GraphQL

Overview

This public intake copy packages

plugins/antigravity-awesome-skills-claude/skills/graphql

https://github.com/sickn33/antigravity-awesome-skills

Use it when the operator needs the upstream workflow, support files, and repository context to stay intact while the public validator and private enhancer continue their normal downstream flow.

This intake keeps the copied upstream files intact and uses

metadata.json

ORIGIN.md

GraphQL GraphQL gives clients exactly the data they need - no more, no less. One endpoint, typed schema, introspection. But the flexibility that makes it powerful also makes it dangerous. Without proper controls, clients can craft queries that bring down your server. This skill covers schema design, resolvers, DataLoader for N+1 prevention, federation for microservices, and client integration with Apollo/urql. Key insight: GraphQL is a contract. The schema is the API documentation. Design it carefully. 2025 lesson: GraphQL isn't always the answer. For simple CRUD, REST is simpler. For high-performance public APIs, REST with caching wins. Use GraphQL when you have complex data relationships and diverse client needs.

Imported source sections that did not map cleanly to the public headings are still preserved below or in the support files. Notable imported sections: Capabilities, Scope, Tooling, Patterns, Sharp Edges, Validation Checks.

When to Use This Skill

Use this section as the trigger filter. It should make the activation boundary explicit before the operator loads files, runs commands, or opens a pull request.

• User mentions or implies: graphql
• User mentions or implies: graphql schema
• User mentions or implies: graphql resolver
• User mentions or implies: apollo server
• User mentions or implies: apollo client
• User mentions or implies: graphql federation

Operating Table

metadata.json

ORIGIN.md

SKILL.md

SKILL.md

## Related Skills

Workflow

This workflow is intentionally editorial and operational at the same time. It keeps the imported source useful to the operator while still satisfying the public intake standards that feed the downstream enhancer flow.

1. Confirm the user goal, the scope of the imported workflow, and whether this skill is still the right router for the task.
2. Read the overview and provenance files before loading any copied upstream support files.
3. Load only the references, examples, prompts, or scripts that materially change the outcome for the current request.
4. Execute the upstream workflow while keeping provenance and source boundaries explicit in the working notes.
5. Validate the result against the upstream expectations and the evidence you can point to in the copied files.
6. Escalate or hand off to a related skill when the work moves out of this imported workflow's center of gravity.
7. Before merge or closure, record what was used, what changed, and what the reviewer still needs to verify.

Imported Workflow Notes

Imported: Capabilities

• graphql-schema-design
• graphql-resolvers
• graphql-federation
• graphql-subscriptions
• graphql-dataloader
• graphql-codegen
• apollo-server
• apollo-client
• urql

Examples

Example 1: Ask for the upstream workflow directly

Use @graphql to handle <task>. Start from the copied upstream workflow, load only the files that change the outcome, and keep provenance visible in the answer.

Explanation: This is the safest starting point when the operator needs the imported workflow, but not the entire repository.

Example 2: Ask for a provenance-grounded review

Review @graphql against metadata.json and ORIGIN.md, then explain which copied upstream files you would load first and why.

Explanation: Use this before review or troubleshooting when you need a precise, auditable explanation of origin and file selection.

Example 3: Narrow the copied support files before execution

Use @graphql for <task>. Load only the copied references, examples, or scripts that change the outcome, and name the files explicitly before proceeding.

Explanation: This keeps the skill aligned with progressive disclosure instead of loading the whole copied package by default.

Example 4: Build a reviewer packet

Review @graphql using the copied upstream files plus provenance, then summarize any gaps before merge.

Explanation: This is useful when the PR is waiting for human review and you want a repeatable audit packet.

Best Practices

Treat the generated public skill as a reviewable packaging layer around the upstream repository. The goal is to keep provenance explicit and load only the copied source material that materially improves execution.

