Smart Actions

Atomic verifiable computation units composing into Smart Workflows. Each produces cryptographic attestations of execution correctness.

Smart Actions define computations with formal input/output specifications and produce cryptographic attestations. Composing Smart Actions maintains end-to-end verifiability guarantees.

Examples

w3-io/actions/storage/storj

Decentralized S3-compatible object storage. Store workflow state, execution results, and artifacts with cryptographic proof of storage. Fully compatible with AWS S3 API.

Execution:🔒 TEE

Verification:Content Hash + Availability

Storj access grant is a secret credential. Must decrypt in TEE to prevent validator operator from accessing your storage.

Action Definition

action.yml (Published in w3-io/actions repo)

name: Storj Storage
description: Decentralized S3-compatible storage with TEE secret handling

inputs:
  bucket:
    description: S3 bucket name
    required: true
  key:
    description: Object key
    required: true
  operation:
    description: read or write
    required: true
  access_grant:
    description: Storj access grant (encrypted for TEE)
    required: true
    encrypted: true

outputs:
  content_hash:
    description: SHA256 of content
  size_bytes:
    description: Object size

runs:
  using: tee
  platform: intel_sgx
  main: dist/index.js
  secrets:
    - access_grant

Usage in Workflow

Workflow Step Declaration

- name: Example step
  uses: w3-io/actions/storage/storj@v1
  with:
    bucket: "w3-workflows-production"
    key: "workflows/0x4f3a7c9e.../run_1730485532.json"
    operation: "write"
    data: [object Object]
    access_grant: "${{ secrets.STORJ_ACCESS_GRANT }}"

Execution

Execution Code

// Storj S3-compatible storage
const s3 = new StorjS3({
  accessGrant: inputs.access_grant
});

if (inputs.operation === "write") {
  const content = JSON.stringify(inputs.data);
  const hash = sha256(content);

  await s3.putObject({
    Bucket: inputs.bucket,
    Key: inputs.key,
    Body: content,
    Metadata: {
      content_hash: hash,
      timestamp: Date.now()
    }
  });

  return {
    key: inputs.key,
    content_hash: hash,
    size_bytes: content.length,
    operation: "write"
  };
} else {
  const obj = await s3.getObject({
    Bucket: inputs.bucket,
    Key: inputs.key
  });

  const content = await obj.Body.text();
  return {
    key: inputs.key,
    content_hash: sha256(content),
    data: JSON.parse(content),
    operation: "read"
  };
}

Output

{
  "key": "workflows/0x4f3a7c9e.../run_1730485532.json",
  "content_hash": "0x8a3f9c2e5d7b1a4c6f9e2b8d5a7c3e9f1b4d7a0c3e6b9f2d5a8c1e4f7b0d3a6",
  "size_bytes": 234,
  "operation": "write"
}

Verification

Attestation

{
  "action": "w3-io/actions/storage/storj@v1",
  "operation": "write",
  "bucket": "w3-workflows-production",
  "key": "workflows/0x4f3a7c9e.../run_1730485532.json",
  "content_hash": "0x8a3f9c2e5d7b1a4c6f9e2b8d5a7c3e9f1b4d7a0c3e6b9f2d5a8c1e4f7b0d3a6",
  "size_bytes": 234,
  "timestamp": 1730485532000,
  "storj_metadata": {
    "pieces_stored": 80,
    "nodes_storing": 40,
    "erasure_code": "29/80"
  }
}

Verify Logic

// Verify storage operation
fn verify(attestation: Attestation) -> bool {
    // Challenge: retrieve content from Storj
    let retrieved = storj_client.get_object(
        attestation.bucket,
        attestation.key
    );

    // Verify content hash matches
    let actual_hash = sha256(&retrieved.content);
    if actual_hash != attestation.content_hash {
        return false;
    }

    // Verify availability (can retrieve)
    if retrieved.is_none() {
        return false;
    }

    // Verify metadata
    retrieved.size == attestation.size_bytes
        && storj_metadata_valid(attestation)
}

w3-io/actions/storage/arweave

Permanent, immutable data storage on Arweave. Pay once, store forever. Ideal for attestation archives, execution logs, and compliance records that must never be deleted.

