Ders.more #7969
Ders.more #7969
Conversation
Signed-off-by: amder12 <[email protected]>
|
How to use the Graphite Merge QueueAdd either label to this PR to merge it via the merge queue:
You must have a Graphite account in order to use the merge queue. Sign up using this link. An organization admin has enabled the Graphite Merge Queue in this repository. Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue. |
|
@amder12 is attempting to deploy a commit to the thirdweb Team on Vercel. A member of the Team first needs to authorize it. |
WalkthroughReplaces the Vault SDK API Reference MDX page with a runnable Spanish example demonstrating end-to-end usage: initializing a client via env vars, pinging the service, creating an EOA, parsing and signing a transaction, creating an access token, and listing EOAs. Adds detailed run instructions and error handling within an async main() flow. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Dev as Developer (runs example)
participant Ex as Example Script (MDX code)
participant SDK as Vault SDK
participant Vault as Vault Service
participant Chain as Blockchain (tx context)
Dev->>Ex: Run main()
Ex->>SDK: createVaultClient(SECRET_KEY, BASE_URL?)
SDK->>Vault: Authenticate / setup
Vault-->>SDK: Client ready
Ex->>SDK: ping()
SDK->>Vault: GET /ping
Vault-->>SDK: pong
SDK-->>Ex: pong
Ex->>SDK: createEoa(metadata {externalAddress})
SDK->>Vault: POST /eoa
Vault-->>SDK: EOA details
SDK-->>Ex: EOA created
Ex->>SDK: parseTransaction(txInput)
SDK-->>Ex: tx object (prepared)
Ex->>SDK: signTransaction(tx, {from, SIG_TOKEN})
SDK->>Vault: POST /tx/sign
Vault-->>SDK: signed tx
SDK-->>Ex: signed tx
Ex->>SDK: createAccessToken({targetAddress, policy: eoa:signMessage})
SDK->>Vault: POST /access-tokens
Vault-->>SDK: access token
SDK-->>Ex: token
Ex->>SDK: listEoas({externalAddress})
SDK->>Vault: GET /eoas?filter=externalAddress
Vault-->>SDK: EOA list
SDK-->>Ex: EOAs returned
Note over Ex: Errors bubbled to main().catch -> console.error
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Warning Review ran into problems🔥 ProblemsErrors were encountered while retrieving linked issues. Errors (1)
✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. CodeRabbit Commands (Invoked using PR/Issue comments)Type Other keywords and placeholders
CodeRabbit Configuration File (
|
github-actions
bot
added
the
Portal
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🧹 Nitpick comments (5)
apps/portal/src/app/vault/sdk/api-reference/page.mdx (5)
98-156: Docs language and section placement.This API Reference page now hosts a Spanish “How to run” guide and project scaffolding. If the Portal is English-only, move this to a “Guides/Examples” page and keep reference content here, or add i18n routing.
I can split this into: 1) concise API reference (parameters/returns), 2) a separate “End-to-end example” guide.
160-177: Duplicate import block inside thesample.The SDK import is repeated twice.
import { createVaultClient, ping, createEoa, listEoas, parseTransaction, signTransaction, createAccessToken, } from "@thirdweb-dev/vault-sdk"; -import { - createVaultClient, - ping, - createEoa, - listEoas, - parseTransaction, - signTransaction, - createAccessToken, -} from "@thirdweb-dev/vault-sdk";
101-105: Remove BASE_TOKEN from .env examples if unused.Avoid suggesting unneeded secrets in user environments.
-VAULT_BASE_TOKEN=tu_access_token_baseAlso applies to: 149-151
20-27: Optional: add guardrails to skip network calls in examples.Consider showing an environment toggle (e.g., if (!SECRET_KEY) throw) in the snippet to fail fast for readers.
