Skill

graphql-inspector-audit

Audits GraphQL operations using GraphQL Inspector CLI for query depth, alias count, directive usage, token count, and complexity to identify performance issues.

GraphQL

Bash

Typescript

api-development

performance

npx claudepluginhub thebushidocollective/han --plugin graphql-inspector

Tool Access

This skill is limited to using the following tools:

ReadWriteEditBashGlobGrep

Preview

Expert knowledge of GraphQL Inspector's audit command for analyzing operation complexity and identifying potential performance issues.

SKILL.md

Similar Skills

graphql-inspector-validate

129

Validates GraphQL operations, queries, mutations, fragments against a schema using GraphQL Inspector CLI. Checks errors, depth, alias/directive counts, complexity, federation.

6 tools

graphql-inspector

graphql-performance

129

Optimizes GraphQL API performance with query complexity analysis, batching, caching strategies, depth limiting, monitoring, tracing, and database query optimization.

no tools

graphql

graphql-operations

Guides writing GraphQL queries, mutations, subscriptions, and fragments with best practices for efficiency, naming, variables, directives, and optimization. Use for data fetching patterns, type generation, linting, and reviews.

5 files1 tool

apollo-skills

Stats

Parent Repo Stars129

Parent Repo Forks14

Last CommitFeb 11, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

GraphQL Inspector - Audit

Expert knowledge of GraphQL Inspector's audit command for analyzing operation complexity and identifying potential performance issues.

Overview

The audit command analyzes GraphQL operations to provide metrics about query depth, directive count, alias count, and complexity. This helps identify operations that may cause performance issues before they reach production.

Core Commands

Basic Audit

# Audit all GraphQL operations
npx @graphql-inspector/cli audit './src/**/*.graphql'

# Audit operations from TypeScript files
npx @graphql-inspector/cli audit './src/**/*.tsx'

# Audit with multiple patterns
npx @graphql-inspector/cli audit './packages/**/*.graphql' './apps/**/*.tsx'

Audit with Schema

# Audit against a specific schema
npx @graphql-inspector/cli audit './src/**/*.graphql' --schema './schema.graphql'

Metrics Analyzed

Query Depth

Measures the maximum nesting level of a query:

# Depth: 4
query UserPosts {
  user {           # 1
    posts {        # 2
      comments {   # 3
        author {   # 4
          name
        }
      }
    }
  }
}

High depth operations can cause:

Slow database queries (N+1 problems)
Memory pressure on resolvers
Long response times

Alias Count

Counts the number of field aliases:

# Alias count: 3
query MultipleUsers {
  admin: user(id: "1") { name }
  moderator: user(id: "2") { name }
  member: user(id: "3") { name }
}

High alias counts can:

Multiply database queries
Increase payload size
Indicate query batching abuse

Directive Count

Counts directives used in the operation:

# Directive count: 4
query ConditionalData($includeEmail: Boolean!, $skipPhone: Boolean!) {
  user {
    name
    email @include(if: $includeEmail)
    phone @skip(if: $skipPhone)
    avatar @cacheControl(maxAge: 3600)
    bio @deprecated
  }
}

Token Count

Counts the total tokens in the operation:

# Higher token count = more complex query
query ComplexQuery {
  users(
    filter: { status: ACTIVE, role: ADMIN }
    orderBy: { field: NAME, direction: ASC }
    pagination: { limit: 10, offset: 0 }
  ) {
    id
    name
    email
    role
    createdAt
    updatedAt
  }
}

Audit Output

The audit command outputs detailed metrics for each operation:

┌──────────────────────────────────────────────────────────────┐
│ GetUser (./src/queries/user.graphql)                         │
├──────────────────────────────────────────────────────────────┤
│ Depth        │ 5                                              │
│ Aliases      │ 0                                              │
│ Directives   │ 2                                              │
│ Tokens       │ 45                                             │
│ Complexity   │ 12                                             │
└──────────────────────────────────────────────────────────────┘

Configuration

Create .graphql-inspector.yaml:

audit:
  documents: './src/**/*.graphql'

  # Thresholds for warnings
  thresholds:
    depth: 10
    aliases: 5
    directives: 10
    tokens: 500
    complexity: 100

CI/CD Integration

GitHub Actions

name: Audit Operations
user-invocable: false
on:
  pull_request:
    paths:
      - 'src/**/*.graphql'
      - 'src/**/*.tsx'

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install Inspector
        run: npm install -g @graphql-inspector/cli

      - name: Audit operations
        run: |
          graphql-inspector audit 'src/**/*.graphql'

Audit Report

Generate a detailed report:

# JSON output for processing
npx @graphql-inspector/cli audit './src/**/*.graphql' --json > audit-report.json

# Human-readable output
npx @graphql-inspector/cli audit './src/**/*.graphql' 2>&1 | tee audit-report.txt

Use Cases

Pre-PR Checks

Run before creating pull requests:

# Script to check operations before PR
#!/bin/bash
echo "Auditing GraphQL operations..."
npx @graphql-inspector/cli audit './src/**/*.graphql'

if [ $? -ne 0 ]; then
  echo "Warning: Some operations may have performance issues"
fi

Periodic Analysis

Schedule regular audits:

# GitHub Action for weekly audit
name: Weekly GraphQL Audit
user-invocable: false
on:
  schedule:
    - cron: '0 9 * * 1'  # Monday 9am

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm install -g @graphql-inspector/cli
      - run: graphql-inspector audit './src/**/*.graphql' --json > audit.json
      - name: Upload audit report
        uses: actions/upload-artifact@v4
        with:
          name: graphql-audit
          path: audit.json

Complexity Budgets

Set limits per operation type:

# Custom thresholds by operation type
audit:
  thresholds:
    queries:
      depth: 10
      complexity: 100
    mutations:
      depth: 5
      complexity: 50
    subscriptions:
      depth: 3
      complexity: 25

Best Practices

Regular audits - Run weekly to catch complexity creep
Set thresholds - Define acceptable limits for your API
Track trends - Monitor metrics over time
Review outliers - Investigate operations with high metrics
Optimize hot paths - Focus on frequently-used operations
Document exceptions - Explain why complex operations are needed
Educate team - Share audit results and best practices
Automate alerts - Notify when thresholds are exceeded

Common Patterns

Reducing Query Depth

Before (depth 6):

query DeepQuery {
  user {
    posts {
      comments {
        author {
          profile {
            avatar
          }
        }
      }
    }
  }
}

After (depth 3):

query FlattenedQuery {
  user {
    posts {
      comments {
        authorName
        authorAvatar  # Denormalized field
      }
    }
  }
}

Reducing Alias Count

Before (5 aliases):

query MultipleUsers {
  user1: user(id: "1") { ...UserFields }
  user2: user(id: "2") { ...UserFields }
  user3: user(id: "3") { ...UserFields }
  user4: user(id: "4") { ...UserFields }
  user5: user(id: "5") { ...UserFields }
}

After (batch query):

query BatchUsers {
  users(ids: ["1", "2", "3", "4", "5"]) {
    ...UserFields
  }
}

Troubleshooting

No operations found

Check glob pattern matches files
Verify files contain valid GraphQL operations
Ensure file extensions are included

Metrics seem wrong

Verify operation is complete
Check for fragment definitions
Review inline fragment usage

Audit is slow

Limit scope with specific globs
Exclude generated files
Use --parallel if available

When to Use This Skill

Performance analysis of GraphQL operations
Identifying complex queries before production
Setting up complexity budgets
Regular codebase health checks
Training developers on query optimization
Pre-release quality gates