Execution:🔒 TEE

Verification:Cryptographic Proof

Arweave wallet contains private key for signing transactions. Must handle in TEE to prevent key exfiltration.

Action Definition

action.yml (Published in w3-io/actions repo)

name: Arweave Permanent Storage
description: Pay-once store-forever with TEE wallet handling

inputs:
  data:
    description: Data to store permanently
    required: true
  wallet:
    description: Arweave wallet (encrypted for TEE)
    required: true
    encrypted: true

outputs:
  tx_id:
    description: Arweave transaction ID
  content_hash:
    description: SHA256 of content

runs:
  using: tee
  platform: intel_sgx
  main: dist/index.js
  secrets:
    - wallet

Usage in Workflow

Workflow Step Declaration

- name: Example step
  uses: w3-io/actions/storage/arweave@v1
  with:
    data: [object Object]
    tags: [object Object]
    wallet: "${{ secrets.ARWEAVE_WALLET }}"

Execution

Execution Code

// Arweave permanent storage
const arweave = new Arweave({
  wallet: inputs.wallet
});

const content = JSON.stringify(inputs.data);
const transaction = await arweave.createTransaction({
  data: content
});

// Add searchable tags
for (const [key, value] of Object.entries(inputs.tags)) {
  transaction.addTag(key, value);
}

// Sign and submit
await arweave.sign(transaction);
const result = await arweave.post(transaction);

return {
  tx_id: transaction.id,
  content_hash: sha256(content),
  size_bytes: content.length,
  permanent: true,
  url: `https://arweave.net/${transaction.id}`
};

Output

{
  "tx_id": "9f3b7a2c5e8d1a4f6c9b2e7d5a8f3c1e4b7d0a6c9e2f5b8d1a4c7f0b3e6a9d",
  "content_hash": "0x7e2f9a5c8d1b4e7a0c3f6b9d2e5a8c1f4b7a0d3c6f9e2b5d8a1c4e7b0d3a6f",
  "size_bytes": 1024,
  "permanent": true,
  "url": "https://arweave.net/9f3b7a2c5e8d1a4f6c9b2e7d5a8f3c1e4b7d0a6c9e2f5b8d1a4c7f0b3e6a9d"
}

Verification

Attestation

{
  "action": "w3-io/actions/storage/arweave@v1",
  "operation": "permanent_store",
  "arweave_tx_id": "9f3b7a2c5e8d1a4f6c9b2e7d5a8f3c1e4b7d0a6c9e2f5b8d1a4c7f0b3e6a9d",
  "content_hash": "0x7e2f9a5c8d1b4e7a0c3f6b9d2e5a8c1f4b7a0d3c6f9e2b5d8a1c4e7b0d3a6f",
  "size_bytes": 1024,
  "timestamp": 1730485532000,
  "block_height": 1234567,
  "confirmations": 50
}

Verify Logic

// Verify permanent storage
fn verify(attestation: Attestation) -> bool {
    // Retrieve from Arweave network
    let retrieved = arweave_gateway.get_transaction(
        attestation.arweave_tx_id
    );

    // Verify content hash
    let actual_hash = sha256(&retrieved.data);
    if actual_hash != attestation.content_hash {
        return false;
    }

    // Verify transaction confirmed onchain
    let tx_status = arweave.get_status(
        attestation.arweave_tx_id
    );

    tx_status.confirmed
        && tx_status.block_height == attestation.block_height
        && tx_status.confirmations >= 50
}

w3-io/actions/secrets/tee-vault

Encrypted secrets that only decrypt inside hardware-protected enclaves (Intel SGX/AWS Nitro). Authority encrypts secrets with TEE public key → Validator stores encrypted blob → TEE decrypts in isolated memory. Validator operator cannot see plaintext, even with root access.

Execution:🔒 TEE

Verification:Remote Attestation + Cryptographic

The entire purpose is secret management - Authority encrypts secrets with TEE public key, validator stores encrypted blobs, TEE decrypts in enclave memory only.

