Patch Changes

• #291 ec0ef84 Thanks @jdolle! - Support "file:" protocol and non-RFC 3986 in imported "link" url argument

• #282 e507fdd Thanks @kamilkisiela! - Fix supergraph @join__field emission for Federation v1 @external fields and improve override/requires edge-case handling.

  • Drop Federation v1 @join__field(external: true) fields based on key usage in the subgraph instead of aggregated field key usage across subgraphs.
  • Avoid emitting redundant @join__field(external: true) metadata when a field is only required through overridden paths.
  • Tighten @join__field emission around @override and interface type fields.

Minor Changes

• #267 3e232fa Thanks @kamilkisiela! - Fix supergraph @join__field generation for @override + @requires migrations and add a progressive override restriction.

  When a field with @requires is overridden, composition now ignores @requires usage coming only from the overridden source field when deciding whether to keep @join__field(..., external: true). This prevents stale external annotations in the supergraph.

  Also, progressive override (@override(..., label: ...)) is now rejected when the overridden source field uses @requires (error code: OVERRIDE_COLLISION_WITH_ANOTHER_DIRECTIVE). Non-progressive override behavior is unchanged.

Patch Changes

• #248 9535d50 Thanks @kamilkisiela! - Fix access validation on union members when selecting __typename in @requires directives.

  The @requires directive validation rule (AuthOnRequiresRule) was not checking authorization requirements for __typename selections on and types. When __typename on a union type was selected, code would throw an unexpected error.

Patch Changes

• #241 c6e26ed Thanks @kamilkisiela! - Fixes a bug in @key directive validation where an error was incorrectly reported for interfaces implementing another interface with a @key. The validation now correctly applies only to object types implementing the interface.

Patch Changes

• #230 2b34f17 Thanks @n1ru4l! - Prevent subgraph-specific federation types and scalars being re-declared within the subgraph leaking into the supergraph.

Minor Changes

• #215 5edf421 Thanks @kamilkisiela! - Enforce correct placement of auth directives. A new validation rule (AUTH_REQUIREMENTS_APPLIED_ON_INTERFACE) rejects any attempt to put these directives on interfaces, interface fields or interface objects.

  Add transitive-auth requirements checking. A new rule verifies that any field using @requires specifies at least the auth requirements of the fields it selects. If a field doesn't carry forward the @authenticated, @requiresScopes or @policy requirements of its dependencies, composition fails with a MISSING_TRANSITIVE_AUTH_REQUIREMENTS error.

  Propagate auth requirements through interface hierarchies. Interface types and fields now inherit @authenticated, @requiresScopes and @policy from the object types that implement them.

• #215 5edf421 Thanks @kamilkisiela! - Disallowed using @cost on interfaces - you can no longer place @cost on an interface type, its fields, or field arguments. Composition now fails with a clear error instead of accepting it silently.

  The @listSize directive now validates that sizedFields point to list fields, not integer counters (e.g., use edges instead of count).

  Added validation for slicingArguments in @listSize. Only arguments that exist in all subgraphs are kept, invalid ones trigger an error.

Patch Changes

• #215 5edf421 Thanks @kamilkisiela! - The EXTERNAL_MISSING_ON_BASE rule has been updated to handle @interfaceObject corner‑cases, like @external fields on object types, but provided by interface objects, were triggering false positives.

Patch Changes

• #198 1b98c17 Thanks @User!, @User!! - Fix public schema SDL in case a object type implements an inaccessible interface.

  Composing the following subgraph:

  schema
    @link(
      url: "https://specs.apollo.dev/federation/v2.3"
      import: ["@inaccessible"]
    ) {
    query: Query
  }
  
  type Query {
  
  }
  
  interface Node @inaccessible {
    id: ID!
  }
  
  type User implements Node {
    id: ID!
  }

  now result in the following valid public SDL:

    type Query {
  
    }
  
  - type User implements Node {
  + type User {
      id: ID!
    }

Patch Changes

• #185 5e3cb1a Thanks @jdolle! - tag extraction respects @external on parent

• #186 2a1475f Thanks @n1ru4l! - Fix failing satisfiability check for interface types.

• #167 3e224c8 Thanks @jdolle! - Respect @external on parent type

Minor Changes

• #180 a208f1c Thanks @n1ru4l! - Add composeSchemaContract function for composing schema contracts.

  Running the following script:

  import { composeSchemaContract } from "@theguild/federation-composition";
  import { parse } from "graphql";
  
  const result = composeSchemaContract(
    [
      {
        name: "a",
        typeDefs: parse(/* GraphQL */ `
          type Query {
            a: String @tag(name: "public")
          }
        `),
        url: "a.localhost",
      },
      {
        name: "b",
        typeDefs: parse(/* GraphQL */ `
          type Query {
            b: String
          }
        `),
        url: "b.localhost",
      },
    ],
    /** Tags to include and exclude */
    {
      include: new Set(["public"]),
      exclude: new Set(),
    },
    /** Exclude unreachable types */
    true,
  );
  
  console.log(result.publicSdl);

  Will result in the output containing only the fields tagged with public:

  type Query {
    a: String!
  }

Patch Changes

• #149 9ae49e3 Thanks @n1ru4l! - Fix external key fields on extended object types raising composition errors.