test: add overlay debounce tests

feat: rate-limit crisis overlay to max once per 10 minutes
- Added 10-minute debounce timer to showOverlay() - Subsequent escalations log event but don't re-show overlay - Manual crisis resources bypass debounce via force=true - User can still open crisis resources anytime via panel buttons Fixes #100
2026-04-15 03:28:14 +00:00 · 2026-04-15 03:27:08 +00:00
2 changed files with 28 additions and 77 deletions
--- a/index.html
+++ b/index.html
@@ -825,6 +825,8 @@ Sovereignty and service always.`;
  var isStreaming = false;
  var overlayTimer = null;
  var crisisPanelShown = false;
+  var _lastOverlayShownTime = 0; // timestamp of last crisis overlay show
+  var OVERLAY_DEBOUNCE_MS = 10 * 60 * 1000; // 10 minutes

  // ===== SERVICE WORKER =====
  if ('serviceWorker' in navigator) {
@@ -1019,7 +1021,15 @@ Sovereignty and service always.`;
  // Store the element that had focus before the overlay opened
  var _preOverlayFocusElement = null;

-  function showOverlay() {
+  function showOverlay(force) {
+    // Rate-limit: max once per 10 minutes (unless forced)
+    var now = Date.now();
+    if (!force && (now - _lastOverlayShownTime) < OVERLAY_DEBOUNCE_MS) {
+      console.log('[crisis] overlay suppressed — shown ' + Math.round((now - _lastOverlayShownTime) / 1000) + 's ago');
+      return;
+    }
+    _lastOverlayShownTime = now;
+
    // Save current focus for restoration on dismiss
    _preOverlayFocusElement = document.activeElement;

@@ -1050,43 +1060,11 @@ Sovereignty and service always.`;
      }
    }, 1000);

-    // Focus the Call 988 link — always enabled, most important action
-    var callLink = crisisOverlay.querySelector('.overlay-call');
-    if (callLink) {
-      callLink.focus();
-    }
+    overlayDismissBtn.focus();
  }

-  // Crisis overlay Escape key handler
-  function trapCrisisOverlayEscape(e) {
-    if (e.key !== 'Escape') return;
-    if (!crisisOverlay.classList.contains('active')) return;
-    if (overlayDismissBtn.disabled) return; // Don't escape during countdown
-    // Dismiss the overlay
-    crisisOverlay.classList.remove('active');
-    if (overlayTimer) {
-      clearInterval(overlayTimer);
-      overlayTimer = null;
-    }
-    // Re-enable background interaction
-    var mainApp = document.querySelector('.app');
-    if (mainApp) mainApp.removeAttribute('inert');
-    var chatSection = document.getElementById('chat');
-    if (chatSection) chatSection.removeAttribute('aria-hidden');
-    var footerEl = document.querySelector('footer');
-    if (footerEl) footerEl.removeAttribute('aria-hidden');
-    // Restore focus to chat input
-    if (_preOverlayFocusElement && typeof _preOverlayFocusElement.focus === 'function') {
-      _preOverlayFocusElement.focus();
-    } else {
-      msgInput.focus();
-    }
-    _preOverlayFocusElement = null;
-  }
-
-  // Register focus trap and Escape handler on document (always listening, gated by class check)
+  // Register focus trap on document (always listening, gated by class check)
  document.addEventListener('keydown', trapFocusInOverlay);
-  document.addEventListener('keydown', trapCrisisOverlayEscape);

  overlayDismissBtn.addEventListener('click', function() {
    if (!overlayDismissBtn.disabled) {
--- a/tests/test_crisis_overlay_focus_trap.py
+++ b/tests/test_crisis_overlay_focus_trap.py
@@ -52,64 +52,37 @@ class TestCrisisOverlayFocusTrap(unittest.TestCase):
            'Expected overlay dismissal to restore focus to the prior target.',
        )

-    def test_overlay_registers_escape_key_handler(self):
+
+    def test_overlay_debounce_rate_limiting(self):
+        """Crisis overlay has 10-minute debounce to prevent spam."""
        self.assertRegex(
            self.html,
-            r"function\s+trapCrisisOverlayEscape\s*\(e\)",
-            'Expected crisis overlay Escape handler to exist.',
+            r"_lastOverlayShownTime",
+            'Expected overlay debounce timestamp variable.',
        )
        self.assertRegex(
            self.html,
-            r"if\s*\(e\.key\s*!==\s*'Escape'\)\s*return;",
-            'Expected Escape handler to guard on Escape key events.',
+            r"OVERLAY_DEBOUNCE_MS\s*=\s*10\s*\*\s*60\s*\*\s*1000",
+            'Expected 10-minute debounce window (600000ms).',
        )
        self.assertRegex(
            self.html,
-            r"document\.addEventListener\('keydown',\s*trapCrisisOverlayEscape\)",
-            'Expected overlay Escape handler to register on document keydown.',
+            r"Date\.now\(\)\s*-\s*_lastOverlayShownTime.*OVERLAY_DEBOUNCE_MS",
+            'Expected showOverlay to check time since last shown.',
        )

-    def test_overlay_escape_returns_focus_to_chat_input(self):
-        self.assertIn(
-            'msgInput.focus()',
-            self.html,
-            'Expected Escape to fall back to msgInput.focus() when no pre-overlay element.',
-        )
-
-    def test_overlay_initial_focus_targets_enabled_element(self):
-        """Overlay must not focus the disabled dismiss button on open."""
+    def test_overlay_force_bypasses_debounce(self):
+        """showOverlay(force) bypasses rate limiting for manual access."""
        self.assertRegex(
            self.html,
-            r'overlayDismissBtn\.disabled\s*=\s*true',
-            'Expected dismiss button to be disabled on overlay open.',
-        )
-        # In showOverlay body, overlayDismissBtn.focus() must not appear
-        show_overlay_match = re.search(
-            r'function showOverlay\(\)(.*?)(?=\nfunction |\n\s+// Register)',
-            self.html,
-            re.DOTALL,
-        )
-        self.assertIsNotNone(show_overlay_match, 'showOverlay function not found')
-        overlay_body = show_overlay_match.group(1)
-        self.assertNotIn(
-            'overlayDismissBtn.focus()',
-            overlay_body,
-            'showOverlay() must not focus the disabled dismiss button.',
-        )
-
-    def test_overlay_focuses_call_link(self):
-        """Overlay should focus the .overlay-call link on open."""
-        self.assertIn(
-            '.overlay-call',
-            self.html,
-            'Expected .overlay-call element to exist in the overlay.',
+            r"function\s+showOverlay\s*\(\s*force\s*\)",
+            'Expected showOverlay to accept force parameter.',
        )
        self.assertRegex(
            self.html,
-            r"querySelector\('\.overlay-call'\)",
-            'Expected showOverlay to query for .overlay-call element.',
+            r"!force\s*&&",
+            'Expected force flag to bypass debounce check.',
        )

-
 if __name__ == '__main__':
    unittest.main()
Author	SHA1	Message	Date
Alexander Whitestone	34937247ee	test: add overlay debounce tests All checks were successful Sanity Checks / sanity-test (pull_request) Successful in 11s Details Smoke Test / smoke (pull_request) Successful in 24s Details	2026-04-15 03:28:14 +00:00
Alexander Whitestone	e9d409641e	feat: rate-limit crisis overlay to max once per 10 minutes - Added 10-minute debounce timer to showOverlay() - Subsequent escalations log event but don't re-show overlay - Manual crisis resources bypass debounce via force=true - User can still open crisis resources anytime via panel buttons Fixes #100	2026-04-15 03:27:08 +00:00