Action Definition

action.yml (Published in w3-io/actions repo)

name: TEE Secret Vault
description: Encrypted secrets that only decrypt inside hardware enclaves

inputs:
  secret_refs:
    description: Array of secret names to load
    required: true
  encrypted_secrets:
    description: Secrets encrypted with TEE public key
    required: true
    encrypted: true

outputs:
  secrets_loaded:
    description: Names of loaded secrets
  tee_attestation:
    description: Remote attestation quote

runs:
  using: tee
  platform: intel_sgx
  main: dist/index.js
  secrets: dynamic  # Loads secrets specified in secret_refs

Usage in Workflow

Workflow Step Declaration

- name: Example step
  uses: w3-io/actions/secrets/tee-vault@v1
  with:
    secret_refs:
      - "SENDGRID_API_KEY"
      - "STRIPE_SECRET_KEY"
    workflow_hash: "0x4f3a7c9e2b5d8a1c4e7f0b3d6a9c2e5f8b1d4a7c0e3b6d9f2a5c8e1b4d7a0c3"
    authority_signature: "0x892b3c5e8d1f4a7c9e2b6d8a3f5c7e9b4d6a8c1e3b5d7a9c2e4f6b8d1a3c5e7"
    encrypted_secrets: [object Object]

Execution

Execution Code

// ═══════════════════════════════════════════
// 🔒 OUTSIDE TEE: Secrets are ENCRYPTED
// ═══════════════════════════════════════════
// Validator stores: "0xENC[encrypted blob]"
// Validator CANNOT decrypt this!
// ═══════════════════════════════════════════

// Authority uploads encrypted secrets once:
// encrypted = encrypt(secret, tee_public_key)
// Only the TEE's private key can decrypt

// ═══════════════════════════════════════════
// 🔒 INSIDE TEE: Secrets are DECRYPTED
// ═══════════════════════════════════════════

// 1. Verify authority signature
const authorized = verify_signature(
  inputs.workflow_hash,
  inputs.authority_signature
);

if (!authorized) {
  throw new Error("Unauthorized access");
}

// 2. Decrypt secrets INSIDE enclave
// TEE private key lives in hardware, never exported
const tee_private_key = get_hardware_sealed_key();

const decrypted = {};
for (const [key, encrypted] of Object.entries(inputs.encrypted_secrets)) {
  // Decryption happens in enclave memory
  decrypted[key] = tee_decrypt(encrypted, tee_private_key);
  // Example: "sk_live_abc123..." now in memory
}

// 3. Return attestation (NOT the secrets!)
// Secrets stay in TEE for workflow execution
const attestation = {
  secrets_loaded: Object.keys(decrypted),
  tee_quote: generate_remote_attestation()
};

// 4. Secrets remain in TEE for workflow steps
// After workflow completes, memory is wiped
return attestation;

// ═══════════════════════════════════════════
// 🔒 TEE BOUNDARY
// Validator operator never sees plaintext!
// ═══════════════════════════════════════════

Output

{
  "secrets_loaded": [
    "SENDGRID_API_KEY",
    "STRIPE_SECRET_KEY"
  ],
  "tee_attestation": {
    "platform": "intel_sgx",
    "quote": "0x3e7f9a2c5d8b1f4a7c0e9b2d5a8c1f4b7a0d6c9e2f5b8d1a4c7f0b3e6a9d2c",
    "measurement": "0x8a3f9c2e5d7b1a4c6f9e2b8d5a7c3e9f1b4d7a0c3e6b9f2d5a8c1e4f7b0d3a6",
    "timestamp": 1730485532000
  }
}

Verification

Attestation

{
  "action": "w3-io/actions/secrets/tee-vault@v1",
  "workflow_hash": "0x4f3a7c9e2b5d8a1c4e7f0b3d6a9c2e5f8b1d4a7c0e3b6d9f2a5c8e1b4d7a0c3",
  "secrets_accessed": [
    "SENDGRID_API_KEY",
    "STRIPE_SECRET_KEY"
  ],
  "tee_platform": "intel_sgx",
  "tee_quote": "0x3e7f9a2c5d8b1f4a7c0e9b2d5a8c1f4b7a0d6c9e2f5b8d1a4c7f0b3e6a9d2c",
  "tee_measurement": "0x8a3f9c2e5d7b1a4c6f9e2b8d5a7c3e9f1b4d7a0c3e6b9f2d5a8c1e4f7b0d3a6",
  "enclave_hash": "0x2f8a9d3c6e5b1f4a7c0e2b9d5a8c1e4f7b0a3d6c9e2f5a8b1d4c7e0f3a6b9d2",
  "timestamp": 1730485532000
}

