Critical DoS: blocking requests.post in async CYSTCoordinator path

[eldraco]

🐛 Bug Report

Past Issues Searched

• I have searched open and closed issues to make sure that the bug has not yet been reported

Issue is a Bug Report

• This is a bug report and not a feature request, nor asking for support

Describe the bug

AIDojoCoordinator/worlds/CYSTCoordinator.py contains a critical remote DoS flaw: blocking HTTP is used inside async action handling, with no timeout.

_cyst_request() is async, but it performs synchronous requests.post(...) and waits indefinitely if CYST is slow/unreachable. Because this runs on the coordinator's asyncio path, one attacker-triggered action can freeze the event loop and halt the whole game service.

In a high-end adversary model (state-sponsored disruption), this is an ideal single-request service kill switch: repeatedly trigger an action path that calls CYST while degrading/blackholing the backend, and all agents stop progressing.

Evidence (code)

• AIDojoCoordinator/worlds/CYSTCoordinator.py:93 — async function _cyst_request
• AIDojoCoordinator/worlds/CYSTCoordinator.py:99 — blocking requests.post(url, json=data)
• AIDojoCoordinator/worlds/CYSTCoordinator.py:99 — no timeout= argument
• AIDojoCoordinator/worlds/CYSTCoordinator.py:118 and :144 — called directly from action execution path

Reproduction

1. Run coordinator with CYST endpoint degraded, filtered, or blackholed.
2. Connect as remote agent and submit ScanNetwork or FindServices.
3. Coordinator enters _cyst_request() and blocks in requests.post.
4. Event loop stalls; all sessions become unresponsive (global DoS).

Impact

• Critical availability loss across all players/sessions.
• Remote trigger through normal agent action flow.
• Reliable kill-switch for coordinated offensive operations.

Expected behavior

Coordinator should remain responsive under CYST slowness/failure:

• Non-blocking async HTTP client,
• strict per-request timeout,
• isolated failure for requesting agent only,
• graceful error response instead of global stall.

Screenshots

Not applicable.

Environment

• OS: Linux/macOS
• Browser: N/A (TCP + backend service)
• Browser Version: N/A

Suggested fix

• Replace requests with aiohttp/httpx.AsyncClient.
• Enforce low connect/read timeouts and retries with circuit-breaker/backoff.
• Wrap backend calls with cancellation-safe exception handling.
• Optionally execute legacy sync calls in thread executor to avoid event-loop blocking.

[verovaleros]

Additional context from a separate CYSTCoordinator bug report: this blocking call (requests.post in async _cyst_request) sits in the same action path as ScanNetwork and FindServices, and a multi-agent game will stall globally while one request is in flight. Related CYSTCoordinator contract/role defects are tracked in #484.