Execution Platform

Verifiable off-chain computation with hardware-grade security for NEAR smart contracts and HTTPS applications

Core Platform

What's Under
the Hood

Ship verifiable apps without building cryptographic infrastructure

Intel TDX Attestation

Every execution produces a hardware-signed attestation report. Cryptographic proof that your code ran with your inputs — inside CPU-encrypted memory that even the server operator can't access.

Confidential Key Derivation

Derive encryption keys via NEAR MPC Network — 27 validators, threshold BLS12-381. No single node ever sees the full secret. The same infrastructure securing NEAR Intents and billions in cross-chain assets.

User Secrets in TEE

Store API keys, private keys, and sensitive data inside hardware-encrypted TEE memory. Access control via NEAR balance, NFT ownership, or whitelist. Secrets persist across code upgrades — plaintext never leaves the enclave.

Blockchain + HTTPS

Call from NEAR smart contracts via yield/resume or from any app via HTTPS API. Same security, same attestation. No wallet popups required for web apps.

Built-in Monetization

OutLayer payment keys let you charge microtransactions per call — agents pay, do the work, get change back. Sell subscriptions or per-use access. No Stripe, no payment processor.

AI-Friendly by Design

Vibe-code blockchain apps with AI. Your copilot generates business logic in plain Rust — OutLayer abstracts TEE attestation, MPC cryptography, and key management automatically.

Trust Model

Two Layers of
Unbreakable Security

To compromise OutLayer, an attacker must break both

Layer 1

Intel TDX

Hardware-enforced Trusted Execution Environment. Code runs inside CPU-encrypted memory. The server operator, the OS, and even physical access cannot extract secrets or tamper with execution.

  • CPU-level memory encryption
  • Remote attestation reports
  • Tamper-evident execution
  • Secrets never touch host OS
+
Layer 2

NEAR MPC Network

27 independent validators running threshold BLS cryptography (20-of-27). Key derivation is distributed — no single node ever sees the complete secret. The same network securing NEAR Intents and billions in cross-chain transactions.

  • 27 validators, ~20-of-27 threshold
  • BLS12-381 pairing-based cryptography
  • Deterministic yet distributed secrets
  • All operations auditable on-chain

The result: to steal a user's secret, an attacker must simultaneously break Intel TDX hardware isolation and compromise 20+ independent MPC validator nodes operated by competing organizations. This is the same security model protecting billions in assets through NEAR Intents today.

Architecture

How It Works

From request to verifiable result in seconds

01

Request Execution

Your smart contract or HTTPS app calls OutLayer with a GitHub repo + commit hash or an immutable WASM binary. Attach payment in stablecoins.

02

Secrets Injection

The TEE Keystore validates access conditions, then derives decryption keys via CKD (NEAR MPC Network). User secrets are decrypted and injected as env vars — plaintext never leaves the enclave.

03

TEE Execution

Workers compile your Rust code to WASM, then execute it inside Intel TDX hardware. Process fully isolated — no filesystem, no network access, instruction-metered.

04

Verified Result

Results return to your contract (or HTTPS response) with a hardware attestation report. Anyone can cryptographically verify the exact code that produced the output.

For Smart Contracts

Offchain Verifiable Extension
for Smart Contracts

NEAR smart contracts can call OutLayer via the native yield/resume mechanism. Your contract pauses, heavy computation runs off-chain in TEE, and results return directly to L1 — no bridge, no L2, no separate consensus.

Break free from gas limits. Run ML models, fetch external APIs, generate ZK proofs, or process megabytes of data — all with cryptographic proof that the result is correct.

contract.rs 
// Call OutLayer from NEAR contract
#[near_bindgen]
impl Contract {
  pub fn run_offchain(&mut self) {
    outlayer::request_execution(
      "github.com/you/app",
      "abc123",
      json!({ "action": "analyze" }),
      "on_result",
    );
  }

  // TEE-attested result arrives here
  pub fn on_result(
    &mut self,
    result: ExecutionResult
  ) { /* ... */ }
}
Monetization

Off-Chain Compute,
On-Chain Payments

Users attach stablecoins to every call — on-chain or via HTTPS payment keys. Your code receives the deposit, does the work, and refunds the change automatically.

Easy version management and secret rotation. Update code via git push, rotate API keys in the TEE keystore — no redeployment, no downtime.

ai_service.rs 
fn main() {
    // Stablecoin deposit attached by caller
    let deposit: u128 = env::var("ATTACHED_USD")
        .unwrap().parse().unwrap();

    // API key from TEE-encrypted secrets
    let api_key = env::var("OPENAI_API_KEY")
        .unwrap();

    // Call the AI model
    let prompt = env::var("USER_PROMPT").unwrap();
    let (result, cost) = call_openai(&api_key, &prompt);

    // Refund unused deposit via SDK
    near::payment::api::refund_usd(
        (deposit - cost) as u64
    );

    print!("{}", json!({ "result": result }));
}
Why OutLayer

Not Another L2

A fundamentally different approach to off-chain computation

Others

  • L2s require separate consensus & bridging
  • Oracles only fetch data, can't run your code
  • Cloud functions: "trust us" — no proof
  • Separate payment infrastructure needed
  • Secrets require external KMS + custom setup
  • Hard for AI agents to build on

OutLayer

  • No new chain. Results return to NEAR L1
  • Execute any user code, not just data fetching
  • Intel TDX + NEAR MPC hardware proof
  • Built-in stablecoin monetization
  • TEE vault + CKD key derivation out of the box
  • Standard WASI — AI agents generate code easily

Start Shipping
Verifiable Apps

OutLayer is open source, live on mainnet, and ready for your next project.

Read the Docs Try Playground