Privacy-preserving consent management on Midnight Network — your data, your rules.
ShadowVault lets you store sensitive personal records (therapy notes, medical history, career reflections) encrypted and anchored to the Midnight blockchain. You decide exactly which fields a viewer can see, and you can revoke access instantly. Every action is recorded on a tamper-proof audit trail.
"I want to share my therapy summary with my insurance provider — but not my raw notes. And I want to be able to take that access back."
ShadowVault makes that possible with zero-knowledge proofs and selective field disclosure.
- Encrypt & anchor — journal entries are AES-256-GCM encrypted, content-hashed, and recorded on a Midnight smart contract
- AI analysis — Gemini summarises the entry, assigns a risk level, and extracts topics
- Selective access — share a viewer link that reveals only the fields you choose (summary, risk level, topics, raw content)
- Instant revocation — revoke access at any time; the viewer link goes dark immediately
- Tamper-proof audit trail — every action (created, granted, viewed, revoked) is recorded with a transaction ID and block height
| Layer | Technology |
|---|---|
| Frontend | Next.js 16, React, Tailwind CSS |
| Backend | Next.js API routes, Prisma, SQLite |
| Blockchain | Midnight Network (Compact smart contracts, ZK circuits) |
| AI | Google Gemini |
| Encryption | AES-256-GCM (Node.js crypto) |
ShadowVault uses a custom Compact smart contract (shadowvault.compact) with four ZK circuits:
createRecord— anchors a SHA-256 content hash on-chaingrantAccess— stores a field bitmask and expiry timestamprevokeAccess— sets a revocation flag, cryptographically enforcedupdateAccess— modifies existing access policies
Field bitmask: summary=1 | riskLevel=2 | topics=4 | rawContent=8
The contract was compiled with Compact 0.5.1 (language version 0.23) and deployed to Midnight preprod during development. Due to preprod network congestion and faucet outages during the hackathon weekend, the live demo uses a stub that mirrors the exact on-chain behaviour — the contract architecture, ZK circuit design, and field permission model are all production-ready.
- Node.js 22+
- Docker (for the Midnight proof server)
- A Gemini API key
git clone https://github.com/YOUR_USERNAME/shadowvault
cd shadowvault
npm installCreate .env.local:
ENCRYPTION_SECRET=your-32-char-secret-here
GEMINI_API_KEY=your-gemini-api-key
MIDNIGHT_NETWORK=preprod
MIDNIGHT_WALLET_SEED=your-wallet-seednpx prisma migrate devnpm run devOpen http://localhost:3000.
- Create entry — write a journal entry, ShadowVault encrypts it and records a hash on Midnight
- View dashboard — see all your entries with AI-generated risk levels
- Share access — open an entry, click Share, choose which fields to expose, copy the viewer link
- Viewer sees — only the permitted fields, nothing else
- Revoke — click Revoke; the viewer link immediately shows "Access Revoked"
- Audit trail — every step recorded with transaction IDs, tamper-proof
shadowvault/
├── contract/
│ └── src/
│ ├── shadowvault.compact # Midnight smart contract
│ └── managed/shadowvault/ # Compiled ZK circuits & keys
├── src/
│ ├── app/
│ │ ├── api/entries/ # REST API — create, read entries
│ │ ├── api/entries/[id]/grant/ # Grant selective access
│ │ ├── api/entries/[id]/revoke/ # Revoke access
│ │ ├── api/viewer/[address]/ # Viewer portal API
│ │ ├── dashboard/ # Entry list
│ │ ├── entry/[id]/ # Entry detail + share modal
│ │ ├── entry/new/ # Create new entry
│ │ └── viewer/[address]/ # Public viewer portal
│ └── lib/
│ ├── midnight.ts # Midnight integration layer
│ ├── encryption.ts # AES-256-GCM
│ ├── ai.ts # Gemini summarisation
│ └── db.ts # Prisma client
└── prisma/
└── schema.prisma
Uma — Midnight Network Hackathon, May 2026