Graphweaver

Open-source GraphQL API federation, honestly reviewed. Built for developers who are tired of copying data between systems.

TL;DR

• What it is: Open-source (MIT) tool that turns multiple data sources — PostgreSQL, MySQL, SQLite, REST APIs, Salesforce, Xero, Microsoft Dynamics — into a single GraphQL API with an included admin panel [README].
• Who it’s for: Developers and technical founders who have data scattered across several SaaS platforms and databases and want one unified API without replicating data between them [README][website].
• Cost savings: Hasura Cloud’s paid tiers start at $99/mo; Graphweaver self-hosted costs only the VPS it runs on. Pricing data for Graphweaver Cloud (if any exists) was not available at time of review.
• Key strength: Code-first architecture using TypeScript classes and decorators — you own every resolver, can override any behavior, and are never locked into a schema-file abstraction that fights you in production [README].
• Key weakness: 549 GitHub stars is a small community for infrastructure-layer software. Independent reviews were not available for this article, which itself is a signal about adoption level. If the project stalls, you own the code but you also own the problem [README].
• Notable gap: No visible public pricing page, no published community benchmark data, and no meaningful independent review coverage — making pre-purchase due diligence harder than it should be.

---

What is Graphweaver

Graphweaver is a Node.js framework that lets you define a GraphQL API as a collection of TypeScript classes, then back those classes with “data providers” that connect to wherever your data actually lives: a PostgreSQL table, a MySQL database, a REST API, a Salesforce org, a Xero account [README][website].

The core pitch is stated plainly in the README: “the code-first, MAXIMALLY CUSTOMISABLE open source alternative to Hasura.” The problem it’s solving is real and common: you have a CRM holding customer data, an accounting system with invoices, a database with your own app data, and you’re either copying records between them (which breaks), building bespoke glue code (which also breaks), or paying for increasingly expensive middleware [README].

What makes Graphweaver different from schema-file-first tools is that you write TypeScript classes, not YAML. Every entity, every resolver, every permission rule is code you can read, test, and override. The README is explicit about this tradeoff: “Need to override that one operation? Change exactly how your auth tokens are handled? With Graphweaver you’re never constrained because it’s all just a standard GraphQL server.” [README]

The project is built and maintained by Exogee Technology, an Australian software consultancy. The GitHub repository sits at 549 stars as of this review — small for an infrastructure tool, but not zero. The MIT license means you can take the code, modify it, and deploy it anywhere without licensing conversations [README].

---

Why people choose it

Third-party review data for Graphweaver was not available for this article — the tool does not appear in major review aggregators or developer blogs in a way that could be independently synthesized. What follows is based entirely on the official documentation and README.

The self-described reason to choose Graphweaver over alternatives comes down to three things:

Cross-source queries. Most tools let you expose one database as a GraphQL API. Graphweaver lets you write a query that spans sources — filter database records by a field that lives in a CRM, for example — without copying data [README][website]. The website describes this as: “Give me DB records where customer in CRM name is ‘Bob.’” If that’s your actual problem, this is genuinely hard to replicate with other tools.

Code-first flexibility. Hasura and PostGraphile generate GraphQL from your database schema. That’s fast to start and painful when you hit the edges: custom business logic, non-trivial auth rules, operations that don’t map cleanly to CRUD. Graphweaver’s TypeScript-class model means you define the API surface explicitly and override resolvers individually without fighting a configuration system [README].

Included admin panel. Most GraphQL API generators don’t ship a UI. Graphweaver includes a React-based admin panel that reflects all your connected sources, can be extended with custom pages and fields, and gives non-developers a way to view and edit data without building a separate back-office tool [README][website].

The comparison to Hasura is the most useful one. Hasura is faster to start (point it at a Postgres database, get an API in minutes) but charges for features like remote schema stitching, custom business logic at scale, and enterprise auth. Graphweaver requires TypeScript code upfront but gives you everything at the framework level from day one, no per-feature pricing [README].

---

Features

Based on the README and website documentation:

API generation:

• Instant CRUD GraphQL API from any connected data source [README]
• CLI tool that introspects a database and generates TypeScript resolver files automatically [README][website]
• Filters, sorting, and pagination auto-generated for all sources [website]
• Cross-source filters — query across databases and SaaS platforms in a single GraphQL operation [README][website]
• Full override capability: write custom resolvers or replace generated ones entirely [README]

Data sources (pre-built connectors):

• PostgreSQL, MySQL, SQLite [README][website]
• REST APIs [README][website]
• Salesforce (via GraphQL API) [docs]
• Microsoft Dynamics [docs]
• Xero [docs]
• AWS Cognito (as identity provider) [README][docs]
• Contentful, Redis, Mailchimp, Eventbrite visible in website connector list [website]

