AI Code Review for GraphQL APIs

Why GraphQL APIs are harder to audit than REST

REST APIs have a predictable surface area. Each endpoint has a defined request shape and response shape. Rate limiting applies per endpoint. Authentication is checked in middleware before the handler runs. Security review means examining each endpoint in isolation, and the total attack surface is the number of endpoints multiplied by the HTTP methods they accept.

GraphQL changes this model fundamentally. A single endpoint accepts arbitrary queries that can traverse the entire data graph. A client can request a user, their posts, the comments on each post, the authors of each comment, and the posts by each of those authors – all in a single request. The server dutifully resolves each level, generating database queries at each node. The attack surface is not the number of endpoints but the number of possible query shapes, which is effectively unbounded.

This flexibility means that security, performance, and correctness concerns are spread across the schema definition, resolver implementations, data loaders, middleware, and client queries. A vulnerability might exist in the gap between a schema type that exposes a field and a resolver that does not check whether the requesting user is authorised to see that field. Traditional API security scanners that probe endpoints with crafted payloads miss these structural issues because they do not read the server-side resolver code.

Resolver composition adds another dimension. In a well-structured GraphQL server, each field has its own resolver. When resolvers for nested fields trigger independent database queries, the result is an N+1 problem that compounds with query depth. Data loaders (batching patterns) solve this, but only when applied consistently. A single resolver that bypasses the data loader – perhaps added by a developer unfamiliar with the batching layer – reintroduces the N+1 problem for that branch of the graph.

What VibeRails finds in GraphQL codebases

VibeRails performs a full-codebase scan of every schema file, resolver, data loader, middleware, and test file in your GraphQL application. The AI reasons about the interaction between schema design and resolver implementation – not just whether the code compiles, but whether the API is safe, performant, and consistent:

• Query complexity attacks – deeply nested query paths without depth limits, circular type references that allow exponential query expansion, and missing query cost analysis that would prevent resource exhaustion from a single request
• N+1 resolver problems – resolvers that issue individual database queries for each item in a list, missing data loader usage for batch-eligible fields, and data loaders with incorrect cache key strategies that defeat batching
• Over-fetching via resolver chains – parent resolvers that fetch full database rows when child resolvers only need a foreign key, resolver fields that trigger expensive joins regardless of whether the client requested those fields, and eager loading patterns that defeat GraphQL's demand-driven philosophy
• Missing authentication on mutations – mutation resolvers without authentication checks, inconsistent authorisation patterns where some mutations use middleware and others check permissions inline, and admin-only mutations accessible to regular users
• Schema design inconsistencies – mixed naming conventions (camelCase and snake_case), inconsistent pagination patterns (some types use cursor-based, others use offset), nullable fields that should be non-null, and non-null fields that fail at runtime
• Missing rate limiting – GraphQL endpoints without per-query cost limiting, mutations that trigger expensive side effects without throttling, and subscription connections without backpressure controls
• Deprecated field handling – fields marked as deprecated but still used in production queries, deprecated fields without replacement guidance, and fields that should be deprecated but are not marked as such

Each finding includes the file path, line range, severity level, category, and a plain-language description with suggested remediation. The structured output transforms a complex GraphQL layer into an organised inventory of improvements, prioritised by risk.

What linting tools and schema validators miss

GraphQL linting tools like graphql-eslint and schema validators enforce naming conventions and structural rules within schema definitions. They catch typos, undefined types, and convention violations. But they operate on the schema layer alone and cannot reason about what the resolvers actually do.

Consider a GraphQL API where the User type includes an email field. The schema linter sees a valid field of type String. But the resolver for that field returns the email address to any authenticated user, not just the user themselves or an admin. The authorisation gap exists in the resolver, not the schema, and no schema-level tool can detect it. Finding it requires reading the resolver implementation alongside the schema definition and the authentication middleware.

Performance issues follow a similar pattern. A schema might define a posts field on User that returns [Post], and a comments field on Post that returns [Comment]. The schema looks correct. But if the comments resolver does not use a data loader and the posts resolver does not limit the number of results, a single query can trigger thousands of database calls. The schema validator sees valid types; VibeRails sees a denial-of-service vector.

Subscription security is often overlooked entirely. REST APIs do not have persistent connections, so security teams have mental models for request-response authentication. GraphQL subscriptions maintain long-lived WebSocket connections where the initial authentication token might expire mid-session. VibeRails identifies subscription resolvers that validate credentials at connection time but not during event delivery.

Dual-model verification for GraphQL

GraphQL's layered architecture creates genuine ambiguity for automated review. Is that resolver intentionally bypassing the data loader for a field that is rarely queried, or is it a missed optimisation? Is the nullable field a deliberate design choice for backwards compatibility, or an oversight?

VibeRails supports running reviews with two different AI backends – Claude Code and Codex CLI – in sequence. The first pass discovers issues, the second verifies them using a different model architecture. When both models independently flag the same missing authentication check or N+1 resolver path, confidence is high. Disagreements highlight areas where human judgement during triage adds the most value.

From findings to fixes

After triaging findings, VibeRails can dispatch AI agents to implement fixes directly in your local repository. For GraphQL projects, this typically means adding depth and cost limits to the query parser, introducing data loaders for resolvers that trigger N+1 queries, adding authentication checks to unprotected mutations, standardising pagination patterns, and marking outdated fields as deprecated with migration guidance.

Each fix is generated as a local code change you can inspect, test, and commit or discard. The AI works within the conventions of the existing codebase, matching the application's resolver patterns, data loader library, and test framework.

VibeRails runs as a desktop app with a BYOK model – it orchestrates Claude Code or Codex CLI installations you already have. No code is uploaded to VibeRails servers. AI analysis is sent directly to the provider you configured, billed to your existing subscription. The lifetime licence is $299 per developer for the lifetime option (or $19/mo monthly). The free tier includes 5 issues per session to evaluate the workflow.