{"id":"grafbase-grafbase","name":"grafbase","homepage":"https://grafbase.com","repo_url":"https://github.com/grafbase/grafbase","category":"api-gateway","subcategories":[],"tags":["graphql","federation","gateway","rust","webassembly","mcp","self-hosted","observability","extensions"],"what_it_does":"Grafbase is a self-hosted GraphQL Federation gateway (built in Rust) for composing and executing Apollo Federation v2 subgraphs, with extensibility via WebAssembly extensions and optional MCP server support.","use_cases":["Unifying Apollo Federation v2 microservices into a single GraphQL API","Federating multiple upstream data sources (GraphQL subgraphs, REST, gRPC, databases, queues) behind one schema","Custom authentication/authorization and request lifecycle logic via WebAssembly extensions","Exposing the GraphQL API as an MCP server for model-context workflows","Self-hosted, high-scale GraphQL gateway deployments (including air-gapped setups)"],"not_for":["Teams that only need a simple single-schema GraphQL server (no federation requirements)","Scenarios requiring a fully managed gateway with no self-hosting responsibility (gateway is self-hosted even in hybrid mode)","Use cases where the absence of publicly verifiable REST/OpenAPI/SDK contracts for the gateway itself is a blocker"],"best_when":"You need a performant, self-hosted GraphQL federation gateway with extension-based customization and potentially MCP integration.","avoid_when":"You require guaranteed, well-specified API contracts for programmatic gateway management via OpenAPI/REST/SDKs without relying on external documentation.","alternatives":["Apollo Router","Cosmo Router","Grafbase (managed/enterprise components)","Other GraphQL federation gateways (e.g., mesh-based gateways)"],"af_score":53.2,"security_score":60.2,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:23:39.767316+00:00","interface":{"has_rest_api":false,"has_graphql":true,"has_grpc":true,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["JWT authentication (gateway feature)","Organization access token for Grafbase Cloud hybrid mode (GRAFBASE_ACCESS_TOKEN)"],"oauth":false,"scopes":false,"notes":"Auth details for the self-hosted gateway are described at a feature level (JWT, federated authorization, rate limiting/trusted documents), but fine-grained scope/permissions model is not specified in the provided README."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"README describes self-hosted gateway and an enterprise/managed cloud option, but no concrete pricing tiers or limits are provided in the supplied content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":["SOC 2 Type II compliant (claimed in README)"],"min_contract":null},"agent_readiness":{"af_score":53.2,"security_score":60.2,"reliability_score":32.5,"mcp_server_quality":50.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":45.0,"tls_enforcement":80.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":45.0,"secret_handling":70.0,"security_notes":"README claims JWT authentication, federated authorization, rate limiting/operation limits/trusted documents, and SOC 2 Type II compliance. However, the provided content does not document detailed authn/authz scope granularity, secret handling practices, or transport/security settings (e.g., explicit HTTPS-only) for all interfaces.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":50.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["The README describes functionality at a high level, but it does not provide machine-consumable API specifications (OpenAPI) or explicit gateway HTTP error/response contracts for automated agent integration.","Hybrid mode relies on an organization access token; ensure proper secret handling for GRAFBASE_ACCESS_TOKEN."]}}