feat(router): TLS support#810
Merged
Merged
Conversation
Contributor
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces comprehensive TLS support for the router. It enables the router to serve its own HTTP endpoint securely over TLS, and also allows for secure communication with subgraphs using client-side TLS. The implementation provides flexible configuration options, allowing administrators to define global TLS settings for subgraphs or specify unique configurations for individual subgraphs, including custom certificate authorities and client authentication. This significantly enhances the security posture of the router and its interactions with upstream services. Highlights
Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces TLS support for both the main router server and for connections to subgraphs, which is a great feature. The overall approach is sound, with new configuration options and logic to handle TLS handshakes. All original comments have been retained as they provide valuable feedback on correcting compilation errors, using modern/non-deprecated APIs, and improving clarity/naming, none of which contradict the provided rules. Addressing these points will make the implementation more robust.
|
🐋 This PR was built and pushed to the following Docker images: Image Names: Platforms: Image Tags: Docker metadata{
"buildx.build.provenance/linux/amd64": {
"builder": {
"id": "https://github.com/graphql-hive/router/actions/runs/24565329494/attempts/1"
},
"buildType": "https://mobyproject.org/buildkit@v1",
"materials": [
{
"uri": "pkg:docker/docker/dockerfile@1.22",
"digest": {
"sha256": "4a43a54dd1fedceb30ba47e76cfcf2b47304f4161c0caeac2db1c61804ea3c91"
}
},
{
"uri": "pkg:docker/gcr.io/distroless/cc-debian12@latest?platform=linux%2Famd64",
"digest": {
"sha256": "847433844c7e04bcf07a3a0f0f5a8de554c6df6fa9e3e3ab14d3f6b73d780235"
}
}
],
"invocation": {
"configSource": {
"entryPoint": "router.Dockerfile"
},
"parameters": {
"frontend": "gateway.v0",
"args": {
"cmdline": "docker/dockerfile:1.22",
"label:org.opencontainers.image.created": "2026-04-17T12:54:47.310Z",
"label:org.opencontainers.image.description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"label:org.opencontainers.image.licenses": "MIT",
"label:org.opencontainers.image.revision": "3f88937c6e0960d2943dcb3737ee9bc5946d0d8f",
"label:org.opencontainers.image.source": "https://github.com/graphql-hive/router",
"label:org.opencontainers.image.title": "router",
"label:org.opencontainers.image.url": "https://github.com/graphql-hive/router",
"label:org.opencontainers.image.vendor": "theguild",
"label:org.opencontainers.image.version": "pr-810",
"source": "docker/dockerfile:1.22"
},
"locals": [
{
"name": "context"
},
{
"name": "dockerfile"
}
]
},
"environment": {
"github_actor": "ardatan",
"github_actor_id": "20847995",
"github_event_name": "pull_request",
"github_event_payload": {
"action": "synchronize",
"after": "d046985ebe87f682ae2c12cf125de9cf0be21a40",
"before": "a1c554bf6bad0edb57dd19c94ba4835c8544bd7d",
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/187753?v=4",
"created_at": "2024-07-02T08:52:28Z",
"description": "",
"html_url": "https://github.com/enterprises/the-guild",
"id": 187753,
"name": "The Guild",
"node_id": "E_kgDOAALdaQ",
"slug": "the-guild",
"updated_at": "2026-04-11T15:41:55Z",
"website_url": "https://the-guild.dev/"
},
"number": 810,
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"description": "Schema registry, analytics and gateway for GraphQL federation and other GraphQL APIs.",
"events_url": "https://api.github.com/orgs/graphql-hive/events",
"hooks_url": "https://api.github.com/orgs/graphql-hive/hooks",
"id": 182742256,
"issues_url": "https://api.github.com/orgs/graphql-hive/issues",
"login": "graphql-hive",
"members_url": "https://api.github.com/orgs/graphql-hive/members{/member}",
"node_id": "O_kgDOCuRs8A",
"public_members_url": "https://api.github.com/orgs/graphql-hive/public_members{/member}",
"repos_url": "https://api.github.com/orgs/graphql-hive/repos",
"url": "https://api.github.com/orgs/graphql-hive"
},
"pull_request": {
"_links": {
"comments": {
"href": "https://api.github.com/repos/graphql-hive/router/issues/810/comments"
},
"commits": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/810/commits"
},
"html": {
"href": "https://github.com/graphql-hive/router/pull/810"
},
"issue": {
"href": "https://api.github.com/repos/graphql-hive/router/issues/810"
},
"review_comment": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/comments{/number}"
},
"review_comments": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/810/comments"
},
"self": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/810"
},
"statuses": {
"href": "https://api.github.com/repos/graphql-hive/router/statuses/d046985ebe87f682ae2c12cf125de9cf0be21a40"
}
},
"active_lock_reason": null,
"additions": 2134,
"assignee": null,
"assignees": [],
"author_association": "MEMBER",
"auto_merge": null,
"base": {
"label": "graphql-hive:main",
"ref": "main",
"repo": {
"allow_auto_merge": false,
"allow_forking": true,
"allow_merge_commit": false,
"allow_rebase_merge": false,
"allow_squash_merge": true,
"allow_update_branch": true,
"archive_url": "https://api.github.com/repos/graphql-hive/router/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/graphql-hive/router/assignees{/user}",
"blobs_url": "https://api.github.com/repos/graphql-hive/router/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/graphql-hive/router/branches{/branch}",
"clone_url": "https://github.com/graphql-hive/router.git",
"collaborators_url": "https://api.github.com/repos/graphql-hive/router/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/graphql-hive/router/comments{/number}",
"commits_url": "https://api.github.com/repos/graphql-hive/router/commits{/sha}",
"compare_url": "https://api.github.com/repos/graphql-hive/router/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/graphql-hive/router/contents/{+path}",
"contributors_url": "https://api.github.com/repos/graphql-hive/router/contributors",
"created_at": "2024-11-20T16:16:12Z",
"default_branch": "main",
"delete_branch_on_merge": true,
"deployments_url": "https://api.github.com/repos/graphql-hive/router/deployments",
"description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"disabled": false,
"downloads_url": "https://api.github.com/repos/graphql-hive/router/downloads",
"events_url": "https://api.github.com/repos/graphql-hive/router/events",
"fork": false,
"forks": 9,
"forks_count": 9,
"forks_url": "https://api.github.com/repos/graphql-hive/router/forks",
"full_name": "graphql-hive/router",
"git_commits_url": "https://api.github.com/repos/graphql-hive/router/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/graphql-hive/router/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/graphql-hive/router/git/tags{/sha}",
"git_url": "git://github.com/graphql-hive/router.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": false,
"has_pull_requests": true,
"has_wiki": false,
"homepage": "https://the-guild.dev/graphql/hive/docs/router",
"hooks_url": "https://api.github.com/repos/graphql-hive/router/hooks",
"html_url": "https://github.com/graphql-hive/router",
"id": 891604244,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/graphql-hive/router/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/graphql-hive/router/issues/events{/number}",
"issues_url": "https://api.github.com/repos/graphql-hive/router/issues{/number}",
"keys_url": "https://api.github.com/repos/graphql-hive/router/keys{/key_id}",
"labels_url": "https://api.github.com/repos/graphql-hive/router/labels{/name}",
"language": "Rust",