Verify Logic

// Verify TEE execution
fn verify(attestation: Attestation) -> bool {
    // 1. Verify remote attestation quote
    let quote_valid = intel_sgx_verify_quote(
        attestation.tee_quote,
        attestation.tee_measurement
    );

    // 2. Verify enclave code hash matches
    // (ensures correct code ran in TEE)
    let expected_hash = get_approved_enclave_hash(
        "w3-io/actions/secrets/tee-vault@v1"
    );

    if attestation.enclave_hash != expected_hash {
        return false;  // Wrong code in enclave!
    }

    // 3. Verify authority authorized access
    let authorized = verify_authority_signature(
        attestation.workflow_hash
    );

    quote_valid
        && authorized
        && attestation.timestamp < now() + 5min
}

w3-io/actions/ai/hyperbolic

Decentralized AI inference on Hyperbolic's distributed GPU network. API key decrypts inside TEE, never visible to validator operator. Inference runs inside enclave with hardware attestation proof. Validator can execute AI workflows without seeing your secrets.

Execution:🔒 TEE

Verification:Shadow Execution + Output Hash

Hyperbolic API key is sensitive. TEE ensures validator operator cannot see your key, prompts, or AI responses - all processing happens in enclave.

Action Definition

action.yml (Published in w3-io/actions repo)

name: Hyperbolic AI Inference
description: Decentralized GPU inference with TEE confidentiality

inputs:
  model:
    description: AI model name
    required: true
  prompt:
    description: Input prompt
    required: true
  api_key:
    description: Hyperbolic API key (encrypted for TEE)
    required: true
    encrypted: true

outputs:
  output_hash:
    description: SHA256 of AI response
  tokens_used:
    description: Token consumption

runs:
  using: tee
  platform: intel_sgx
  main: dist/index.js
  secrets:
    - api_key

Usage in Workflow

Workflow Step Declaration

- name: Example step
  uses: w3-io/actions/ai/hyperbolic@v1
  with:
    model: "meta-llama/Llama-3.3-70B-Instruct"
    prompt: "Analyze this DeFi transaction for risk indicators:
Value: $50,000 USDC
Recipient: 0x742d...
Gas: 200,000

Provide risk score 0-100."
    max_tokens: 500
    temperature: 0.7
    api_key: "${{ secrets.HYPERBOLIC_API_KEY }}"

Execution

Execution Code

// ═══════════════════════════════════════════
// 🔒 TEE BOUNDARY - CODE BELOW RUNS INSIDE
//    TRUSTED ENCLAVE (Intel SGX/AWS Nitro)
// ═══════════════════════════════════════════
// Validator operator CANNOT see:
// - API keys (encrypted outside TEE)
// - Prompts or responses
// - Any plaintext secrets
// ═══════════════════════════════════════════

// Decrypt secret INSIDE TEE only
// (Encrypted at rest, decrypted in enclave memory)
const apiKey = tee_decrypt(inputs.api_key);

// Initialize Hyperbolic client with decrypted key
const hyperbolic = new HyperbolicClient({
  apiKey: apiKey  // Never leaves TEE!
});

// Submit inference to Hyperbolic GPU network
const response = await hyperbolic.chat.completions.create({
  model: inputs.model,
  messages: [{ role: "user", content: inputs.prompt }],
  max_tokens: inputs.max_tokens,
  temperature: inputs.temperature,
  replicas: 3  // 3 GPU nodes for consensus
});

// Process output and create attestation
const output = response.choices[0].message.content;
const outputHash = sha256(output);

// Sign with validator key (also inside TEE)
const attestation = {
  output_hash: outputHash,
  model: inputs.model,
  tokens_used: response.usage.total_tokens,
  consensus_score: response.metadata.consensus
};

