- Read anywhere.{' '}
+ Enforce policy{' '}
- Compute in a TEE.{' '}
+ before every signature.{' '}
- Write to any chain or API.
+ Act across any chain or API.
- One programmable runtime. Pulls data from any source, runs your logic
- inside a chain-secured TEE, signs on any chain or API. Open source,
- no backend to trust.
+ Lit lets teams run authorization logic, compliance checks, and asset
+ controls inside a chain-secured TEE before any key signs. Build
+ cross-chain apps and agent workflows without trusting a backend,
+ custodian, or multisig.
);
-const codeSample = `// Inside a Lit Action — runs in a chain-secured TEE
+const codeSample = `// Inside a Lit Action — policy enforcement in a chain-secured TEE
-// Read off-chain
-const price = await fetch(
- "https://api.coinbase.com/v2/prices/ETH-USD/spot"
-).then(r => r.json());
+// Verify off-chain risk and compliance signals
+const sanctions = await fetch(SANCTIONS_API + "/" + recipient).then(r => r.json());
+const risk = await fetch(RISK_API + "/" + recipient).then(r => r.json());
-// Read on-chain (Base)
-const base = new ethers.providers.JsonRpcProvider(BASE_RPC);
-const vault = new ethers.Contract(vaultAddress, vaultAbi, base);
-const ratio = await vault.currentRatio();
+// Verify on-chain state
+const provider = new ethers.providers.JsonRpcProvider(BASE_RPC);
+const vault = new ethers.Contract(vaultAddress, vaultAbi, provider);
+const role = await vault.roles(sender);
+const dailySpent = await vault.dailySpent(sender);
+
+// Decide, then sign only if policy passes
+if (!sanctions.blocked && risk.score < threshold && role.canTransfer) {
+ if (dailySpent.add(amount).gt(role.dailyLimit)) throw new Error("over limit");
-// Decide, then sign + broadcast on Arbitrum
-if (Number(price.data.amount) * Number(ratio) < threshold) {
const pk = await Lit.Actions.getLitActionPrivateKey();
- const arb = new ethers.providers.JsonRpcProvider(ARB_RPC);
- const wallet = new ethers.Wallet(pk, arb);
- const hook = new ethers.Contract(hookAddress, hookAbi, wallet);
- const tx = await hook.rebalance();
+ const wallet = new ethers.Wallet(pk, provider);
+ const tx = await vault.connect(wallet).transfer(recipient, amount);
Lit.Actions.setResponse({ response: tx.hash });
+} else {
+ Lit.Actions.setResponse({ response: "policy_denied" });
}`;
const EXAMPLES_BASE =
@@ -48,23 +50,28 @@ const EXAMPLES_BASE =
const patterns = [
{
- k: 'Cross-chain token',
- v: 'Lit checks burn events on one chain and signs the matching mint on another — permissionless bridging, any chain.',
+ k: 'Solver vaults',
+ v: 'Keep inventory behind a policy-gated signer so bots can fill orders, but compromised boxes cannot drain funds.',
+ href: `${EXAMPLES_BASE}/lit-solver-vault`,
+ },
+ {
+ k: 'Policy-gated bridging',
+ v: 'Verify source-chain events, limits, and risk signals before signing destination-chain mints or releases.',
href: `${EXAMPLES_BASE}/cross-chain-token`,
},
{
- k: 'Custom price oracle',
- v: 'Aggregate any combination of CEX + DEX feeds, sign once, deliver to multiple chains.',
+ k: 'Tamper-resistant oracle policies',
+ v: 'Aggregate external and on-chain data inside a TEE, then sign only when freshness, quorum, and deviation rules pass.',
href: `${EXAMPLES_BASE}/multi-source-price-oracle`,
},
{
- k: 'Prediction market resolver',
- v: 'Poll one or more LLMs in a TEE, sign the consensus, post it on-chain — no UMA, no dispute window.',
+ k: 'Verifiable AI decisioning',
+ v: 'Run model or resolver logic in a TEE, attest the code path, and sign outcomes according to transparent rules.',
href: `${EXAMPLES_BASE}/prediction-market-oracle`,
},
{
k: 'Compliance-gated transfers',
- v: 'Lit Action screens every recipient against a sanctions list before signing — flagged wallets simply can’t receive.',
+ v: 'Screen wallets, enforce jurisdictional or protocol policies, and deny signatures for blocked recipients before assets move.',
href: `${EXAMPLES_BASE}/compliance-transfer-gate`,
},
];
@@ -78,13 +85,13 @@ const LandingHowItWorks = () => {
What it looks like
- One file. Reads, computes, signs across chains.
+ One policy file. Checks, decides, signs.
A Lit Action is JavaScript that runs inside the network's
- TEE. Deploy it once. Sign with a wallet bound to the action code
- itself, or with one you control through your own on-chain
- governance.
+ TEE. Use it to verify conditions, enforce policy, and produce
+ signatures only when your rules pass. Deploy once, bind signing
+ authority to code, and govern upgrades on-chain.
- Speed of a backend, trust of a contract. A{' '}
- chain-secured enclave.
+ Backend speed. Verifiable controls.
+
+ Enclave-secured execution.
- Most cross-chain infra forces a tradeoff: trust a multisig, or
- wait for slow consensus on every read. Lit takes a different
- path. Code runs inside a TEE — an enclave the hardware itself
- cryptographically attests to. Keys never leave. Logs can't
- be rewritten.
+ Most automation forces a tradeoff: trust a backend operator,
+ rely on a multisig, or wait for slow consensus on every decision.
+ Lit takes a different path. Policy code runs inside a TEE — an
+ enclave the hardware itself cryptographically attests to. Keys
+ never leave. Operators can't inspect secrets.
The TEE's identity, its allowed code, and its signing
- authority are all governed on-chain. You get the speed and
- expressiveness of a single trusted runtime, with the
- auditability and on-chain governability of a smart contract.
+ authority are all governed on-chain. Teams can enforce security,
+ compliance, and governance rules at runtime while keeping the
+ latency and flexibility of programmable infrastructure.
- One programmable runtime for everything that has to happen between
- an event and a signed action.
+ One programmable policy layer for everything that must happen before
+ a key signs.