Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From compact-core
This skill should be used when reviewing Compact smart contract code, TypeScript witness implementations, or test files for a Midnight project. Applies when a user asks to "review my Compact contract", "audit this smart contract", "check my Midnight code", or "run a code review checklist". Provides category-specific checklists covering privacy, security, cryptographic correctness, token economics, concurrency, compilation, performance, architecture, code quality, testing, and documentation, plus mechanical verification via /midnight-verify:verify.
npx claudepluginhub devrelaicom/midnight-expert --plugin compact-coreHow this skill is triggered — by the user, by Claude, or both
Slash command
/compact-core:compact-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill contains review checklists for 10 categories of Compact smart contract review. Each reference file provides a focused checklist for one review category.
references/architecture-review.mdreferences/code-quality-review.mdreferences/compilation-review.mdreferences/concurrency-review.mdreferences/documentation-review.mdreferences/performance-review.mdreferences/privacy-review.mdreferences/security-review.mdreferences/testing-review.mdreferences/token-security-review.mdHub skill for the midnight-verify plugin. Classifies claims by domain, routes to the appropriate domain skill, dispatches sub-agents based on the domain skill's routing, and synthesizes final verdicts. Loaded by the /midnight-verify:verify command — the main thread acts as orchestrator.
This skill should be used when the user asks about Compact circuit costs, ZK proof generation costs, gate counts, loop unrolling behavior, hash function cost tradeoffs (transientHash vs persistentHash), commitment function costs (transientCommit vs persistentCommit), pure circuit optimization benefits, vector operation costs (map/fold/slice unrolling), compiler optimization passes, runtime gas model (readTime, computeTime, bytesWritten, bytesDeleted), ledger state storage costs, privacy-cost tradeoffs, or how to write cost-efficient Compact smart contracts on Midnight.
Analyzes smart contract codebases per Trail of Bits best practices: generates documentation/specs, reviews architecture, upgradeability patterns, implementation quality, pitfalls, dependencies, testing. Provides actionable recommendations.
Share bugs, ideas, or general feedback.
This skill contains review checklists for 10 categories of Compact smart contract review. Each reference file provides a focused checklist for one review category.
The assigned review category determines which reference file to load. Load the reference file for your assigned category and apply every checklist item to the code under review.
| Category | Reference File | Focus |
|---|---|---|
| Privacy & Disclosure | references/privacy-review.md | disclose() usage, witness data leaks, Set vs MerkleTree, persistentHash vs persistentCommit, salt reuse, conditional disclosure |
| Security & Cryptographic Correctness | references/security-review.md | Access control, hash/commit usage, domain separation, nullifiers, commitments, Merkle paths, error leakage |
| Token & Economic Security | references/token-security-review.md | Double-spend, overflow, unsafe transfers, missing receiveShielded, authorization |
| Concurrency & Contention | references/concurrency-review.md | Read-then-write patterns, Counter ops, transaction conflicts |
| Compilation & Type Safety | references/compilation-review.md | Deprecated syntax, return types, disclosure errors, casts, generics |
| Performance & Circuit Efficiency | references/performance-review.md | Proof cost, ledger reads, MerkleTree depth, redundant computation, loops |
| Architecture, State Design & Composability | references/architecture-review.md | ADT selection, depth planning, visibility, modules, decomposition |
| Code Quality & Best Practices | references/code-quality-review.md | Naming, complexity, dead code, stdlib hallucinations, idioms |
| Testing Adequacy | references/testing-review.md | Edge cases, negative tests, private state testing, witness mocks |
| Documentation | references/documentation-review.md | Circuit docs, witness contracts, ledger semantics |
Every review MUST include running /midnight-verify:verify on the contract:
/midnight-verify:verify <contract.compact>
For contracts with TypeScript witness implementations:
/midnight-verify:verify <contract.compact> <witnesses.ts>
Verification results are authoritative for compilation correctness, type safety, witness consistency, and behavioral correctness. Include verification results alongside checklist findings in the review report.
Apply these severity levels consistently across all categories:
| Level | Criteria | Examples |
|---|---|---|
| Critical | Will cause loss of funds, data breach, or contract exploitation | Missing access control on mint, private key leaked to ledger, double-spend vulnerability |
| High | Security vulnerability or privacy leak exploitable under certain conditions | Unnecessary disclose() on sensitive data, missing overflow check on token amounts |
| Medium | Correctness issue, compilation problem, or significant performance concern | Wrong type cast that will fail at runtime, MerkleTree depth 32 when 10 suffices |
| Low | Code quality, style, or minor best practice deviation | Inconsistent naming, unused import, missing sealed modifier |
| Suggestion | Enhancement opportunity, not a problem | Could use pure circuit modifier for better reuse, consider adding assertion message |
For each finding, use this format:
- **[Issue title]** (`file:line`)
- **Problem:** Clear description of what is wrong
- **Impact:** Why this matters (security, privacy, correctness, performance)
- **Fix:** Suggested fix with code example when applicable
Group findings by severity within your category: Critical → High → Medium → Low → Suggestions. End with a Positive Highlights section noting what was done well.