"languages_url": "https://api.github.com/repos/graphql-hive/router/languages",
"license": {
"key": "mit",
"name": "MIT License",
"node_id": "MDc6TGljZW5zZTEz",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit"
},
"merge_commit_message": "PR_TITLE",
"merge_commit_title": "MERGE_MESSAGE",
"merges_url": "https://api.github.com/repos/graphql-hive/router/merges",
"milestones_url": "https://api.github.com/repos/graphql-hive/router/milestones{/number}",
"mirror_url": null,
"name": "router",
"node_id": "R_kgDONSTNFA",
"notifications_url": "https://api.github.com/repos/graphql-hive/router/notifications{?since,all,participating}",
"open_issues": 62,
"open_issues_count": 62,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
},
"private": false,
"pull_request_creation_policy": "all",
"pulls_url": "https://api.github.com/repos/graphql-hive/router/pulls{/number}",
"pushed_at": "2026-04-17T12:35:08Z",
"releases_url": "https://api.github.com/repos/graphql-hive/router/releases{/id}",
"size": 6425,
"squash_merge_commit_message": "PR_BODY",
"squash_merge_commit_title": "PR_TITLE",
"ssh_url": "git@github.com:graphql-hive/router.git",
"stargazers_count": 85,
"stargazers_url": "https://api.github.com/repos/graphql-hive/router/stargazers",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/graphql-hive/router/subscribers",
"subscription_url": "https://api.github.com/repos/graphql-hive/router/subscription",
"svn_url": "https://github.com/graphql-hive/router",
"tags_url": "https://api.github.com/repos/graphql-hive/router/tags",
"teams_url": "https://api.github.com/repos/graphql-hive/router/teams",
"topics": [
"apollo-federation",
"federation",
"federation-gateway",
"graphql",
"graphql-federation",
"router"
],
"trees_url": "https://api.github.com/repos/graphql-hive/router/git/trees{/sha}",
"updated_at": "2026-04-17T11:17:55Z",
"url": "https://api.github.com/repos/graphql-hive/router",
"use_squash_pr_title_as_default": true,
"visibility": "public",
"watchers": 85,
"watchers_count": 85,
"web_commit_signoff_required": false
},
"sha": "0aebe87dff8ae7d62e100607a2dd33f3f12dc2bb",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
}
},
"body": "Ref ROUTER-100\r\n\r\n# TLS Support\r\n\r\nAdds TLS support to Hive Router for both client and subgraph connections, including mutual TLS (mTLS) authentication. This allows secure communication between clients, the router, and subgraphs by encrypting data in transit and optionally verifying identities.\r\n\r\n## TLS Directions\r\n\r\nTLS Support has implementations for the following 4 directions:\r\n\r\n### Router -> Client - Regular TLS\r\nRouter has an `identity` (`cert`, `key`), and client has `cert`, then Client validates the router's `identity`\r\n\r\n### Client -> Router - mTLS\r\nRouter has the `cert`, client has the `identity`, mTLS/Client Auth then the router validates the client's `identity`\r\n\r\n### Subgraph -> Router - Regular TLS\r\nSubgraph has the `identity` (`cert`, `key`), and router has `cert`, then Router validates the subgraph's `identity`.\r\n\r\n### Router -> Subgraph - mTLS\r\nSubgraph has the `cert`, router(which is the client this time) has the `identity`, then subgraph validates the router's `identity`.\r\n\r\n## TLS Directions Diagram\r\n\r\n```mermaid\r\nflowchart LR\r\n Client[\"Client\"]\r\n Router[\"Router\"]\r\n Subgraph[\"Subgraph\"]\r\n\r\n %% Router -> Client: Regular TLS\r\n Router -- \"TLS\\n(cert_file + key_file)\" --> Client\r\n Client -. \"validates router identity\\n(cert_file)\" .-> Router\r\n\r\n %% Client -> Router: mTLS / Client Auth\r\n Client -- \"mTLS\\n(client identity)\" --> Router\r\n Router -. \"validates client identity\\n(client_auth.cert_file)\" .-> Client\r\n\r\n %% Subgraph -> Router: Regular TLS\r\n Subgraph -- \"TLS\\n(cert_file)\" --> Router\r\n Router -. \"validates subgraph identity\\n(all/subgraphs.cert_file)\" .-> Subgraph\r\n\r\n %% Router -> Subgraph: mTLS\r\n Router -- \"mTLS\\n(client_auth.cert_file + key_file)\" --> Subgraph\r\n Subgraph -. \"validates router identity\\n(cert_file)\" .-> Router\r\n```\r\n\r\n## Configuration Structure\r\n```yaml\r\ntraffic_shaping:\r\n router:\r\n key_file: # Router server private key\r\n cert_file: # Router server certificate(s)\r\n client_auth: # mTLS: Client -> Router\r\n cert_file: # Trusted client CA certificate(s)\r\n all: # Default TLS for all subgraph connections\r\n cert_file: # Trusted subgraph CA certificate(s)\r\n client_auth: # mTLS: Router -> Subgraph\r\n cert_file: # Router client certificate(s)\r\n key_file: # Router client private key\r\n subgraphs:\r\n SUBGRAPH_NAME: # Per-subgraph TLS override\r\n cert_file: # Trusted subgraph CA certificate(s)\r\n client_auth: # mTLS: Router -> Subgraph\r\n cert_file: # Router client certificate(s)\r\n key_file: # Router client private key\r\n```",
"changed_files": 20,
"closed_at": null,
"comments": 4,
"comments_url": "https://api.github.com/repos/graphql-hive/router/issues/810/comments",
"commits": 11,
"commits_url": "https://api.github.com/repos/graphql-hive/router/pulls/810/commits",
"created_at": "2026-03-02T15:04:15Z",
"deletions": 545,
"diff_url": "https://github.com/graphql-hive/router/pull/810.diff",
"draft": false,
"head": {
"label": "graphql-hive:tls-support",
"ref": "tls-support",
"repo": {
"allow_auto_merge": false,
"allow_forking": true,
"allow_merge_commit": false,
"allow_rebase_merge": false,
"allow_squash_merge": true,
"allow_update_branch": true,
"archive_url": "https://api.github.com/repos/graphql-hive/router/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/graphql-hive/router/assignees{/user}",
"blobs_url": "https://api.github.com/repos/graphql-hive/router/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/graphql-hive/router/branches{/branch}",
"clone_url": "https://github.com/graphql-hive/router.git",
"collaborators_url": "https://api.github.com/repos/graphql-hive/router/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/graphql-hive/router/comments{/number}",
"commits_url": "https://api.github.com/repos/graphql-hive/router/commits{/sha}",
"compare_url": "https://api.github.com/repos/graphql-hive/router/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/graphql-hive/router/contents/{+path}",
"contributors_url": "https://api.github.com/repos/graphql-hive/router/contributors",
"created_at": "2024-11-20T16:16:12Z",
"default_branch": "main",
"delete_branch_on_merge": true,
"deployments_url": "https://api.github.com/repos/graphql-hive/router/deployments",
"description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"disabled": false,
"downloads_url": "https://api.github.com/repos/graphql-hive/router/downloads",
"events_url": "https://api.github.com/repos/graphql-hive/router/events",
"fork": false,
"forks": 9,
"forks_count": 9,
"forks_url": "https://api.github.com/repos/graphql-hive/router/forks",
"full_name": "graphql-hive/router",
"git_commits_url": "https://api.github.com/repos/graphql-hive/router/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/graphql-hive/router/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/graphql-hive/router/git/tags{/sha}",
"git_url": "git://github.com/graphql-hive/router.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": false,
"has_pull_requests": true,
"has_wiki": false,
"homepage": "https://the-guild.dev/graphql/hive/docs/router",
"hooks_url": "https://api.github.com/repos/graphql-hive/router/hooks",
"html_url": "https://github.com/graphql-hive/router",
"id": 891604244,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/graphql-hive/router/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/graphql-hive/router/issues/events{/number}",