82-91: Optional: narrow listEoas filter and show pagination.Real responses may paginate. Demonstrate handling next page tokens or limits if the SDK exposes them.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
💡 Knowledge Base configuration:
- MCP integration is disabled by default for public repositories
- Jira integration is disabled by default for public repositories
- Linear integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
apps/portal/src/app/vault/sdk/api-reference/page.mdx(1 hunks)
🧰 Additional context used
🪛 LanguageTool
apps/portal/src/app/vault/sdk/api-reference/page.mdx
[grammar] ~1-~1: There might be a mistake here.
Context: import { createVaultClient, ping, createEoa, ...
(QB_NEW_EN)
[grammar] ~8-~8: There might be a mistake here.
Context: ... signTransaction, createAccessToken, } from "@thirdweb-dev/vault-sdk"; import...
(QB_NEW_EN)
[grammar] ~9-~9: There might be a mistake here.
Context: ...Token, } from "@thirdweb-dev/vault-sdk"; import "dotenv/config"; // --- CONFIGUR...
(QB_NEW_EN)
[grammar] ~14-~14: There might be a mistake here.
Context: ...RET_KEY = process.env.VAULT_SECRET_KEY!; const SIG_TOKEN = process.env.VAULT_SIG_...
(QB_NEW_EN)
[grammar] ~15-~15: There might be a mistake here.
Context: ...IG_TOKEN = process.env.VAULT_SIG_TOKEN!; const BASE_TOKEN = process.env.VAULT_BAS...
(QB_NEW_EN)
[grammar] ~50-~50: There might be a mistake here.
Context: ...acción (usando la dirección como from) const signedTx = await signTransaction({...
(QB_NEW_EN)
[grammar] ~94-~94: There might be a mistake here.
Context: ...rección:", matchingEoas); } // Ejecutar main().catch((err) => { console.error(...
(QB_NEW_EN)
[grammar] ~95-~95: There might be a mistake here.
Context: ...; } // Ejecutar main().catch((err) => { console.error("Error durante la ejecució...
(QB_NEW_EN)
[grammar] ~96-~96: There might be a mistake here.
Context: ...ror("Error durante la ejecución:", err); }); ✅ Requisitos Instala las dependencia...
(QB_NEW_EN)
[grammar] ~97-~97: There might be a mistake here.
Context: ..."Error durante la ejecución:", err); }); ✅ Requisitos Instala las dependencias si...
(QB_NEW_EN)
[grammar] ~98-~98: There might be a mistake here.
Context: ...e la ejecución:", err); }); ✅ Requisitos Instala las dependencias si aún no las t...
(QB_NEW_EN)
[grammar] ~99-~99: There might be a mistake here.
Context: ...a las dependencias si aún no las tienes: npm install @thirdweb-dev/vault-sdk dote...
(QB_NEW_EN)
[grammar] ~100-~100: There might be a mistake here.
Context: ...m install @thirdweb-dev/vault-sdk dotenv Crea un archivo .env en la raíz del proy...
(QB_NEW_EN)
[grammar] ~101-~101: There might be a mistake here.
Context: ... en la raíz del proyecto con tus claves: VAULT_SECRET_KEY=tu_clave_secreta_del_va...
(QB_NEW_EN)
[grammar] ~102-~102: There might be a mistake here.
Context: ...LT_SECRET_KEY=tu_clave_secreta_del_vault VAULT_SIG_TOKEN=tu_access_token_para_fir...
(QB_NEW_EN)
[grammar] ~103-~103: There might be a mistake here.
Context: ...LT_SIG_TOKEN=tu_access_token_para_firmar VAULT_BASE_TOKEN=tu_access_token_base Ej...
(QB_NEW_EN)
[grammar] ~104-~104: There might be a mistake here.
Context: ...ar VAULT_BASE_TOKEN=tu_access_token_base Ejecuta el script: ts-node vault-integra...
(QB_NEW_EN)
[grammar] ~105-~105: There might be a mistake here.
Context: ...=tu_access_token_base Ejecuta el script: ts-node vault-integration.ts Estructura...
(QB_NEW_EN)
[grammar] ~152-~152: There might be a mistake here.
Context: ...EN=tu_access_token_base 4. 📄 .gitignore .env node_modules/ dist/ vault-integrat...
