I built Grid Audit, a tool that reviews Midnight code and then lets you certify that review on-chain. The thought behind this was to help assist people with reviewing what code they have created. But then my original thought grew: how do you record on a public ledger that an audit happened, by an authorized auditor, over a specific report, without publishing the report and without exposing the auditor's key?

That turns out to be a general Midnight pattern, and this post walks through the small contract that does it.

The problem

You want a public, tamper-evident receipt that says "this exact thing was reviewed and signed off." But:

The report itself is private. It should never touch the chain.