• Schema-first design - the schema is the contract
• Prevent N+1 queries with DataLoader
• Limit query depth and complexity
• Use fragments for reusable selections
• Mutations should be specific, not generic update operations
• Errors are data - use union types for expected failures
• Nullability is meaningful - design it intentionally

Imported Operating Notes

Imported: Principles

• Schema-first design - the schema is the contract
• Prevent N+1 queries with DataLoader
• Limit query depth and complexity
• Use fragments for reusable selections
• Mutations should be specific, not generic update operations
• Errors are data - use union types for expected failures
• Nullability is meaningful - design it intentionally

Troubleshooting

Problem: The operator skipped the imported context and answered too generically

Symptoms: The result ignores the upstream workflow in

plugins/antigravity-awesome-skills-claude/skills/graphql

metadata.json

ORIGIN.md

Problem: The imported workflow feels incomplete during review

Symptoms: Reviewers can see the generated

SKILL.md

Problem: The task drifted into a different specialization

Symptoms: The imported skill starts in the right place, but the work turns into debugging, architecture, design, security, or release orchestration that a native skill handles better. Solution: Use the related skills section to hand off deliberately. Keep the imported provenance visible so the next skill inherits the right context instead of starting blind.

Related Skills

• @github-issue-creator

  - Use when the work is better handled by that native specialization after this imported skill establishes context.

• @github-workflow-automation

  - Use when the work is better handled by that native specialization after this imported skill establishes context.

• @gitlab-automation

  - Use when the work is better handled by that native specialization after this imported skill establishes context.

• @gitlab-ci-patterns

  - Use when the work is better handled by that native specialization after this imported skill establishes context.

Additional Resources

Use this support matrix and the linked files below as the operator packet for this imported skill. They should reflect real copied source material, not generic scaffolding.

references

references/n/a

examples

examples/n/a

scripts

scripts/n/a

agents

agents/n/a

assets

assets/n/a

Imported Reference Notes

Imported: Scope

• database-queries -> postgres-wizard
• authentication -> authentication-oauth
• rest-api-design -> backend
• websocket-infrastructure -> backend

Imported: Tooling

Server

• @apollo/server - When: Apollo Server v4 Note: Most popular GraphQL server
• graphql-yoga - When: Lightweight alternative Note: Good for serverless
• mercurius - When: Fastify integration Note: Fast, uses JIT

Client

• @apollo/client - When: Full-featured client Note: Caching, state management
• urql - When: Lightweight alternative Note: Smaller, simpler
• graphql-request - When: Simple requests Note: Minimal, no caching

Tools

• graphql-codegen - When: Type generation Note: Essential for TypeScript
• dataloader - When: N+1 prevention Note: Batches and caches

Imported: Patterns

Schema Design

Type-safe schema with proper nullability

When to use: Designing any GraphQL API

SCHEMA DESIGN:

""" The schema is your API contract. Design nullability intentionally - non-null fields must always resolve. """

type Query {

Non-null - will always return user or throw

user(id: ID!): User!

Nullable - returns null if not found

userByEmail(email: String!): User

Non-null list with non-null items

users(limit: Int = 10, offset: Int = 0): [User!]!

Search with pagination

searchUsers( query: String! first: Int after: String ): UserConnection! }

type Mutation {

Input types for complex mutations

createUser(input: CreateUserInput!): CreateUserPayload! updateUser(id: ID!, input: UpdateUserInput!): UpdateUserPayload! deleteUser(id: ID!): DeleteUserPayload! }

type Subscription { userCreated: User! messageReceived(roomId: ID!): Message! }

Input types

input CreateUserInput { email: String! name: String! role: Role = USER }

input UpdateUserInput { email: String name: String role: Role }

Payload types (for errors as data)

type CreateUserPayload { user: User errors: [Error!]! }

union UpdateUserPayload = UpdateUserSuccess | NotFoundError | ValidationError

type UpdateUserSuccess { user: User! }

Enums

enum Role { USER ADMIN MODERATOR }

Types with relationships

type User { id: ID! email: String! name: String! role: Role! posts(limit: Int = 10): [Post!]! createdAt: DateTime! }

type Post { id: ID! title: String! content: String! author: User! comments: [Comment!]! published: Boolean! }

Pagination (Relay-style)

type UserConnection { edges: [UserEdge!]! pageInfo: PageInfo! totalCount: Int! }

type UserEdge { node: User! cursor: String! }

type PageInfo { hasNextPage: Boolean! hasPreviousPage: Boolean! startCursor: String endCursor: String }

DataLoader for N+1 Prevention

Batch and cache database queries

When to use: Resolving relationships

DATALOADER:

""" Without DataLoader, fetching 10 posts with authors makes 11 queries (1 for posts + 10 for each author). DataLoader batches into 2 queries. """

import DataLoader from 'dataloader';

// Create loaders per request function createLoaders(db) { return { userLoader: new DataLoader(async (ids) => { // Single query for all users const users = await db.user.findMany({ where: { id: { in: ids } } });

