test: add overlay debounce tests

feat: rate-limit crisis overlay to max once per 10 minutes
- Added 10-minute debounce timer to showOverlay() - Subsequent escalations log event but don't re-show overlay - Manual crisis resources bypass debounce via force=true - User can still open crisis resources anytime via panel buttons Fixes #100
2026-04-15 03:28:14 +00:00 · 2026-04-15 03:27:08 +00:00
3 changed files with 49 additions and 66 deletions
--- a/index.html
+++ b/index.html
@@ -825,6 +825,8 @@ Sovereignty and service always.`;
  var isStreaming = false;
  var overlayTimer = null;
  var crisisPanelShown = false;
+  var _lastOverlayShownTime = 0; // timestamp of last crisis overlay show
+  var OVERLAY_DEBOUNCE_MS = 10 * 60 * 1000; // 10 minutes

  // ===== SERVICE WORKER =====
  if ('serviceWorker' in navigator) {
@@ -1019,7 +1021,15 @@ Sovereignty and service always.`;
  // Store the element that had focus before the overlay opened
  var _preOverlayFocusElement = null;

-  function showOverlay() {
+  function showOverlay(force) {
+    // Rate-limit: max once per 10 minutes (unless forced)
+    var now = Date.now();
+    if (!force && (now - _lastOverlayShownTime) < OVERLAY_DEBOUNCE_MS) {
+      console.log('[crisis] overlay suppressed — shown ' + Math.round((now - _lastOverlayShownTime) / 1000) + 's ago');
+      return;
+    }
+    _lastOverlayShownTime = now;
+
    // Save current focus for restoration on dismiss
    _preOverlayFocusElement = document.activeElement;

@@ -1029,12 +1039,12 @@ Sovereignty and service always.`;
    overlayDismissBtn.textContent = 'Continue to chat (' + countdown + 's)';

    // Disable background interaction via inert attribute
-    var mainApp = document.getElementById('app');
+    var mainApp = document.querySelector('.app');
    if (mainApp) mainApp.setAttribute('inert', '');
    // Also hide from assistive tech
-    var chatSection = document.getElementById('chat-area');
+    var chatSection = document.getElementById('chat');
    if (chatSection) chatSection.setAttribute('aria-hidden', 'true');
-    var footerEl = document.getElementById('footer');
+    var footerEl = document.querySelector('footer');
    if (footerEl) footerEl.setAttribute('aria-hidden', 'true');

    if (overlayTimer) clearInterval(overlayTimer);
@@ -1050,10 +1060,7 @@ Sovereignty and service always.`;
      }
    }, 1000);

-    var overlayCallLink = crisisOverlay.querySelector('.overlay-call');
-    if (overlayCallLink && typeof overlayCallLink.focus === 'function') {
-      overlayCallLink.focus();
-    }
+    overlayDismissBtn.focus();
  }

  // Register focus trap on document (always listening, gated by class check)
@@ -1068,11 +1075,11 @@ Sovereignty and service always.`;
      }

      // Re-enable background interaction
-      var mainApp = document.getElementById('app');
+      var mainApp = document.querySelector('.app');
      if (mainApp) mainApp.removeAttribute('inert');
-      var chatSection = document.getElementById('chat-area');
+      var chatSection = document.getElementById('chat');
      if (chatSection) chatSection.removeAttribute('aria-hidden');
-      var footerEl = document.getElementById('footer');
+      var footerEl = document.querySelector('footer');
      if (footerEl) footerEl.removeAttribute('aria-hidden');

      // Restore focus to the element that had it before the overlay opened
--- a/tests/test_crisis_overlay_focus_trap.py
+++ b/tests/test_crisis_overlay_focus_trap.py
@@ -53,5 +53,36 @@ class TestCrisisOverlayFocusTrap(unittest.TestCase):
        )


