From 00736da505e66954b529fdd54a42ea7e10cc5f4d Mon Sep 17 00:00:00 2001
From: Jesse Rosenberger <git@jro.cc>
Date: Mon, 24 Nov 2025 16:23:56 +0200
Subject: [PATCH 1/3] [graphql] Change graphql.document requirement level to
 opt-in

Fixes #2985
---
 .../abernix_graphql-spec-requirements.yaml    | 26 +++++++++++++++++++
 docs/graphql/graphql-spans.md                 |  4 +--
 docs/registry/attributes/graphql.md           |  2 +-
 model/graphql/registry.yaml                   |  2 +-
 model/graphql/spans.yml                       |  2 +-
 5 files changed, 31 insertions(+), 5 deletions(-)
 create mode 100644 .chloggen/abernix_graphql-spec-requirements.yaml

diff --git a/.chloggen/abernix_graphql-spec-requirements.yaml b/.chloggen/abernix_graphql-spec-requirements.yaml
new file mode 100644
index 0000000000..35d7918bea
--- /dev/null
+++ b/.chloggen/abernix_graphql-spec-requirements.yaml
@@ -0,0 +1,26 @@
+# Use this changelog template to create an entry for release notes.
+#
+# If your change doesn't affect end users you should instead start
+# your pull request title with [chore] or use the "Skip Changelog" label.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the area of concern in the attributes-registry, (e.g. http, cloud, db)
+component: graphql
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: "Change `graphql.document` attribute requirement level from Recommended to Opt-In due to sensitive data, cardinality, and size concerns"
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+# The values here must be integers.
+issues: [2985]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  The `graphql.document` attribute contains user-inputted data that is often sensitive,
+  potentially unbounded in length, and high-cardinality. Moving from Recommended to Opt-In
+  ensures operators make an informed decision before enabling this attribute.
+  Also updated the note to use SHOULD for stronger normative language regarding sanitization.
diff --git a/docs/graphql/graphql-spans.md b/docs/graphql/graphql-spans.md
index 617d2a583d..068c156c5c 100644
--- a/docs/graphql/graphql-spans.md
+++ b/docs/graphql/graphql-spans.md
@@ -36,11 +36,11 @@ the span SHOULD be named `GraphQL Operation`.
 
 | Key | Stability | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Value Type | Description | Example Values |
 | --- | --- | --- | --- | --- | --- |
-| [`graphql.document`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Recommended` | string | The GraphQL document being executed. [1] | `query findBookById { bookById(id: ?) { name } }` |
 | [`graphql.operation.name`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Recommended` | string | The name of the operation being executed. | `findBookById` |
 | [`graphql.operation.type`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Recommended` | string | The type of the operation being executed. | `query`; `mutation`; `subscription` |
+| [`graphql.document`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Opt-In` | string | The GraphQL document being executed. [1] | `query findBookById { bookById(id: ?) { name } }` |
 
-**[1] `graphql.document`:** The value may be sanitized to exclude sensitive information.
+**[1] `graphql.document`:** The value SHOULD be sanitized to exclude sensitive information.
 
 ---
 
diff --git a/docs/registry/attributes/graphql.md b/docs/registry/attributes/graphql.md
index fb84bc6b0b..e55546dafa 100644
--- a/docs/registry/attributes/graphql.md
+++ b/docs/registry/attributes/graphql.md
@@ -15,7 +15,7 @@ This document defines attributes for GraphQL.
 | <a id="graphql-operation-name" href="#graphql-operation-name">`graphql.operation.name`</a> | ![Development](https://img.shields.io/badge/-development-blue) | string | The name of the operation being executed. | `findBookById` |
 | <a id="graphql-operation-type" href="#graphql-operation-type">`graphql.operation.type`</a> | ![Development](https://img.shields.io/badge/-development-blue) | string | The type of the operation being executed. | `query`; `mutation`; `subscription` |
 
-**[1] `graphql.document`:** The value may be sanitized to exclude sensitive information.
+**[1] `graphql.document`:** The value SHOULD be sanitized to exclude sensitive information.
 
