Add expensive op extension

[MitchTurner]

Linked Issues/PRs

Description

This is a protection against DoS by spamming expensive requests that can block the threadpool. We will be migrating to a better, paginated request pattern, but that will be a breaking change.

The plan for now is add this change as a stop-gap, depricate this endpoint and move users to the new pattern.

Checklist

• New behavior is reflected in tests

Before requesting review

• I have reviewed the code myself
• I have created follow-up issues caused by this PR and linked them here

[cursor]

PR Summary

Medium Risk
Adds a new GraphQL execution guard that can reject or time out block/blocks requests, which may change client-visible behavior under load and introduces new tunable limits that could be misconfigured.

Overview
Adds an "expensive op" GraphQL extension that identifies queries whose root fields include block/blocks and applies a semaphore-based concurrency cap plus a per-request timeout, returning GraphQL errors when the limit is exceeded or execution times out.

Wires the guard into the GraphQL schema builder and exposes new CLI/config knobs (--concurrent-full-block-requests, --full-block-request-timeout) with defaults, updating the service config accordingly.

Expands integration tests to issue full-block GraphQL queries (via cynic) and assert the new timeout and rate-limit failure modes.

^{Written by Cursor Bugbot for commit bd06491. This will update automatically on new commits. Configure here.}

[Dentosal]

Might be nice if this was optional for local envs, but just setting a high limit should be fine

[MitchTurner]

I looked into this, it makes the code a bit more complicated. Still worth considering, but not prioritizing now.

[Dentosal]

nit: why not if?

[Dentosal]

we could probably just use the Debug impl of Duration here, it gives nice units by default

[fuel-cla-bot]

Thanks for the contribution! Unfortunately we can't verify the commit author(s): Codex <c***@.local>. One possible solution is to add that email to your GitHub account. Alternatively you can change your commits to another email and force push the change. After getting your commits associated with your GitHub account, sign the Fuel Labs Contributor License Agreement and this Pull Request will be revalidated.

[cursor]

Warn-level logging on every expensive request execution

Medium Severity

tracing::warn! is used unconditionally for every expensive operation execution, including successful ones. In production with many legitimate block/blocks queries, this generates a warning-level log entry per request. Warning level is for conditions that may need attention — routine successful completions belong at debug! or info! level. This will create significant log noise and may mask real warnings.

 

[cursor]

Guard counts fields across all operations, not executed one

Medium Severity

expensive_root_field_count iterates over all operations in the document (doc.operations.iter()) and sums their expensive fields. In GraphQL, a document can contain multiple named operations but only one is executed per request. This over-counts permits needed, potentially rejecting legitimate requests that execute a cheap operation but whose document happens to also define expensive ones.

 

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 3 total unresolved issues (including 2 from previous reviews).

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

[cursor]

Log message appends spurious "ns" after Duration debug format

Low Severity

The format string "finished executing in {:?}ns, success: {:?}" appends a literal ns after the Debug representation of a Duration, which already includes its own unit. This produces garbled output like "finished executing in 7msns" or "finished executing in 1.234sns". The ns suffix needs to be removed, or starting_time.elapsed().as_nanos() used instead.