graphjin
GraphJin is a Go-based GraphQL compiler that automatically exposes database content via a GraphQL API, with recent focus on AI agent integration through MCP (Model Context Protocol). It supports multiple database backends and is positioned as a governed data access layer for AI systems.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | dosco/graphjin |
| Owner | dosco |
| Primary language | Go |
| License | Apache-2.0 — OSI-approved |
| Stars | 3.1k |
| Forks | 186 |
| Open issues | 22 |
| Latest release | v3.18.41 (2026-06-17) |
| Last updated | 2026-07-08 |
| Source | https://github.com/dosco/graphjin |
What graphjin is
GraphJin compiles GraphQL queries to native database queries across PostgreSQL, MySQL, MongoDB, SQLite, Oracle, MSSQL, and cloud warehouses. Recent versions emphasize agent safety through query validation, allow-lists, role-based access control, and MCP protocol support for Claude/Codex integration. Written in Go with a CLI, REST API, and subscription server.
Get the graphjin source
Clone the repository and explore it locally.
git clone https://github.com/dosco/graphjin.gitcd graphjin# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- GraphQL schema inference is automatic but may require tuning for complex legacy databases; review generated schema before exposing to clients.
- AI agent safety depends on correct configuration of allow-lists, role policies, and MCP tool definitions; misconfiguration could allow unintended data access.
- Multi-database federation adds latency and complexity; test query plans and cross-source joins thoroughly before production use.
- Requires Go or Node.js runtime; Docker deployment is supported but adds container orchestration overhead.
- Database schema changes require GraphJin recompilation/restart; consider impact on zero-downtime deployments.
When to avoid it — and what to weigh
- You need mature SOAP/XML API layers — GraphJin is GraphQL-first; SOAP or legacy protocol support is not mentioned and likely not a design priority.
- Your data is already served by a complex custom ORM or framework — Integrating GraphJin may conflict with existing data access patterns or require significant refactoring; best for greenfield or legacy-modernization scenarios.
- You require HIPAA, PCI-DSS, or SOC2 formal certification — No certification status is documented. Security posture must be independently verified before use in regulated industries.
- Real-time latency <100ms is critical for all queries — GraphJin performance characteristics for high-frequency trading, ad-serving, or sub-100ms SLA work are not specified in the available data.
License & commercial use
Apache License 2.0 (Apache-2.0). Permissive OSI license permitting commercial use, modification, and distribution with appropriate attribution and liability disclaimers.
Apache-2.0 explicitly permits commercial use without royalty. No license restrictions prevent building proprietary services on GraphJin. Verify any linked third-party dependencies (npm packages, Go modules) for compatible licenses if bundling.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Good |
| Assessment confidence | Medium |
GraphJin implements access controls via roles, read-only boundaries, allow-lists, and encrypted secret storage. MCP policy-aware tool design reduces agent hallucination. However: (1) no formal security audit data provided; (2) schema inference may unintentionally expose sensitive columns if not reviewed; (3) role-based access control effectiveness depends on correct configuration; (4) no mention of SQL injection hardening, parameterized queries, or query normalization in available data—these must be verified in code review; (5) durable state stores (artifacts, watches, events) require secure storage and access control; (6) OAuth setup is standard but requires secure IdP configuration. Recommend threat modeling and security review before using in sensitive environments.
Alternatives to consider
PostGraphile / Apollo Server
Mature GraphQL-to-database tools with strong TypeScript ecosystems and plugin architecture. Better documentation and larger community. Steeper learning curve for multi-database federation.
Hasura
Hosted and self-hosted GraphQL engine with role-based access control, real-time subscriptions, and AI integration via GraphQL API. Paid SaaS option with more formal support; smaller self-hosted community than GraphJin.
Supabase / Firebase
Managed backend-as-a-service with built-in auth, real-time, and AI agent support (via REST/GraphQL). Trade-off: less control over schema and deployment; vendor lock-in vs. GraphJin's open deployments.
Build on graphjin with DEV.co software developers
Download GraphJin, connect your database, and grant Claude or Codex governed access via MCP. Try the coffee-roastery demo or start with your own Postgres in minutes.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
graphjin FAQ
Can I use GraphJin with my existing PostgreSQL or MongoDB?
How do I let an AI agent (Claude, Codex) safely query my data via GraphJin?
Is GraphJin secure for production?
What is the performance overhead compared to direct database queries?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like graphjin into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source databases stack.
Expose Your Data Safely to AI
Download GraphJin, connect your database, and grant Claude or Codex governed access via MCP. Try the coffee-roastery demo or start with your own Postgres in minutes.