(QB_NEW_EN)
[grammar] ~153-~153: There might be a mistake here.
Context: ..._access_token_base 4. 📄 .gitignore .env node_modules/ dist/ vault-integration.t...
(QB_NEW_EN)
[grammar] ~155-~155: There might be a mistake here.
Context: .... 📄 .gitignore .env node_modules/ dist/ vault-integration.ts Este es el archivo ...
(QB_NEW_EN)
[style] ~158-~158: The word “ya” is non-standard. Did you mean “you”, “your” or “yes”?
Context: ...t-integration.ts Este es el archivo que ya construimos antes. Puedes copiarlo dire...
(YA)
[grammar] ~180-~180: There might be a mistake here.
Context: ...otenv/config"; // --- CONFIGURACIÓN --- const SECRET_KEY = process.env.VAULT_SEC...
(QB_NEW_EN)
[grammar] ~181-~181: There might be a mistake here.
Context: ...RET_KEY = process.env.VAULT_SECRET_KEY!; const SIG_TOKEN = process.env.VAULT_SIG_...
(QB_NEW_EN)
[grammar] ~182-~182: There might be a mistake here.
Context: ...IG_TOKEN = process.env.VAULT_SIG_TOKEN!; const BASE_TOKEN = process.env.VAULT_BAS...
(QB_NEW_EN)
[grammar] ~187-~187: There might be a mistake here.
Context: ...5E6E9FEb21aCE"; async function main() { const client = await createVaultClient({...
(QB_NEW_EN)
[grammar] ~193-~193: There might be a mistake here.
Context: ...esult); const eoa = await createEoa({ client, request: { metadata: {...
(QB_NEW_EN)
[grammar] ~204-~204: There might be a mistake here.
Context: ..., eoa); const tx = parseTransaction({ to: "0xAbC123456789abcdef123456789abcdef...
(QB_NEW_EN)
[grammar] ~213-~213: There might be a mistake here.
Context: ...const signedTx = await signTransaction({ client, request: { auth: { acc...
(QB_NEW_EN)
[grammar] ~225-~225: There might be a mistake here.
Context: ... const token = await createAccessToken({ client, request: { metadata: {...
(QB_NEW_EN)
[grammar] ~243-~243: There might be a mistake here.
Context: ... const matchingEoas = await listEoas({ client, request: { metadata: {...
(QB_NEW_EN)
[grammar] ~255-~255: There might be a mistake here.
Context: ...rr) => { console.error("Error:", err); });
(QB_NEW_EN)
🔇 Additional comments (3)
apps/portal/src/app/vault/sdk/api-reference/page.mdx (3)
40-48: Confirm parseTransaction field types.Some fields are BigInt, others Number (e.g., gasLimit). Ensure this matches the SDK signature to avoid runtime/type errors in user copies.
Would you like me to check the latest Vault SDK docs and adjust the snippet?
63-80: Policy object shape: verify keys.Double-check that policy.type and fields (chainId, eoa) are current for “eoa:signMessage”.
If desired, I can validate against the latest SDK reference and update.
1-271: PR description mismatch with changes.PR summary claims an HTML comment template only, but this file introduces a full runnable example and replaces reference content. Please confirm intent.
I can help split this PR or amend the description accordingly.
| import { | ||
| createVaultClient, | ||
| ping, | ||
| createEoa, | ||
| listEoas, | ||
| parseTransaction, | ||
| signTransaction, | ||
| createAccessToken, | ||
| } from "@thirdweb-dev/vault-sdk"; | ||
| import "dotenv/config"; |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Do not import/execute SDK or dotenv in an MDX docs page (leaks secrets, breaks build).
Top-level imports will execute during build/SSR and attempt real network calls. Importing "dotenv/config" in the docs app is especially unsafe and will expose secrets if bundled. Move all runnable code into fenced code blocks; keep the page purely presentational.