 ---
 
diff --git a/model/graphql/registry.yaml b/model/graphql/registry.yaml
index c3c565fad1..e825a99f87 100644
--- a/model/graphql/registry.yaml
+++ b/model/graphql/registry.yaml
@@ -31,5 +31,5 @@ groups:
         brief: "The GraphQL document being executed."
         type: string
         stability: development
-        note: The value may be sanitized to exclude sensitive information.
+        note: The value SHOULD be sanitized to exclude sensitive information.
         examples: 'query findBookById { bookById(id: ?) { name } }'
diff --git a/model/graphql/spans.yml b/model/graphql/spans.yml
index d47b4d90ff..3846135898 100644
--- a/model/graphql/spans.yml
+++ b/model/graphql/spans.yml
@@ -24,4 +24,4 @@ groups:
       - ref: graphql.operation.type
         requirement_level: recommended
       - ref: graphql.document
-        requirement_level: recommended
+        requirement_level: opt_in

From b2e35a7c2814e598852d6da30bd88907f4786e76 Mon Sep 17 00:00:00 2001
From: Jesse Rosenberger <git@jro.cc>
Date: Wed, 10 Dec 2025 22:13:21 +0200
Subject: [PATCH 2/3] change_type is breaking, not enhancement

Co-authored-by: Joao Grassi <5938087+joaopgrassi@users.noreply.github.com>
---
 .chloggen/abernix_graphql-spec-requirements.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.chloggen/abernix_graphql-spec-requirements.yaml b/.chloggen/abernix_graphql-spec-requirements.yaml
index 35d7918bea..e16cbcb6bf 100644
--- a/.chloggen/abernix_graphql-spec-requirements.yaml
+++ b/.chloggen/abernix_graphql-spec-requirements.yaml
@@ -4,7 +4,7 @@
 # your pull request title with [chore] or use the "Skip Changelog" label.
 
 # One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
-change_type: enhancement
+change_type: breaking
 
 # The name of the area of concern in the attributes-registry, (e.g. http, cloud, db)
 component: graphql

From 6a33e77ad187c7078ce58ff92747096e6930104b Mon Sep 17 00:00:00 2001
From: Jesse Rosenberger <git@jro.cc>
Date: Mon, 9 Mar 2026 12:15:58 +0200
Subject: [PATCH 3/3] Fix normative language in graphql.document note

Directs the SHOULD at instrumentation authors rather than application
developers, per reviewer feedback -- the spec has no authority over
app developers.

Ref: https://github.com/open-telemetry/semantic-conventions/pull/3118#discussion_r2620956314
---
 docs/graphql/graphql-spans.md       | 2 +-
 docs/registry/attributes/graphql.md | 2 +-
 model/graphql/registry.yaml         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/graphql/graphql-spans.md b/docs/graphql/graphql-spans.md
index 068c156c5c..6b428307ae 100644
--- a/docs/graphql/graphql-spans.md
+++ b/docs/graphql/graphql-spans.md
@@ -40,7 +40,7 @@ the span SHOULD be named `GraphQL Operation`.
 | [`graphql.operation.type`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Recommended` | string | The type of the operation being executed. | `query`; `mutation`; `subscription` |
 | [`graphql.document`](/docs/registry/attributes/graphql.md) | ![Development](https://img.shields.io/badge/-development-blue) | `Opt-In` | string | The GraphQL document being executed. [1] | `query findBookById { bookById(id: ?) { name } }` |
 
-**[1] `graphql.document`:** The value SHOULD be sanitized to exclude sensitive information.
+**[1] `graphql.document`:** If instrumentation can reliably identify and redact sensitive information it SHOULD do it.
 
 ---
 
diff --git a/docs/registry/attributes/graphql.md b/docs/registry/attributes/graphql.md
index e55546dafa..d5b010ba21 100644
--- a/docs/registry/attributes/graphql.md
+++ b/docs/registry/attributes/graphql.md
@@ -15,7 +15,7 @@ This document defines attributes for GraphQL.
 | <a id="graphql-operation-name" href="#graphql-operation-name">`graphql.operation.name`</a> | ![Development](https://img.shields.io/badge/-development-blue) | string | The name of the operation being executed. | `findBookById` |
 | <a id="graphql-operation-type" href="#graphql-operation-type">`graphql.operation.type`</a> | ![Development](https://img.shields.io/badge/-development-blue) | string | The type of the operation being executed. | `query`; `mutation`; `subscription` |
 
-**[1] `graphql.document`:** The value SHOULD be sanitized to exclude sensitive information.
+**[1] `graphql.document`:** If instrumentation can reliably identify and redact sensitive information it SHOULD do it.
 
 ---
 
diff --git a/model/graphql/registry.yaml b/model/graphql/registry.yaml
index e825a99f87..c1b6136a3c 100644
--- a/model/graphql/registry.yaml
+++ b/model/graphql/registry.yaml
@@ -31,5 +31,5 @@ groups:
         brief: "The GraphQL document being executed."
         type: string
         stability: development
-        note: The value SHOULD be sanitized to exclude sensitive information.
+        note: If instrumentation can reliably identify and redact sensitive information it SHOULD do it.
         examples: 'query findBookById { bookById(id: ?) { name } }'