  // Return in same order as ids
  const userMap = new Map(users.map(u => [u.id, u]));
  return ids.map(id => userMap.get(id) || null);
}),

postsByAuthorLoader: new DataLoader(async (authorIds) => {
  const posts = await db.post.findMany({
    where: { authorId: { in: authorIds } }
  });

  // Group by author
  const postsByAuthor = new Map();
  posts.forEach(post => {
    const existing = postsByAuthor.get(post.authorId) || [];
    postsByAuthor.set(post.authorId, [...existing, post]);
  });

  return authorIds.map(id => postsByAuthor.get(id) || []);
})

}; }

// Attach to context const server = new ApolloServer({ typeDefs, resolvers, });

app.use('/graphql', expressMiddleware(server, { context: async ({ req }) => ({ db, loaders: createLoaders(db), user: req.user }) }));

// Use in resolvers const resolvers = { Post: { author: (post, _, { loaders }) => { return loaders.userLoader.load(post.authorId); } }, User: { posts: (user, _, { loaders }) => { return loaders.postsByAuthorLoader.load(user.id); } } };

Apollo Client Caching

Normalized cache with type policies

When to use: Client-side data management

APOLLO CLIENT CACHING:

""" Apollo Client normalizes responses into a flat cache. Configure type policies for custom cache behavior. """

import { ApolloClient, InMemoryCache } from '@apollo/client';

const cache = new InMemoryCache({ typePolicies: { Query: { fields: { // Paginated field users: { keyArgs: ['query'], // Cache separately per query merge(existing = { edges: [] }, incoming, { args }) { // Append for infinite scroll if (args?.after) { return { ...incoming, edges: [...existing.edges, ...incoming.edges] }; } return incoming; } } } }, User: { keyFields: ['id'], // How to identify users fields: { fullName: { read(_, { readField }) { // Computed field return

${readField('firstName')} ${readField('lastName')}

const client = new ApolloClient({ uri: '/graphql', cache, defaultOptions: { watchQuery: { fetchPolicy: 'cache-and-network' } } });

// Queries with hooks import { useQuery, useMutation } from '@apollo/client';

const GET_USER = gql

  query GetUser($id: ID!) {     user(id: $id) {       id       name       email     }   }

function UserProfile({ userId }) { const { data, loading, error } = useQuery(GET_USER, { variables: { id: userId } });

if (loading) return <Spinner />; if (error) return <Error message={error.message} />;

return <div>{data.user.name}</div>; }

// Mutations with cache updates const CREATE_USER = gql

  mutation CreateUser($input: CreateUserInput!) {     createUser(input: $input) {       user {         id         name         email       }       errors {         field         message       }     }   }

function CreateUserForm() { const [createUser, { loading }] = useMutation(CREATE_USER, { update(cache, { data: { createUser } }) { // Update cache after mutation if (createUser.user) { cache.modify({ fields: { users(existing = []) { const newRef = cache.writeFragment({ data: createUser.user, fragment: gql

                  fragment NewUser on User {                     id                     name                     email                   }                

Code Generation

Type-safe operations from schema

When to use: TypeScript projects

GRAPHQL CODEGEN:

""" Generate TypeScript types from your schema and operations. No more manually typing query responses. """

Install

npm install -D @graphql-codegen/cli npm install -D @graphql-codegen/typescript npm install -D @graphql-codegen/typescript-operations npm install -D @graphql-codegen/typescript-react-apollo

codegen.ts

import type { CodegenConfig } from '@graphql-codegen/cli';

const config: CodegenConfig = { schema: 'http://localhost:4000/graphql', documents: ['src//*.graphql', 'src//*.tsx'], generates: { './src/generated/graphql.ts': { plugins: [ 'typescript', 'typescript-operations', 'typescript-react-apollo' ], config: { withHooks: true, withComponent: false } } } };

export default config;

Run generation

npx graphql-codegen

Usage - fully typed!

import { useGetUserQuery, useCreateUserMutation } from './generated/graphql';

function UserProfile({ userId }: { userId: string }) { const { data, loading } = useGetUserQuery({ variables: { id: userId } // Type-checked! });

// data.user is fully typed return <div>{data?.user?.name}</div>; }

Error Handling with Unions

Expected errors as data, not exceptions

When to use: Operations that can fail in expected ways

ERRORS AS DATA:

