Testnet v0.15: Ready for a Secure, Smooth, and Crosschain Private Wallet
.jpg)
Miden testnet has been upgraded to v0.15. Like previous releases it carries breaking changes, and this cycle advances Miden on two fronts at once. At the protocol level, accounts can now move assets across chains and stay recoverable through Guardian, all on top of private-by-default accounts. And the Miden Wallet, the first place most people will meet those capabilities, keeps getting more accessible and easier to use, ready for everyone.
v0.15 also introduces native swaps at the protocol level with PSWAP notes. They'll be integrated into the wallet shortly, giving users an efficient way to swap tokens and developers a new building block for their applications.
There's plenty under the hood too: an improved end-to-end Rust debugger, FPI in the Rust compiler, and a node restructured for distributed operation, all covered below. But if you take one thing from v0.15: this is the release where a private Miden account becomes something a normal person can actually use and trust.
Let's jump into it. If you'd rather check the migration guide first, it's now in the docs at https://docs.miden.xyz/builder/migration/.

Miden Wallet, for everyone
The wallet is where a lot of that work shows up. To get it ready for more people than ever, the everyday paths β sending, receiving, swapping β are now much smoother.
Wherever it runs, the wallet stays self-custodial: signing happens client-side, keys are held in the device's secure store, and they never leave it.
A few of the improvements worth calling out:
- Local proving runs faster in the extension, on the wallet's own thread pool, so a send or consume proves in a few seconds. We support delegated proving for the best UX, but improving client-side performance is our North Star.
- The entire UI now renders correctly in dark mode, end to end. It sounds like a detail, but it matters to a lot of users, even internally at Miden π
- Connecting to dApps, importing notes, and recovering from a slow node are all far more reliable, with fewer spurious "can't reach the node" banners and no more modals stuck between sends.
- New accounts default to ECDSA signatures, the most widely used scheme (existing accounts are untouched and keep working exactly as before), while Falcon, the post-quantum option, remains fully supported as the original signature scheme on Miden.
Crosschain capacity
Assets, and the people you transact with, are spread across many chains, and reaching them shouldn't cost users their privacy. v0.15 brings crosschain movement to Miden at the protocol level: assets can move between Miden, where activity stays private, and the chains users already use.
The plumbing is the Agglayer bridge, and v0.15 finalizes it on the protocol side so it is functional on Miden testnet: native-asset lock and unlock paths, a faucet registry for crosschain asset conversion, and bridge-out validation. We're building this together with our partners at Gateway, and you can watch live bridge activity on their Agglayer dashboard. The Miden Wallet is being built to bring this to users directly, so crosschain transfers happen in one place while activity stays private.

Native swaps with PSWAP notes
Miden now has a native way to handle peer-to-peer trading at scale: v0.15 introduces PSWAP notes, a partial-fill swap note standardized in the protocol.
A PSWAP note is a standing swap order: it offers one fungible asset and requests another, and any counterparty can fill it, in full or in part. On a partial fill, the creator receives a payback note (private by default) for the portion that traded, and the unfilled remainder is automatically re-created as a fresh PSWAP note, ready for the next taker. The order never sits with a third party, and the whole exchange settles onchain.
On their own, PSWAP notes let two parties trade directly. Together, they're the building block for something bigger: a native, onchain order book for Miden that aggregates prices across multiple sources, essentially a native DEX protocol! That's coming to the Miden Wallet and the whole Miden ecosystem as a user-facing feature, with more to share in future articles as it lands.
Guardian: security you don't have to think about
Self-custody is powerful, but it's unforgiving: lose a device or mistype a transfer and there's no safety net. Guardian changes that.
Guardian is a backup, synchronization, and coordination layer for private accounts. It keeps accounts recoverable and protected while owners stay fully in control of their funds, and Guardian never takes custody. Under the hood it manages account state and its deltas, runs a proposal-based workflow for account changes, and plugs into Miden's multisig model, so an account can be protected by a policy instead of a single fragile key.
Concretely, Guardian acts as one signer in an account's multisig. A typical setup is 2-of-3: an everyday hot key, an offline cold key for recovery, and Guardian's policy key. Day-to-day transactions are signed by the hot key together with Guardian, while the cold key lets users recover the account or rotate away from Guardian at any time. Guardian on its own can never move funds, and it never holds any spending keys.
Integrating Guardian is straightforward: an application picks the Guardian that supports the recovery process, then coordinates with the Guardian service through the Guardian SDK (also known as the multisig SDK) to co-sign transactions and keep account state in sync. The Miden Wallet uses exactly this to offer recovery out of the box, so a wallet account is safe by default: protection and recovery without giving up control. For the person using it, that's a private account that's harder to lose, harder to get wrong, and still entirely theirs.
To go deeper on how Guardian enables security and compliance while preserving privacy from other users, read What is Miden Guardian.

