Lit Protocol MCP. Govern decentralized access and execute TEE code.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Lit Protocol (Decentralized Access Control) manages decentralized identity, access policies, and secure code execution in Web3. This server lets your agent generate Programmable Key Pairs (PKPs), define granular usage scopes, organize permissions into groups, and run immutable JavaScript programs inside TEEs directly through natural conversation.
What your AI agents can do
Add action
Registers a new standalone Lit Action by providing its name and IPFS Content Identifier (CID).
Add action to group
Assigns an existing action's CID to a specific access group, granting permission for that function.
Add group
Creates a new, distinct access control group within the Lit Protocol system.
Generate, list, and track Programmable Key Pairs (PKPs) that serve as verifiable, distributed accounts for your application.
Build complex access schemas by creating groups and assigning specific PKPs to them, controlling who can do what across your system.
Run immutable JavaScript programs (Lit Actions) inside TEEs, ensuring that critical business logic executes in a verifiable, protected environment.
Create and update usage API keys, allowing you to enforce granular permissions on what actions your agent can perform using specific credentials.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Lit Protocol (Decentralized Access Control) MCP Server: 20 Tools for Governance
These tools let you programmatically manage PKPs, define access groups, register actions, and run secure Lit Actions using a single API gateway.
019e5d2eadd action
Registers a new standalone Lit Action by providing its name and IPFS Content Identifier (CID).
019e5d2eadd action to group
Assigns an existing action's CID to a specific access group, granting permission for that function.
019e5d2eadd group
Creates a new, distinct access control group within the Lit Protocol system.
019e5d2eadd pkp to group
Adds an existing Programmable Key Pair (PKP) to a designated access group, granting it the group's permissions.
019e5d2eadd usage api key
Generates and sets up a new usage API key with specific, limited scopes for operational use.
019e5d2echeck account exists
Verifies whether an account is registered and active using a provided Lit Protocol API key.
019e5d2econfirm payment
Finalizes the credit top-up process after payment details have been successfully processed.
019e5d2ecreate account
Initializes and registers an entirely new Lit account within the system using a provided API key.
019e5d2ecreate payment intent
Creates a Stripe PaymentIntent object, typically requiring a minimum value of $5.00 for billing purposes.
019e5d2ecreate wallet
Requests and generates a new Programmable Key Pair (PKP) identity linked to your existing account.
019e5d2eexecute lit action
Runs a defined Lit Action, accepting either the raw code or its IPFS ID for secure execution in a TEE.
019e5d2eget billing balance
Retrieves the current credit balance associated with your account's billing profile.
019e5d2elist actions
Lists all Lit Actions that have been previously registered within your connected environment.
019e5d2elist api keys
Returns a list of usage API keys, showing only the metadata for auditing purposes.
019e5d2elist groups
Retrieves and displays all currently defined access control groups in the system.
019e5d2elist wallets
Lists every Programmable Key Pair (PKP) identity currently owned by your connected account.
019e5d2eremove group
Permanently deletes an existing, empty access control group from the system.
019e5d2eremove pkp from group
Removes a specified PKP identity from its assigned access group.
019e5d2eremove usage api key
Deletes an existing usage API key, revoking its associated permissions and access scopes.
019e5d2eupdate usage api key
Modifies the defined permissions or scope of an active usage API key.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Lit Protocol (Decentralized Access Control), then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Lit Protocol MCP Server - Decentralized Access Control handles your entire Web3 security stack. You'll use this server to manage decentralized identity, build complex access policies, and run secure code logic right from your agent. It’s built for apps that need verifiable, protected operations without relying on a bunch of separate contracts or services.
Identity Management (PKPs & Accounts)
You can initialize an entirely new Lit account using create_account with a provided API key. You'll generate and track Programmable Key Pairs (PKPs) as verifiable, distributed identities through the create_wallet function. If you need to know if an account is active before doing anything, run check_account_exists. To see every PKP identity your connected account owns, call list_wallets.
Access Control and Grouping
This system lets you build granular access schemas using groups. You can create a new, distinct group with add_group and then view all existing ones by calling list_groups. To assign specific permissions, you'll add an existing PKP to a group via add_pkp_to_group; this grants the key the entire group's set of rules.
If a key needs to lose access, use remove_pkp_from_group to detach it from its assigned group. You can also clean up by deleting an empty group using remove_group.
Secure Code Execution (Lit Actions)
The server lets you run immutable JavaScript programs—called Lit Actions—inside a Trusted Execution Environment (TEE). First, register a new standalone Lit Action by providing its name and IPFS Content Identifier (CID) using add_action; you'll see all registered actions when you call list_actions. To actually execute the code, use execute_lit_action, accepting either raw code or the action’s IPFS ID for secure running.