"issues_url": "https://api.github.com/repos/graphql-hive/router/issues{/number}",
"keys_url": "https://api.github.com/repos/graphql-hive/router/keys{/key_id}",
"labels_url": "https://api.github.com/repos/graphql-hive/router/labels{/name}",
"language": "Rust",
"languages_url": "https://api.github.com/repos/graphql-hive/router/languages",
"license": {
"key": "mit",
"name": "MIT License",
"node_id": "MDc6TGljZW5zZTEz",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit"
},
"merge_commit_message": "PR_TITLE",
"merge_commit_title": "MERGE_MESSAGE",
"merges_url": "https://api.github.com/repos/graphql-hive/router/merges",
"milestones_url": "https://api.github.com/repos/graphql-hive/router/milestones{/number}",
"mirror_url": null,
"name": "router",
"node_id": "R_kgDONSTNFA",
"notifications_url": "https://api.github.com/repos/graphql-hive/router/notifications{?since,all,participating}",
"open_issues": 62,
"open_issues_count": 62,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
},
"private": false,
"pull_request_creation_policy": "all",
"pulls_url": "https://api.github.com/repos/graphql-hive/router/pulls{/number}",
"pushed_at": "2026-04-17T12:35:08Z",
"releases_url": "https://api.github.com/repos/graphql-hive/router/releases{/id}",
"size": 6425,
"squash_merge_commit_message": "PR_BODY",
"squash_merge_commit_title": "PR_TITLE",
"ssh_url": "git@github.com:graphql-hive/router.git",
"stargazers_count": 85,
"stargazers_url": "https://api.github.com/repos/graphql-hive/router/stargazers",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/graphql-hive/router/subscribers",
"subscription_url": "https://api.github.com/repos/graphql-hive/router/subscription",
"svn_url": "https://github.com/graphql-hive/router",
"tags_url": "https://api.github.com/repos/graphql-hive/router/tags",
"teams_url": "https://api.github.com/repos/graphql-hive/router/teams",
"topics": [
"apollo-federation",
"federation",
"federation-gateway",
"graphql",
"graphql-federation",
"router"
],
"trees_url": "https://api.github.com/repos/graphql-hive/router/git/trees{/sha}",
"updated_at": "2026-04-17T11:17:55Z",
"url": "https://api.github.com/repos/graphql-hive/router",
"use_squash_pr_title_as_default": true,
"visibility": "public",
"watchers": 85,
"watchers_count": 85,
"web_commit_signoff_required": false
},
"sha": "d046985ebe87f682ae2c12cf125de9cf0be21a40",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
}
},
"html_url": "https://github.com/graphql-hive/router/pull/810",
"id": 3344643939,
"issue_url": "https://api.github.com/repos/graphql-hive/router/issues/810",
"labels": [],
"locked": false,
"maintainer_can_modify": false,
"merge_commit_sha": "3f591df9ec9e5685dd4ae2aa5cbc30964f53747d",
"mergeable": null,
"mergeable_state": "unknown",
"merged": false,
"merged_at": null,
"merged_by": null,
"milestone": null,
"node_id": "PR_kwDONSTNFM7HWzdj",
"number": 810,
"patch_url": "https://github.com/graphql-hive/router/pull/810.patch",
"rebaseable": null,
"requested_reviewers": [
{
"avatar_url": "https://avatars.githubusercontent.com/u/3680083?v=4",
"events_url": "https://api.github.com/users/dotansimha/events{/privacy}",
"followers_url": "https://api.github.com/users/dotansimha/followers",
"following_url": "https://api.github.com/users/dotansimha/following{/other_user}",
"gists_url": "https://api.github.com/users/dotansimha/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/dotansimha",
"id": 3680083,
"login": "dotansimha",
"node_id": "MDQ6VXNlcjM2ODAwODM=",
"organizations_url": "https://api.github.com/users/dotansimha/orgs",
"received_events_url": "https://api.github.com/users/dotansimha/received_events",
"repos_url": "https://api.github.com/users/dotansimha/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/dotansimha/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/dotansimha/subscriptions",
"type": "User",
"url": "https://api.github.com/users/dotansimha",
"user_view_type": "public"
},
{
"avatar_url": "https://avatars.githubusercontent.com/u/11807600?v=4",
"events_url": "https://api.github.com/users/enisdenjo/events{/privacy}",
"followers_url": "https://api.github.com/users/enisdenjo/followers",
"following_url": "https://api.github.com/users/enisdenjo/following{/other_user}",
"gists_url": "https://api.github.com/users/enisdenjo/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/enisdenjo",
"id": 11807600,
"login": "enisdenjo",
"node_id": "MDQ6VXNlcjExODA3NjAw",
"organizations_url": "https://api.github.com/users/enisdenjo/orgs",
"received_events_url": "https://api.github.com/users/enisdenjo/received_events",
"repos_url": "https://api.github.com/users/enisdenjo/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/enisdenjo/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/enisdenjo/subscriptions",
"type": "User",
"url": "https://api.github.com/users/enisdenjo",
"user_view_type": "public"
}
],
"requested_teams": [],
"review_comment_url": "https://api.github.com/repos/graphql-hive/router/pulls/comments{/number}",
"review_comments": 21,
"review_comments_url": "https://api.github.com/repos/graphql-hive/router/pulls/810/comments",
"state": "open",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/d046985ebe87f682ae2c12cf125de9cf0be21a40",
"title": "feat(router): TLS support",
"updated_at": "2026-04-17T12:35:10Z",
"url": "https://api.github.com/repos/graphql-hive/router/pulls/810",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/20847995?v=4",
"events_url": "https://api.github.com/users/ardatan/events{/privacy}",
"followers_url": "https://api.github.com/users/ardatan/followers",
"following_url": "https://api.github.com/users/ardatan/following{/other_user}",
"gists_url": "https://api.github.com/users/ardatan/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/ardatan",
"id": 20847995,
"login": "ardatan",
"node_id": "MDQ6VXNlcjIwODQ3OTk1",
"organizations_url": "https://api.github.com/users/ardatan/orgs",
"received_events_url": "https://api.github.com/users/ardatan/received_events",
"repos_url": "https://api.github.com/users/ardatan/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/ardatan/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ardatan/subscriptions",
"type": "User",
"url": "https://api.github.com/users/ardatan",
"user_view_type": "public"
}
},
"repository": {
"allow_forking": true,
"archive_url": "https://api.github.com/repos/graphql-hive/router/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/graphql-hive/router/assignees{/user}",
"blobs_url": "https://api.github.com/repos/graphql-hive/router/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/graphql-hive/router/branches{/branch}",
"clone_url": "https://github.com/graphql-hive/router.git",
"collaborators_url": "https://api.github.com/repos/graphql-hive/router/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/graphql-hive/router/comments{/number}",
"commits_url": "https://api.github.com/repos/graphql-hive/router/commits{/sha}",
"compare_url": "https://api.github.com/repos/graphql-hive/router/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/graphql-hive/router/contents/{+path}",
"contributors_url": "https://api.github.com/repos/graphql-hive/router/contributors",
"created_at": "2024-11-20T16:16:12Z",
"custom_properties": {
"vanta_production_branch_name": "main"
},
"default_branch": "main",
"deployments_url": "https://api.github.com/repos/graphql-hive/router/deployments",
"description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"disabled": false,
"downloads_url": "https://api.github.com/repos/graphql-hive/router/downloads",
"events_url": "https://api.github.com/repos/graphql-hive/router/events",
"fork": false,
"forks": 9,
"forks_count": 9,
"forks_url": "https://api.github.com/repos/graphql-hive/router/forks",
