Pothos GraphQL

TypeScript-first GraphQL schema builder with a plugin system. Define GraphQL schemas using TypeScript code — no SDL files. Provides excellent type inference where resolver args and return types are inferred from schema definition. Plugin ecosystem includes: Relay, Prisma, Drizzle, Auth, Complexity, DataLoader, Errors, and more. Used as the code-first alternative to SDL-first tools like nexus or type-graphql.

Evaluated Mar 06, 2026 (0d ago) v3.x

Homepage ↗ Repo ↗ Developer Tools graphql schema-builder typescript code-first plugins relay drizzle prisma

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

TypeScript-first schema builder. Field-level authorization via scope-auth plugin. HTTPS for all requests. ISC licensed.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You want TypeScript-first, code-driven GraphQL schema building with excellent type inference and a rich plugin system for Prisma, Relay, and auth.

Avoid When

You prefer SDL-first development or need automatic API generation from a database — Pothos requires manually defining the schema in code.

Use Cases

• Build type-safe GraphQL schemas in TypeScript where resolver types are inferred from schema definition — no manual type declarations
• Integrate with Prisma using pothos-plugin-prisma for automatic Prisma model to GraphQL type mapping
• Implement Relay-compatible pagination (connections, edges, nodes) using pothos-plugin-relay without manual boilerplate
• Build authorization in GraphQL schemas using pothos-plugin-scope-auth for field-level and object-level permission checks
• Create error handling patterns using pothos-plugin-errors to expose typed errors as GraphQL union types

Not For

• SDL-first teams — Pothos is code-first; teams preferring SDL files should use GraphQL Yoga with SDL
• Python/Ruby backends — Pothos is TypeScript/Node.js only
• Teams wanting auto-generated GraphQL from database — use PostGraphile or Hasura for database-driven generation

Interface

REST API

GraphQL

Yes

gRPC

MCP Server

SDK

Yes

Webhooks

Authentication

Methods: api_key bearer_token

OAuth: No Scopes: Yes

pothos-plugin-scope-auth provides field-level and object-level authorization. Auth logic is TypeScript-defined in schema builder configuration.

Pricing

Model: open_source

Free tier: Yes

Requires CC: No

ISC licensed. Completely free. Maintained by Michael Hayes.

Agent Metadata

Pagination

cursor

Idempotent

Full

Retry Guidance

Not documented

Known Gotchas

⚠ Pothos requires a SchemaBuilder instance with correct type parameters — incorrect builder configuration causes confusing type errors throughout the schema
⚠ Plugin types must be declared in SchemaBuilder generic parameters — missing plugin type declaration causes TypeScript errors when using plugin features
⚠ Circular references between types require using () => Type pattern in Pothos — direct circular references cause build errors
⚠ pothos-plugin-prisma requires Pothos to know the full Prisma schema — regenerate Pothos types when Prisma schema changes
⚠ Relay connections require correct Node interface implementation — each relayable type must implement the global Node interface
⚠ pothos-plugin-scope-auth runs synchronously during resolve — async auth checks require careful setup to avoid hanging resolvers

Alternatives

graphql-yoga-api apollo-server-api postgraphile-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Pothos GraphQL.

$99

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.