docs: Add future steps for user verification system design

3 months ago · 3b8f8552f8
parent da659f2130
commit 3b8f8552f8
1 changed files with 63 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,64 @@
 # Task WhatsApp Chatbot
+
+## Future Steps: User Verification System
+
+### Core Principles
+1. **Trust-but-Verify Approach**: Leverage WhatsApp's message metadata to minimize API calls while maintaining security
+2. **Progressive Validation**: Verify users naturally through interactions rather than upfront checks
+3. **Background Reconciliation**: Use periodic syncs to maintain data accuracy without impacting real-time performance
+
+### Message Processing Flow
+```mermaid
+graph TD
+    A[Webhook Received] --> B{Valid Payload?}
+    B -->|No| C[Ignore]
+    B -->|Yes| D{From Known Group?}
+    D -->|Yes| E[Update User Last Seen]
+    D -->|No| F{Private Chat + Known User?}
+    F -->|No| C
+    F -->|Yes| E
+    E --> G{/tarea Command?}
+    G -->|No| C
+    G -->|Yes| H{New User?}
+    H -->|Yes| I[Add to DB]
+    H -->|No| J[Process Command]
+```
+
+### Database Enhancements
+- **Users Table Additions**:
+  - `first_seen`: Timestamp of first interaction
+  - `last_seen`: Timestamp of most recent activity
+  - `last_confirmed`: Timestamp of last API verification
+  - `active_groups`: JSON array of groups user was seen in
+  - `verification_status`: Enum (unverified/verified/flagged)
+
+### Periodic Sync Strategy
+1. **Rotating Group Check**:
+   - Verify 1-2 groups per sync cycle
+   - Prioritize recently active groups
+2. **User Reconciliation**:
+   - Add newly discovered users
+   - Update `last_confirmed` for active users
+   - Flag inactive users after N days of no activity
+3. **Optimizations**:
+   - Cache active group IDs in memory
+   - Batch database writes
+   - Exponential backoff for API failures
+
+### Security Considerations
+- Reject messages from:
+  - Non-community groups
+  - Unknown private chats
+- Implement rate limiting
+- Maintain audit logs of verification events
+
+### Future Extensibility
+1. **User Profiles**:
+   - Store names/profile pictures when available
+   - Track interaction history
+2. **Reputation System**:
+   - Activity scoring
+   - Trust levels
+3. **Notification Preferences**:
+   - Per-user settings
+   - Do-not-disturb periods