Security (built-in):

• Role-based access control — assign permissions to roles, assign roles to users [README][website]
• Access control lists per operation (Create, Read, Update, Delete) [README]
• Row-level security — control which rows each user can see or modify [README][website]
• Column-level security — restrict access to specific fields [README][website]
• Identity providers: Local Database auth and Amazon Cognito out of the box [README]

Admin panel:

• View, create, edit, delete data from any connected source [website]
• React.js application you can extend with custom pages and fields [website]
• Not a separate product — ships with the framework [README]

Developer experience:

• TypeScript classes and decorators as the primary API definition method [README][website]
• Code generator outputs files you own and can modify [README]
• Hooks system for lifecycle events [docs]
• Relationship linking between entities across sources [docs]
• Custom queries and mutations alongside generated ones [docs]

---

Pricing: SaaS vs self-hosted math

Pricing data for Graphweaver Cloud (if a managed offering exists) was not publicly available at the time of this review. The website does not link to a pricing page, and no pricing structure appeared in the scraped site content.

Self-hosted (the only clearly documented option):

• Software: $0 (MIT license) [README]
• VPS: $5–20/month on Hetzner, Contabo, DigitalOcean
• Requires Node.js environment; PostgreSQL or another database separate from the app itself

Hasura for comparison (the tool Graphweaver explicitly positions against):

• Free tier: Hasura Cloud free tier exists but with rate limits
• Professional: starts around $99/mo with usage-based scaling
• Enterprise: custom pricing, required for SSO, audit logs, and SLA guarantees
• Self-hosted Hasura Community Edition: free, but enterprise features require the commercial license

If you are currently paying Hasura $99–$300/mo and your needs are covered by Graphweaver’s feature set, the self-hosting math is obvious. The blocker is that Graphweaver requires TypeScript development to configure — this is not a point-and-click migration.

---

Deployment reality check

The README describes Graphweaver as “easy to self host” but the documentation doesn’t provide a specific Docker Compose or one-command install path visible in the scraped content [README]. The quick start is CLI-based: install the Graphweaver CLI via npm or brew, then use it to scaffold a project and introspect your database [website scrape][docs].

What you actually need:

• Node.js environment (the project is a TypeScript/Node framework)
• At least one data source to connect to (your existing PostgreSQL, MySQL, or SaaS credentials)
• A server or cloud function host for the Node.js process
• Familiarity with TypeScript — this is a code-first tool, not a no-code setup

Who this deployment story excludes: Non-technical founders who want to self-host without touching code. The admin panel makes the day-to-day operation non-technical, but initial configuration requires a developer. If you’re comfortable with TypeScript and Node.js, the setup is standard framework scaffolding. If you’re not, you’ll need a developer for the initial build.

What can go sideways:

• The project has 549 stars — small for infrastructure software you’d put in a critical path. That means a smaller pool of community troubleshooting, fewer Stack Overflow answers, and more reliance on the official docs and GitHub issues.
• Exogee Technology is a consulting shop, not a VC-backed product company. That can mean slower feature velocity but also more considered design decisions. It also means the project’s long-term trajectory is tied to one company’s commercial interests in ways that a larger open-source community wouldn’t be.
• Identity provider options are currently Local Database and Amazon Cognito. If you need LDAP, Okta, or another provider, you’re writing a custom implementation [README][docs].

---

Pros and cons

Pros

• MIT license, genuinely. You can read the source, fork it, run it internally, embed it in a product you sell — no license audit needed [README].
• Cross-source queries are the real differentiator. Most tools expose one database. Graphweaver lets you filter and join across sources without ETL pipelines or data replication. If that’s your problem, few tools solve it at this abstraction level [README][website].
• Code-first means no ceilings. Every resolver is overridable TypeScript. When you hit the edge of what the generator produces — and you will — you modify the generated code rather than fighting a configuration DSL [README].
• Admin panel included. Not a separate product, not a plugin, not a paid feature — it ships with the framework and covers all connected sources [README][website].
• Row and column-level security built in. Fine-grained data access control is a first-class feature, not an add-on [README][website].
• Code generator reduces setup time. Point the CLI at an existing database, get TypeScript resolver files that you then own and extend [README].

