ceven

Grafbase

Manages your GraphQL infrastructure by automating schema deployments, auditing API access, and configuring MCP servers to bridge your data to AI agents.

Try Grafbase in Ceven

Ask Ceven anything
Standard

Why use Ceven?

  1. AI native Grafbase integration

    • Describe the outcome and Ceven picks the right Grafbase calls, fills the parameters, and checks the result.
    • Structured, agent friendly tool schemas so each call runs reliably instead of by guesswork.
    • Rich coverage for reading, writing, and querying your Grafbase data, across all 28 of its actions.

  2. Managed auth

    • Built in OAuth with automatic token refresh and rotation.
    • One place to manage, scope, and revoke Grafbase access.
    • Per user and per environment credentials instead of shared keys.

  3. Agent optimized design

    • Actions are tuned from real success and error rates so reliability climbs over time.
    • Full execution logs so you always know what ran in Grafbase, when, and on whose behalf.
    • The agent pauses and asks when Grafbase is unclear instead of plowing ahead.

  4. Enterprise grade security

    • Fine grained access so you control which agents and people can reach Grafbase.
    • Least privilege by default, read scopes first and only the writes a workflow needs.
    • A full audit trail of every Grafbase action to support review and sign off.

Supported tools

Every action Ceven's agents can run on Grafbase, and when to use it.

Delete API Key
Use this to revoke access by removing a specific API key after confirming the key ID.
Delete Extension
Remove an extension configuration from the project using the extension ID.
Delete MCP Server
Remove a Model Context Protocol server configuration by its unique ID.
Delete Schema
Remove a specific schema from the registry after confirming its ID.
Delete Schema Check
Remove a specific schema check record by its ID after reviewing the registry.
Disable MCP server
Turn off the Model Context Protocol server via API after it has been enabled.
Enable MCP Server
Activate Model Context Protocol support for a Grafbase project.
Get Audit Log
Pull a specific audit log entry using the audit log ID.
Get Federated Schema
Retrieve the full SDL for the composed federated graph after deployment.
Get Schema Check
Inspect the result of a specific schema check by its ID.
Get Subgraph Schema
Pull the GraphQL SDL of a specific subgraph by its name.
List API Keys
Retrieve all API keys associated with a project for auditing purposes.
List Extensions
Pull all extensions configured for a Grafbase project.
List MCP Servers
Retrieve all configured Model Context Protocol servers for a project.
List Schemas
Retrieve all schemas currently stored in the registry.
List Subgraphs
Retrieve endpoints of all published subgraphs in a specific branch.
Delete Grafbase API Key
Tool to delete an existing API key. Use after confirming the key ID to revoke access.
Delete Grafbase Audit Log
Tool to delete a specific Grafbase audit log entry. Note: As of current Grafbase public documentation, there is no documented API to delete audit logs programmatically. This action will attempt a best effort REST DELETE to `/audit logs/{id}
Delete Grafbase Schema
Tool to delete a Grafbase schema. Use when you need to remove a specific schema from the registry after confirming its ID.
Enable Grafbase MCP Server
Tool to enable the Model Context Protocol (MCP) server for a Grafbase project. Use when you need to activate MCP support; if the API endpoint is not supported, this returns guidance for enabling via configuration.
Get Grafbase Audit Log
Tool to retrieve a specific Grafbase audit log entry. Use after confirming the audit log ID exists.
Get Grafbase Schema Check
Tool to retrieve the result of a schema check by its ID. Use when you need to inspect a specific schema check after running a check via CLI or API.
List Grafbase Audit Logs
Tool to list all audit logs for a project. Use when you need to retrieve historical events (up to 90 days). Note: As of current Grafbase public documentation, there is no documented API to list audit logs programmatically. This action will
List Grafbase Schema Checks
Tool to list all Grafbase schema checks for a project. Use when you need to review past schema validation runs.
List Grafbase Schemas
Tool to list all Grafbase schemas. Use when you need to retrieve all schemas in the registry.
List Grafbase Subgraphs
Tool to list published subgraphs in a branch. Use when you need to retrieve endpoints of all subgraphs for a given branch.