Apply this diff to strip runtime imports and start an example section:
-import {
- createVaultClient,
- ping,
- createEoa,
- listEoas,
- parseTransaction,
- signTransaction,
- createAccessToken,
-} from "@thirdweb-dev/vault-sdk";
-import "dotenv/config";
+{/* The runnable example is provided below as a fenced code block. */}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| import { | |
| createVaultClient, | |
| ping, | |
| createEoa, | |
| listEoas, | |
| parseTransaction, | |
| signTransaction, | |
| createAccessToken, | |
| } from "@thirdweb-dev/vault-sdk"; | |
| import "dotenv/config"; | |
| {/* The runnable example is provided below as a fenced code block. */} |
🧰 Tools
🪛 LanguageTool
[grammar] ~1-~1: There might be a mistake here.
Context: import { createVaultClient, ping, createEoa, ...
(QB_NEW_EN)
[grammar] ~8-~8: There might be a mistake here.
Context: ... signTransaction, createAccessToken, } from "@thirdweb-dev/vault-sdk"; import...
(QB_NEW_EN)
[grammar] ~9-~9: There might be a mistake here.
Context: ...Token, } from "@thirdweb-dev/vault-sdk"; import "dotenv/config"; // --- CONFIGUR...
(QB_NEW_EN)
🤖 Prompt for AI Agents
In apps/portal/src/app/vault/sdk/api-reference/page.mdx around lines 1-10,
remove the top-level runtime imports (createVaultClient, ping, createEoa,
listEoas, parseTransaction, signTransaction, createAccessToken and especially
"dotenv/config") so nothing executes at build/SSR; instead add a presentational
"Example" section and place the shown imports and usage inside a fenced code
block (e.g., ```ts ... ```), so the MDX remains purely presentational and no
secrets or network calls occur during build.
| // --- CONFIGURACIÓN --- | ||
|
|
||
| --- | ||
| const SECRET_KEY = process.env.VAULT_SECRET_KEY!; | ||
| const SIG_TOKEN = process.env.VAULT_SIG_TOKEN!; | ||
| const BASE_TOKEN = process.env.VAULT_BASE_TOKEN!; | ||
|
|
||
| ## 1. Client utilities | ||
| const TARGET_ADDRESS = "0x6561fF4034De957fAFeA20b3aCC5E6E9FEb21aCE"; | ||
|
|
||
| | Function | Description | | ||
| | --- | --- | | ||
| | `createVaultClient({ secretKey })` | Uses your project secret key to establish a connection to your Vault instance and returns a `VaultClient`. Create **one** client per Vault instance and reuse it. | | ||
| | `ping({ client, request })` | Health-check endpoint mainly used in examples and tests. Returns the current server time. | | ||
| async function main() { | ||
| // 1. Crear cliente del Vault | ||
| const client = await createVaultClient({ secretKey: SECRET_KEY }); | ||
|
|
||
| ```ts | ||
| const client = await createVaultClient({ secretKey: "PROJECT_SECRET_KEY" }); | ||
| await ping({ client, request: { message: "pong?" } }); | ||
| ``` | ||
| // 2. Hacer ping al Vault (opcional) | ||
| const pingResult = await ping({ client, request: { message: "pong?" } }); | ||
| console.log("Ping response:", pingResult); | ||
|
|
||
| --- | ||
| // 3. Crear un EOA con metadata que incluya la dirección | ||
| const eoa = await createEoa({ | ||
| client, | ||
| request: { | ||
| metadata: { | ||
| label: "Wallet externa", | ||
| externalAddress: TARGET_ADDRESS, | ||
| }, | ||
| }, | ||
| }); | ||
| console.log("Nuevo EOA creado (metadatos):", eoa); | ||
|
|
||
| ## 2. Service Accounts | ||
| // 4. Crear una transacción ficticia desde la dirección | ||
| const tx = parseTransaction({ | ||
| to: "0xAbC123456789abcdef123456789abcdef1234567", // dirección de destino ficticia | ||
