Security Blocklist + Rate Limiting Features

[explomind1]

What is the goal of this PR?

• Introduce a unified security layer across all three modes (Listener, Follow-Up, and Survey) to prevent spam, manage per-user interaction limits dynamically, and allow blocking malicious numbers — all configurable from Firestore without redeploying. This ensures safer, more stable large-scale deployments and easier moderation during high-traffic events.

Key Changes

• Dynamic Interaction Limits: Replaced hardcoded 450 with Firestore-based config (system_config/interaction_limits + event-level override). Cached for efficiency.
• Blocked Number Enforcement: Added is_blocked_number() check at entry point for all modes to instantly ignore malicious or banned users.
• Limit Exceed Tracking: Added automatic logging of users hitting the limit into a central users_exceeding_limit collection for quick moderation visibility

Testing

• Verified locally for all three modes with both valid and blocked numbers/ confirmed dynamic limit updates via Firestore without redeploying/ caching behavior/ confirmed event-specific overrides and fallback defaults behave as expected.

[Copilot]

Pull Request Overview

This PR implements a blacklist and configurable interaction limit system for the WhatsApp bot. The changes allow administrators to block phone numbers and set per-event interaction limits to prevent abuse.

Key changes:

• New blacklist_helpers.py module with caching logic for blocked numbers and interaction limits
• Integration of blacklist checks at the beginning of all conversation handlers
• Replacement of hardcoded 450 interaction limit with dynamic, event-specific limits
• Initialization scripts for setting up blacklist configuration and default interaction limits

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 9 comments.

Show a summary per file

File	Description
whatsapp_bot/app/utils/blacklist_helpers.py	New helper module implementing cached blacklist checking and configurable interaction limit retrieval
whatsapp_bot/app/handlers/SurveyMode.py	Added blacklist check and dynamic interaction limit enforcement
whatsapp_bot/app/handlers/ListenerMode.py	Added blacklist check and dynamic interaction limit enforcement with duplicate import
whatsapp_bot/app/handlers/FollowupMode.py	Added blacklist check and dynamic interaction limit enforcement
tools/initialize_survey_event.py	Added default interaction_limit field to event initialization
tools/initialize_listener_event.py	Minor formatting change
tools/blockednumbers.py	New tool for initializing blacklist configuration in Firestore
tools/2ndRoundDeliberation/initialize_listener_event.py	Added default interaction_limit field to event initialization
tools/2ndRoundDeliberation/initialize_followup_event.py	Added default interaction_limit field to event initialization

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[justinstimatze]

Would be nice to have a little test coverage on the blocklist logic if possible. I think this is ok but I'd like to have @juggler434 look before I approve.

[justinstimatze]

Feels like this snippet should probably be a utility function since it's repeated a few times.

[juggler434]

Overall, the logic looks sound. I would really like to see some unit test coverage in the repo though.

[explomind1]

Overall, the logic looks sound. I would really like to see some unit test coverage in the repo though.

added a small unit test - they just validate the local caching and fallback logic using monkeypatches: but I feel more comfortable to always do real deployment checks (since its always less than 1-2 mins to deploy).