Add reputation test coverage to profile contract

[Michaelkingsdev]

Part of the test-coverage push (#25). This adds the reputation tests for the profile contract that #29 asks for.

What's here

tests/reputation.rs covering all three functions in the reputation module, built on the existing common.rs harness and following the admin.rs template:

• bump — happy path, accumulation across calls, u32::MAX delta widening into u64 without overflow, zero-delta no-op, not-configured / paused / profile-not-found reverts, idempotent replay, and a no-auth rejection.
• slash — happy path, saturating floor at zero, zero-delta no-op, the same revert set, idempotent replay, and a no-auth rejection.
• admin_slash — happy path, saturating floor at zero, empty-reason revert, paused / profile-not-found reverts, idempotent replay, and a non-admin rejection.

No production code changed — tests plus their snapshots only.

Tests

cargo test -p boundless-profile → 24 new reputation tests pass (13 existing admin tests filtered out below):

running 24 tests
test result: ok. 24 passed; 0 failed; 0 ignored; 0 measured; 13 filtered out; finished in 0.51s

cargo test --all → green across the workspace (76 events + 37 profile, 0 failed).

Proof

Note on snapshots

This PR intentionally only includes the new test_snapshots/tests/reputation/ files. Re-running the suite locally also rewrites a pile of unrelated events/profile snapshots (random wasm-hash/address bytes shift between machines on the same pinned SDK), but that drift isn't part of this change so I left it out.

Closes #29

Summary by CodeRabbit

• Tests
  • Added comprehensive test suite for reputation operations including increment, decrement, and admin actions with full scenario coverage.
  • Included validation tests for authorization, pause states, profile verification, idempotency, and edge cases.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a reputation test submodule to the profile contract test suite, implementing 420 lines of Rust tests for bump_reputation, slash_reputation, and admin_slash_reputation. Each test scenario is backed by a deterministic JSON ledger-state snapshot (24 total) capturing expected OpSeen markers, persistent Profile state, and contract instance storage.

Changes

Reputation Test Suite

Layer / File(s)	Summary
Test module registration and shared helpers contracts/profile/src/tests/mod.rs, contracts/profile/src/tests/reputation.rs	Registers the reputation submodule and adds test helpers: random idempotency-key generation, bump/slash symbol construction, current-reputation reader, and setup_with_user bootstrapper that wires the mock events contract.
bump_reputation tests and snapshots contracts/profile/src/tests/reputation.rs, contracts/profile/test_snapshots/tests/reputation/bump_*.json	Tests happy-path increment, accumulation across calls, max-u32 no-overflow, zero-delta no-op (still marks OpSeen), missing events-contract config, paused-state, profile-not-found, idempotency replay (Error::OpAlreadySeen), and auth-rejection. Each case is verified against a deterministic JSON snapshot.
slash_reputation tests and snapshots contracts/profile/src/tests/reputation.rs, contracts/profile/test_snapshots/tests/reputation/slash_*.json	Tests happy-path decrement, saturation at zero, zero-delta no-op, missing events-contract config, paused-state, profile-not-found, idempotency replay, and auth-rejection, each with a matching JSON ledger snapshot.
admin_slash_reputation tests and snapshots contracts/profile/src/tests/reputation.rs, contracts/profile/test_snapshots/tests/reputation/admin_slash_*.json	Tests admin-gated happy-path decrement, saturation at zero, empty-reason rejection (Error::ReasonRequired), paused-state, profile-not-found (no events contract required), idempotency replay, and non-admin-caller rejection, each with a matching JSON ledger snapshot.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐇 Hop, hop, I test with glee,
Bumping reputation one, two, three!
Slash to zero? Saturate!
Replay? Sorry, already seen that fate.
Admin slashes need a reason string,
Empty reasons? Not happening!
My snapshots prove each ledger thing. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding comprehensive reputation test coverage to the profile contract, which is the primary focus of this PR.
Linked Issues check	✅ Passed	The PR fulfills all acceptance criteria from issue #29: new tests/reputation.rs covering bump/slash/admin_slash functions, comprehensive test coverage for happy paths/error variants/edge cases/auth-rejection/idempotency, and cargo test passes with all tests green.
Out of Scope Changes check	✅ Passed	All changes are in-scope: only test code in tests/reputation.rs and corresponding snapshot files were added; no production code modifications and no unrelated snapshot rewrites.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@contracts/profile/src/tests/reputation.rs`:
- Around line 181-191: In the function
bump_rejects_caller_without_events_contract_auth, replace the generic error
check assertion res.is_err() with a specific assertion that verifies the error
is the expected authorization failure variant (likely Error::Unauthorized or
Error::NotAdmin depending on what guard should trigger the failure). Apply the
same fix to the other two authorization rejection tests that use similar
patterns, ensuring each test verifies the specific error variant returned rather
than just confirming that some error occurred, which prevents false positives
from unrelated failures masking the test intent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f14cc28c-2b4a-437e-86c5-174181211289