"full_name": "graphql-hive/router",
"git_commits_url": "https://api.github.com/repos/graphql-hive/router/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/graphql-hive/router/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/graphql-hive/router/git/tags{/sha}",
"git_url": "git://github.com/graphql-hive/router.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": false,
"has_pull_requests": true,
"has_wiki": false,
"homepage": "https://the-guild.dev/graphql/hive/docs/router",
"hooks_url": "https://api.github.com/repos/graphql-hive/router/hooks",
"html_url": "https://github.com/graphql-hive/router",
"id": 891604244,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/graphql-hive/router/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/graphql-hive/router/issues/events{/number}",
"issues_url": "https://api.github.com/repos/graphql-hive/router/issues{/number}",
"keys_url": "https://api.github.com/repos/graphql-hive/router/keys{/key_id}",
"labels_url": "https://api.github.com/repos/graphql-hive/router/labels{/name}",
"language": "Rust",
"languages_url": "https://api.github.com/repos/graphql-hive/router/languages",
"license": {
"key": "mit",
"name": "MIT License",
"node_id": "MDc6TGljZW5zZTEz",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit"
},
"merges_url": "https://api.github.com/repos/graphql-hive/router/merges",
"milestones_url": "https://api.github.com/repos/graphql-hive/router/milestones{/number}",
"mirror_url": null,
"name": "router",
"node_id": "R_kgDONSTNFA",
"notifications_url": "https://api.github.com/repos/graphql-hive/router/notifications{?since,all,participating}",
"open_issues": 62,
"open_issues_count": 62,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
},
"private": false,
"pull_request_creation_policy": "all",
"pulls_url": "https://api.github.com/repos/graphql-hive/router/pulls{/number}",
"pushed_at": "2026-04-17T12:35:08Z",
"releases_url": "https://api.github.com/repos/graphql-hive/router/releases{/id}",
"size": 6425,
"ssh_url": "git@github.com:graphql-hive/router.git",
"stargazers_count": 85,
"stargazers_url": "https://api.github.com/repos/graphql-hive/router/stargazers",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/graphql-hive/router/subscribers",
"subscription_url": "https://api.github.com/repos/graphql-hive/router/subscription",
"svn_url": "https://github.com/graphql-hive/router",
"tags_url": "https://api.github.com/repos/graphql-hive/router/tags",
"teams_url": "https://api.github.com/repos/graphql-hive/router/teams",
"topics": [
"apollo-federation",
"federation",
"federation-gateway",
"graphql",
"graphql-federation",
"router"
],
"trees_url": "https://api.github.com/repos/graphql-hive/router/git/trees{/sha}",
"updated_at": "2026-04-17T11:17:55Z",
"url": "https://api.github.com/repos/graphql-hive/router",
"visibility": "public",
"watchers": 85,
"watchers_count": 85,
"web_commit_signoff_required": false
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/20847995?v=4",
"events_url": "https://api.github.com/users/ardatan/events{/privacy}",
"followers_url": "https://api.github.com/users/ardatan/followers",
"following_url": "https://api.github.com/users/ardatan/following{/other_user}",
"gists_url": "https://api.github.com/users/ardatan/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/ardatan",
"id": 20847995,
"login": "ardatan",
"node_id": "MDQ6VXNlcjIwODQ3OTk1",
"organizations_url": "https://api.github.com/users/ardatan/orgs",
"received_events_url": "https://api.github.com/users/ardatan/received_events",
"repos_url": "https://api.github.com/users/ardatan/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/ardatan/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ardatan/subscriptions",
"type": "User",
"url": "https://api.github.com/users/ardatan",
"user_view_type": "public"
}
},
"github_job": "docker",
"github_ref": "refs/pull/810/merge",
"github_ref_name": "810/merge",
"github_ref_protected": "false",
"github_ref_type": "branch",
"github_repository": "graphql-hive/router",
"github_repository_id": "891604244",
"github_repository_owner": "graphql-hive",
"github_repository_owner_id": "182742256",
"github_run_attempt": "1",
"github_run_id": "24565329494",
"github_run_number": "2493",
"github_runner_arch": "X64",
"github_runner_environment": "github-hosted",
"github_runner_image_os": "ubuntu24",
"github_runner_image_version": "20260413.86.1",
"github_runner_name": "GitHub Actions 1000749944",
"github_runner_os": "Linux",
"github_runner_tracking_id": "github_6f117a10-e1a7-40b3-97fb-8672d902a0ce",
"github_server_url": "https://github.com",
"github_triggering_actor": "ardatan",
"github_workflow": "build-router",
"github_workflow_ref": "graphql-hive/router/.github/workflows/build-router.yaml@refs/pull/810/merge",
"github_workflow_sha": "3f88937c6e0960d2943dcb3737ee9bc5946d0d8f",
"platform": "linux/amd64"
}
}
},
"buildx.build.provenance/linux/arm64": {
"builder": {
"id": "https://github.com/graphql-hive/router/actions/runs/24565329494/attempts/1"
},
"buildType": "https://mobyproject.org/buildkit@v1",
"materials": [
{
"uri": "pkg:docker/docker/dockerfile@1.22",
"digest": {
"sha256": "4a43a54dd1fedceb30ba47e76cfcf2b47304f4161c0caeac2db1c61804ea3c91"
}
},
{
"uri": "pkg:docker/gcr.io/distroless/cc-debian12@latest?platform=linux%2Farm64",
"digest": {
"sha256": "847433844c7e04bcf07a3a0f0f5a8de554c6df6fa9e3e3ab14d3f6b73d780235"
}
}
],
"invocation": {
"configSource": {
"entryPoint": "router.Dockerfile"
},
"parameters": {
"frontend": "gateway.v0",
"args": {
"cmdline": "docker/dockerfile:1.22",
"label:org.opencontainers.image.created": "2026-04-17T12:54:47.310Z",
"label:org.opencontainers.image.description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"label:org.opencontainers.image.licenses": "MIT",
"label:org.opencontainers.image.revision": "3f88937c6e0960d2943dcb3737ee9bc5946d0d8f",
"label:org.opencontainers.image.source": "https://github.com/graphql-hive/router",
"label:org.opencontainers.image.title": "router",
"label:org.opencontainers.image.url": "https://github.com/graphql-hive/router",
"label:org.opencontainers.image.vendor": "theguild",
"label:org.opencontainers.image.version": "pr-810",
"source": "docker/dockerfile:1.22"
},
"locals": [
{
"name": "context"
},
{
"name": "dockerfile"
}
]
},
"environment": {
"github_actor": "ardatan",
"github_actor_id": "20847995",
"github_event_name": "pull_request",
"github_event_payload": {
"action": "synchronize",
"after": "d046985ebe87f682ae2c12cf125de9cf0be21a40",
"before": "a1c554bf6bad0edb57dd19c94ba4835c8544bd7d",
"enterprise": {
"avatar_url": "https://avatars.githubusercontent.com/b/187753?v=4",
"created_at": "2024-07-02T08:52:28Z",
"description": "",
"html_url": "https://github.com/enterprises/the-guild",
"id": 187753,
"name": "The Guild",
"node_id": "E_kgDOAALdaQ",
"slug": "the-guild",
"updated_at": "2026-04-11T15:41:55Z",
"website_url": "https://the-guild.dev/"
},
"number": 810,
"organization": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"description": "Schema registry, analytics and gateway for GraphQL federation and other GraphQL APIs.",
"events_url": "https://api.github.com/orgs/graphql-hive/events",
"hooks_url": "https://api.github.com/orgs/graphql-hive/hooks",
"id": 182742256,
"issues_url": "https://api.github.com/orgs/graphql-hive/issues",
"login": "graphql-hive",
"members_url": "https://api.github.com/orgs/graphql-hive/members{/member}",
"node_id": "O_kgDOCuRs8A",
"public_members_url": "https://api.github.com/orgs/graphql-hive/public_members{/member}",
"repos_url": "https://api.github.com/orgs/graphql-hive/repos",
"url": "https://api.github.com/orgs/graphql-hive"
},
"pull_request": {
