v3 · Apache 2.0

The context layer for your AI agents.

Most teams hand-wire a brittle API or tool for every question an agent might ask. GraphJin gives agents one governed graph to explore instead - every database, file, API, and your own source code, joined in a single GraphQL query that's simpler than SQL.

Explore within bounds - one config controls what every agent can discover, query, run, change, and never touch.

01Auto-learnschema + sources

02Compileoptimized DB work

03Governpolicy boundaries

04Audithuman/model review

Get started How it works

The problem

Your agent is only as good as what it can see.

A capable model still enters your stack blind. It doesn't know your schema, your permissions, your saved queries, or where a field is written in code - so it works from memory and guesses.

A tool for every question

You hand-write a brittle API or MCP tool for each thing an agent might ask. The surface never keeps up, and every new question is new glue code.

Guesses, not facts

Without a map, agents invent joins, fake fields, and confuse API shape with database shape. Every translation is a chance to drift.

Too risky for production

Handing an agent raw credentials means hoping it guesses right - so it stays read-only, shallow, or boxed out of the systems that matter.

The fix isn't a smarter prompt. It's giving the agent the map - and the guardrails.

What GraphJin is

One graph your agent can explore - within bounds you set.

Instead of brittle hand-written APIs, point GraphJin at the systems you already run. It auto-learns the shape and exposes one governed graph the agent can explore: a single GraphQL query - far simpler than SQL for most models - across every database, file, remote API, and your own source code, including the relationships across them.

Not another MCP-to-database connectorNot a pile of hand-written wrappersNot a prompt full of guesses

Explore, don't guess

Discover schemas, relationships, and examples from the live system, not from memory.

One query, every system

Databases, files, APIs, and code join in a single request.

Within bounds

One config decides what each agent can see, run, and change.

There's nothing else that turns your data and your code into one governed surface an agent can safely explore.

See it work

Ask in plain English. Get real data back.

Claude Desktop, Codex, or any MCP client talks to GraphJin. The agent discovers the shape, validates its query, and GraphJin compiles it into one optimized database query - then answers with rows it can reason over.

Claude Desktop

who's the top customer?

query_catalog

discover -> customers · purchases · products (2 relationships)

validate_where_clause

validate -> filters ok on customers, purchases · order_by total_spent

execute_graphql

{ customers { id full_name email purchases { quantity product { price } } } }

one optimized query, no N+1, no resolvers

SELECT json_agg(__sj.json) AS customers
FROM customers AS c
LEFT JOIN LATERAL (
  SELECT sum(p.quantity * pr.price) AS total_spent
  FROM purchases p
  JOIN products pr ON pr.id = p.product_id
  WHERE p.customer_id = c.id
) __agg ON true
ORDER BY __agg.total_spent DESC NULLS LAST
LIMIT 5;

Done

Based on the purchase data, here are the top customers ranked by total spend:

RankCustomerEmailOrdersItemsTotal Spent

01Antwan Friesenfrancohirthe@medhurst.com20124$928.45

02Lon Cruickshankmargaretbailey@ruecker.info2094$586.50

03Susana Schaeferjewelpowlowski@osinski.biz2091$580.72

Antwan Friesen is the top customer with almost $1,000 in purchases, about 60% more than the runner-up.

Try it yourself

Databases

Works with all your databases.
And more.

Point GraphJin at as many systems as you need - Postgres for users, MySQL for orders, Snowflake, Redshift, and BigQuery for analytics, Cassandra or Keyspaces for CQL workloads, MongoDB for events, HTTP APIs for remote services, object storage for files, and CodeSQL for source trees - and query them through a single GraphQL endpoint. Joins, remote joins, subscriptions, search, and mutations compose across systems in one request, so an AI assistant can reason across the data, APIs, files, and code without learning every backend.

PostgreSQL

MySQL

MariaDB

MongoDB

SQLite

SQL Server

Oracle

CockroachDB

YugabyteDB

Snowflake

Redshift BigQuery Cassandra / Keyspaces

AWS Aurora

Cloud SQL HTTP APIs S3 / GCS / Files Code

How it works

One compiler. Any system. Any client.

Point GraphJin at databases, object storage, source trees, and remote APIs. It's a compiler, not a resolver framework: it learns the live shape, plans the work, and emits one optimized database operation - then enforces RBAC and serves AI assistants, REST clients, and federated routers from the same engine. No N+1, no resolver code, test-backed against real compiler paths.

The agent loop

Discover, check, validate, act.

GraphJin is the operating graph agents use to understand a real organization. It auto-learns the live surface, compiles GraphQL into database and source-backed work, and keeps policy visible enough for both humans and models to inspect.

gj_catalog -> evidence -> gj_security -> validate/preview -> governed action -> observe/refresh

01 - Discover

gj_catalog

Find schemas, relationships, syntax, workflows, capabilities, examples, and evidence before choosing a path.

02 - Check

gj_security

Read effective policy and high-risk findings before config, workflow, file, code, or mutation actions.

03 - Validate

preview

Validate filters, inspect generated work, run approved workflows, or preview CodeSQL changes before applying.

04 - Act

governed surface

Execute through GraphQL, MCP, saved queries, workflows, and guarded source operations instead of raw credentials.

Security model

Safer agents, not smaller agents.

GraphJin makes agents safer by giving them explicit boundaries, not by making them blind. Agents can explore more of the live organization because policy, evidence, and action paths are inspectable and enforced.

One config defines the AI surface.

