taskbot/README.md

# Task WhatsApp Chatbot

## Future Steps: User Verification System

### Core Principles
1. **Trust-but-Verify Approach**: Leverage WhatsApp's message metadata to minimize API calls while maintaining security
2. **Progressive Validation**: Verify users naturally through interactions rather than upfront checks
3. **Background Reconciliation**: Use periodic syncs to maintain data accuracy without impacting real-time performance

### Message Processing Flow
```mermaid
graph TD
    A[Webhook Received] --> B{Valid Payload?}
    B -->|No| C[Ignore]
    B -->|Yes| D{From Known Group?}
    D -->|Yes| E[Update User Last Seen]
    D -->|No| F{Private Chat + Known User?}
    F -->|No| C
    F -->|Yes| E
    E --> G{/tarea Command?}
    G -->|No| C
    G -->|Yes| H{New User?}
    H -->|Yes| I[Add to DB]
    H -->|No| J[Process Command]
```

### Database Enhancements (DONE)
- **Users Table Additions**:
  - `first_seen`: Timestamp of first interaction
  - `last_seen`: Timestamp of most recent activity
  - `last_confirmed`: Timestamp of last API verification

### Periodic Sync Strategy
1. **Rotating Group Check**:
   - Verify 1-2 groups per sync cycle
   - Prioritize recently active groups
2. **User Reconciliation**:
   - Add newly discovered users
   - Update `last_confirmed` for active users
3. **Optimizations**:
   - Cache active group IDs in memory
   - Batch database writes
   - Exponential backoff for API failures

### Security Considerations
- Reject messages from:
  - Non-community groups
  - Unknown private chats
- Implement rate limiting
- Maintain audit logs of verification events