"_links": {
"comments": {
"href": "https://api.github.com/repos/graphql-hive/router/issues/810/comments"
},
"commits": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/810/commits"
},
"html": {
"href": "https://github.com/graphql-hive/router/pull/810"
},
"issue": {
"href": "https://api.github.com/repos/graphql-hive/router/issues/810"
},
"review_comment": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/comments{/number}"
},
"review_comments": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/810/comments"
},
"self": {
"href": "https://api.github.com/repos/graphql-hive/router/pulls/810"
},
"statuses": {
"href": "https://api.github.com/repos/graphql-hive/router/statuses/d046985ebe87f682ae2c12cf125de9cf0be21a40"
}
},
"active_lock_reason": null,
"additions": 2134,
"assignee": null,
"assignees": [],
"author_association": "MEMBER",
"auto_merge": null,
"base": {
"label": "graphql-hive:main",
"ref": "main",
"repo": {
"allow_auto_merge": false,
"allow_forking": true,
"allow_merge_commit": false,
"allow_rebase_merge": false,
"allow_squash_merge": true,
"allow_update_branch": true,
"archive_url": "https://api.github.com/repos/graphql-hive/router/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/graphql-hive/router/assignees{/user}",
"blobs_url": "https://api.github.com/repos/graphql-hive/router/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/graphql-hive/router/branches{/branch}",
"clone_url": "https://github.com/graphql-hive/router.git",
"collaborators_url": "https://api.github.com/repos/graphql-hive/router/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/graphql-hive/router/comments{/number}",
"commits_url": "https://api.github.com/repos/graphql-hive/router/commits{/sha}",
"compare_url": "https://api.github.com/repos/graphql-hive/router/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/graphql-hive/router/contents/{+path}",
"contributors_url": "https://api.github.com/repos/graphql-hive/router/contributors",
"created_at": "2024-11-20T16:16:12Z",
"default_branch": "main",
"delete_branch_on_merge": true,
"deployments_url": "https://api.github.com/repos/graphql-hive/router/deployments",
"description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"disabled": false,
"downloads_url": "https://api.github.com/repos/graphql-hive/router/downloads",
"events_url": "https://api.github.com/repos/graphql-hive/router/events",
"fork": false,
"forks": 9,
"forks_count": 9,
"forks_url": "https://api.github.com/repos/graphql-hive/router/forks",
"full_name": "graphql-hive/router",
"git_commits_url": "https://api.github.com/repos/graphql-hive/router/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/graphql-hive/router/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/graphql-hive/router/git/tags{/sha}",
"git_url": "git://github.com/graphql-hive/router.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": false,
"has_pull_requests": true,
"has_wiki": false,
"homepage": "https://the-guild.dev/graphql/hive/docs/router",
"hooks_url": "https://api.github.com/repos/graphql-hive/router/hooks",
"html_url": "https://github.com/graphql-hive/router",
"id": 891604244,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/graphql-hive/router/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/graphql-hive/router/issues/events{/number}",
"issues_url": "https://api.github.com/repos/graphql-hive/router/issues{/number}",
"keys_url": "https://api.github.com/repos/graphql-hive/router/keys{/key_id}",
"labels_url": "https://api.github.com/repos/graphql-hive/router/labels{/name}",
"language": "Rust",
"languages_url": "https://api.github.com/repos/graphql-hive/router/languages",
"license": {
"key": "mit",
"name": "MIT License",
"node_id": "MDc6TGljZW5zZTEz",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit"
},
"merge_commit_message": "PR_TITLE",
"merge_commit_title": "MERGE_MESSAGE",
"merges_url": "https://api.github.com/repos/graphql-hive/router/merges",
"milestones_url": "https://api.github.com/repos/graphql-hive/router/milestones{/number}",
"mirror_url": null,
"name": "router",
"node_id": "R_kgDONSTNFA",
"notifications_url": "https://api.github.com/repos/graphql-hive/router/notifications{?since,all,participating}",
"open_issues": 62,
"open_issues_count": 62,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
},
"private": false,
"pull_request_creation_policy": "all",
"pulls_url": "https://api.github.com/repos/graphql-hive/router/pulls{/number}",
"pushed_at": "2026-04-17T12:35:08Z",
"releases_url": "https://api.github.com/repos/graphql-hive/router/releases{/id}",
"size": 6425,
"squash_merge_commit_message": "PR_BODY",
"squash_merge_commit_title": "PR_TITLE",
"ssh_url": "git@github.com:graphql-hive/router.git",
"stargazers_count": 85,
"stargazers_url": "https://api.github.com/repos/graphql-hive/router/stargazers",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/graphql-hive/router/subscribers",
"subscription_url": "https://api.github.com/repos/graphql-hive/router/subscription",
"svn_url": "https://github.com/graphql-hive/router",
"tags_url": "https://api.github.com/repos/graphql-hive/router/tags",
"teams_url": "https://api.github.com/repos/graphql-hive/router/teams",
"topics": [
"apollo-federation",
"federation",
"federation-gateway",
"graphql",
"graphql-federation",
"router"
],
"trees_url": "https://api.github.com/repos/graphql-hive/router/git/trees{/sha}",
"updated_at": "2026-04-17T11:17:55Z",
"url": "https://api.github.com/repos/graphql-hive/router",
"use_squash_pr_title_as_default": true,
"visibility": "public",
"watchers": 85,
"watchers_count": 85,
"web_commit_signoff_required": false
},
"sha": "0aebe87dff8ae7d62e100607a2dd33f3f12dc2bb",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
}
},
"body": "Ref ROUTER-100\r\n\r\n# TLS Support\r\n\r\nAdds TLS support to Hive Router for both client and subgraph connections, including mutual TLS (mTLS) authentication. This allows secure communication between clients, the router, and subgraphs by encrypting data in transit and optionally verifying identities.\r\n\r\n## TLS Directions\r\n\r\nTLS Support has implementations for the following 4 directions:\r\n\r\n### Router -> Client - Regular TLS\r\nRouter has an `identity` (`cert`, `key`), and client has `cert`, then Client validates the router's `identity`\r\n\r\n### Client -> Router - mTLS\r\nRouter has the `cert`, client has the `identity`, mTLS/Client Auth then the router validates the client's `identity`\r\n\r\n### Subgraph -> Router - Regular TLS\r\nSubgraph has the `identity` (`cert`, `key`), and router has `cert`, then Router validates the subgraph's `identity`.\r\n\r\n### Router -> Subgraph - mTLS\r\nSubgraph has the `cert`, router(which is the client this time) has the `identity`, then subgraph validates the router's `identity`.\r\n\r\n## TLS Directions Diagram\r\n\r\n```mermaid\r\nflowchart LR\r\n Client[\"Client\"]\r\n Router[\"Router\"]\r\n Subgraph[\"Subgraph\"]\r\n\r\n %% Router -> Client: Regular TLS\r\n Router -- \"TLS\\n(cert_file + key_file)\" --> Client\r\n Client -. \"validates router identity\\n(cert_file)\" .-> Router\r\n\r\n %% Client -> Router: mTLS / Client Auth\r\n Client -- \"mTLS\\n(client identity)\" --> Router\r\n Router -. \"validates client identity\\n(client_auth.cert_file)\" .-> Client\r\n\r\n %% Subgraph -> Router: Regular TLS\r\n Subgraph -- \"TLS\\n(cert_file)\" --> Router\r\n Router -. \"validates subgraph identity\\n(all/subgraphs.cert_file)\" .-> Subgraph\r\n\r\n %% Router -> Subgraph: mTLS\r\n Router -- \"mTLS\\n(client_auth.cert_file + key_file)\" --> Subgraph\r\n Subgraph -. \"validates router identity\\n(cert_file)\" .-> Router\r\n```\r\n\r\n## Configuration Structure\r\n```yaml\r\ntraffic_shaping:\r\n router:\r\n key_file: # Router server private key\r\n cert_file: # Router server certificate(s)\r\n client_auth: # mTLS: Client -> Router\r\n cert_file: # Trusted client CA certificate(s)\r\n all: # Default TLS for all subgraph connections\r\n cert_file: # Trusted subgraph CA certificate(s)\r\n client_auth: # mTLS: Router -> Subgraph\r\n cert_file: # Router client certificate(s)\r\n key_file: # Router client private key\r\n subgraphs:\r\n SUBGRAPH_NAME: # Per-subgraph TLS override\r\n cert_file: # Trusted subgraph CA certificate(s)\r\n client_auth: # mTLS: Router -> Subgraph\r\n cert_file: # Router client certificate(s)\r\n key_file: # Router client private key\r\n```",