| value: 0n, | ||
| chainId: 1, | ||
| maxFeePerGas: 30n * 10n ** 9n, | ||
| maxPriorityFeePerGas: 1n * 10n ** 9n, | ||
| gasLimit: 21_000, | ||
| }); | ||
|
|
||
| | Function | When to use | | ||
| | --- | --- | | ||
| | `createServiceAccount({ request })` | Bootstrap a brand-new Vault. Returns the **admin key** and **rotation code**. _Run once during provisioning_. | | ||
| | `getServiceAccount({ request })` | Retrieve metadata for the current service account. Requires **admin key** or a token with `serviceAccount:read` policy. | | ||
| | `rotateServiceAccount({ request })` | Rotate (invalidate) the admin key **and** all existing access tokens in a single atomic operation. Authenticate with the **rotation code**. | | ||
| // 5. Firmar transacción (usando la dirección como `from`) | ||
| const signedTx = await signTransaction({ | ||
| client, | ||
| request: { | ||
| auth: { accessToken: SIG_TOKEN }, | ||
| options: { | ||
| from: TARGET_ADDRESS, | ||
| transaction: tx, | ||
| }, | ||
| }, | ||
| }); | ||
| console.log("Transacción firmada:", signedTx); | ||
|
|
||
| Example – rotate an account after a key leak: | ||
| // 6. Crear un access token vinculado a la dirección | ||
| const token = await createAccessToken({ | ||
| client, | ||
| request: { | ||
| metadata: { | ||
| name: "Token para wallet específica", | ||
| wallet: TARGET_ADDRESS, | ||
| }, | ||
| policies: [ | ||
| { | ||
| type: "eoa:signMessage", | ||
| chainId: 1, | ||
| eoa: TARGET_ADDRESS, | ||
| }, | ||
| ], | ||
| }, | ||
| }); | ||
| console.log("Access token creado:", token); | ||
|
|
||
| ```ts | ||
| await rotateServiceAccount({ | ||
| client, | ||
| request: { | ||
| auth: { rotationCode: process.env.VAULT_ROTATION_CODE! }, | ||
| }, | ||
| }); | ||
| ``` | ||
|
|
||
| --- | ||
|
|
||
| ## 3. EOAs (Wallets) | ||
|
|
||
| | Function | Purpose | | ||
| | --- | --- | | ||
| | `createEoa` | Create a new EOA (wallet) inside the Vault. Optionally attach arbitrary `metadata` for later querying. | | ||
| | `listEoas` | Pagination-aware listing with optional metadata filters. | | ||
| | `signTransaction` | Ask the Vault to sign an EVM transaction (legacy, 2930, 1559, 4844 or 7702). | | ||
| | `signMessage` | Sign a plain string / hex message. | | ||
| | `signTypedData` | Sign EIP-712 typed data with full generic type safety. | | ||
| | `signAuthorization` | Sign an [`Authorization`](#authorization) struct used by some L2s / account-abstraction schemes. | | ||
| | `signStructuredMessage` | Sign EIP-4337 user-operations (v0.6 & v0.7). | | ||
|
|
||
| ```ts | ||
| // sign a 1559 tx | ||
| import { parseTransaction, signTransaction } from "@thirdweb-dev/vault-sdk"; | ||
|
|
||
| const tx = parseTransaction({ | ||
| to: "0x...", | ||
| value: 0n, | ||
| chainId: 1, | ||
| maxFeePerGas: 30n * 10n ** 9n, | ||
| maxPriorityFeePerGas: 1n * 10n ** 9n, | ||
| gasLimit: 21_000, | ||
| // 7. Listar EOAs que tengan la dirección como metadato | ||
| const matchingEoas = await listEoas({ | ||
| client, | ||
| request: { | ||
| metadata: { | ||
| externalAddress: TARGET_ADDRESS, | ||
| }, | ||
| }, | ||
| }); | ||
| console.log("EOAs encontrados con esa dirección:", matchingEoas); | ||
| } | ||
|
|
||
| // Ejecutar | ||
| main().catch((err) => { | ||
| console.error("Error durante la ejecución:", err); | ||
| }); |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Remove executable script from the page; render as a code sample instead.
