What is a Lit Action?
Lit Actions are immutable JavaScript programs stored on IPFS and executed by the Lit network. Each action is identified by its IPFS CID, which serves as both its address and an immutable commitment to its code. Once published to IPFS, an action’s behavior can never be changed. Actions are executed on-node and have access to a set of SDK functions that let them:- Sign data using the private key of a Programmable Key Pair (PKP)
- Encrypt and decrypt data using a symmetric key derived from a PKP
- Make HTTP requests to external data sources (APIs, oracles, blockchains)
- Set a response that is returned to the caller after execution
Programmable Key Pairs (PKPs)
A Programmable Key Pair (PKP) is a wallet — an elliptic-curve key pair — managed by the Lit network. An account can hold many PKPs and organize them into groups alongside permitted IPFS actions. When a Lit Action executes, it can retrieve the private key of a PKP usingLit.Actions.getPrivateKey({ pkpId }) and use it (via ethers.js) to sign transactions, messages, or any arbitrary data.
Which actions are permitted to use which PKPs is enforced on-chain through the AccountConfig contract and managed via the Dashboard.
What is a Proof?
When a Lit Action retrieves data from an external source — for example, a price feed, a weather API, or another blockchain — and signs the result with a PKP, that signed output is called a proof. A proof answers the question: “How do I know this data is authentic?” Traditionally, when you send a transaction on Ethereum you sign it with your private key to prove you authorized it. A Lit Action proof works the same way: the data output is signed by a PKP to attest that it came from a specific, verifiable computation — not from an arbitrary off-chain script.Why proofs matter
- Trustless data ingestion — Smart contracts cannot make HTTP requests. A Lit Action can fetch external data and deliver it on-chain with a signature that the contract can verify.
- Verifiable computation — Any party can independently verify that the signed output was produced by the specific action code (identified by IPFS CID) and signed by the specific PKP (identified by its public key / token ID).
- No trusted intermediary — Because the action code is immutable on IPFS and the signing key is managed by the Lit network, neither the action author nor any single node can forge a result.
How Actions Fit into Chipotle
In the Chipotle system, actions are organized within groups. A group ties together:- One or more PKPs (wallets available for signing inside the action)
- One or more IPFS CIDs (the permitted action code)
- Usage API keys scoped to run actions within that group
AccountConfig smart contract on Base.
/core/v1/lit_action endpoint, the server validates that the API key is permitted to execute the submitted code against the requested PKP — before any execution begins.
The Action Runtime
Inside a Lit Action, theLit.Actions namespace exposes the current SDK. Key functions include:
| Function | Description |
|---|---|
return value (from main) | Return a value to the caller — the preferred response method |
Lit.Actions.setResponse({ response }) | Legacy: set the response returned to the caller |
Lit.Actions.getPrivateKey({ pkpId }) | Retrieve a PKP private key for signing |
Lit.Actions.getLitActionPrivateKey() | Retrieve this action’s own identity key |
Lit.Actions.Encrypt({ pkpId, message }) | Encrypt a string with a PKP-derived AES key |
Lit.Actions.Decrypt({ pkpId, ciphertext }) | Decrypt ciphertext with a PKP-derived AES key |
ethers library (v5) is available as a global, making it straightforward to sign messages, construct transactions, or interact with any EVM chain.
For the full API reference, see Lit Actions SDK.
A Minimal Example
Next Steps
- Examples — Working code for common patterns
- Lit Actions SDK — Full API reference for the current runtime
- Migration from Naga — Mapping deprecated Naga actions to current equivalents