We are looking to adapt the rejection strategy based on who's calling our API. If it's a trusted account, we'll just log the complexity warning and move on. If it's not, we'll reject the request.

Proposed Solution
A possible way to handle that would be to have the original GraphQLRequestContext object available in the handler call. Pass the GraphQLRequestContext object via the first argument, context, so that it can be accessed as context.graphqlRequest. This would allow handlers to make informed decisions based on request metadata.

Example Usage

onReject: (context, error) => {
  const originalReq = context.graphqlRequest.contextValue;
  if (isTrustedAccount(originalReq.remoteUser)) {
    logWarning(requestContext);
  } else {
    throw new Error("Request rejected due to complexity constraints");
  }
}

Would love to hear your thoughts on this. I'm also open to contributing if we can reach a consensus on the specs.