"changed_files": 20,
"closed_at": null,
"comments": 4,
"comments_url": "https://api.github.com/repos/graphql-hive/router/issues/810/comments",
"commits": 11,
"commits_url": "https://api.github.com/repos/graphql-hive/router/pulls/810/commits",
"created_at": "2026-03-02T15:04:15Z",
"deletions": 545,
"diff_url": "https://github.com/graphql-hive/router/pull/810.diff",
"draft": false,
"head": {
"label": "graphql-hive:tls-support",
"ref": "tls-support",
"repo": {
"allow_auto_merge": false,
"allow_forking": true,
"allow_merge_commit": false,
"allow_rebase_merge": false,
"allow_squash_merge": true,
"allow_update_branch": true,
"archive_url": "https://api.github.com/repos/graphql-hive/router/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/graphql-hive/router/assignees{/user}",
"blobs_url": "https://api.github.com/repos/graphql-hive/router/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/graphql-hive/router/branches{/branch}",
"clone_url": "https://github.com/graphql-hive/router.git",
"collaborators_url": "https://api.github.com/repos/graphql-hive/router/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/graphql-hive/router/comments{/number}",
"commits_url": "https://api.github.com/repos/graphql-hive/router/commits{/sha}",
"compare_url": "https://api.github.com/repos/graphql-hive/router/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/graphql-hive/router/contents/{+path}",
"contributors_url": "https://api.github.com/repos/graphql-hive/router/contributors",
"created_at": "2024-11-20T16:16:12Z",
"default_branch": "main",
"delete_branch_on_merge": true,
"deployments_url": "https://api.github.com/repos/graphql-hive/router/deployments",
"description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"disabled": false,
"downloads_url": "https://api.github.com/repos/graphql-hive/router/downloads",
"events_url": "https://api.github.com/repos/graphql-hive/router/events",
"fork": false,
"forks": 9,
"forks_count": 9,
"forks_url": "https://api.github.com/repos/graphql-hive/router/forks",
"full_name": "graphql-hive/router",
"git_commits_url": "https://api.github.com/repos/graphql-hive/router/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/graphql-hive/router/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/graphql-hive/router/git/tags{/sha}",
"git_url": "git://github.com/graphql-hive/router.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": false,
"has_pull_requests": true,
"has_wiki": false,
"homepage": "https://the-guild.dev/graphql/hive/docs/router",
"hooks_url": "https://api.github.com/repos/graphql-hive/router/hooks",
"html_url": "https://github.com/graphql-hive/router",
"id": 891604244,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/graphql-hive/router/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/graphql-hive/router/issues/events{/number}",
"issues_url": "https://api.github.com/repos/graphql-hive/router/issues{/number}",
"keys_url": "https://api.github.com/repos/graphql-hive/router/keys{/key_id}",
"labels_url": "https://api.github.com/repos/graphql-hive/router/labels{/name}",
"language": "Rust",
"languages_url": "https://api.github.com/repos/graphql-hive/router/languages",
"license": {
"key": "mit",
"name": "MIT License",
"node_id": "MDc6TGljZW5zZTEz",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit"
},
"merge_commit_message": "PR_TITLE",
"merge_commit_title": "MERGE_MESSAGE",
"merges_url": "https://api.github.com/repos/graphql-hive/router/merges",
"milestones_url": "https://api.github.com/repos/graphql-hive/router/milestones{/number}",
"mirror_url": null,
"name": "router",
"node_id": "R_kgDONSTNFA",
"notifications_url": "https://api.github.com/repos/graphql-hive/router/notifications{?since,all,participating}",
"open_issues": 62,
"open_issues_count": 62,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
},
"private": false,
"pull_request_creation_policy": "all",
"pulls_url": "https://api.github.com/repos/graphql-hive/router/pulls{/number}",
"pushed_at": "2026-04-17T12:35:08Z",
"releases_url": "https://api.github.com/repos/graphql-hive/router/releases{/id}",
"size": 6425,
"squash_merge_commit_message": "PR_BODY",
"squash_merge_commit_title": "PR_TITLE",
"ssh_url": "git@github.com:graphql-hive/router.git",
"stargazers_count": 85,
"stargazers_url": "https://api.github.com/repos/graphql-hive/router/stargazers",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/graphql-hive/router/subscribers",
"subscription_url": "https://api.github.com/repos/graphql-hive/router/subscription",
"svn_url": "https://github.com/graphql-hive/router",
"tags_url": "https://api.github.com/repos/graphql-hive/router/tags",
"teams_url": "https://api.github.com/repos/graphql-hive/router/teams",
"topics": [
"apollo-federation",
"federation",
"federation-gateway",
"graphql",
"graphql-federation",
"router"
],
"trees_url": "https://api.github.com/repos/graphql-hive/router/git/trees{/sha}",
"updated_at": "2026-04-17T11:17:55Z",
"url": "https://api.github.com/repos/graphql-hive/router",
"use_squash_pr_title_as_default": true,
"visibility": "public",
"watchers": 85,
"watchers_count": 85,
"web_commit_signoff_required": false
},
"sha": "d046985ebe87f682ae2c12cf125de9cf0be21a40",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
}
},
"html_url": "https://github.com/graphql-hive/router/pull/810",
"id": 3344643939,
"issue_url": "https://api.github.com/repos/graphql-hive/router/issues/810",
"labels": [],
"locked": false,
"maintainer_can_modify": false,
"merge_commit_sha": "3f591df9ec9e5685dd4ae2aa5cbc30964f53747d",
"mergeable": null,
"mergeable_state": "unknown",
"merged": false,
"merged_at": null,
"merged_by": null,
"milestone": null,
"node_id": "PR_kwDONSTNFM7HWzdj",
"number": 810,
"patch_url": "https://github.com/graphql-hive/router/pull/810.patch",
"rebaseable": null,
"requested_reviewers": [
{
"avatar_url": "https://avatars.githubusercontent.com/u/3680083?v=4",
"events_url": "https://api.github.com/users/dotansimha/events{/privacy}",
"followers_url": "https://api.github.com/users/dotansimha/followers",
"following_url": "https://api.github.com/users/dotansimha/following{/other_user}",
"gists_url": "https://api.github.com/users/dotansimha/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/dotansimha",
"id": 3680083,
"login": "dotansimha",
"node_id": "MDQ6VXNlcjM2ODAwODM=",
"organizations_url": "https://api.github.com/users/dotansimha/orgs",
"received_events_url": "https://api.github.com/users/dotansimha/received_events",
"repos_url": "https://api.github.com/users/dotansimha/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/dotansimha/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/dotansimha/subscriptions",
"type": "User",
"url": "https://api.github.com/users/dotansimha",
"user_view_type": "public"
},
{
"avatar_url": "https://avatars.githubusercontent.com/u/11807600?v=4",
"events_url": "https://api.github.com/users/enisdenjo/events{/privacy}",
"followers_url": "https://api.github.com/users/enisdenjo/followers",
