From 1788e87bd7d633ef4edfaaaa2d8a8b7d27a17b6e Mon Sep 17 00:00:00 2001
From: AuroraLantean <raymondlieu.crypto@runbox.com>
Date: Thu, 16 Apr 2026 00:04:18 +0300
Subject: [PATCH 1/2] trust score should not change after multiple
 verifications on the same-day

---
 tests/iam-anchor.ts | 86 +++++++++++++++++++++++++++++++++++++++++++--
 tests/utils.ts      |  3 +-
 2 files changed, 86 insertions(+), 3 deletions(-)

diff --git a/tests/iam-anchor.ts b/tests/iam-anchor.ts
index af8f378..ef60d7c 100644
--- a/tests/iam-anchor.ts
+++ b/tests/iam-anchor.ts
@@ -9,7 +9,16 @@ import {
 import { expect } from "chai";
 import type { IamAnchor } from "../target/types/iam_anchor";
 import type { IamRegistry } from "../target/types/iam_registry";
-import { deriveIdentityPda, deriveMintPda } from "./utils";
+import type { IamVerifier } from "../target/types/iam_verifier";
+import {
+  deriveChallengePda,
+  deriveIdentityPda,
+  deriveMintPda,
+  deriveVerificationPda,
+  generateNonce,
+  ll,
+  loadProofFixture,
+} from "./utils";
 
 describe("iam-anchor", () => {
   const provider = anchor.AnchorProvider.env();
@@ -17,9 +26,13 @@ describe("iam-anchor", () => {
 
   const program = anchor.workspace.iamAnchor as Program<IamAnchor>;
   const registry = anchor.workspace.iamRegistry as Program<IamRegistry>;
-
   const iamAnchorProgId = program.programId;
 
+  const iamVerifier = anchor.workspace.iamVerifier as Program<IamVerifier>;
+  const iamVerifierProgId = iamVerifier.programId;
+  let trustScore1vrf: number;
+  let trustScore2vrf: number;
+
   const [mintAuthorityPda] = anchor.web3.PublicKey.findProgramAddressSync(
     [Buffer.from("mint_authority")],
     iamAnchorProgId,
@@ -199,10 +212,12 @@ describe("iam-anchor", () => {
     expect(identity.verificationCount).to.equal(1);
     // Trust score is auto-computed: brand-new identity with 1 verification
     // recency_score = 3000/30 = 100, base = (100/100)*100 = 100, age ~0 days
+    ll("1 verif trustScore:", identity.trustScore);
     expect(identity.trustScore).to.be.greaterThanOrEqual(100);
     expect(Buffer.from(identity.currentCommitment)).to.deep.equal(
       newCommitment,
     );
+    trustScore1vrf = identity.trustScore;
   });
 
   it("rejects update from unauthorized wallet", async () => {
@@ -326,4 +341,71 @@ describe("iam-anchor", () => {
       expect(err).to.exist;
     }
   });
+
+  it("trust score should not change after multiple verifications on the same-day", async () => {
+    const user = provider.wallet;
+    const [identityPda] = deriveIdentityPda(user.publicKey, iamAnchorProgId);
+
+    let identity = await program.account.identityState.fetch(identityPda);
+    expect(identity.verificationCount).to.equal(2);
+    trustScore2vrf = identity.trustScore;
+    ll("2 verif trustScore:", trustScore2vrf);
+    expect(trustScore2vrf).to.equal(trustScore1vrf);
+
+    //-----------== iamVerifier
+    const nonce = generateNonce();
+    const [challengePda] = deriveChallengePda(
+      provider.wallet.publicKey,
+      nonce,
+      iamVerifierProgId,
+    );
+    const [verificationPda] = deriveVerificationPda(
+      provider.wallet.publicKey,
+      nonce,
+      iamVerifierProgId,
+    );
+
+    await iamVerifier.methods
+      .createChallenge(nonce)
+      .accountsStrict({
+        challenger: provider.wallet.publicKey,
+        challenge: challengePda,
+        systemProgram: anchor.web3.SystemProgram.programId,
+      })
+      .rpc();
+
+    const fixture = loadProofFixture();
+    const proofBytes = Buffer.from(fixture.proof_bytes);
+    const publicInputs: number[][] = fixture.public_inputs;
+
+    await iamVerifier.methods
+      .verifyProof(proofBytes, publicInputs, nonce)
+      .accountsStrict({
+        verifier: provider.wallet.publicKey,
+        challenge: challengePda,
+        verificationResult: verificationPda,
+        systemProgram: anchor.web3.SystemProgram.programId,
+      })
+      .rpc();
+
+    //-----------== iamAnchor: updates identity state with auto-computed trust score
+    const newCommitment = Buffer.alloc(32);
+    newCommitment.write("updated_commitment_v2!", "utf-8");
+
+    await program.methods
+      .updateAnchor(Array.from(newCommitment))
+      .accountsStrict({
+        authority: user.publicKey,
+        identityState: identityPda,
+        protocolConfig: protocolConfigPda,
+        treasury: treasuryPda,
+        systemProgram: anchor.web3.SystemProgram.programId,
+      })
+      .rpc();
+
+    identity = await program.account.identityState.fetch(identityPda);
+    expect(identity.verificationCount).to.equal(3);
+    ll("3 verif trustScore:", identity.trustScore);
+    expect(identity.trustScore).to.equal(trustScore2vrf);
+  });
 });
diff --git a/tests/utils.ts b/tests/utils.ts
index f1344e6..e7d19ea 100644
--- a/tests/utils.ts
+++ b/tests/utils.ts
@@ -1,9 +1,10 @@
-import { web3 } from "@coral-xyz/anchor";
 import * as fs from "node:fs";
 import * as path from "node:path";
+import { web3 } from "@coral-xyz/anchor";
 