""" Use union types for expected failure cases. GraphQL errors are for unexpected failures. """

Schema

type Mutation { login(email: String!, password: String!): LoginResult! }

union LoginResult = LoginSuccess | InvalidCredentials | AccountLocked

type LoginSuccess { user: User! token: String! }

type InvalidCredentials { message: String! }

type AccountLocked { message: String! unlockAt: DateTime }

Resolver

const resolvers = { Mutation: { login: async (_, { email, password }, { db }) => { const user = await db.user.findByEmail(email);

  if (!user || !await verifyPassword(password, user.hash)) {
    return {
      __typename: 'InvalidCredentials',
      message: 'Invalid email or password'
    };
  }

  if (user.lockedUntil && user.lockedUntil > new Date()) {
    return {
      __typename: 'AccountLocked',
      message: 'Account temporarily locked',
      unlockAt: user.lockedUntil
    };
  }

  return {
    __typename: 'LoginSuccess',
    user,
    token: generateToken(user)
  };
}

},

LoginResult: { __resolveType(obj) { return obj.__typename; } } };

Client query

const LOGIN = gql

  mutation Login($email: String!, $password: String!) {     login(email: $email, password: $password) {       ... on LoginSuccess {         user { id name }         token       }       ... on InvalidCredentials {         message       }       ... on AccountLocked {         message         unlockAt       }     }   }

// Handle all cases const result = data.login; switch (result.__typename) { case 'LoginSuccess': setToken(result.token); redirect('/dashboard'); break; case 'InvalidCredentials': setError(result.message); break; case 'AccountLocked': setError(

${result.message}. Try again at ${result.unlockAt}

Imported: Sharp Edges

Each resolver makes separate database queries

Severity: CRITICAL

Situation: You write resolvers that fetch data individually. A query for 10 posts with authors makes 11 database queries. For 100 posts, that's 101 queries. Response time becomes seconds.

Symptoms:

• Slow API responses
• Many similar database queries in logs
• Performance degrades with list size

Why this breaks: GraphQL resolvers run independently. Without batching, the author resolver runs separately for each post. The database gets hammered with repeated similar queries.

Recommended fix:

USE DATALOADER

import DataLoader from 'dataloader';

// Create loader per request const userLoader = new DataLoader(async (ids) => { const users = await db.user.findMany({ where: { id: { in: ids } } }); // IMPORTANT: Return in same order as input ids const userMap = new Map(users.map(u => [u.id, u])); return ids.map(id => userMap.get(id)); });

// Use in resolver const resolvers = { Post: { author: (post, _, { loaders }) => loaders.userLoader.load(post.authorId) } };

Key points:

1. Create new loaders per request (for caching scope)

2. Return results in same order as input IDs

3. Handle missing items (return null, not skip)

Deeply nested queries can DoS your server

Severity: CRITICAL

Situation: Your schema has circular relationships (user.posts.author.posts...). A client sends a query 20 levels deep. Your server tries to resolve it and either times out or crashes.

Symptoms:

• Server timeouts on certain queries
• Memory exhaustion
• Slow response for nested queries

Why this breaks: GraphQL allows clients to request any valid query shape. Without limits, a malicious or buggy client can craft queries that require exponential work. Even legitimate queries can accidentally be too deep.

Recommended fix:

LIMIT QUERY DEPTH AND COMPLEXITY

import depthLimit from 'graphql-depth-limit'; import { createComplexityLimitRule } from 'graphql-validation-complexity';

const server = new ApolloServer({ typeDefs, resolvers, validationRules: [ // Limit nesting depth depthLimit(10),

// Limit query complexity
createComplexityLimitRule(1000, {
  scalarCost: 1,
  objectCost: 2,
  listFactor: 10
})

] });

Also consider:

- Query timeout limits

- Rate limiting per client

- Persisted queries (only allow pre-registered queries)

Introspection enabled in production exposes your schema

Severity: HIGH

Situation: You deploy to production with introspection enabled. Anyone can query your schema, discover all types, mutations, and field names. Attackers know exactly what to target.

Symptoms:

• Schema visible via introspection query
• GraphQL Playground accessible in production
• Full type information exposed

Why this breaks: Introspection is essential for development and tooling, but in production it's a roadmap for attackers. They can find admin mutations, internal fields, and deprecated but still working APIs.

