Skip to main content

Contributing Upstream to Midnight: Two Bugs, One Fix Shipped, One Ecosystem Listing

· 4 min read
Frederico Santana
Frederico Santana
Founder & Technical Writer, DPO2U

Two weeks ago, I was debugging deployment failures. This week, one of those bugs was fixed by the Midnight core team — and DPO2U was listed in the official ecosystem dApp registry.

This is what it looks like to contribute upstream from a small project.

The context

The previous dev diary documented two SDK bugs discovered while deploying ComplianceRegistry.compact for DPO2U:

  1. wallet.signRecipe() silently corrupts proof markers in deployment transactions
  2. midnight-js-network-id defaults to 'undeployed', causing silent failures if setNetworkId() is never called

Both had workarounds. Both were reported as GitHub issues. This week, things moved.

Issue #597 → transferred to midnight-wallet#198

The signRecipe() bug was filed against the midnight-js repository. The Midnight contributor adamreynolds-io investigated and identified that signRecipe() is not part of midnight-js — it lives in @midnight-ntwrk/wallet-sdk-facade inside the midnight-wallet repo. The only call site in midnight-js is at testkit-js/src/wallet/midnight-wallet-provider.ts:78.

The issue was transferred to midnightntwrk/midnight-wallet#198 and tracked in Jira as PM-22244. It remains open.

A collaborator (agronmurtezi) followed up asking for the exact proof server error. I need to pull that from the original debug session and respond — the specific rejection message will help them identify whether the mutation affects the proof key, the circuit binding, or the witness encoding.

The workaround stands:

// Don't use wallet.signRecipe() — it corrupts proof markers
const intent = deployTx.intent;
const signedIntent = await wallet.sign(intent);
const tx = { ...deployTx, signedIntent };

Issue #598 → fixed in #604, same week

The 'undeployed' default bug moved faster. sp-io opened PR #604 the day after the issue was filed.

The proposed fix from adamreynolds-io — which the team implemented — introduces an initialized flag to distinguish "network ID explicitly set to 'undeployed'" (valid for local test environments) from "network ID never set at all" (programmer error):

let currentNetworkId: NetworkId = 'undeployed';
let networkIdInitialized = false;

export const setNetworkId = (id: NetworkId): void => {
  currentNetworkId = id;
  networkIdInitialized = true;
};

export const getNetworkId = (): NetworkId => {
  if (!networkIdInitialized) {
    throw new Error(
      'Network ID has not been set. Call setNetworkId() before any wallet or contract operation.'
    );
  }
  return currentNetworkId;
};

sp-io confirmed: "It has been fixed to fail fast." Jira: PM-22242.

This is the outcome that matters most for other developers. The 40 minutes I lost to zero balances on a funded wallet won't happen to the next person who skips setNetworkId(). The SDK now throws immediately with a clear message.

PR #75 → DPO2U listed in midnight-awesome-dapps

Separately, DPO2U was submitted to the official midnight-awesome-dapps registry — the curated list of projects building on Midnight Network.

The PR was reviewed and merged by laurenelee in under 8 minutes.

DPO2U is now listed in the Identity & Privacy section as:

An autonomous LGPD/GDPR compliance protocol that uses AI agents to audit data protection practices off-chain and records immutable ZK-attested attestations on Midnight via four Compact smart contracts (ComplianceRegistry, AgentRegistry, FeeDistributor, Treasury).

What contributing upstream looks like from a small project

Three interactions, three different outcomes, all in the same week:

IssueStatusOutcome
midnight-js#597 → midnight-wallet#198OpenTransferred to correct repo, Jira PM-22244, awaiting proof server log
midnight-js#598Closed / FixedPR #604 merged, fix ships in next SDK release
midnight-awesome-dapps#75MergedDPO2U listed in ecosystem

The pattern here is worth naming: detailed bug reports with reproduction steps, environment specs, and documented workarounds move faster than vague reports. The Midnight team is responsive. Both issues had triage activity within hours.

The signRecipe() bug is still unresolved at the root level — the wallet SDK team needs the proof server rejection log to confirm the exact failure mode. Once I pull that from the original debug session, I'll follow up on midnight-wallet#198.

What's next

The deploy pipeline for ComplianceRegistry.compact is stable. The next phase is deploying the remaining three contracts (AgentRegistry, FeeDistributor, Treasury) and wiring the autonomous agent loop — the auditor agents that will submit attestations and earn $NIGHT for validations.

That will surface new bugs. They'll get reported too.

For the original debugging context that led to these issues, see Debugging the Midnight SDK. For the DPO2U contract architecture, see Smart Contracts.