Cons

• Small community. 549 stars is not enough to guarantee active maintenance or community support if Exogee deprioritizes the project. Compare: PostGraphile has 12K+ stars, Hasura has 30K+ [public data].
• Requires TypeScript. This is a non-starter for teams without a JavaScript/TypeScript developer. Every data source connection, every override, every custom resolver is TypeScript code [README].
• No visible pricing transparency. If a managed hosting option exists, it isn’t clearly published. That makes total cost of ownership harder to calculate before committing [website].
• Limited identity provider support out of the box. Local DB and Amazon Cognito. No Okta, no Google Workspace SAML, no LDAP without custom implementation [README][docs].
• No independent review coverage. The absence of community discussion, comparison articles, and third-party benchmarks at this stage makes risk assessment depend almost entirely on the official documentation — which is always optimistic.
• Exogee Technology dependency. The maintainer is a consulting company, not a product company. Roadmap decisions may reflect consulting client needs rather than broad community needs.

---

Who should use this / who shouldn’t

Use Graphweaver if:

• You have data genuinely scattered across multiple systems (databases + SaaS platforms) and need a unified API without copying records.
• You or your team write TypeScript and are comfortable owning a Node.js service.
• You’re currently paying Hasura or a similar tool and find yourself fighting the schema-first abstraction to implement custom business logic.
• You want an admin panel for non-technical teammates to view and edit data across all sources, without building one yourself.
• You’re building a product that needs fine-grained row and column-level permissions at the data layer.

Skip it if:

• You’re non-technical and want a point-and-click self-hosted setup. This tool requires a developer for initial configuration.
• Your data all lives in one PostgreSQL database. PostGraphile or Supabase will get you to a working GraphQL API faster with a bigger community behind them.
• You need LDAP, Okta, or non-Cognito enterprise SSO out of the box.
• You require a large community and active ecosystem for production infrastructure decisions — 549 stars is not that.
• You’re primarily building for a non-developer end user who needs a no-code admin experience — the Graphweaver admin panel requires React.js extension for customization.

---

Alternatives worth considering

Hasura — the incumbent Graphweaver explicitly targets. Faster to start (schema-file approach, point at Postgres), larger community, but closed-source commercial features (remote joins at scale, enterprise auth) add up quickly. The right choice if you’re Postgres-centric and want maximum convention over configuration.

PostGraphile — generates GraphQL from PostgreSQL schemas. Strictly Postgres-only, but deep Postgres feature support, MIT license, 12K+ stars. Better community than Graphweaver. The choice if your data is entirely in Postgres and you want a mature open-source option.

Supabase — managed Postgres with auto-generated REST and GraphQL APIs, auth, storage. Not self-hosted in the same sense (though open source). The right choice if you’re starting fresh and want a hosted backend-as-a-service with no infrastructure ops.

WunderGraph — API federation tool that stitches together GraphQL, REST, and database sources into a unified API. Developer-focused, TypeScript-native, more active community than Graphweaver. Worth evaluating if cross-source federation is your primary need.

Prisma + custom GraphQL server — build your own GraphQL layer using Prisma as the ORM. More work than any of the above options, but complete control with a very active ecosystem. The choice for teams who want no framework constraints and have engineering capacity.

Directus — self-hosted headless CMS and data platform. Not a GraphQL federation tool, but includes an admin panel, REST and GraphQL APIs, and fine-grained permissions. Better community than Graphweaver and more polished admin UI. Consider it if your use case is content and data management rather than API federation.

---

Bottom line

Graphweaver solves a real problem — data fragmented across databases and SaaS platforms — with a technically sound approach: code-first TypeScript, override-everything architecture, genuine cross-source query federation, and an included admin panel. The MIT license is clean and the security feature set (row-level, column-level, RBAC) is production-grade on paper. For a TypeScript team that currently has Hasura and is hitting the walls of its configuration model, Graphweaver is worth a serious evaluation.

The honest caveat is that 549 GitHub stars is a thin community floor for infrastructure you’ll depend on. There are no independent reviews to cross-reference, no public pricing transparency, and the maintainer is a consulting company rather than a dedicated product team. That’s not disqualifying — plenty of excellent open source tools start small — but it means the due diligence burden falls on you: read the source, run the demo at demo.graphweaver.com, and make sure the project’s commit velocity is acceptable before putting it in a production critical path.

If you’re a non-technical founder who needs this kind of data unification, the deployment story requires a developer. That’s the deployment a studio like upready.dev handles as a one-time engagement: get it running, configured, and handed off, so you own the infrastructure without needing to understand every line of TypeScript.

---

Sources

Primary sources (all claims about features, license, architecture):

• Graphweaver GitHub Repository and README — Exogee Technology. https://github.com/exogee-technology/graphweaver (549 stars, MIT license)
• Graphweaver Official Website — https://graphweaver.com/
• Graphweaver Documentation — https://graphweaver.com/docs

Note: Third-party review articles provided as sources [1]–[4] were unrelated to Graphweaver (celebrity content) and were not used. No independent developer reviews of Graphweaver were available for synthesis at time of writing.