Recommended fix:

DISABLE INTROSPECTION IN PRODUCTION

const server = new ApolloServer({ typeDefs, resolvers, introspection: process.env.NODE_ENV !== 'production', plugins: [ process.env.NODE_ENV === 'production' ? ApolloServerPluginLandingPageDisabled() : ApolloServerPluginLandingPageLocalDefault() ] });

Better: Use persisted queries

Only allow pre-registered queries in production

const server = new ApolloServer({ typeDefs, resolvers, persistedQueries: { cache: new InMemoryLRUCache() } });

Authorization only in schema directives, not resolvers

Severity: HIGH

Situation: You rely entirely on @auth directives for authorization. Someone finds a way around the directive, or complex business rules don't fit in a simple directive. Authorization fails.

Symptoms:

• Unauthorized access to data
• Business rules not enforced
• Directive-only security bypassed

Why this breaks: Directives are good for simple checks but can't handle complex business logic. "User can edit their own posts, or any post in groups they moderate" doesn't fit in a directive.

Recommended fix:

AUTHORIZE IN RESOLVERS

// Simple check in resolver Mutation: { deletePost: async (_, { id }, { user, db }) => { if (!user) { throw new AuthenticationError('Must be logged in'); }

const post = await db.post.findUnique({ where: { id } });

if (!post) {
  throw new NotFoundError('Post not found');
}

// Business logic authorization
const canDelete =
  post.authorId === user.id ||
  user.role === 'ADMIN' ||
  await userModeratesGroup(user.id, post.groupId);

if (!canDelete) {
  throw new ForbiddenError('Cannot delete this post');
}

return db.post.delete({ where: { id } });

} }

// Helper for field-level authorization User: { email: (user, _, { currentUser }) => { // Only show email to self or admin if (currentUser?.id === user.id || currentUser?.role === 'ADMIN') { return user.email; } return null; } }

Authorization on queries but not on fields

Severity: HIGH

Situation: You check if a user can access a resource, but not individual fields. User A can see User B's public profile, and accidentally also sees their private email and phone number.

Symptoms:

• Sensitive data exposed
• Privacy violations
• Field data visible to wrong users

Why this breaks: Field resolvers run after the parent is returned. If the parent query returns a user, all fields are resolved - including sensitive ones. Each sensitive field needs its own auth check.

Recommended fix:

FIELD-LEVEL AUTHORIZATION

const resolvers = { User: { // Public fields - no check needed id: (user) => user.id, name: (user) => user.name,

// Private fields - check access
email: (user, _, { currentUser }) => {
  if (!currentUser) return null;
  if (currentUser.id === user.id) return user.email;
  if (currentUser.role === 'ADMIN') return user.email;
  return null;
},

phoneNumber: (user, _, { currentUser }) => {
  if (currentUser?.id !== user.id) return null;
  return user.phoneNumber;
},

// Or throw instead of returning null
privateData: (user, _, { currentUser }) => {
  if (currentUser?.id !== user.id) {
    throw new ForbiddenError('Not authorized');
  }
  return user.privateData;
}

} };

Non-null field failure nullifies entire parent

Severity: MEDIUM

Situation: You make fields non-null for convenience. A resolver throws or returns null. The error propagates up, nullifying parent objects, until the whole query response is null or errors out.

Symptoms:

• Queries return null unexpectedly
• One error affects unrelated fields
• Partial data can't be returned

Why this breaks: GraphQL's null propagation means if a non-null field can't resolve, its parent becomes null. If that parent is also non-null, it propagates further. One failing field can break an entire response.

Recommended fix:

DESIGN NULLABILITY INTENTIONALLY

WRONG: Everything non-null

type User { id: ID! name: String! email: String! avatar: String! # What if no avatar? lastLogin: DateTime! # What if never logged in? }

RIGHT: Nullable where appropriate

type User { id: ID! # Always exists name: String! # Required field email: String! # Required field avatar: String # Optional - may not exist lastLogin: DateTime # Nullable - may be null }

For lists:

[User!]! - Non-null list of non-null users (recommended)

[User!] - Nullable list of non-null users

[User]! - Non-null list of nullable users (rarely useful)

[User] - Nullable list of nullable users (avoid)

Rule of thumb:

- Non-null if always present and failure should fail query

- Nullable if optional or failure shouldn't break response

Expensive queries treated same as cheap ones

Severity: MEDIUM

Situation: Every query is processed the same. A simple user(id) query uses the same resources as users(first: 1000) { posts { comments } }. Expensive queries starve out cheap ones.