The main() flow will run at build/SSR time and requires secrets. Convert it to a fenced TypeScript snippet so readers can copy-paste into a Node script.
Proposed replacement:
-// --- CONFIGURACIÓN ---
-const SECRET_KEY = process.env.VAULT_SECRET_KEY!;
-const SIG_TOKEN = process.env.VAULT_SIG_TOKEN!;
-const BASE_TOKEN = process.env.VAULT_BASE_TOKEN!;
-const TARGET_ADDRESS = "0x6561fF4034De957fAFeA20b3aCC5E6E9FEb21aCE";
-async function main() {
- const client = await createVaultClient({ secretKey: SECRET_KEY });
- const pingResult = await ping({ client, request: { message: "pong?" } });
- console.log("Ping response:", pingResult);
- const eoa = await createEoa({
- client,
- request: {
- metadata: { label: "Wallet externa", externalAddress: TARGET_ADDRESS },
- },
- });
- console.log("Nuevo EOA creado (metadatos):", eoa);
- const tx = parseTransaction({
- to: "0xAbC123456789abcdef123456789abcdef1234567",
- value: 0n,
- chainId: 1,
- maxFeePerGas: 30n * 10n ** 9n,
- maxPriorityFeePerGas: 1n * 10n ** 9n,
- gasLimit: 21_000,
- });
- const signedTx = await signTransaction({
- client,
- request: {
- auth: { accessToken: SIG_TOKEN },
- options: { from: TARGET_ADDRESS, transaction: tx },
- },
- });
- console.log("Transacción firmada:", signedTx);
- const token = await createAccessToken({
- client,
- request: {
- metadata: { name: "Token para wallet específica", wallet: TARGET_ADDRESS },
- policies: [{ type: "eoa:signMessage", chainId: 1, eoa: TARGET_ADDRESS }],
- },
- });
- console.log("Access token creado:", token);
- const matchingEoas = await listEoas({
- client,
- request: { metadata: { externalAddress: TARGET_ADDRESS } },
- });
- console.log("EOAs encontrados con esa dirección:", matchingEoas);
-}
-// Ejecutar
-main().catch((err) => {
- console.error("Error durante la ejecución:", err);
-});
+```ts
+// vault-integration.ts (Node/TS script - do not run in the browser)
+import "dotenv/config";
+import {
+ createVaultClient,
+ ping,
+ createEoa,
+ listEoas,
+ parseTransaction,
+ signTransaction,
+ createAccessToken,
+} from "@thirdweb-dev/vault-sdk";
+
+const SECRET_KEY = process.env.VAULT_SECRET_KEY!;
+const SIG_TOKEN = process.env.VAULT_SIG_TOKEN!;
+const TARGET_ADDRESS = process.env.TARGET_ADDRESS ?? "0xYourAddress";
+
+async function main() {
+ const client = await createVaultClient({ secretKey: SECRET_KEY });
+ const pingResult = await ping({ client, request: { message: "pong?" } });
+ console.log("Ping response:", pingResult);
+
+ const eoa = await createEoa({
+ client,
+ request: { metadata: { label: "Wallet externa", externalAddress: TARGET_ADDRESS } },
+ });
+ console.log("Nuevo EOA creado (metadatos):", eoa);
+
+ const tx = parseTransaction({
+ to: "0xAbC123456789abcdef123456789abcdef1234567",
+ value: 0n,
+ chainId: 1,
+ maxFeePerGas: 30n * 10n ** 9n,
+ maxPriorityFeePerGas: 1n * 10n ** 9n,
+ gasLimit: 21_000,
+ });
+
+ const signedTx = await signTransaction({
+ client,
+ request: { auth: { accessToken: SIG_TOKEN }, options: { from: TARGET_ADDRESS, transaction: tx } },
+ });
+ console.log("Transacción firmada:", signedTx);
+
+ const token = await createAccessToken({
+ client,
+ request: {
+ metadata: { name: "Token para wallet específica", wallet: TARGET_ADDRESS },
+ policies: [{ type: "eoa:signMessage", chainId: 1, eoa: TARGET_ADDRESS }],
+ },
+ });
+ console.log("Access token creado:", token);
+
+ const matchingEoas = await listEoas({ client, request: { metadata: { externalAddress: TARGET_ADDRESS } } });
+ console.log("EOAs encontrados con esa dirección:", matchingEoas);
+}
+
+main().catch((err) => {
+ console.error("Error durante la ejecución:", err);
+});
+```🧰 Tools
🪛 LanguageTool
[grammar] ~14-~14: There might be a mistake here.
