DEV.co
Open-Source Databases · dosco

graphjin

GraphJin is a Go-based GraphQL compiler that automatically exposes database content via a GraphQL API, with recent focus on AI agent integration through MCP (Model Context Protocol). It supports multiple database backends and is positioned as a governed data access layer for AI systems.

Source: GitHub — github.com/dosco/graphjin
3.1k
GitHub stars
186
Forks
Go
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorydosco/graphjin
Ownerdosco
Primary languageGo
LicenseApache-2.0 — OSI-approved
Stars3.1k
Forks186
Open issues22
Latest releasev3.18.41 (2026-06-17)
Last updated2026-07-08
Sourcehttps://github.com/dosco/graphjin

What graphjin is

GraphJin compiles GraphQL queries to native database queries across PostgreSQL, MySQL, MongoDB, SQLite, Oracle, MSSQL, and cloud warehouses. Recent versions emphasize agent safety through query validation, allow-lists, role-based access control, and MCP protocol support for Claude/Codex integration. Written in Go with a CLI, REST API, and subscription server.

Quickstart

Get the graphjin source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/dosco/graphjin.gitcd graphjin# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

GraphQL API Layer for Existing Databases

Quickly expose PostgreSQL, MySQL, or MongoDB behind a GraphQL interface without hand-coding resolvers. Useful for teams modernizing APIs or supporting multiple client frameworks.

AI Agent Data Access with Governance

Provide Claude, Codex, or local LLMs safe, discoverable access to operational databases via MCP. Query validation, allow-lists, and audit trails reduce hallucination risks and unauthorized data access.

Multi-Source Data Federation

Join data across PostgreSQL, BigQuery, Snowflake, MongoDB, and file systems (S3/GCS) in a single GraphQL schema. Useful for analytics, data lakes, or cross-system operational queries.

Implementation considerations

  • GraphQL schema inference is automatic but may require tuning for complex legacy databases; review generated schema before exposing to clients.
  • AI agent safety depends on correct configuration of allow-lists, role policies, and MCP tool definitions; misconfiguration could allow unintended data access.
  • Multi-database federation adds latency and complexity; test query plans and cross-source joins thoroughly before production use.
  • Requires Go or Node.js runtime; Docker deployment is supported but adds container orchestration overhead.
  • Database schema changes require GraphJin recompilation/restart; consider impact on zero-downtime deployments.

When to avoid it — and what to weigh

  • You need mature SOAP/XML API layers — GraphJin is GraphQL-first; SOAP or legacy protocol support is not mentioned and likely not a design priority.
  • Your data is already served by a complex custom ORM or framework — Integrating GraphJin may conflict with existing data access patterns or require significant refactoring; best for greenfield or legacy-modernization scenarios.
  • You require HIPAA, PCI-DSS, or SOC2 formal certification — No certification status is documented. Security posture must be independently verified before use in regulated industries.
  • Real-time latency <100ms is critical for all queries — GraphJin performance characteristics for high-frequency trading, ad-serving, or sub-100ms SLA work are not specified in the available data.

License & commercial use

Apache License 2.0 (Apache-2.0). Permissive OSI license permitting commercial use, modification, and distribution with appropriate attribution and liability disclaimers.

Apache-2.0 explicitly permits commercial use without royalty. No license restrictions prevent building proprietary services on GraphJin. Verify any linked third-party dependencies (npm packages, Go modules) for compatible licenses if bundling.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityModerate
DEV.co fitGood
Assessment confidenceMedium
Security considerations

GraphJin implements access controls via roles, read-only boundaries, allow-lists, and encrypted secret storage. MCP policy-aware tool design reduces agent hallucination. However: (1) no formal security audit data provided; (2) schema inference may unintentionally expose sensitive columns if not reviewed; (3) role-based access control effectiveness depends on correct configuration; (4) no mention of SQL injection hardening, parameterized queries, or query normalization in available data—these must be verified in code review; (5) durable state stores (artifacts, watches, events) require secure storage and access control; (6) OAuth setup is standard but requires secure IdP configuration. Recommend threat modeling and security review before using in sensitive environments.

Alternatives to consider

PostGraphile / Apollo Server

Mature GraphQL-to-database tools with strong TypeScript ecosystems and plugin architecture. Better documentation and larger community. Steeper learning curve for multi-database federation.

Hasura

Hosted and self-hosted GraphQL engine with role-based access control, real-time subscriptions, and AI integration via GraphQL API. Paid SaaS option with more formal support; smaller self-hosted community than GraphJin.

Supabase / Firebase

Managed backend-as-a-service with built-in auth, real-time, and AI agent support (via REST/GraphQL). Trade-off: less control over schema and deployment; vendor lock-in vs. GraphJin's open deployments.

Software development agency

Build on graphjin with DEV.co software developers

Download GraphJin, connect your database, and grant Claude or Codex governed access via MCP. Try the coffee-roastery demo or start with your own Postgres in minutes.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

graphjin FAQ

Can I use GraphJin with my existing PostgreSQL or MongoDB?
Yes. GraphJin auto-generates GraphQL schema from your database. Review the generated schema for correctness, then configure roles and allow-lists. Demo examples include PostgreSQL, MySQL, MongoDB, SQLite, and cloud warehouse connectors.
How do I let an AI agent (Claude, Codex) safely query my data via GraphJin?
Deploy GraphJin with MCP enabled. Register it with your AI client using `graphjin mcp add codex` (local) or OAuth for hosted servers. Configure allow-lists and role policies so agents only access intended data. Use `gj_security` and `gj_runtime` tools to let agents check safety before acting.
Is GraphJin secure for production?
GraphJin implements role-based access control, allow-lists, encrypted secrets, and audit observability. No formal security audit is documented in provided data. Conduct security review, threat modeling, and penetration testing before deploying in regulated or high-security environments.
What is the performance overhead compared to direct database queries?
Not specified in available data. GraphJin compiles GraphQL to database-native queries (SQL, MongoDB, etc.). Overhead depends on query complexity, federation across sources, and schema size. Benchmark with your workload before production use.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like graphjin into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source databases stack.

Expose Your Data Safely to AI

Download GraphJin, connect your database, and grant Claude or Codex governed access via MCP. Try the coffee-roastery demo or start with your own Postgres in minutes.