[CONTRACT-01] Soroban Contract Test Suite: Identity, Reputation & Document Registry

[mftee]

Overview

The contracts/ workspace contains five fully written Soroban smart contracts but zero Rust unit tests. The contracts handle identity mapping, reputation scoring, and document hashes — all of which are critical trust infrastructure. Without tests, changes to the contracts carry high regression risk. This issue adds comprehensive unit test suites for three contracts. The companion issue for Shipment and Escrow tests is [CONTRACT-02].

Technical Details

Environment

• Workspace root: contracts/
• Run tests: cargo test from contracts/
• Each contract crate already has a [dev-dependencies] section in its Cargo.toml — add soroban-sdk = { version = "22.0.0", features = ["testutils"] } if not already present
• Use soroban_sdk::Env::default() and contract_client::Client::new(&env, &contract_id) pattern

1. Identity Contract Tests (contracts/identity/src/test.rs)

The identity contract stores wallet_address → sha256(user_id) mappings.

Write tests for:

#[test] fn test_register_new_identity()
// Register a wallet, then get_user_id — should return the hash

#[test] fn test_register_duplicate_wallet_fails()
// Registering the same wallet twice should panic with AlreadyRegistered error

#[test] fn test_get_unregistered_wallet_returns_none()
// get_user_id for an unknown wallet should return None (or error per contract spec)

#[test] fn test_revoke_identity_by_admin()
// Admin revokes a registration; subsequent get_user_id returns None

#[test] fn test_revoke_by_non_admin_fails()
// Revoking as a non-admin wallet should panic with Unauthorized

#[test] fn test_is_registered_returns_correct_bool()
// is_registered returns true for a registered wallet and false for unregistered

2. Reputation Contract Tests (contracts/reputation/src/test.rs)

The reputation contract stores 1-5 star ratings and on-time booleans, and computes a composite score (0–1000).

Write tests for:

#[test] fn test_record_single_rating()
// Record one rating; get_stats should return count=1, correct totals

#[test] fn test_record_multiple_ratings_aggregates_correctly()
// Record 5 ratings (mix of star values + on_time); verify average and on_time_rate

#[test] fn test_composite_score_formula()
// Record known ratings and verify the composite score matches the expected formula

#[test] fn test_star_rating_out_of_range_fails()
// Recording a rating of 0 or 6 should panic with InvalidRating error

#[test] fn test_get_score_for_unrated_carrier()
// get_score for a wallet that has never been rated should return 0 or a specific default

#[test] fn test_cannot_rate_same_shipment_twice()
// Submitting the same shipment_id twice for the same ratee should panic

3. Document Registry Contract Tests (contracts/document/src/test.rs)

The document contract stores SHA-256 hashes + IPFS CIDs with optional admin verification.

Write tests for:

#[test] fn test_register_document_hash()
// Register a document; get_document returns the correct hash and CID

#[test] fn test_register_duplicate_hash_fails()
// Registering the same hash twice for the same owner should panic

#[test] fn test_verify_integrity_correct_hash()
// verify_integrity with the correct hash returns true

#[test] fn test_verify_integrity_wrong_hash()
// verify_integrity with a tampered hash returns false

#[test] fn test_admin_verify_document()
// Admin calls verify_document; document.is_verified becomes true

#[test] fn test_non_admin_cannot_verify()
// Non-admin calling verify_document should panic with Unauthorized

#[test] fn test_revoke_document()
// Revoking a document sets is_revoked = true; subsequent verify_integrity fails

Acceptance Criteria

• cargo test in contracts/ runs all tests without warnings or errors
• All 6 Identity tests pass (including the error-case tests)
• All 6 Reputation tests pass (including rating range validation)
• All 7 Document Registry tests pass (including integrity check tests)
• Each test file is self-contained — no test depends on state from another test
• Test file names follow Rust convention: #[cfg(test)] mod tests { ... } inside src/test.rs
• CI pipeline (.github/workflows/) includes a step to run cargo test in the contracts workspace

[Johnbliss60]

I have experience writing Rust and working with Soroban smart contracts, including test setups using soroban_sdk::Env::default() and generated client bindings. I’ve reviewed the identity, reputation, and document contracts and understand the trust-critical paths that need coverage wallet-to-user_id mapping, duplicate/edge-case rejection, admin-gated actions, composite score calculation, and hash integrity verification.

My approach: implement the 19 specified tests in src/test.rs for each contract (identity, reputation, document), following the existing #[cfg(test)] mod tests convention, ensuring each test is self-contained with no shared state. I’ll also add the cargo test step to the CI workflow if it’s missing. I can submit a working PR within 1-2 days.

[CHKM001]

@CHKM001 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Code girls
Please let me get this one from you, I have been trying to do something from your repo since last wave😭
I am a smart contact dev so this is my site literally
Thankssss

ℹ️ Repo Maintainers: To accept this application, review their application or assign @CHKM001 to this issue.

[sketcherzee]

@sketcherzee has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

can i work on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @sketcherzee to this issue.

[drips-wave]

Congratulations, @sketcherzee! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @sketcherzee: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[grantfox-oss]

🦊 GrantFox — @sketcherzee has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #1010)
2. Your PR will be reviewed by the CodeGirlsInc maintainers

Good luck! Track your progress on GrantFox.

[Johnbliss60]

PR submitted: #1075

Added cargo test coverage for all three contracts (Identity: 6 tests, Reputation: 15 tests, Document: 13 tests), moved into dedicated src/test.rs files per the convention requested. Also added the revoke_document function and duplicate-hash rejection to the document contract, since the acceptance criteria needed them but they didn’t exist yet. All 53 tests pass in cargo test for the contracts/ workspace.