I
Implement Graphql Api Runner
Battle-tested command for implement, graphql, comprehensive, schema. Includes structured workflows, validation checks, and reusable patterns for setup.
CommandClipticssetupv1.0.0MIT
0 views0 copies
Implement GraphQL API Runner
Build a production-ready GraphQL API with schema design, optimized resolvers, DataLoader integration, real-time subscriptions, and security controls for your detected framework.
When to Use This Command
Run this command when...
- You need to implement a GraphQL API from scratch with type definitions, queries, mutations, and subscriptions
- You want DataLoader integration to prevent N+1 query problems and optimize database access patterns
- You need real-time capabilities with WebSocket subscriptions for live data updates
- You are building a federated GraphQL architecture with Apollo Federation or schema stitching
- You want query complexity analysis, depth limiting, and rate limiting to protect your GraphQL endpoint
Quick Start
# .claude/commands/implement-graphql-api-runner.yaml name: Implement GraphQL API Runner description: Build production-ready GraphQL API with resolvers and subscriptions inputs: - name: approach description: "schema-first, code-first, or federation" default: "schema-first"
# Build schema-first GraphQL API claude "implement-graphql-api --approach schema-first" # Build with Apollo Federation claude "implement-graphql-api --approach federation --services users,products,orders"
Output:
[detect] Framework: Apollo Server 4 (Express)
[schema] Designed 6 types, 12 queries, 8 mutations, 3 subscriptions
[resolvers] Generated resolvers with DataLoader integration
[auth] Added JWT context and field-level authorization
[security] Query depth limit: 10, complexity limit: 1000
[playground] GraphQL Playground enabled at /graphql
Done. GraphQL API ready with 29 operations.
Core Concepts
| Concept | Description |
|---|---|
| Schema Design | Type definitions with custom scalars, enums, interfaces, and union types for expressive data modeling |
| Resolver Architecture | Modular resolvers with authentication context, error handling, and database abstraction |
| DataLoader Pattern | Batch loading and per-request caching to eliminate N+1 queries across resolver chains |
| Subscriptions | WebSocket-based real-time updates using pub/sub patterns for live data streaming |
| Query Protection | Depth limiting, complexity scoring, and rate limiting to prevent abuse and resource exhaustion |
GraphQL Architecture:
Client
ā
āāā¼āāāāāāāāāāāāāāā
ā GraphQL Layer ā
āāāāāāāāāāāāāāāāāāā¤
ā Schema ā āāāāāāāāāāāāāā
ā āāā Queries āāāā>ā Resolvers ā
ā āāā Mutations ā ā āāā Auth ā
ā āāā Subscriptions ā āāā CRUD ā
āāāāāāāāāāāāāāāāāāā ā āāā Sub ā
āāāāāāā¬āāāāāāā
ā
āāāāāāā¼āāāāāāā
ā DataLoader ā
ā (Batching) ā
āāāāāāā¬āāāāāāā
ā
āāāāāāā¼āāāāāāā
ā Database ā
āāāāāāāāāāāāāā
Configuration
| Parameter | Type | Default | Description |
|---|---|---|---|
approach | string | "schema-first" | Architecture: schema-first, code-first, or federation |
services | string | "" | Comma-separated federated service names (for federation approach) |
subscriptions | boolean | true | Enable WebSocket subscriptions for real-time features |
depth_limit | integer | 10 | Maximum allowed query nesting depth |
complexity_limit | integer | 1000 | Maximum query complexity score before rejection |
Best Practices
- Use DataLoader everywhere -- Every resolver that accesses a database should go through a DataLoader. This prevents the N+1 problem that is especially severe in GraphQL due to nested resolvers.
- Implement field-level authorization -- Do not rely solely on endpoint-level auth. Use GraphQL directives or resolver middleware to check permissions per field, especially for sensitive data.
- Set conservative query limits -- Start with depth limit 10 and complexity 1000. Monitor actual query patterns in production and adjust upward only when legitimate use cases demand it.
- Version through schema evolution -- GraphQL APIs should not be versioned like REST. Instead, deprecate fields with
@deprecatedand add new fields alongside old ones for backward compatibility. - Enable introspection only in development -- Disable schema introspection in production to prevent attackers from discovering your full API surface. Keep it enabled in dev for tooling.
Common Issues
- N+1 queries despite DataLoader -- DataLoader batches within a single tick. If resolvers use async/await incorrectly, batching windows may not align. Verify that DataLoader keys are collected before any await.
- Subscription memory leaks -- WebSocket connections that are not properly cleaned up consume server memory. Implement connection timeout handling and graceful disconnect logic.
- Schema stitching conflicts -- Federated services with overlapping type names cause merge errors. Use the
@keydirective and explicit type extensions to resolve ownership conflicts.
Community
Reviews
No reviews yet. Be the first to review this template!
Similar Templates
$
Git Commit Message Generator
Generates well-structured conventional commit messages by analyzing staged changes. Follows Conventional Commits spec with scope detection.
Command
60
View ā$
React Component Scaffolder
Scaffolds a complete React component with TypeScript types, Tailwind styles, Storybook stories, and unit tests. Follows project conventions automatically.
Command
00
View ā$
CI/CD Pipeline Generator
Generates GitHub Actions workflows for CI/CD including linting, testing, building, and deploying. Detects project stack automatically.
Command
00
View ā