"following_url": "https://api.github.com/users/enisdenjo/following{/other_user}",
"gists_url": "https://api.github.com/users/enisdenjo/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/enisdenjo",
"id": 11807600,
"login": "enisdenjo",
"node_id": "MDQ6VXNlcjExODA3NjAw",
"organizations_url": "https://api.github.com/users/enisdenjo/orgs",
"received_events_url": "https://api.github.com/users/enisdenjo/received_events",
"repos_url": "https://api.github.com/users/enisdenjo/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/enisdenjo/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/enisdenjo/subscriptions",
"type": "User",
"url": "https://api.github.com/users/enisdenjo",
"user_view_type": "public"
}
],
"requested_teams": [],
"review_comment_url": "https://api.github.com/repos/graphql-hive/router/pulls/comments{/number}",
"review_comments": 21,
"review_comments_url": "https://api.github.com/repos/graphql-hive/router/pulls/810/comments",
"state": "open",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/d046985ebe87f682ae2c12cf125de9cf0be21a40",
"title": "feat(router): TLS support",
"updated_at": "2026-04-17T12:35:10Z",
"url": "https://api.github.com/repos/graphql-hive/router/pulls/810",
"user": {
"avatar_url": "https://avatars.githubusercontent.com/u/20847995?v=4",
"events_url": "https://api.github.com/users/ardatan/events{/privacy}",
"followers_url": "https://api.github.com/users/ardatan/followers",
"following_url": "https://api.github.com/users/ardatan/following{/other_user}",
"gists_url": "https://api.github.com/users/ardatan/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/ardatan",
"id": 20847995,
"login": "ardatan",
"node_id": "MDQ6VXNlcjIwODQ3OTk1",
"organizations_url": "https://api.github.com/users/ardatan/orgs",
"received_events_url": "https://api.github.com/users/ardatan/received_events",
"repos_url": "https://api.github.com/users/ardatan/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/ardatan/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ardatan/subscriptions",
"type": "User",
"url": "https://api.github.com/users/ardatan",
"user_view_type": "public"
}
},
"repository": {
"allow_forking": true,
"archive_url": "https://api.github.com/repos/graphql-hive/router/{archive_format}{/ref}",
"archived": false,
"assignees_url": "https://api.github.com/repos/graphql-hive/router/assignees{/user}",
"blobs_url": "https://api.github.com/repos/graphql-hive/router/git/blobs{/sha}",
"branches_url": "https://api.github.com/repos/graphql-hive/router/branches{/branch}",
"clone_url": "https://github.com/graphql-hive/router.git",
"collaborators_url": "https://api.github.com/repos/graphql-hive/router/collaborators{/collaborator}",
"comments_url": "https://api.github.com/repos/graphql-hive/router/comments{/number}",
"commits_url": "https://api.github.com/repos/graphql-hive/router/commits{/sha}",
"compare_url": "https://api.github.com/repos/graphql-hive/router/compare/{base}...{head}",
"contents_url": "https://api.github.com/repos/graphql-hive/router/contents/{+path}",
"contributors_url": "https://api.github.com/repos/graphql-hive/router/contributors",
"created_at": "2024-11-20T16:16:12Z",
"custom_properties": {
"vanta_production_branch_name": "main"
},
"default_branch": "main",
"deployments_url": "https://api.github.com/repos/graphql-hive/router/deployments",
"description": "Open-source (MIT) GraphQL Federation Router. Built with Rust for maximum performance and robustness.",
"disabled": false,
"downloads_url": "https://api.github.com/repos/graphql-hive/router/downloads",
"events_url": "https://api.github.com/repos/graphql-hive/router/events",
"fork": false,
"forks": 9,
"forks_count": 9,
"forks_url": "https://api.github.com/repos/graphql-hive/router/forks",
"full_name": "graphql-hive/router",
"git_commits_url": "https://api.github.com/repos/graphql-hive/router/git/commits{/sha}",
"git_refs_url": "https://api.github.com/repos/graphql-hive/router/git/refs{/sha}",
"git_tags_url": "https://api.github.com/repos/graphql-hive/router/git/tags{/sha}",
"git_url": "git://github.com/graphql-hive/router.git",
"has_discussions": false,
"has_downloads": true,
"has_issues": true,
"has_pages": false,
"has_projects": false,
"has_pull_requests": true,
"has_wiki": false,
"homepage": "https://the-guild.dev/graphql/hive/docs/router",
"hooks_url": "https://api.github.com/repos/graphql-hive/router/hooks",
"html_url": "https://github.com/graphql-hive/router",
"id": 891604244,
"is_template": false,
"issue_comment_url": "https://api.github.com/repos/graphql-hive/router/issues/comments{/number}",
"issue_events_url": "https://api.github.com/repos/graphql-hive/router/issues/events{/number}",
"issues_url": "https://api.github.com/repos/graphql-hive/router/issues{/number}",
"keys_url": "https://api.github.com/repos/graphql-hive/router/keys{/key_id}",
"labels_url": "https://api.github.com/repos/graphql-hive/router/labels{/name}",
"language": "Rust",
"languages_url": "https://api.github.com/repos/graphql-hive/router/languages",
"license": {
"key": "mit",
"name": "MIT License",
"node_id": "MDc6TGljZW5zZTEz",
"spdx_id": "MIT",
"url": "https://api.github.com/licenses/mit"
},
"merges_url": "https://api.github.com/repos/graphql-hive/router/merges",
"milestones_url": "https://api.github.com/repos/graphql-hive/router/milestones{/number}",
"mirror_url": null,
"name": "router",
"node_id": "R_kgDONSTNFA",
"notifications_url": "https://api.github.com/repos/graphql-hive/router/notifications{?since,all,participating}",
"open_issues": 62,
"open_issues_count": 62,
"owner": {
"avatar_url": "https://avatars.githubusercontent.com/u/182742256?v=4",
"events_url": "https://api.github.com/users/graphql-hive/events{/privacy}",
"followers_url": "https://api.github.com/users/graphql-hive/followers",
"following_url": "https://api.github.com/users/graphql-hive/following{/other_user}",
"gists_url": "https://api.github.com/users/graphql-hive/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/graphql-hive",
"id": 182742256,
"login": "graphql-hive",
"node_id": "O_kgDOCuRs8A",
"organizations_url": "https://api.github.com/users/graphql-hive/orgs",
"received_events_url": "https://api.github.com/users/graphql-hive/received_events",
"repos_url": "https://api.github.com/users/graphql-hive/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/graphql-hive/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/graphql-hive/subscriptions",
"type": "Organization",
"url": "https://api.github.com/users/graphql-hive",
"user_view_type": "public"
},
"private": false,
"pull_request_creation_policy": "all",
"pulls_url": "https://api.github.com/repos/graphql-hive/router/pulls{/number}",
"pushed_at": "2026-04-17T12:35:08Z",
"releases_url": "https://api.github.com/repos/graphql-hive/router/releases{/id}",
"size": 6425,
"ssh_url": "git@github.com:graphql-hive/router.git",
"stargazers_count": 85,
"stargazers_url": "https://api.github.com/repos/graphql-hive/router/stargazers",
"statuses_url": "https://api.github.com/repos/graphql-hive/router/statuses/{sha}",
"subscribers_url": "https://api.github.com/repos/graphql-hive/router/subscribers",
"subscription_url": "https://api.github.com/repos/graphql-hive/router/subscription",
"svn_url": "https://github.com/graphql-hive/router",
"tags_url": "https://api.github.com/repos/graphql-hive/router/tags",
"teams_url": "https://api.github.com/repos/graphql-hive/router/teams",
"topics": [
"apollo-federation",
"federation",
"federation-gateway",
"graphql",
"graphql-federation",
"router"
],
"trees_url": "https://api.github.com/repos/graphql-hive/router/git/trees{/sha}",
"updated_at": "2026-04-17T11:17:55Z",
"url": "https://api.github.com/repos/graphql-hive/router",