API Key Scope Control
You gotta control what your agent can do with specific credentials. Use add_usage_api_key to generate a new usage API key, setting specific, limited scopes right out of the gate. If those permissions change, you'll modify them using update_usage_api_key. To check what keys are active for auditing purposes, run list_api_keys. When an API key is no longer needed, delete it and revoke its access fully with remove_usage_api_key.
Operational & Billing Tools
For operational needs, you can get the current credit balance associated with your account's billing profile using get_billing_balance. To initiate payments, call create_payment_intent, which sets up a Stripe PaymentIntent object (it requires at least $5.00). Once payment details are processed successfully, use confirm_payment to finalize the credit top-up.
How Lit Protocol MCP Works
- 1 First, subscribe to the server and provide your Lit Protocol API Key. This authenticates your connection.
- 2 Next, use tools like
create_accountorlist_walletsto set up your core identities (PKPs) and define access groups usingadd_group. - 3 Finally, execute complex tasks—like running an immutable function via
execute_lit_actionor defining a new scope withadd_usage_api_key—through natural language prompts.
The bottom line is: you tell your agent what needs to happen (e.g., 'Create a group for admins and give them permission X'), and the server executes the necessary sequence of API calls.
Who Is Lit Protocol MCP For?
This is for security engineers and Web3 developers who hate writing boilerplate code just to manage permissions. If you spend time clicking through multiple dashboards or manually updating roles, this tool saves you hours. It's built for people whose job involves making sure that decentralized logic runs exactly right.
Uses create_wallet and add_action to programmatically set up the core identity structure (PKPs) and define the custom functions needed for their dApp.
Runs queries against tools like list_groups and update_usage_api_key to audit current access control policies and revoke stale permissions on demand.
Uses execute_lit_action during testing. They run the action in a sandbox (TEE) to confirm that their complex, decentralized logic works before going live.
What Changes When You Connect
- Define Roles with
add_groupandadd_pkp_to_group. Instead of giving every user individual permissions, you build a group (e.g., 'Admins') and assign the keys once, controlling who gets what instantly. - Run Critical Logic in TEEs via
execute_lit_action. You execute immutable JavaScript programs inside a secure environment, meaning your core business rules can't be tampered with by external calls. - Maintain Strict Control with Key Scopes. Use
add_usage_api_keyandupdate_usage_api_keyto limit what an agent can do. You can ensure that the key used for reading data can't write it. - Audit Access with Detail. Tools like
list_groupsandlist_api_keysgive you a clear, programmatic overview of who has access, eliminating manual checks across multiple web portals. - Manage Identities Programmatically. Instead of relying on complex front-end forms, your agent can call
create_walletto generate a new PKP identity orlist_walletsto see all existing ones.
Real-World Use Cases
The Onboarding Audit
A security engineer needs to confirm that only the 'Tier 1 Support' group has access to execute the lit-action: verify_user function. They run list_groups, confirm the 'Tier 1 Support' ID, then use add_action_to_group to check if the action is mapped correctly and finally use list_wallets to ensure no other keys are mistakenly added.
Secure Contract Testing
A dApp builder needs to test a new, complex decentralized payment routine. They don't want to deploy it fully; they just need to run the logic in a sandbox. The agent calls execute_lit_action, providing either the code or CID, and gets an immediate, secure result without touching mainnet funds.
Revoking Stale Access
An account employee leaves the company. The dev team needs to revoke their access immediately. Instead of logging into several systems, they use list_wallets to find the old PKP and then call remove_pkp_from_group to instantly cut off all permissions across every group.
Setting up Multi-Stage Permissions
You are building a system where 'Managers' can approve actions only if they have been created by an 'Admin'. You first use add_group to make 'Admins' and 'Managers', then use add_pkp_to_group twice, and finally define the flow logic using execute_lit_action.
The Tradeoffs
Treating permissions as single toggles
Thinking that just 'disabling' an API key is enough. You might simply delete the key without revoking the associated group membership, leaving orphaned access rights.
→
Always use remove_usage_api_key to delete credentials AND pair it with remove_pkp_from_group and then maybe even add_action_to_group to clean up related action mappings. It takes a sequence of calls.
Hardcoding roles into code
Writing logic that says, 'If the user role is X, then run function Y.' This breaks if you want to change the definition of 'X' or add a new role.
→
Use Lit Protocol. Define roles using add_group and manage membership via add_pkp_to_group. The access logic becomes data-driven, not code-based.
Ignoring billing scope
Running an action that costs money without checking the balance first. Your agent calls execute_lit_action and gets a payment failure error mid-task.
→
Always start by using get_billing_balance. If you need to top up, use create_payment_intent before running any high-cost functions.