// Wipe secrets from memory before returning
wipe_memory(apiKey);

return attestation;
// ═══════════════════════════════════════════
// 🔒 TEE BOUNDARY - OUTPUT IS SIGNED
// ═══════════════════════════════════════════

Output

{
  "output": "Risk Score: 45/100\n\nAnalysis:\n- Standard USDC transfer pattern\n- Recipient address has 2-year history\n- Gas limit appropriate for ERC20\n- Medium risk: large value transfer\n\nRecommendation: Monitor but allow",
  "output_hash": "0x5d8a9c2e7f1b4a6c9e3b7d2f5a8c1e4b7d0a6c9f2e5b8d1a4c7e0f3b6a9d2c5",
  "model": "meta-llama/Llama-3.3-70B-Instruct",
  "tokens_used": 127,
  "node_ids": [
    "node_a7f3",
    "node_b2e9",
    "node_c5d1"
  ],
  "consensus_score": 0.98
}

Verification

Attestation

{
  "action": "w3-io/actions/ai/hyperbolic@v1",
  "model": "meta-llama/Llama-3.3-70B-Instruct",
  "prompt_hash": "0x9c2f5a8d1e4b7a0c3e6f9b2d5a8c1e4f7b0d3a6c9f2e5b8d1a4c7f0b3e6a9d2",
  "output_hash": "0x5d8a9c2e7f1b4a6c9e3b7d2f5a8c1e4b7d0a6c9f2e5b8d1a4c7e0f3b6a9d2c5",
  "tokens_used": 127,
  "timestamp": 1730485532000,
  "hyperbolic_metadata": {
    "node_ids": [
      "node_a7f3",
      "node_b2e9",
      "node_c5d1"
    ],
    "consensus_score": 0.98,
    "execution_time_ms": 2340
  }
}

Verify Logic

// Verify AI inference
fn verify(attestation: Attestation) -> bool {
    // Strategy: Shadow execution
    // Re-run inference on different Hyperbolic nodes

    let shadow_response = hyperbolic_client.chat({
        model: attestation.model,
        prompt_hash: attestation.prompt_hash,
        temperature: 0.0,  // Deterministic
        replicas: 2
    });

    let shadow_hash = sha256(&shadow_response.output);

    // For LLMs: Exact match unlikely, check similarity
    let similarity = semantic_similarity(
        attestation.output_hash,
        shadow_hash
    );

    // High similarity = likely correct
    // (outputs will be similar but not identical)
    similarity > 0.85
        && attestation.consensus_score > 0.9
        && attestation.tokens_used < 1000
}

w3-io/actions/ethereum/contract-call

Call any view/pure function on any Ethereum contract at a specific block. Fully generic and reusable across all read operations.

Execution:🔒 TEE

Verification:Cryptographic

Validator configures their own Ethereum RPC endpoint. TEE proves correct code executed against their node, then block hash/state root are verifiable against consensus.

Action Definition

action.yml (Published in w3-io/actions repo)

name: Ethereum Contract Call
description: Read any contract function with TEE code attestation

inputs:
  contract:
    description: Contract address
    required: true
  function_signature:
    description: Function to call
    required: true
  parameters:
    description: Call parameters
    required: true
  block:
    description: Block number
    required: true

outputs:
  result:
    description: Call result
  block_hash:
    description: Block hash (verifiable)
  state_root:
    description: State root (verifiable)
  tee_quote:
    description: Intel SGX attestation

runs:
  using: tee
  platform: intel_sgx
  main: dist/index.js
  validator_config:
    - eth_rpc_url  # Each validator sets their own endpoint

Usage in Workflow

Workflow Step Declaration

- name: Example step
  uses: w3-io/actions/ethereum/contract-call@v1
  with:
    contract: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
    function_signature: "balanceOf(address)"
    parameters:
      - "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb2"
    block: 18500123

Execution

Execution Code

// Generic Ethereum contract call
const result = await eth.call({
  to: inputs.contract,
  data: encode(
    inputs.function_signature,
    inputs.parameters
  ),
  block: inputs.block
});

return {
  result: decode(result),
  block: inputs.block,
  contract: inputs.contract,
  function: inputs.function_signature
};