Humans can review and diff the policy. Models can inspect the same posture through gj_catalog and gj_security before acting. GraphJin enforces that policy across GraphQL, MCP, workflows, code, files, APIs, and databases.

RBAC and row filters

Roles, table permissions, column blocks, automatic filters, and mutation limits are enforced inside the compiler.

Saved queries and allow-lists

Production agents can run named, reviewed query contracts instead of inventing arbitrary operations at runtime.

Read-only source boundaries

Filesystems, CodeSQL, databases, and control-plane tables can expose discovery without granting writes.

Preview before change

CodeSQL change sets require file hashes, exact ranges, old text, optional locks, and a preview/apply loop.

policy-before-action.graphql

query {
  summary: gj_security(id: "summary") {
    mode
    summary
    summary_json
  }

  findings: gj_security(
    where: {
      kind: { eq: "finding" }
      severity: { in: ["high", "critical"] }
    }
    order_by: { severity_rank: desc }
  ) {
    severity
    title
    recommendation
    evidence_json
  }
}

Policy before action: agents check high-risk findings, effective permissions, and read-only state before requesting a write, workflow execution, config update, file operation, or code edit.

AI integration

Connect any agent over MCP, in one command.

GraphJin ships a built-in Model Context Protocol (MCP) server - so Claude, Codex, or any MCP client can explore and query your data through the same governed surface.

One command wires GraphJin into Claude Desktop, Codex, or any MCP host. From there the agent discovers what exists, validates its query, checks policy, and runs only what you've approved - no hand-written tool for every question.

Run it locally for development, or as a hosted HTTP endpoint for your team - gated by MCP OAuth or the same JWT/OIDC identity as the main API.

terminal

# local/dev helper
graphjin mcp add codex
graphjin mcp add claude

# direct client URL
codex mcp add graphjin --url http://localhost:8080/api/v1/mcp
claude mcp add --transport http graphjin http://localhost:8080/api/v1/mcp

# hosted GraphJin with OAuth
codex mcp add graphjin --url https://graphjin.example.com/api/v1/mcp
claude mcp add --transport http graphjin https://graphjin.example.com/api/v1/mcp

Code intelligence

CodeSQL: query your code as well.

CodeSQL indexes your source tree into a read-only SQLite graph. Agents can ask where a column is used, which code references it, which symbol owns that reference, and what guarded change set would update it - all through the same GraphQL interface.

agent asksWhere is users.email used?

GraphQL · gj_code

query {
  gj_code(where: {
    name: { eq: "users.email" }
    kind: { eq: "db_ref" }
  }) {
    path
    symbol_name
  }
}

matched rows3

api/users.gogetUser

api/invoices.tscreateInvoiceHandler

graph/schema.gouserType

tree-sitter → read-only SQLite

kind=filekind=symbolkind=db_refkind=doc

In the box

A full backend, not just an agent gateway.

The same binary and config that govern the AI surface also run your realtime, files, remote APIs, auth, and federation - no extra services to operate.

1Auditable config for agent access across the AI surface.

12+Database and warehouse engines through one GraphQL surface.

0Lines of resolver code. The compiler does the work.

Files as tables

Uploads stream to local disk, S3, R2, or GCS; each bucket is a queryable table you can join with the rest of your schema.

API

Remote APIs

Drop in an OpenAPI 3 spec and its operations become joinable, RBAC-aware fields with per-spec auth caching.

Realtime

Subscribe with the same GraphQL; cursor-based SSE and WebSocket streams resume after a drop, with polls batched into one statement.

JWT

Authentication

JWT and OIDC from Auth0, Firebase, Okta, or any JWKS - one auth pipeline across HTTP, WebSocket, SSE, and MCP.

Workflows

Discover approved workflows and run them through GraphQL, REST, MCP, or the CLI.

RDS

Caching

Response caching on Redis with an in-memory fallback and stale-while-revalidate.

CLI

One binary CLI

Dev server, database toolchain, device-code login, and MCP wiring. What runs in CI matches production.

FED

Federation

Advanced: flip a flag and every keyed table becomes an Apollo Federation v2 subgraph.

Get started

Run it in under a minute.

Two commands: start GraphJin with the built-in demo, then connect your agent.

Start GraphJin with the demo schema

terminal

npx graphjin serve --demo

Prefer a binary? brew install dosco/graphjin/graphjin or curl -fsSL https://graphjin.com/install.sh | bash

Connect your AI client

terminal

graphjin mcp add claude

Using Codex? graphjin mcp add codex

That's it. Open the web UI at localhost:8080 or ask from your MCP client - GraphJin learns the demo schema and answers with real rows.

Read the quick start Browse examples

The context layer for your AI agents.

Your agent is only as good as what it can see.

A tool for every question

Guesses, not facts

Too risky for production

One graph your agent can explore - within bounds you set.

Explore, don't guess

One query, every system

Within bounds

Ask in plain English. Get real data back.

Works with all your databases.And more.

One compiler. Any system. Any client.

Discover, check, validate, act.

gj_catalog

gj_security

preview

governed surface

Safer agents, not smaller agents.

One config defines the AI surface.

RBAC and row filters

Saved queries and allow-lists

Read-only source boundaries

Preview before change

Connect any agent over MCP, in one command.

CodeSQL: query your code as well.

A full backend, not just an agent gateway.

Files as tables

Remote APIs

Realtime

Authentication

Workflows

Caching

One binary CLI

Federation

Run it in under a minute.

Start GraphJin with the demo schema

Connect your AI client

Works with all your databases.
And more.