Hasura — Instant GraphQL API on PostgreSQL
## Overview
Best use case
Hasura — Instant GraphQL API on PostgreSQL is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
## Overview
Teams using Hasura — Instant GraphQL API on PostgreSQL should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/hasura/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How Hasura — Instant GraphQL API on PostgreSQL Compares
| Feature / Agent | Hasura — Instant GraphQL API on PostgreSQL | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
## Overview
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Hasura — Instant GraphQL API on PostgreSQL
## Overview
Hasura, the GraphQL engine that gives the user instant, real-time GraphQL APIs over PostgreSQL (and other databases). Helps developers set up Hasura, configure permissions, write custom business logic with Actions and Event Triggers, and optimize GraphQL queries for production.
## Instructions
### Quick Start
```bash
# Docker Compose for local development
cat > docker-compose.yml << 'EOF'
version: "3.6"
services:
postgres:
image: postgres:16
environment:
POSTGRES_PASSWORD: postgrespassword
volumes:
- pgdata:/var/lib/postgresql/data
hasura:
image: hasura/graphql-engine:v2.42.0
ports:
- "8080:8080"
environment:
HASURA_GRAPHQL_DATABASE_URL: postgres://postgres:postgrespassword@postgres:5432/postgres
HASURA_GRAPHQL_ADMIN_SECRET: mysecretkey
HASURA_GRAPHQL_ENABLE_CONSOLE: "true"
HASURA_GRAPHQL_DEV_MODE: "true"
HASURA_GRAPHQL_ENABLED_LOG_TYPES: startup,http-log,query-log
depends_on:
- postgres
volumes:
pgdata:
EOF
docker compose up -d
# Console at http://localhost:8080/console
```
### Auto-Generated API
```graphql
# After creating a "users" table in PostgreSQL,
# Hasura auto-generates these operations:
# Query all users with filtering, sorting, pagination
query {
users(
where: { plan: { _eq: "pro" }, created_at: { _gte: "2026-01-01" } }
order_by: { created_at: desc }
limit: 20
offset: 0
) {
id
email
plan
created_at
# Nested relationship (auto-detected from foreign keys)
posts(where: { published: { _eq: true } }) {
id
title
}
posts_aggregate {
aggregate { count }
}
}
# Aggregation
users_aggregate(where: { plan: { _eq: "pro" } }) {
aggregate {
count
avg { lifetime_value }
}
}
}
# Insert
mutation {
insert_users_one(object: {
email: "new@example.com"
plan: "free"
}) {
id
}
}
# Update
mutation {
update_users(
where: { id: { _eq: "user-123" } }
_set: { plan: "pro" }
) {
affected_rows
returning { id plan }
}
}
# Real-time subscription
subscription {
users(where: { online: { _eq: true } }) {
id
email
last_seen
}
}
```
### Permissions (Row-Level Security)
```yaml
# metadata/databases/default/tables/public_orders.yaml
# Fine-grained permissions per role
table:
name: orders
schema: public
# Select: users can only see their own orders
select_permissions:
- role: user
permission:
columns: [id, amount, status, created_at]
filter:
user_id: { _eq: X-Hasura-User-Id }
limit: 100
# Admin role: see all orders
- role: admin
permission:
columns: "*"
filter: {}
allow_aggregations: true
# Insert: users can create orders for themselves
insert_permissions:
- role: user
permission:
columns: [amount, items, shipping_address]
set:
user_id: X-Hasura-User-Id # Auto-set from auth token
status: pending # Force initial status
check:
amount: { _gt: 0 } # Validate: positive amount
# Update: users can only cancel their pending orders
update_permissions:
- role: user
permission:
columns: [status]
filter:
user_id: { _eq: X-Hasura-User-Id }
status: { _eq: "pending" }
set: {}
check:
status: { _eq: "cancelled" } # Can only set to cancelled
```
### Actions (Custom Business Logic)
```yaml
# metadata/actions.yaml — Extend GraphQL with custom resolvers
actions:
- name: processPayment
definition:
kind: synchronous
handler: http://api:3000/actions/process-payment
type: mutation
arguments:
- name: order_id
type: uuid!
- name: payment_method
type: String!
output_type: PaymentResult
permissions:
- role: user
```
```typescript
// api/actions/process-payment.ts — Action handler
export default async function handler(req: Request) {
const { input, session_variables } = await req.json();
const userId = session_variables["x-hasura-user-id"];
const { order_id, payment_method } = input;
// Verify order belongs to user
const order = await db.query("SELECT * FROM orders WHERE id = $1 AND user_id = $2", [order_id, userId]);
if (!order.rows[0]) return Response.json({ error: "Not found" }, { status: 404 });
// Process payment via Stripe
const charge = await stripe.charges.create({
amount: order.rows[0].amount,
currency: "usd",
source: payment_method,
});
// Update order status
await db.query("UPDATE orders SET status = 'paid', payment_id = $1 WHERE id = $2", [charge.id, order_id]);
return Response.json({ success: true, payment_id: charge.id });
}
```
### Event Triggers
```yaml
# metadata/databases/default/tables/public_orders.yaml
event_triggers:
- name: on_order_paid
definition:
enable_manual: false
insert:
columns: "*"
update:
columns: [status]
retry_conf:
num_retries: 3
interval_sec: 10
webhook: http://api:3000/webhooks/order-paid
headers:
- name: x-webhook-secret
value_from_env: WEBHOOK_SECRET
```
```typescript
// api/webhooks/order-paid.ts — Event trigger handler
export default async function handler(req: Request) {
const { event } = await req.json();
const { old: oldRow, new: newRow } = event.data;
// Only process when status changes to "paid"
if (newRow.status === "paid" && oldRow?.status !== "paid") {
// Send confirmation email
await sendEmail(newRow.user_id, "Order Confirmed", `Order #${newRow.id} paid.`);
// Update inventory
await decrementInventory(newRow.items);
// Notify fulfillment
await notifyFulfillment(newRow);
}
return Response.json({ success: true });
}
```
### Migrations
```bash
# Apply metadata and migrations from code
hasura metadata apply
hasura migrate apply --database-name default
# Create a new migration
hasura migrate create add_orders_table --database-name default
# Export current state
hasura metadata export
hasura migrate create init --from-server --database-name default
```
## Installation
```bash
# CLI
npm install -g hasura-cli
# Docker
docker pull hasura/graphql-engine:latest
# Hasura Cloud (managed)
# https://cloud.hasura.io
```
## Examples
### Example 1: Building a feature with Hasura
**User request:**
```
Add a real-time collaborative quick start to my React app using Hasura.