Output

{
  "result": "1250000000",
  "block": 18500123,
  "contract": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
  "function": "balanceOf(address)"
}

Verification

Attestation

{
  "block_hash": "0x4a8e71c9d5f2b3a7e8c1f4d6b9a2e5c8d1f4b7a3",
  "block_number": 18500123,
  "state_root": "0x7d3f2e8a1c4b5d6e9f0a3c7b2d5e8f1a4c7b0d3e",
  "call_result": "1250000000",
  "contract": "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48",
  "function_sig": "balanceOf(address)"
}

Verify Logic

// Re-execute call at claimed block
fn verify(attestation: Attestation) -> bool {
    let result = eth_client.call(
        attestation.contract,
        attestation.function_sig,
        attestation.parameters,
        attestation.block
    );

    result == attestation.claimed_result
        && block_finalized(attestation.block)
        && state_root_matches(attestation)
}

w3-io/actions/ethereum/contract-transaction

Execute any state-changing function on any Ethereum contract. Fully generic and reusable across all write operations. Private key sealed in TEE hardware - validator operator cannot access it.

Execution:🔒 TEE

Verification:Cryptographic

Private key must be sealed in TEE hardware. Signing happens in enclave memory - validator operator cannot exfiltrate the key even with root access.

Action Definition

action.yml (Published in w3-io/actions repo)

name: Ethereum Contract Transaction
description: Sign and send transactions with TEE key sealing

inputs:
  contract:
    description: Contract address
    required: true
  from:
    description: Sender address
    required: true
  function_signature:
    description: Function to execute
    required: true
  parameters:
    description: Call parameters
    required: true
  private_key:
    description: Private key (encrypted for TEE)
    required: true
    encrypted: true

outputs:
  tx_hash:
    description: Transaction hash
  block_number:
    description: Block inclusion
  tee_quote:
    description: Intel SGX attestation

runs:
  using: tee
  platform: intel_sgx
  main: dist/index.js
  secrets:
    - private_key

Usage in Workflow

Workflow Step Declaration

- name: Example step
  uses: w3-io/actions/ethereum/contract-transaction@v1
  with:
    contract: "0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48"
    from: "0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb2"
    function_signature: "transfer(address,uint256)"
    parameters:
      - "0x8f3a9e1d4b5c7a2f9e6d8c4b3a1f7e9d2c5b8a6f"
      - "1000000000"
    gas_limit: 100000
    private_key: "<encrypted>"

Execution

Execution Code

// Generic Ethereum transaction
const tx = await eth.sendTransaction({
  from: inputs.from,
  to: inputs.contract,
  data: encode(
    inputs.function_signature,
    inputs.parameters
  ),
  gasLimit: inputs.gas_limit
});

await tx.wait();  // Wait for confirmation

return {
  tx_hash: tx.hash,
  block_number: tx.blockNumber,
  status: receipt.status === 1 ? "success" : "failed"
};

Output

{
  "tx_hash": "0x9f2c4b7a3e5d1c8f6b4a9e2d7c5f8a1b3e6d9c2f",
  "block_number": 18500456,
  "status": "success"
}

Verification

Attestation

{
  "block_hash": "0x3c7e2f9a4d1b6e8c5f2a9d7b4e1c8f6a3b9e2d5c",
  "block_number": 18500456,
  "tx_hash": "0x9f2c4b7a3e5d1c8f6b4a9e2d7c5f8a1b3e6d9c2f",
  "tx_index": 42,
  "state_root": "0x8e1f3a6c9d2b5f7e4a1c8d6b3f9e2a5c7d4b1e8f",
  "receipt_status": 1,
  "function_sig": "transfer(address,uint256)"
}

Verify Logic

// Verify transaction execution
fn verify(attestation: Attestation) -> bool {
    let tx = eth_client.get_transaction(
        attestation.tx_hash
    );

    let receipt = eth_client.get_receipt(
        attestation.tx_hash
    );

    // Verify transaction matches claimed execution
    tx.block_number == attestation.block_number
        && tx.to == attestation.contract
        && receipt.status == attestation.receipt_status
        && block_finalized(attestation.block_number)
        && state_root_matches(attestation)
}

Smart Triggers

Authority