 type PublicKey = web3.PublicKey;
 
+export const ll = console.log;
 //--------- iamAnchor
 export const deriveIdentityPda = (
   user: PublicKey,

From 86da71fe0187b403480c2fe3ad22daafd767cfc9 Mon Sep 17 00:00:00 2001
From: AuroraLantean <raymondlieu.crypto@runbox.com>
Date: Thu, 16 Apr 2026 09:37:57 +0300
Subject: [PATCH 2/2] use distinct commitment string in iamAnchor 3rd
 verification

---
 tests/iam-anchor.ts | 9 ++++-----
 tests/utils.ts      | 1 -
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/tests/iam-anchor.ts b/tests/iam-anchor.ts
index ef60d7c..12b37f3 100644
--- a/tests/iam-anchor.ts
+++ b/tests/iam-anchor.ts
@@ -16,7 +16,6 @@ import {
   deriveMintPda,
   deriveVerificationPda,
   generateNonce,
-  ll,
   loadProofFixture,
 } from "./utils";
 
@@ -212,7 +211,7 @@ describe("iam-anchor", () => {
     expect(identity.verificationCount).to.equal(1);
     // Trust score is auto-computed: brand-new identity with 1 verification
     // recency_score = 3000/30 = 100, base = (100/100)*100 = 100, age ~0 days
-    ll("1 verif trustScore:", identity.trustScore);
+    console.log("1 verif trustScore:", identity.trustScore);
     expect(identity.trustScore).to.be.greaterThanOrEqual(100);
     expect(Buffer.from(identity.currentCommitment)).to.deep.equal(
       newCommitment,
@@ -349,7 +348,7 @@ describe("iam-anchor", () => {
     let identity = await program.account.identityState.fetch(identityPda);
     expect(identity.verificationCount).to.equal(2);
     trustScore2vrf = identity.trustScore;
-    ll("2 verif trustScore:", trustScore2vrf);
+    console.log("2 verif trustScore:", trustScore2vrf);
     expect(trustScore2vrf).to.equal(trustScore1vrf);
 
     //-----------== iamVerifier
@@ -390,7 +389,7 @@ describe("iam-anchor", () => {
 
     //-----------== iamAnchor: updates identity state with auto-computed trust score
     const newCommitment = Buffer.alloc(32);
-    newCommitment.write("updated_commitment_v2!", "utf-8");
+    newCommitment.write("dedup_trust_score_test!!!", "utf-8");
 
     await program.methods
       .updateAnchor(Array.from(newCommitment))
@@ -405,7 +404,7 @@ describe("iam-anchor", () => {
 
     identity = await program.account.identityState.fetch(identityPda);
     expect(identity.verificationCount).to.equal(3);
-    ll("3 verif trustScore:", identity.trustScore);
+    console.log("3 verif trustScore:", identity.trustScore);
     expect(identity.trustScore).to.equal(trustScore2vrf);
   });
 });
diff --git a/tests/utils.ts b/tests/utils.ts
index e7d19ea..1e85de7 100644
--- a/tests/utils.ts
+++ b/tests/utils.ts
@@ -4,7 +4,6 @@ import { web3 } from "@coral-xyz/anchor";
 
 type PublicKey = web3.PublicKey;
 
-export const ll = console.log;
 //--------- iamAnchor
 export const deriveIdentityPda = (
   user: PublicKey,