS Wallet",
+    description:
+        "Learn how to set up an AWS KMS wallet with thirdweb Engine.",
+};
+
+
+## AWS KMS wallet
+
+An AWS KMS Wallet is a wallet securely stored in your AWS account. Engine can create and transact with the wallet, but not delete it.
+
+<Callout variant="info" title="AWS KMS Support">
+  AWS KMS wallets are not currently supported on Engine Cloud. They are currently supported on Engine Dedicated v2, and will be available soon with Dedicated v3. 
+</Callout>
+
+
+#### Setup
+
+1. [Create an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console) with programmatic access.
+1. [Grant the following KMS permissions](https://docs.aws.amazon.com/kms/latest/developerguide/control-access.html) to this user.
+   - `kms:CreateKey`
+   - `kms:GetPublicKey`
+   - `kms:Sign`
+   - `kms:CreateAlias`
+   - `kms:Verify`
+1. On the user page, navigate to **Security credentials > Access keys**.
+1. Select **Create access key** to get an **Access Key** and **Secret Key**.
+1. In the dashboard, navigate to **Configuration > Server Wallets**.
+1. Select **AWS KMS** and provide the following:
+   - Access Key (example: `AKIA...`)
+   - Secret Key (example: `UW7A...`)
+   - Region (example: `us-west-1`)
+
+#### Import an existing wallet
+
+1. Ensure your [KMS key is created](https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) with the following settings:
+   - Key type: `Asymmetric`
+   - Key spec: `ECC_SECG_P256K1`
+   - Key usage: `Sign and verify`
+1. In the dashboard, navigate to **Overview > Server Wallets**.
+1. Select **Import** and provide the following:
+   - AWS KMS Key ID (example: `0489da75-9830-4a5a-97e3-e4a6df7775b3`)
+   - AWS KMS ARN (example: `arn:aws:kms:us-west-1:632186309261:key/0489da75-9830-4a5a-97e3-e4a6df7775b3`)

apps/portal/src/app/engine/configure-wallets/circle-wallet/page.mdx

@@ -0,0 +1,32 @@
+import { Callout } from '@doc';
+
+export const metadata = {
+    title: "Circle Wallet",
+    description:
+        "Learn how to set up a Circle wallet with thirdweb Engine.",
+};
+
+## Circle Wallet
+
+[Circle Programmable Wallets](https://developers.circle.com/w3s/programmable-wallets) is a Wallet as a Service (WaaS) solution designed to simplify the creation and management of secure Web3 wallets and their private keys. Engine can create and transact with the wallet, but not delete it.
+
+<Callout variant="info" title="Circle Wallets">
+    Circle wallets are not currently supported on Engine Cloud. They are currently supported on Engine Dedicated v2, and will be available soon with Dedicated v3.
+</Callout>
+
+#### Setup
+
+1. Create a Circle account at the [Circle Console](https://console.circle.com/signin).
+2. Navigate to [API & Client Keys](https://console.circle.com/api-keys).
+3. Create an API Key. (Either a standard key or a restricted key scoped to "Programmable Wallets" is required.) Do not enable the IP Allowlist. Store this key, it is not shown again.
+4. In the dashboard, navigate to **Configuration > Server Wallets**.
+5. Select **Circle** and provide the following:
+   - API Key (example: `API_KEY:...`)
+
+<Callout variant="info" title="Circle API Key">
+	Circle API Keys are scoped to either Testnet or Mainnet. Server wallets
+	created with a testnet key will not work on the mainnet, and vice versa
+	<br /> If you want to change between testnet and mainnet, you will need to
+	update the API key configuration in engine, and recreate a wallet with the
+	Mainnet scope.
+</Callout>