Context: ...RET_KEY = process.env.VAULT_SECRET_KEY!; const SIG_TOKEN = process.env.VAULT_SIG_...
(QB_NEW_EN)
[grammar] ~15-~15: There might be a mistake here.
Context: ...IG_TOKEN = process.env.VAULT_SIG_TOKEN!; const BASE_TOKEN = process.env.VAULT_BAS...
(QB_NEW_EN)
[grammar] ~50-~50: There might be a mistake here.
Context: ...acción (usando la dirección como from) const signedTx = await signTransaction({...
(QB_NEW_EN)
[grammar] ~94-~94: There might be a mistake here.
Context: ...rección:", matchingEoas); } // Ejecutar main().catch((err) => { console.error(...
(QB_NEW_EN)
[grammar] ~95-~95: There might be a mistake here.
Context: ...; } // Ejecutar main().catch((err) => { console.error("Error durante la ejecució...
(QB_NEW_EN)
[grammar] ~96-~96: There might be a mistake here.
Context: ...ror("Error durante la ejecución:", err); }); ✅ Requisitos Instala las dependencia...
(QB_NEW_EN)
[grammar] ~97-~97: There might be a mistake here.
Context: ..."Error durante la ejecución:", err); }); ✅ Requisitos Instala las dependencias si...
(QB_NEW_EN)
🤖 Prompt for AI Agents
apps/portal/src/app/vault/sdk/api-reference/page.mdx lines 12-97: the file
contains an executable top-level main() script that will run at build/SSR time
and requires secrets; replace the runnable code with a fenced TypeScript code
sample (triple backticks with "ts") that demonstrates usage but does not execute
during rendering — include suggested changes: move dotenv import and example
imports into the snippet, read secrets from process.env (e.g., TARGET_ADDRESS
fallback), keep all async logic inside an exported or example main() function
but do not call main() in the MDX page, and add a short comment line that this
is a Node/TS script (do not run in the browser).
| const SECRET_KEY = process.env.VAULT_SECRET_KEY!; | ||
| const SIG_TOKEN = process.env.VAULT_SIG_TOKEN!; | ||
| const BASE_TOKEN = process.env.VAULT_BASE_TOKEN!; |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Secrets in client-visible context; remove BASE_TOKEN (unused).
Do not reference secrets from a docs page; ensure examples instruct running in Node with .env, not inside MDX. Also BASE_TOKEN is never used—drop it from code and docs to avoid confusion.
-const BASE_TOKEN = process.env.VAULT_BASE_TOKEN!;And remove its mentions in the “.env example” below.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const SECRET_KEY = process.env.VAULT_SECRET_KEY!; | |
| const SIG_TOKEN = process.env.VAULT_SIG_TOKEN!; | |
| const BASE_TOKEN = process.env.VAULT_BASE_TOKEN!; | |
| const SECRET_KEY = process.env.VAULT_SECRET_KEY!; | |
| const SIG_TOKEN = process.env.VAULT_SIG_TOKEN!; |
🧰 Tools
🪛 LanguageTool
[grammar] ~14-~14: There might be a mistake here.
Context: ...RET_KEY = process.env.VAULT_SECRET_KEY!; const SIG_TOKEN = process.env.VAULT_SIG_...
(QB_NEW_EN)
[grammar] ~15-~15: There might be a mistake here.
Context: ...IG_TOKEN = process.env.VAULT_SIG_TOKEN!; const BASE_TOKEN = process.env.VAULT_BAS...