26 actions · scroll to see them all

Frequently asked questions

Ceven uses a secure token based approach to interact with the Grafbase management API. You provide your access token through the Ceven connection panel, which is then encrypted at rest using AES 256. The agent uses this token to authenticate every request to the Grafbase registry and management endpoints. We do not store your token in plain text, and it is never exposed to the LLM during the prompt construction phase. You can revoke the token from your Grafbase settings at any time, which immediately cuts off Ceven access to your schemas and API keys without requiring any further action in the Ceven dashboard.
Ceven can manage the lifecycle of your schemas by interacting with the registry. While the agent can list, retrieve, and delete schemas, the actual deployment of a new SDL typically happens through your CI CD pipeline or the Grafbase CLI. However, Ceven can act as the orchestrator that triggers those pipelines or verifies the results. For example, you can build a workflow where Ceven monitors a GitHub pull request, pulls the proposed SDL, runs a schema check via the Grafbase API, and then posts the validation result back to the PR as a comment before a human approves the merge.
A critical limitation to keep in mind is that Grafbase audit logs are only retained for 90 days. When you use Ceven to list or retrieve audit logs, the agent can only access data within this window. If you need long term compliance records, you should set up a Ceven workflow that periodically pulls these logs and archives them into a permanent store like BigQuery or an S3 bucket. Additionally, certain programmatic deletions of audit logs may not be supported by the Grafbase API depending on your current plan tier, as some logs are immutable for security and compliance reasons.
The Model Context Protocol or MCP allows AI agents to access your data with a standardized interface. Ceven can programmatically enable or disable these servers for your project, meaning you can create a workflow that toggles data access based on the time of day or the user role. The agent can list all active MCP servers to ensure your AI agents have the correct context windows open. If a server is misconfigured, Ceven can delete the server configuration and recreate it with the correct parameters, reducing the time spent on manual infrastructure debugging.
Yes, by using the schema check tools. Ceven can be configured to pull the current federated schema and compare it against a new subgraph SDL. By calling the schema check endpoint, the agent retrieves a detailed report of any conflicts or breaking changes. Instead of you manually reading a JSON response, Ceven summarizes the error, identifies exactly which field is causing the conflict, and can even suggest a fix based on the existing schema patterns. This creates a safety net that prevents production outages caused by incompatible subgraph updates.
Yes, all calls made by Ceven are subject to the rate limits of your Grafbase account tier. If your workflow involves listing thousands of schemas or running hundreds of schema checks in a short burst, you may encounter a 429 Too Many Requests error. Ceven handles this by implementing an exponential backoff strategy, meaning the agent will wait and retry the request automatically. To avoid these bottlenecks, we recommend designing workflows that use specific IDs for retrieval rather than listing all resources and filtering them within the agent context.
Ceven is highly effective for security rotations. You can build a monthly workflow that lists all current API keys, identifies those that have not been rotated in 30 days, creates a new key for the service, and then deletes the old key. Because Ceven has access to both the list and delete actions, it can automate the entire cycle. You can also set up an alert where if an audit log shows a spike in errors from a specific key, Ceven automatically revokes that key and notifies the security team via Slack or email.
Ceven uses the list subgraphs action to query specific branches within your Grafbase project. This is particularly useful for testing environments where you have a staging branch and a production branch. The agent can pull the endpoints for all subgraphs in the staging branch, verify that they are all reachable, and then compare their SDLs against the production branch. This ensures that your environment parity is maintained and that no subgraph was accidentally left out of a deployment cycle before you promote the branch to production.

Alternatives to Grafbase

Other tools that solve a similar problem. Ceven supports these too, so you can switch or run more than one at once.

Apollo GraphQL logoApollo GraphQLHasura logoHasuraAWS AppSync logoAWS AppSync

Try Ceven on your stack

Plug Ceven on top of the tools you already run. Connect Grafbase and the rest of your stack, describe the outcome, and its agents handle the work end to end, days of it in minutes.

Get started for free