Add persisted query and cost‑limit GraphQL plugins #126
Conversation
Co-authored-by: aider (openrouter/openai/gpt-oss-120b:free) <aider@aider.chat>
|
@Emelie-Dev Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Miracle656
left a comment
Miracle656
left a comment
There was a problem hiding this comment.
The plugins themselves look well-structured — a file-backed persisted-query store (getPersistedQuery + persistedQueryPlugin) and an AST-based costLimitPlugin with configurable limits — which is the right shape for #115. The blocker is that they have nothing to run against yet:
-
There's no GraphQL server on
main.src/graphql/doesn't exist there — the server is in #124, which is still open (changes requested). SopersistedQueryPlugin/costLimitPluginaren't wired into anything and can't actually gate queries. -
This won't compile standalone.
costLimit.tsimports fromgraphql, butgraphqlisn't a dependency inpackage.jsononmain(it's added by #124), and this PR doesn't add it — so typecheck/build will fail.
This is effectively stacked on #124. The cleanest path: get #124 merged first (it brings the graphql/Apollo deps + the server), then rebase this on top and wire the two plugins into that server (register them on the Apollo instance) so the persisted-query allowlist and cost/depth limits actually take effect. Add a test or two showing an over-cost query is rejected and a non-allowlisted query is blocked in prod mode.
Re-ping me once #124 lands and this is rebased + wired in. Thanks — the plugin code is a good start!
Miracle656
left a comment
Miracle656
left a comment
There was a problem hiding this comment.
Re-reviewed — you've fully addressed the earlier feedback. This now stands on its own:
- Added the deps (
@apollo/server,graphql,@as-integrations/express4) so it compiles. - Built a real GraphQL server (
src/graphql/server.ts) with a schema + resolvers wired to the actual data layer (queryAllTransfers/querySummary), mounted atapp.use("/graphql", createGraphQLMiddleware()). - The guard plugins are wired into the Apollo instance (
plugins: [persistedQueryPlugin, costLimitPlugin(...)]). - The tests are now meaningful — they verify an over-cost query is rejected, a non-allowlisted query is blocked in production, and an allowlisted persisted query runs. That's exactly #115's intent.
Merging. Closes #115.
Heads-up for coordination: this makes src/graphql/server.ts the canonical GraphQL server for wraith. #124 (GraphQL subscriptions) currently adds its own parallel server (src/api/graphql.ts) — I'll note there that it should rebase to add the subscription support onto this server rather than standing up a second one. Thanks for the thorough turnaround! 🎯
…cription tests - Move src/api/graphql.ts to src/graphql/server.ts for canonical placement - Replace broken test file with real subscription tests covering: * Subscription streaming (real-time event delivery) * Per-client filtering (contracts, senders, recipients) * Backpressure handling (queue management for slow consumers) * Amount formatting in subscription events - Fix src/api.ts imports: move queryHostFnLogs from db (minimal changes only) - Keep db.ts and api.ts changes minimal (no formatting churn) - All 10 transfer subscription tests passing - Ready for integration with canonical GraphQL server (pending Miracle656#126 merge)
2 participants
closes #115