(QB_NEW_EN)
| { | ||
| "name": "vault-project", | ||
| "version": "1.0.0", | ||
| "type": "module", | ||
| "main": "vault-integration.ts", | ||
| "scripts": { | ||
| "start": "ts-node vault-integration.ts" | ||
| }, | ||
| }); | ||
| ``` | ||
|
|
||
| > **Note**: `parseTransaction` is a convenience helper that normalises user-supplied objects – you can also build the canonical tx object yourself. | ||
| --- | ||
|
|
||
| ## 4. Access Tokens | ||
|
|
||
| | Function | Purpose | | ||
| | --- | --- | | ||
| | `createAccessToken` | Mint a **base token** scoped by policies & metadata. Requires **admin key**. | | ||
| | `createSignedAccessToken` | Pure-client helper that turns a *base* token into a short-lived, signed JWT (prefixed with `vt_sat_`). No server round-trip required. | | ||
| | `listAccessTokens` | List existing tokens with pagination and optional metadata filters. | | ||
| | `revokeAccessToken` | Immediately invalidate a token (or all derived signed tokens) by `id`. | | ||
|
|
||
| ```ts | ||
| // Derive a time-boxed signed token for a serverless function | ||
| const sat = await createSignedAccessToken({ | ||
| vaultClient: client, | ||
| baseAccessToken: process.env.VAULT_BASE_TOKEN!, | ||
| additionalPolicies: [ | ||
| { type: "eoa:signMessage", chainId: 1, messagePattern: "^0x.*" }, | ||
| ], | ||
| expiryTimestamp: Math.floor(Date.now() / 1000) + 60 * 5, // 5 min | ||
| }); | ||
| ``` | ||
| "dependencies": { | ||
| "@thirdweb-dev/vault-sdk": "^0.9.0", | ||
| "dotenv": "^16.3.1" | ||
| }, | ||
| "devDependencies": { | ||
| "ts-node": "^10.9.1", | ||
| "typescript": "^5.2.2" | ||
| } | ||
| } |
There was a problem hiding this comment.
💡 Verification agent
🧩 Analysis chain
Dependency versions: confirm current releases.
The example pins versions (^0.9.0, ^16.3.1, ts-node ^10.9.1, TS ^5.2.2). Please verify these are still current or adjust to known-good ranges.
🌐 Web query:
What is the latest stable version of @thirdweb-dev/vault-sdk, dotenv, ts-node, and typescript?
💡 Result:
As of Sep 3, 2025:
- @thirdweb-dev/vault-sdk — 0.0.3. [1]
- dotenv — 17.2.2. [2]
- ts-node — 10.9.2. [3]
- typescript — 5.8.3. [4]
Sources:
[1] @thirdweb-dev/vault-sdk (Libraries.io).
[2] dotenv (npm).
[3] ts-node (npm).
[4] typescript (npm).
Update dependency versions in example: bump @thirdweb-dev/vault-sdk to ^0.0.3, dotenv to ^17.2.2, ts-node to ^10.9.2, and typescript to ^5.8.3 to match the latest stable releases.
🤖 Prompt for AI Agents
In apps/portal/src/app/vault/sdk/api-reference/page.mdx around lines 117 to 133,
the example package.json uses outdated dependency versions; update the
dependency entries to bump "@thirdweb-dev/vault-sdk" to "^0.0.3", "dotenv" to
"^17.2.2", "ts-node" to "^10.9.2", and "typescript" to "^5.8.3" (leave other
fields unchanged) so the example reflects the requested newer stable releases.
2 participants
PR-Codex overview
This PR introduces a new integration script for interacting with the
@thirdweb-dev/vault-sdk, enabling users to create clients, manage EOAs (Externally Owned Accounts), sign transactions, and create access tokens. It also includes configuration instructions and example usages.Detailed summary
mainfunction for executing the integration script.createVaultClient.ping.createEoa.parseTransaction.signTransaction.createAccessToken.listEoas.Summary by CodeRabbit