apps/portal/src/app/engine/configure-wallets/gcp-kms/page.mdx

@@ -0,0 +1,87 @@
+import { Details } from "@doc";
+
+## Google Cloud KMS wallet
+
+A Google Cloud KMS Wallet is a wallet securely stored in your Google Cloud account. Engine can create and transact with the wallet, but not delete it.
+
+#### Setup
+
+1. [Enable Google KMS API](https://cloud.google.com/kms/docs/create-encryption-keys#before-you-begin) for your GCP account.
+1. [Create a Service Account](https://cloud.google.com/iam/docs/service-accounts-create).
+1. Navigate to the [IAM](https://console.cloud.google.com/iam-admin/iam) page. Find the service account and select **Edit Principal** to add the following roles:
+   - Cloud KMS Admin
+   - Cloud KMS CryptoKey Signer/Verifier
+1. Navigate to the [Service Accounts](https://console.cloud.google.com/iam-admin/serviceaccounts) page. Select the above service account.
+1. Navigate to the **Keys** tab. Select **Add Key > Create new key**.
+1. Select **JSON** to download the JSON file. This file contains the key's private key in plaintext.
+1. In the dashboard, navigate to **Configuration > Server Wallets**.
+1. Select **Google KMS** and provide the following:
+
+   <Details id="gcpApplicationProjectId" summary="gcpApplicationProjectId">
+
+   This is the Project ID of the GCP project where the key was created.
+
+   **Where to find**:
+
+   - Navigate to the Google Cloud Console.
+   - Click on the project dropdown at the top of the page.
+   - The Project ID is displayed under your project's name.
+
+   </Details>
+
+   <Details id="gcpKmsLocationId" summary="gcpKmsLocationId">
+
+   This is the location where the keyring was created (e.g., us-central1, europe-west1).
+
+   **Where to find**:
+
+   - In the Google Cloud Console, go to **Security > Cryptographic Keys**.
+   - Click on the keyring that contains your key.
+   - The location is displayed in the Location field.
+
+   </Details>
+
+   <Details id="gcpKmsKeyRingId" summary="gcpKmsKeyRingId">
+
+   This is the ID of the keyring where your key is stored.
+
+   **Where to find**:
+
+   - In the Google Cloud Console, go to **Security > Cryptographic Keys**.
+   - Select the keyring that contains your key.
+   - The KeyRing ID is displayed in the list or the URL.
+
+   </Details>
+
+   <Details id="gcpApplicationCredentialEmail" summary="gcpApplicationCredentialEmail">
+
+   This is the email associated with the service account used for accessing the KMS key.
+
+   **Where to find**:
+
+   - In the Google Cloud Console, go to **IAM & Admin > Service Accounts**.
+   - Find the service account you are using. its email will be in the format: `[email protected]`
+
+   </Details>
+
+   <Details id="gcpApplicationCredentialPrivateKey" summary="gcpApplicationCredentialPrivateKey">
+
+   This is the private key of the service account that is used for authenticating API requests.
+
+   **Where to find**:
+
+   - Open the JSON file downloaded above.
+   - Copy the value of the `private_key` field.
+
+   </Details>
+
+#### Import an existing wallet
+
+1. Ensure your [keyring is created](https://cloud.google.com/kms/docs/create-key-ring) with the following settings:
+   - Purpose: `Asymmetric sign`
+   - Algorithm: `Elliptic Curve P-256 - SHA256 Digest`
+1. In the dashboard, navigate to **Overview > Server Wallets**.
+1. Select **Import** and provide the following:
+   - GCP KMS Key ID (example: `0489da75-9830-4a5a-97e3-e4a6df7775b3`)
+   - GCP KMS Version ID (example: `1`)
+

apps/portal/src/app/engine/configure-wallets/page.mdx

@@ -0,0 +1,47 @@
+import { createMetadata, Callout } from "@/components/Document";
+
+export const metadata = createMetadata({
+	title: "Configure Wallets | thirdweb Engine",
+	description: "Configure your server wallets to perform blockchain actions with Engine.",
+});
+
+# Configure Engine Wallets
+
+Engine performs blockchain actions using server wallets that you own and manage.
+
+### Smart Server Wallets
+
+Smart server wallets are the **recommended option** to perform blockchain actions with Engine.
+
+**Benefits:**
+- Eliminate manual gas management. Smart server wallets are automatically funded via your thirdweb-linked payment method using a built-in paymaster.
+- Smart accounts use multi-dimensional nonces, which are more efficient than EOAs.
+- Works with all existing Engine endpoints without needing any code changes.
+- Secured non-custodially through Vault, thirdweb's key management system. 
+
+Smart server wallets are included with Engine Cloud and Engine Dedicated. [Learn how to configure your own smart server wallets.](/engine/configure-wallets/server-wallets)
+
+### Secure and import your own EOA
+
+For users wanting to use their own wallets, we recommend securing your wallet with a key management service such as [AWS KMS](/engine/configure-wallets/aws-kms) or [Google Cloud KMS](/engine/configure-wallets/google-kms).
+
+**Benefits:**
+- Import your own existing wallets and use them with Engine.
+
+Importing secured EOAs through AWS KMS or Google are included in the Engine Dedicated plan. 
+### Circle Programmable Wallets
+
+Circle Programmable Wallets is a Wallet as a Service (WaaS) solution designed to simplify the creation and management of secure Web3 wallets and their private keys. 
+
+### Configuration Types
+
+- `smart:local` - Smart account backed by a local key
+- `smart:aws-kms` - Smart account backed by AWS KMS
+- `smart:gcp-kms` - Smart account backed by Google Cloud KMS
+- `smart:circle` - Smart account backed by Circle Developer-Controlled Wallets
+
+## Best practices
+
+- Using AWS or Google Cloud KMS wallets is recommended for securing wallets for production use. Private keys are never exposed and the wallet is backed up securely by the cloud provider.
+- Use labels and multiple server wallets to organize and track usage. Example: Use one wallet to pay out creators on your platform and another to airdrop NFTs to users.
+- If using your own wallets require topping up gas or ERC20 tokens regularly, consider creating separate "funds storage" backend wallet that transfers funds to other wallets via the dashboard UI or API.

