test: add overlay debounce tests

feat: rate-limit crisis overlay to max once per 10 minutes
- Added 10-minute debounce timer to showOverlay() - Subsequent escalations log event but don't re-show overlay - Manual crisis resources bypass debounce via force=true - User can still open crisis resources anytime via panel buttons Fixes #100
2026-04-15 03:28:14 +00:00 · 2026-04-15 03:27:08 +00:00
2 changed files with 42 additions and 1 deletions
--- a/index.html
+++ b/index.html
@@ -825,6 +825,8 @@ Sovereignty and service always.`;
  var isStreaming = false;
  var overlayTimer = null;
  var crisisPanelShown = false;
+  var _lastOverlayShownTime = 0; // timestamp of last crisis overlay show
+  var OVERLAY_DEBOUNCE_MS = 10 * 60 * 1000; // 10 minutes

  // ===== SERVICE WORKER =====
  if ('serviceWorker' in navigator) {
@@ -1019,7 +1021,15 @@ Sovereignty and service always.`;
  // Store the element that had focus before the overlay opened
  var _preOverlayFocusElement = null;

-  function showOverlay() {
+  function showOverlay(force) {
+    // Rate-limit: max once per 10 minutes (unless forced)
+    var now = Date.now();
+    if (!force && (now - _lastOverlayShownTime) < OVERLAY_DEBOUNCE_MS) {
+      console.log('[crisis] overlay suppressed — shown ' + Math.round((now - _lastOverlayShownTime) / 1000) + 's ago');
+      return;
+    }
+    _lastOverlayShownTime = now;
+
    // Save current focus for restoration on dismiss
    _preOverlayFocusElement = document.activeElement;

--- a/tests/test_crisis_overlay_focus_trap.py
+++ b/tests/test_crisis_overlay_focus_trap.py
@@ -53,5 +53,36 @@ class TestCrisisOverlayFocusTrap(unittest.TestCase):
        )


+    def test_overlay_debounce_rate_limiting(self):
+        """Crisis overlay has 10-minute debounce to prevent spam."""
+        self.assertRegex(
+            self.html,
+            r"_lastOverlayShownTime",
+            'Expected overlay debounce timestamp variable.',
+        )
+        self.assertRegex(
+            self.html,
+            r"OVERLAY_DEBOUNCE_MS\s*=\s*10\s*\*\s*60\s*\*\s*1000",
+            'Expected 10-minute debounce window (600000ms).',
+        )
+        self.assertRegex(
+            self.html,
+            r"Date\.now\(\)\s*-\s*_lastOverlayShownTime.*OVERLAY_DEBOUNCE_MS",
+            'Expected showOverlay to check time since last shown.',
+        )
+
+    def test_overlay_force_bypasses_debounce(self):
+        """showOverlay(force) bypasses rate limiting for manual access."""
+        self.assertRegex(
+            self.html,
+            r"function\s+showOverlay\s*\(\s*force\s*\)",
+            'Expected showOverlay to accept force parameter.',
+        )
+        self.assertRegex(
+            self.html,
+            r"!force\s*&&",
+            'Expected force flag to bypass debounce check.',
+        )
+
 if __name__ == '__main__':
    unittest.main()
Author	SHA1	Message	Date
Alexander Whitestone	34937247ee	test: add overlay debounce tests All checks were successful Sanity Checks / sanity-test (pull_request) Successful in 11s Details Smoke Test / smoke (pull_request) Successful in 24s Details	2026-04-15 03:28:14 +00:00
Alexander Whitestone	e9d409641e	feat: rate-limit crisis overlay to max once per 10 minutes - Added 10-minute debounce timer to showOverlay() - Subsequent escalations log event but don't re-show overlay - Manual crisis resources bypass debounce via force=true - User can still open crisis resources anytime via panel buttons Fixes #100	2026-04-15 03:27:08 +00:00