The more I play around with Midnight's devnet, the less I buy the "developer-friendly ZK" hype at face value.
Don't get me wrong — Compact is slick. TypeScript vibes, simplified syntax, clear private/public splits right in the code. I spun up a quick shielded transfer test locally last night, compiled it, hit the devnet with tDUST from the faucet, and watched proofs generate in my Docker worker without wanting to throw my laptop. For someone who's bounced off Circom or Halo2 docs in the past, this feels like cheating in the best way. No more drowning in rank-1 constraints just to hide a balance.
But here's where my gut tightens.
When you make zero-knowledge this approachable, you invite a flood of builders who treat it like regular web3 dev — ship fast, iterate later. Except in ZK, "later" can mean a circuit that leaks more than intended, or a proof that verifies but doesn't actually enforce what you thought. Compact hides a ton under the hood (circuit gen, proof compression), and while that's the point, it also means most devs won't grok the full translation from their .m compact file to the actual ZK enforcement.
I keep thinking: what happens when a DeFi app using selective disclosure for credit scores goes live, and an edge case slips through because the dev trusted the abstraction too much? The tx looks valid, the proof checks out, users interact — until someone audits deeper and finds the privacy wasn't as programmable as advertised. In normal contracts, you patch and move on. In privacy chains, a flaw can retroactively expose data or break compliance assumptions.
Midnight's betting big on "rational privacy" — prove what matters, hide the rest — but rational for who? The end user? The regulator scanning for explainability? Or the dev who just wants to ship without a PhD?
The local proof gen and VS Code extension are genius for keeping sensitive stuff off external servers during testing. But ease breeds speed, speed breeds bugs, and ZK bugs aren't loud — they whisper until they're catastrophic.
I want this to work. Badly. Privacy that doesn't suck to build is crypto's missing piece. But I'm not convinced "easier" equals "safer" here. It might just mean more confident mistakes from people who never had to wrestle the math.
The real proof won't be in the devnet demos. It'll be in the first few real apps that either nail controlled disclosure... or quietly become the reason regulators clamp down harder on ZK in regulated sectors.
Until then, I'm watching Compact closely — excited, but with one eye on the hidden sharp edges.
What do you think — is making ZK feel like TS a net win, or are we just papering over the complexity that keeps bad actors out?