"visibility": "public",
"watchers": 85,
"watchers_count": 85,
"web_commit_signoff_required": false
},
"sender": {
"avatar_url": "https://avatars.githubusercontent.com/u/20847995?v=4",
"events_url": "https://api.github.com/users/ardatan/events{/privacy}",
"followers_url": "https://api.github.com/users/ardatan/followers",
"following_url": "https://api.github.com/users/ardatan/following{/other_user}",
"gists_url": "https://api.github.com/users/ardatan/gists{/gist_id}",
"gravatar_id": "",
"html_url": "https://github.com/ardatan",
"id": 20847995,
"login": "ardatan",
"node_id": "MDQ6VXNlcjIwODQ3OTk1",
"organizations_url": "https://api.github.com/users/ardatan/orgs",
"received_events_url": "https://api.github.com/users/ardatan/received_events",
"repos_url": "https://api.github.com/users/ardatan/repos",
"site_admin": false,
"starred_url": "https://api.github.com/users/ardatan/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/ardatan/subscriptions",
"type": "User",
"url": "https://api.github.com/users/ardatan",
"user_view_type": "public"
}
},
"github_job": "docker",
"github_ref": "refs/pull/810/merge",
"github_ref_name": "810/merge",
"github_ref_protected": "false",
"github_ref_type": "branch",
"github_repository": "graphql-hive/router",
"github_repository_id": "891604244",
"github_repository_owner": "graphql-hive",
"github_repository_owner_id": "182742256",
"github_run_attempt": "1",
"github_run_id": "24565329494",
"github_run_number": "2493",
"github_runner_arch": "X64",
"github_runner_environment": "github-hosted",
"github_runner_image_os": "ubuntu24",
"github_runner_image_version": "20260413.86.1",
"github_runner_name": "GitHub Actions 1000749944",
"github_runner_os": "Linux",
"github_runner_tracking_id": "github_6f117a10-e1a7-40b3-97fb-8672d902a0ce",
"github_server_url": "https://github.com",
"github_triggering_actor": "ardatan",
"github_workflow": "build-router",
"github_workflow_ref": "graphql-hive/router/.github/workflows/build-router.yaml@refs/pull/810/merge",
"github_workflow_sha": "3f88937c6e0960d2943dcb3737ee9bc5946d0d8f",
"platform": "linux/amd64"
}
}
},
"buildx.build.ref": "builder-8a331f60-57ec-4faa-b7bc-14806fc83802/builder-8a331f60-57ec-4faa-b7bc-14806fc838020/tudly7zwspj9rpd22b6mhlpy4",
"containerimage.descriptor": {
"mediaType": "application/vnd.oci.image.index.v1+json",
"digest": "sha256:56b4db7297a5110a026a7965373b4109833ddc8b33bfbfd8b619691024d43951",
"size": 1609
},
"containerimage.digest": "sha256:56b4db7297a5110a026a7965373b4109833ddc8b33bfbfd8b619691024d43951",
"image.name": "ghcr.io/graphql-hive/router:pr-810,ghcr.io/graphql-hive/router:sha-3f88937"
} |
ardatan
force-pushed
the
tls-support
branch
3 times, most recently
from
833bf53 to
513a4a3
Compare
kamilkisiela
reviewed
Mar 9, 2026
ardatan
force-pushed
the
tls-support
branch
2 times, most recently
from
142b181 to
c35097f
Compare
kamilkisiela
approved these changes
Mar 12, 2026
enisdenjo
force-pushed
the
main
branch
3 times, most recently
from
511f910 to
e09e78a
Compare
Member
Author
|
@copilot resolve the merge conflicts in this pull request |
Co-authored-by: ardatan <20847995+ardatan@users.noreply.github.com>
Contributor
Resolved the merge conflicts in commit |
enisdenjo
approved these changes
Apr 17, 2026
Copilot AI
added a commit
that referenced
this pull request
May 5, 2026
Ref ROUTER-100 Ref ROUTER-118 Closes #340 Documentation graphql-hive/docs#94 # TLS Support Adds TLS support to Hive Router for both client and subgraph connections, including mutual TLS (mTLS) authentication. This allows secure communication between clients, the router, and subgraphs by encrypting data in transit and optionally verifying identities. ## TLS Directions TLS Support has implementations for the following 4 directions: ### Router -> Client - Regular TLS Router has an `identity` (`cert`, `key`), and client has `cert`, then Client validates the router's `identity` ### Client -> Router - mTLS Router has the `cert`, client has the `identity`, mTLS/Client Auth then the router validates the client's `identity` ### Subgraph -> Router - Regular TLS Subgraph has the `identity` (`cert`, `key`), and router has `cert`, then Router validates the subgraph's `identity`. ### Router -> Subgraph - mTLS Subgraph has the `cert`, router(which is the client this time) has the `identity`, then subgraph validates the router's `identity`. ## TLS Directions Diagram ```mermaid flowchart LR Client["Client"] Router["Router"] Subgraph["Subgraph"] %% Router -> Client: Regular TLS Router -- "TLS\n(cert_file + key_file)" --> Client Client -. "validates router identity\n(cert_file)" .-> Router %% Client -> Router: mTLS / Client Auth Client -- "mTLS\n(client identity)" --> Router Router -. "validates client identity\n(client_auth.cert_file)" .-> Client %% Subgraph -> Router: Regular TLS Subgraph -- "TLS\n(cert_file)" --> Router Router -. "validates subgraph identity\n(all/subgraphs.cert_file)" .-> Subgraph %% Router -> Subgraph: mTLS Router -- "mTLS\n(client_auth.cert_file + key_file)" --> Subgraph Subgraph -. "validates router identity\n(cert_file)" .-> Router ``` ## Configuration Structure ```yaml traffic_shaping: router: key_file: # Router server private key cert_file: # Router server certificate(s) client_auth: # mTLS: Client -> Router cert_file: # Trusted client CA certificate(s) all: # Default TLS for all subgraph connections cert_file: # Trusted subgraph CA certificate(s) client_auth: # mTLS: Router -> Subgraph cert_file: # Router client certificate(s) key_file: # Router client private key subgraphs: SUBGRAPH_NAME: # Per-subgraph TLS override cert_file: # Trusted subgraph CA certificate(s) client_auth: # mTLS: Router -> Subgraph cert_file: # Router client certificate(s) key_file: # Router client private key ``` --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: theguild-bot <bot@the-guild.dev> Co-authored-by: kamilkisiela <8167190+kamilkisiela@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ref ROUTER-100
Ref ROUTER-118
Closes #340
Documentation graphql-hive/docs#94
TLS Support
Adds TLS support to Hive Router for both client and subgraph connections, including mutual TLS (mTLS) authentication. This allows secure communication between clients, the router, and subgraphs by encrypting data in transit and optionally verifying identities.
TLS Directions
TLS Support has implementations for the following 4 directions:
Router -> Client - Regular TLS
Router has an
identity(cert,key), and client hascert, then Client validates the router'sidentityClient -> Router - mTLS
Router has the
cert, client has theidentity, mTLS/Client Auth then the router validates the client'sidentitySubgraph -> Router - Regular TLS
Subgraph has the
identity(cert,key), and router hascert, then Router validates the subgraph'sidentity.Router -> Subgraph - mTLS
Subgraph has the
cert, router(which is the client this time) has theidentity, then subgraph validates the router'sidentity.TLS Directions Diagram
flowchart LR Client["Client"] Router["Router"] Subgraph["Subgraph"] %% Router -> Client: Regular TLS Router -- "TLS\n(cert_file + key_file)" --> Client Client -. "validates router identity\n(cert_file)" .-> Router %% Client -> Router: mTLS / Client Auth Client -- "mTLS\n(client identity)" --> Router Router -. "validates client identity\n(client_auth.cert_file)" .-> Client %% Subgraph -> Router: Regular TLS Subgraph -- "TLS\n(cert_file)" --> Router Router -. "validates subgraph identity\n(all/subgraphs.cert_file)" .-> Subgraph %% Router -> Subgraph: mTLS Router -- "mTLS\n(client_auth.cert_file + key_file)" --> Subgraph Subgraph -. "validates router identity\n(cert_file)" .-> RouterConfiguration Structure