Symptoms:

• Expensive queries slow everything
• No way to prioritize queries
• Rate limiting is ineffective

Why this breaks: Not all GraphQL operations are equal. Fetching 1000 users with nested data is orders of magnitude more expensive than fetching one user. Without cost analysis, you can't rate limit properly.

Recommended fix:

QUERY COST ANALYSIS

import { createComplexityLimitRule } from 'graphql-validation-complexity';

// Define complexity per field const complexityRules = createComplexityLimitRule(1000, { scalarCost: 1, objectCost: 10, listFactor: 10, // Custom field costs fieldCost: { 'Query.searchUsers': 100, 'Query.analytics': 500, 'User.posts': ({ args }) => args.limit || 10 } });

// For rate limiting by cost const costPlugin = { requestDidStart() { return { didResolveOperation({ request, document }) { const cost = calculateQueryCost(document); if (cost > 1000) { throw new Error(

Query too expensive: ${cost}

Subscriptions not properly cleaned up

Severity: MEDIUM

Situation: Clients subscribe but don't unsubscribe cleanly. Network issues leave orphaned subscriptions. Server memory grows as dead subscriptions accumulate.

Symptoms:

• Memory usage grows over time
• Dead connections accumulate
• Server slows down

Why this breaks: Each subscription holds server resources. Without proper cleanup on disconnect, resources accumulate. Long-running servers eventually run out of memory.

Recommended fix:

PROPER SUBSCRIPTION CLEANUP

import { PubSub, withFilter } from 'graphql-subscriptions'; import { WebSocketServer } from 'ws'; import { useServer } from 'graphql-ws/lib/use/ws';

const pubsub = new PubSub();

// Track active subscriptions const activeSubscriptions = new Map();

const wsServer = new WebSocketServer({ server: httpServer, path: '/graphql' });

useServer({ schema, context: (ctx) => ({ pubsub, userId: ctx.connectionParams?.userId }), onConnect: (ctx) => { console.log('Client connected'); }, onDisconnect: (ctx) => { // Clean up resources for this connection const userId = ctx.connectionParams?.userId; activeSubscriptions.delete(userId); } }, wsServer);

// Subscription resolver with cleanup Subscription: { messageReceived: { subscribe: withFilter( (_, { roomId }, { pubsub, userId }) => { // Track subscription activeSubscriptions.set(userId, roomId); return pubsub.asyncIterator(

ROOM_${roomId}

Imported: Validation Checks

Introspection enabled in production

Severity: WARNING

Message: Introspection should be disabled in production

Fix action: Set introspection: process.env.NODE_ENV !== 'production'

Direct database query in resolver

Severity: WARNING

Message: Consider using DataLoader to batch and cache queries

Fix action: Create DataLoader and use .load() instead of direct query

No query depth limiting

Severity: WARNING

Message: Consider adding depth limiting to prevent DoS

Fix action: Add validationRules: [depthLimit(10)]

Resolver without try-catch

Severity: INFO

Message: Consider wrapping resolver logic in try-catch

Fix action: Add error handling to provide better error messages

JSON or Any type in schema

Severity: INFO

Message: Avoid JSON/Any types - they bypass GraphQL's type safety

Fix action: Define proper input/output types

Mutation returns bare type instead of payload

Severity: INFO

Message: Consider using payload types for mutations (includes errors)

Fix action: Create CreateUserPayload type with user and errors fields

List field without pagination arguments

Severity: INFO

Message: List fields should have pagination (limit, first, after)

Fix action: Add arguments: field(limit: Int, offset: Int): [Type!]!

Query hook without error handling

Severity: INFO

Message: Handle query errors in UI

Fix action: Destructure and handle error: const { error } = useQuery(...)

Using refetch instead of cache update

Severity: INFO

Message: Consider cache update instead of refetch for better UX

Fix action: Use update function to modify cache directly

Imported: Collaboration

Delegation Triggers

• user needs database optimization -> postgres-wizard (Optimize queries for GraphQL resolvers)
• user needs authentication system -> authentication-oauth (Auth for GraphQL context)
• user needs caching layer -> caching-strategies (Response caching, DataLoader caching)
• user needs real-time infrastructure -> backend (WebSocket setup for subscriptions)

Imported: Limitations

• Use this skill only when the task clearly matches the scope described above.
• Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
• Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.