📥 Commits

Reviewing files that changed from the base of the PR and between d3a32bd and 6e20778.

📒 Files selected for processing (26)

• contracts/profile/src/tests/mod.rs
• contracts/profile/src/tests/reputation.rs
• contracts/profile/test_snapshots/tests/reputation/admin_slash_happy_path_decrements_reputation.1.json
• contracts/profile/test_snapshots/tests/reputation/admin_slash_is_idempotent_on_replay.1.json
• contracts/profile/test_snapshots/tests/reputation/admin_slash_rejects_non_admin_caller.1.json
• contracts/profile/test_snapshots/tests/reputation/admin_slash_reverts_on_empty_reason.1.json
• contracts/profile/test_snapshots/tests/reputation/admin_slash_reverts_when_paused.1.json
• contracts/profile/test_snapshots/tests/reputation/admin_slash_reverts_when_profile_not_found.1.json
• contracts/profile/test_snapshots/tests/reputation/admin_slash_saturates_at_zero.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_accepts_u32_max_delta_without_overflow.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_accumulates_across_calls.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_happy_path_increments_reputation.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_is_idempotent_on_replay.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_rejects_caller_without_events_contract_auth.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_reverts_when_events_contract_not_configured.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_reverts_when_paused.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_reverts_when_profile_not_found.1.json
• contracts/profile/test_snapshots/tests/reputation/bump_zero_delta_is_noop_but_marks_seen.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_happy_path_decrements_reputation.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_is_idempotent_on_replay.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_rejects_caller_without_events_contract_auth.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_reverts_when_events_contract_not_configured.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_reverts_when_paused.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_reverts_when_profile_not_found.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_saturates_at_zero.1.json
• contracts/profile/test_snapshots/tests/reputation/slash_zero_delta_is_noop.1.json

[coderabbitai]

🎯 Functional Correctness | 🟡 Minor

Assert specific auth-failure error variants, not just is_err().

The three auth-rejection tests (lines 181-191, 301-308, 409-419) only verify that a call fails; they do not verify it failed for the intended auth guard. This risks false positives: if any earlier guard (like require_not_paused() or a missing profile) returns an error, the test still passes.

Per the PR objectives and the pattern used throughout the rest of this test file, assert the specific Error variant returned when authorization fails (likely Error::Unauthorized or Error::NotAdmin depending on the guard).

Also applies to: 301-308, 409-419

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@contracts/profile/src/tests/reputation.rs` around lines 181 - 191, In the
function bump_rejects_caller_without_events_contract_auth, replace the generic
error check assertion res.is_err() with a specific assertion that verifies the
error is the expected authorization failure variant (likely Error::Unauthorized
or Error::NotAdmin depending on what guard should trigger the failure). Apply
the same fix to the other two authorization rejection tests that use similar
patterns, ensuring each test verifies the specific error variant returned rather
than just confirming that some error occurred, which prevents false positives
from unrelated failures masking the test intent.