When It Fits, When It Doesn't
Use this server if your core problem is governing who can run what code in a decentralized environment. You must control the lifecycle of identities (PKPs), group permissions, and function execution itself. If you need to build an audit trail or enforce fine-grained access policies across multiple services—that's where this shines.
Don't use it if you are just managing simple user profiles in a centralized database (use a standard CRUD API instead). Also, don't use it if your primary goal is simply sending messages; that requires a messaging tool. This server is for the gatekeepers of decentralized logic, not the message sender itself.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Lit Protocol. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 20 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Managing access policies shouldn't feel like navigating six different admin dashboards.
Right now, to audit who can run a specific function, you have to jump between the PKP manager, the group editor, and the usage key console. You check if the wallet is in the right group; then you verify the action is assigned to that group; finally, you confirm the API key associated with the user hasn't been revoked or out-scoped.
With Lit Protocol MCP Server, your agent handles this multi-step process in one flow. Your AI client calls `list_groups` and `update_usage_api_key`, providing a single source of truth for access control across decentralized systems.
Lit Protocol (Decentralized Access Control) MCP Server: Manage identity, keys, and actions.
The manual steps that disappear include: checking the PKP's existence, verifying its group membership, ensuring the required action is registered, AND making sure the associated API key has permissions for both. This used to be a half-day chore of cross-referencing.
Now, your agent can sequence these calls—for instance, running `add_pkp_to_group` immediately after calling `create_wallet`—making complex governance tasks instant and reliable.
Common Questions About Lit Protocol MCP
How do I list all my decentralized wallets using the lit-protocol-decentralized-access-control MCP Server? +
You use the list_wallets tool. This command pulls every Programmable Key Pair (PKP) identity currently owned by your connected account, giving you a full inventory of your distributed identities.
What is the difference between `add_action` and `execute_lit_action`? +
add_action registers a function's existence (name + CID). execute_lit_action actually runs that registered, secure function inside the TEE for verifiable results.
Can I restrict access to only certain groups using the lit-protocol-decentralized-access-control MCP Server? +
Yes. You define restriction boundaries by creating groups (add_group) and then explicitly controlling membership with add_pkp_to_group. This is how you enforce granular policy.
Does the lit-protocol-decentralized-access-control MCP Server handle payments? +
It has tools to manage billing. You use create_payment_intent and then confirm_payment when your account needs a credit top-up before running cost-intensive functions.
If I need to change a key's permissions after it's created, how does `update_usage_api_key` work? +
It modifies the usage scope immediately. You pass the key ID and the new permitted scopes. This lets your agent restrict access or expand privileges without needing to delete and recreate the entire key.
When I run `add_pkp_to_group`, is it possible for one wallet (PKP) to belong to multiple groups? +
Yes, a PKP can be a member of many groups. You simply call the add_pkp_to_group tool once for every group ID that needs access. It won't overwrite existing memberships.
What should my agent do if `check_account_exists` fails authentication? +
The tool will return a specific status code and error message detailing the failure reason (e.g., expired key, invalid scope). Your agent must check this response body to determine if it needs to prompt for new credentials.
How do I ensure that only authorized groups can execute certain actions using `add_action_to_group`? +
You link the specific Action CID or name directly to a Group ID. The system enforces this mapping; a group cannot run an action unless it's explicitly registered with the add_action_to_group tool.
Can I execute custom JavaScript code securely within a TEE? +
Yes! Use the execute_lit_action tool. You can provide either inline JavaScript code or an IPFS CID to run immutable programs inside Lit's Trusted Execution Environments.
How do I see all the decentralized wallets (PKPs) associated with my account? +
Simply use the list_wallets tool. It will return all Programmable Key Pairs (PKPs) owned by your account, including their IDs and addresses.
Is it possible to organize access control by grouping different identities? +
Absolutely. You can use add_group to create a new group and then add_pkp_to_group to manage which decentralized identities belong to that specific access schema.
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Tailscale
Manage your Tailscale mesh network — list devices, update ACL policies, manage auth keys, and inspect users directly from any AI agent.
SonarCloud
Merge your SaaS DevOps workflow with SonarCloud to review AI code and prevent production vulnerabilities.
Tenable
Manage Tenable Vulnerability Management scans, inspect cloud assets, and triage CVEs natively via your AI agent.
You might also like
Aracaju
Access Aracaju's transparency data—revenues, expenses, bids, contracts, and payroll—directly from your AI agent.
TeamGantt
Plan projects with intuitive Gantt charts that show deadlines, dependencies, and team workloads in one visual timeline.
Microsoft Dynamics 365
Manage accounts, opportunities, orders, and business processes on Microsoft Dynamics 365 — the unified CRM & ERP platform.