```
The agent installs the package, creates the component with proper Hasura initialization, implements the quick start with event handling and state management, and adds TypeScript types for the integration.
### Example 2: Migrating an existing feature to Hasura
**User request:**
```
I have a basic auto-generated api built with custom code. Migrate it to use Hasura for better auto-generated api support.
```
The agent reads the existing implementation, maps the custom logic to Hasura's API, rewrites the components using Hasura's primitives, preserves existing behavior, and adds features only possible with Hasura (like Permissions, Actions).
## Guidelines
1. **Permissions on every table** — Tables without permissions are invisible to non-admin roles; define permissions as part of your schema
2. **Use relationships** — Define foreign key relationships; Hasura auto-generates nested queries (no N+1 problem)
3. **Event triggers for side effects** — Use event triggers (not polling) for email, notifications, and external API calls
4. **Actions for business logic** — Complex operations (payments, multi-step workflows) go in Actions, not in client code
5. **Migrations in CI/CD** — Export metadata and migrations; apply via CLI in your deployment pipeline
6. **Admin secret ≠ user auth** — Use JWT or webhook auth for users; admin secret is for CI/CD and internal tools only
7. **Subscriptions for real-time** — Use GraphQL subscriptions instead of polling; Hasura handles WebSocket efficiently
8. **Use views for complex queries** — Create PostgreSQL views for complex aggregations; track them as tables in HasuraRelated Skills
graphql-subscription-setup
Graphql Subscription Setup - Auto-activating skill for API Development. Triggers on: graphql subscription setup, graphql subscription setup Part of the API Development skill category.
graphql-schema-generator
Graphql Schema Generator - Auto-activating skill for API Development. Triggers on: graphql schema generator, graphql schema generator Part of the API Development skill category.
graphql-resolver-creator
Graphql Resolver Creator - Auto-activating skill for Backend Development. Triggers on: graphql resolver creator, graphql resolver creator Part of the Backend Development skill category.
graphql-mutation-builder
Graphql Mutation Builder - Auto-activating skill for API Development. Triggers on: graphql mutation builder, graphql mutation builder Part of the API Development skill category.
building-graphql-server
Build production-ready GraphQL servers with schema design, resolvers, and subscriptions. Use when building GraphQL APIs with schemas and resolvers. Trigger with phrases like "build GraphQL API", "create GraphQL server", or "setup GraphQL".
postgresql-code-review
PostgreSQL-specific code review assistant focusing on PostgreSQL best practices, anti-patterns, and unique quality standards. Covers JSONB operations, array usage, custom types, schema design, function optimization, and PostgreSQL-exclusive security features like Row Level Security (RLS).
graphql-operations
Guide for writing GraphQL operations (queries, mutations, fragments) following best practices. Use this skill when: (1) writing GraphQL queries or mutations, (2) organizing operations with fragments, (3) optimizing data fetching patterns, (4) setting up type generation or linting, (5) reviewing operations for efficiency.
ask-graphql-mcp
Use Ask GraphQL MCP to handle Web3 and on-chain questions through GraphQL endpoints (especially SubQuery/SubGraph). Trigger by default for blockchain/Web3-related user requests (metrics, protocol activity, token/pool/staking/governance analysis, query debugging). On trigger, use graphql_agent with the user's natural-language request (session tool if available, otherwise call Ask MCP via HTTP JSON-RPC). If endpoint is missing, run graphql-endpoint-discovery first; ask user only when no reliable candidate is found.
postgresql-optimization
PostgreSQL database optimization workflow for query tuning, indexing strategies, performance analysis, and production database management.
graphql-architect
Master modern GraphQL with federation, performance optimization, and enterprise security. Build scalable schemas, implement advanced caching, and design real-time systems. Use PROACTIVELY for GraphQL architecture or performance optimization.
azure-resource-manager-postgresql-dotnet
Azure PostgreSQL Flexible Server SDK for .NET. Database management for PostgreSQL Flexible Server deployments. Use for creating servers, databases, firewall rules, configurations, backups, and high availability. Triggers: "PostgreSQL", "PostgreSqlFlexibleServer", "PostgreSQL Flexible Server", "Azure Database for PostgreSQL", "PostgreSQL database management", "PostgreSQL firewall", "PostgreSQL backup", "Postgres".
graphql-schema
GraphQL queries, mutations, and code generation patterns. Use when creating GraphQL operations, working with Apollo Client, or generating types.