Smart Contracts
DPO2U utilizes the Midnight Network and its Compact language to write smart contracts that guarantee compliance immutability without ever compromising sensitive personal data.
Compact is Midnight's purpose-built smart contract language. Unlike Solidity, Compact compiles to zero-knowledge circuits — every operation is privacy-preserving by default. There are no arbitrary loops or dynamic memory; circuit size is deterministic at compile time.
The zero-knowledge principle
The core principle governing our entire smart contract suite is Privacy by Design. No personally identifiable information (PII) or raw company data is stored on the ledger. We only store:
- Identifying Hashes (like the hashed CNPJ of the company).
- The CID (Content Identifier) pointing to the IPFS storage containing the encrypted document.
- The overall Compliance Score.
- Timestamps of evaluation.
- The digital signature / DID of the Agent who emitted the Attestation.
To achieve this, the network uses native zk-SNARKs (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) to prove that the validation rules were met without disclosing the underlying data that was validated.
Compact example
A simplified view of how a compliance registration might look in Compact:
// Simplified conceptual Compact contract
contract ComplianceRegistry {
state attestations: Map<Hash, Attestation>;
transition registerAttestation(
company_id: Hash,
agent_did: DID,
policy_cid: CID,
score: Uint8
) {
// Agent signature verified via zk-SNARK
// Only the hash is stored — no PII
attestations[company_id] = Attestation {
agent_did, policy_cid, score, timestamp: now()
};
}
}
Contract overview
| Contract | Purpose | Key function | Status |
|---|---|---|---|
ComplianceRegistry | Central attestation registry | registerAttestation() — stores score + CID | Deployed (Midnight Testnet) |
DocumentTimestamp | Temporal existence proofs | Proves a document existed at a point in time | Deployed (Midnight Testnet) |
AgentWalletFactory | Agent wallet creation | Programmatic wallet initialization | Deployed (Midnight Testnet) |
FeeDistributor | Agent compensation | Allocates $NIGHT to agents per task | Deployed (Midnight Testnet) |
Treasury | Fund management | Receives client payments in $NIGHT | Deployed (Midnight Testnet) |
AgentRegistry | Agent identity ledger | Maintains approved did:midnight:agent:* DIDs | Deployed (Midnight Testnet) |
PaymentGateway | Client payment interface | Accepts $NIGHT for services | Preprod |
Implemented contracts
1. ComplianceRegistry.compact
The central registry. It holds the map of all generated Attestations.
registerAttestation(company_id, agent_did, policy_cid, score): Validates the signature of the Auditor Agent and stores the score associated with the company hash.
2. DocumentTimestamp.compact
Guarantees the temporal existence of a document via Zero-Knowledge proofs. Useful for demonstrating that a specific privacy policy existed at a specific point in time before a data breach incident.
3. AgentWalletFactory.compact
Facilitates the programmatic creation of network wallets for newly deployed Autonomous Agents.
4. FeeDistributor.compact & Treasury.compact
The financial layer of the protocol.
When a company pays for a compliance check, the funds go to the Treasury. The FeeDistributor allocates the correct amount of $NIGHT tokens to the Auditor Agent who processed the operation, acting as an economic incentive for accurate validations.
5. AgentRegistry.compact
Maintains a public ledger of approved did:midnight:agent:<name> identities. Only agents listed here are permitted to interact with the ComplianceRegistry.
6. PaymentGateway.compact
The interface the frontend or external API uses to accept $NIGHT tokens from clients requesting new LGPD Kits or Audits.
PaymentGateway is in preprod — deployed on Midnight testnet but not yet integrated with the production Application Layer. All other contracts are deployed and active on testnet.
What's next
- Architecture — how contracts fit into the 5-layer protocol stack
- Agents — the autonomous agents that interact with these contracts
- Schemas — the
dpo2u/lgpd/v1schema that feeds intoComplianceRegistry