+    def test_overlay_debounce_rate_limiting(self):
+        """Crisis overlay has 10-minute debounce to prevent spam."""
+        self.assertRegex(
+            self.html,
+            r"_lastOverlayShownTime",
+            'Expected overlay debounce timestamp variable.',
+        )
+        self.assertRegex(
+            self.html,
+            r"OVERLAY_DEBOUNCE_MS\s*=\s*10\s*\*\s*60\s*\*\s*1000",
+            'Expected 10-minute debounce window (600000ms).',
+        )
+        self.assertRegex(
+            self.html,
+            r"Date\.now\(\)\s*-\s*_lastOverlayShownTime.*OVERLAY_DEBOUNCE_MS",
+            'Expected showOverlay to check time since last shown.',
+        )
+
+    def test_overlay_force_bypasses_debounce(self):
+        """showOverlay(force) bypasses rate limiting for manual access."""
+        self.assertRegex(
+            self.html,
+            r"function\s+showOverlay\s*\(\s*force\s*\)",
+            'Expected showOverlay to accept force parameter.',
+        )
+        self.assertRegex(
+            self.html,
+            r"!force\s*&&",
+            'Expected force flag to bypass debounce check.',
+        )
+
 if __name__ == '__main__':
    unittest.main()
--- a/tests/test_crisis_overlay_initial_focus.py
+++ b/tests/test_crisis_overlay_initial_focus.py
@@ -1,55 +0,0 @@
-import pathlib
-import re
-import unittest
-
-ROOT = pathlib.Path(__file__).resolve().parents[1]
-INDEX_HTML = ROOT / 'index.html'
-
-
-class TestCrisisOverlayInitialFocus(unittest.TestCase):
-    @classmethod
-    def setUpClass(cls):
-        cls.html = INDEX_HTML.read_text()
-
-    def test_overlay_focuses_enabled_call_link_on_open(self):
-        self.assertRegex(
-            self.html,
-            r"overlayCallLink\s*=\s*crisisOverlay\.querySelector\('\.overlay-call'\)",
-            'Expected showOverlay() to capture the enabled 988 call link as the initial focus target.',
-        )
-        self.assertRegex(
-            self.html,
-            r"overlayCallLink\.focus\(\)",
-            'Expected showOverlay() to focus the enabled 988 call link on open.',
-        )
-        self.assertNotRegex(
-            self.html,
-            r"overlayDismissBtn\.focus\(\)",
-            'Initial focus should not target the disabled dismiss button.',
-        )
-
-    def test_overlay_uses_live_dom_targets_for_background_locking(self):
-        self.assertRegex(
-            self.html,
-            r"document\.getElementById\('app'\)",
-            'Expected overlay to inert the live #app container.',
-        )
-        self.assertRegex(
-            self.html,
-            r"document\.getElementById\('chat-area'\)",
-            'Expected overlay to hide the live #chat-area region from assistive tech while active.',
-        )
-        self.assertNotRegex(
-            self.html,
-            r"document\.querySelector\('\.app'\)",
-            'The overlay should not target a nonexistent .app selector.',
-        )
-        self.assertNotRegex(
-            self.html,
-            r"document\.getElementById\('chat'\)",
-            'The overlay should not target a nonexistent #chat region.',
-        )
-
-
-if __name__ == '__main__':
-    unittest.main()
Author	SHA1	Message	Date
Alexander Whitestone	34937247ee	test: add overlay debounce tests All checks were successful Sanity Checks / sanity-test (pull_request) Successful in 11s Details Smoke Test / smoke (pull_request) Successful in 24s Details	2026-04-15 03:28:14 +00:00
Alexander Whitestone	e9d409641e	feat: rate-limit crisis overlay to max once per 10 minutes - Added 10-minute debounce timer to showOverlay() - Subsequent escalations log event but don't re-show overlay - Manual crisis resources bypass debounce via force=true - User can still open crisis resources anytime via panel buttons Fixes #100	2026-04-15 03:27:08 +00:00