Under the hood
v0.15 is also a substantial protocol and tooling release. Here are the highlights for builders.
Improved end-to-end Rust debugger
You can now debug Miden transaction scripts with an actual debugger. The client ships DAP (Debug Adapter Protocol) support: miden-client exec --start-debug-adapter compiles your source and speaks DAP, so a standard debug client can step through execution and resolve source locations. There's also an offline bootstrap mode for node-less debugging. Print-based debugging is no longer your only option.
FPI in the Rust compiler
Foreign procedure invocation (FPI), calling a procedure on another account, is now supported by the Rust compiler. That means you can build a complete, multi-part Miden app in Rust alone, without ever writing MASM, Miden's lower-level stack-based language. Rust contracts can call into other accounts directly, so cross-account logic is available without leaving Rust.
A node restructured for distribution
v0.15 reworks how the node is packaged, bootstrapped, and run, so its components can be operated independently. That's the groundwork for a network run by many operators. gRPC connections now support TLS as well.
Reliability and ergonomics
A couple more things builders will appreciate:
- Private notes are persisted to a durable outbox before they're relayed, and retried on every sync, so a transient network failure can no longer silently drop a note.
- Typed roots and errors throughout the client, for safer, more predictable integration code.
Upgrading to v0.15
v0.15 is a breaking release: 0.14 accounts, notes, proofs, and stores do not carry over, so plan on a fresh start against the 0.15 testnet.
Version bumps at a glance:
The minimum Rust toolchain for miden-client is now 1.93, so run rustup update before building.
The biggest things to know:
- Account storage mode is now simply
publicorprivate: the separate network-account flag is gone, and whether an account is a faucet is determined by its code instead of its ID (account IDs are renumbered, and version 0 is invalid). - Note identity is split: the old
NoteIdbecomes a details-commitment, and the newNoteIdalso commits to metadata; notes can carry multiple attachments, andNoteTypeis encoded more compactly. - Fungible faucets are unified:
BasicFungibleFaucetandNetworkFungibleFaucetmerge into a singleFungibleFaucetbuilt withFungibleFaucet::builder(), and amounts are wrapped in a validatedAssetAmount. - MASM and the VM change: procedures are renamed (
build_recipient_hashβcompute_recipient, and friends), assembler resolution is stricter, and the MAST wire format is new, so re-assemble all.masl/.maspartifacts from source. - The client API is cleaned up:
get_account_proofbecomesget_account(...),check_nullifiersbecomessync_nullifiers, and note imports return details-commitments.
The full, step-by-step migration guide walks through every change, see the migration guide.
What you should do next
- Miden Wallet brings private accounts, crosschain, swaps, and recovery together in one place. More to share on it soon π
- See crosschain in action. Watch live bridge activity on the Agglayer dashboard and explore the bridge paths on testnet.
- Read up on Guardian: What is Miden Guardian, how it enables security, compliance, and recovery while keeping you private from other users.
- Builders: bump to the 0.15 crates, re-assemble your artifacts, and resync against the 0.15 testnet. Try PSWAP notes and the new Rust debugger. The migration guide walks through every change.
- Explore the docs at docs.miden.xyz and build.

.jpg)
.jpg)