apps/portal/src/app/engine/configure-wallets/server-wallet/page.mdx

@@ -0,0 +1,37 @@
+import { Details } from "@doc";
+
+## Smart Server Wallets
+
+Smart server wallets are the recommended way to perform blockchain operations with Engine. Each smart server wallet consists of an EOA (managed internally by Engine) and a smart account (using thirdweb's default account implementation).
+
+### Benefits
+
+Smart server wallets inherit smart account benefits and offer several advantages over traditional EOAs:
+
+- **Gas Management**: Built-in paymaster eliminates the need to maintain gas tokens. This means you never need to hold crypto or top up gas.
+- **Better Nonce Management**: Smart accounts use multi-dimensional nonces, which are more efficient than EOAs.
+- **Simple Integration**: Works with all existing Engine endpoints without any code changes.
+
+### How it works
+
+The smart account is automatically deployed the first time you send a transaction on a chain. You don't need to think about deploying or managing the smart account - Engine handles everything behind the scenes. All transactions are sent as UserOperations to the EntryPoint contract on chain.
+
+<Details summary="How are Smart Backend Wallets different from existing engine AA features?">
+	Unlike the [previous account abstraction implementation in
+	Engine](account-abstraction) where you had to manage both the account address
+	(`x-account-address`) and the backend wallet address
+	(`x-backend-wallet-address`) separately, smart backend wallets simplify this.
+	The backend wallet address is now the smart account address itself.
+</Details>
+
+<Details summary="When not to use Smart Backend Wallets?">
+	At this time, Smart Backend Wallets do not allow for importing a smart
+	account. In use cases where you need to import a smart account (such as with
+	session keys), you should use [Engine AA features that utilise the
+	`x-account-address` header](account-abstraction).
+</Details>
+
+### Pricing
+
+Smart server wallets have no additional costs to use with your Engine instance. Transactions sent from smart backend wallets follow the [same billing model as regular account abstraction transactions with thirdweb](/connect/account-abstraction/infrastructure#pricing--billing).
+Smart accounts need to be deployed on each chain. This costs gas and is billed to your account like any other transaction.

apps/portal/src/app/engine/faq/page.mdx

@@ -1,20 +1,17 @@
-import { Callout } from "@doc";
+import { Callout, Details } from "@doc";
 
-# FAQ
-
-## About Engine
-
-### Which contracts work with Engine?
+# Engine FAQs
 
+<Details summary="Which contracts work with Engine?"> 
 Engine supports reads and writes to any contract verified on the blockchain explorer, including any contract deployed via thirdweb.
 _Note: Some endpoints allow providing the contract ABI to support any unverified contract._
 
 Engine also supports deploys for thirdweb [prebuilt contracts](https://thirdweb.com/explore) including NFTs, tokens, marketplaces, and smart accounts.
 
 If you have a question about a particular contract type, [contact us](https://thirdweb.com/support).
+</Details>
 
-### How are Engine and the thirdweb Contract SDK different?
-
+<Details summary="What is the difference between Engine and thirdweb SDKs?"> 
 Engine is a server that manages your backend wallets and how they interact with contracts. This difference unlocks capabilities that thirdweb and other web3 SDKs, including:
 
 - Management of KMS backend wallets
@@ -24,10 +21,9 @@ Engine is a server that manages your backend wallets and how they interact with
 - Webhooks on completed transactions to sync onchain and off-chain activity
 
 Additionally, Engine is built on top of the thirdweb SDK and has the same capabilities.
+</Details>
 
-## Using Engine
-
-### How do I wait for a transaction to be mined?
+<Details summary="How do I wait for a transaction to be mined?"> 
 
 Write calls to contracts do not block until they are mined. Instead they enqueue an async job and immediately return a reference to the job called `queueId`.
 
@@ -46,8 +42,9 @@ Here are three ways to determine when the job is mined:
   	console.log("Received data:", JSON.parse(res.result));
   };
   ```
+</Details>
 
-### How do I send native currency with my transaction?
+<Details summary="How do I send native currency with my transaction??"> 
 
 To send native tokens (e.g. ETH on Ethereum), set `txOverrides.value`.
 This may be required when calling a `payable` contract method.
@@ -64,7 +61,9 @@ Here's an example of sending 0.2 ETH:
 }
 ```
 
-### How do I override gas settings?
+</Details>
+
+<Details summary="How do I override gas settings?">
 
 To override the gas settings, set relevant `txOverrides` gas fields.
 Each field is optional and will be estimated by Engine if omitted.
@@ -89,7 +88,9 @@ Otherwise if gas prices don't fall, transactions may be in your queue indefinite
 
 </Callout>
 
-### How do I set a timeout on transactions?
+</Details>
+
+<Details summary="How do I set a timeout on transactions?">
 
 To specify a transaction timeout, set `txOverrides.timeoutSeconds`.
 Engine flags transactions as `errored` if they are not sent before the timeout. An `errored` webhook will be sent.
@@ -106,3 +107,5 @@ Here's an example of a 2-hour timeout:
   }
 }
 ```
+
+</Details>