When to Migrate from Cosmo OSS

Cosmo OSS is a powerful way to start with GraphQL Federation. It’s fast, flexible, and open source. As teams grow and systems become more complex, managing everything in-house gets harder. Operational overhead increases, visibility becomes limited, and compliance requirements add pressure. Cosmo Enterprise builds on the same core and adds the governance, observability, and support needed to scale with confidence-without starting over.

Cosmo is a production-grade GraphQL Federation platform trusted by some of the most demanding engineering teams in the world. It’s developer-friendly, supports both Federation v1 and v2, and is licensed under the Apache 2.0 open source license. It is a powerful foundation for organizations evaluating federation at scale.

Cosmo OSS is ready for real workloads from day one. Startups can use it to ship quickly, while enterprises use it to validate architecture and make decisions before rolling out more broadly. The same core technology powers Cosmo Enterprise, so when it’s time to move beyond proof-of-concept, you’re not rebuilding, but stepping into a tested platform with full observability, governance, and support.

Cosmo OSS gives teams a fast on-ramp to Federation—without locking them into a commercial platform too early. For engineering teams already running services like Postgres, Redis, or their own observability stack, Cosmo fits in without disruption. The Helm chart works out of the box for most teams, so you can start collecting logs, test routing, and evaluate the architecture in real conditions without a heavy lift or vendor lock-in.

Built for speed, it allows teams to iterate quickly, deploy fast, and safely experiment. The self-contained architecture makes it easy to get started. A single CLI and Router is enough to start experimenting. No hosted control plane, central server, or extra infrastructure are necessary.

You can deploy anywhere, customize freely, and fork if needed, because there there is no vendor lock-in.

This is why Cosmo OSS an ideal choice for early adoption, internal evaluations, or rolling out Federation in lower environments before considering the full platform.

Cosmo OSS is licensed under Apache 2.0. This means it’s open, permissive, and production-ready. But, it is important to remember that open source is not the same as free support.

Maintainers donate software, not time. If your team relies on OSS at scale, the trade is collaboration, not consumption. Community users are encouraged to report bugs, flag security issues, or open well-scoped PRs. However, no one is owed prioritization or support without a contract in place.

As Jens put it in The Good Thing, Episode 16 (paraphrased), “Open source means you can use it. It doesn’t mean I’ll teach you how to use it.” That boundary matters. OSS works because people respect the limits of volunteer time and unpaid stewardship. When users push past that, it breaks down.

Support, SLAs, onboarding, security reviews, and compliance are not what open source provides. However, that is exactly what Cosmo Enterprise exists to deliver.

Even helpful PRs come with cost. Once we merge your PR, we’re responsible for it. Every contribution requires thorough review, testing, and long-term maintenance. A change may not be merged if it adds too much complexity or doesn’t align with the project’s direction.

OSS is a distribution model, not a business model. You can run Cosmo OSS at any scale, but if you want guarantees, support, and architectural backing, then you need more than a repo, you need a partner.

Cosmo Enterprise exists so you don’t have to become an expert just to ship. Or as Stefan put it in the same episode, “There are maybe ten real federation experts in the world. Eight of them work here.” That’s not bravado, it's context.

Cosmo Enterprise is the commercial counterpart to the open source stack. It includes everything in Cosmo OSS, enhanced with governance, observability, performance tooling, and formal support. The shift is not about changing how you build, but protecting what you build at scale.

Once multiple teams begin contributing to a shared supergraph, governance is no longer optional. Cosmo Enterprise provides the controls needed to move fast without breaking shared infrastructure.

The schema registry tracks versions and validates changes automatically. Composition checks run on every change, ensuring consistency across environments. Contracts let you tailor schema exposure, while field-level usage data gives you visibility into what’s safe to change.

When something breaks, it needs to be clear where and why. Cosmo Enterprise gives you full traceability across federated operations, environments, and regions.

Advanced Request Tracing (ART) connects each request across services. Field-level analytics reveal patterns in usage and performance. ClickHouse powers high-cardinality queries, so you can drill into the details without lag.

Native support for OpenTelemetry makes it easy to integrate with your existing dashboards. No need to maintain a separate observability stack just for the graph.

Cosmo Enterprise ships with a fully integrated observability pipeline. This diagram demonstrates how it works across global environments:

Enterprise deployments require a different security posture. Cosmo Enterprise meets that bar.

The Router is self-hosted, so your data stays in your environment. Only anonymized metadata is shared with Cosmo Cloud. The system enforces query complexity limits, restricts operations to trusted documents, and is designed to block the OWASP Top 10 GraphQL threats.

Security is not an add-on, but the baseline. It is SOC 2 Type II certified. GDPR and HIPAA compliant. It supports audit trails, SSO via OIDC or SAML, and fine-grained RBAC.

Cosmo Enterprise is built to handle whatever scale you reach. The Router is written in Go and optimized for low latency and minimal CPU overhead. Configuration updates are CDN-backed, which means you are not waiting during deploys or failovers.

Companies processing billions of requests per month run Cosmo in production, and when the scale changes, performance holds.

You also get direct access to the team that built the platform. From incident response to schema tuning, Enterprise support is real help from real engineers.

This shows what a typical observability pipeline looks like at 1B requests per month, including regional HA setups and storage costs. It includes estimated monthly costs: $9,379 compute, $1,733 network, $720 storage, totaling $11,832/month @ 1B requests, or $44K @ 10B.

Cosmo Enterprise adapts to your trust boundaries, team size, and compliance needs. Deployment is not a constraint, but a feature.

Whether or not you want full control, the platform supports your model without asking you to trade flexibility for convenience.

Cosmo Cloud handles the entire control plane. That includes the schema registry, studio, observability, and analytics. You need to deploy the Router, but nothing else is required of your team.

This model is ideal for teams that want the benefits of GraphQL Federation without the operational overhead. WunderGraph operates the backend, including ClickHouse, Kafka , Redis , Postgres, and Keycloak. There is no maintenance or patching your team is responsible for.

The same platform engineering team that built Cosmo runs it, with direct involvement from the CTO. Usage-based pricing is transparent, with discounts as you scale. By offloading ops, monitoring, and compliance, you can reduce your total cost of ownership by six figures per year.

In hybrid mode, you host the Router inside your own infrastructure while everything else is handled by WunderGraph.

This gives you control over data flow while still benefiting from cloud-native governance. Only anonymized metadata is sent to the cloud. Payload data stays in your environment.

Hybrid deployment is common in regulated industries where data locality is non-negotiable. It lets you meet internal policy without sacrificing platform capabilities.

Hybrid deployment is often the first step toward Enterprise. This model gives your team full control over the data path, while offloading governance, analytics, and schema management to the Cosmo Cloud platform.

Cosmo Cloud and Hybrid deployments share the same core architecture. Here’s how the control plane, Router, observability, and security services fit together:

For teams with strict compliance mandates or infrastructure investments, full self-hosting is available. You run it all: the Router, schema registry, studio, observability stack, and user access system.

This is the most operationally intensive model. But it also gives you complete control. Air-gapped deployments, sovereign cloud, and private environments are fully supported. WunderGraph works alongside your team to get it up and running.

Just to be clear: open source does not equal self-hosted enterprise. Cosmo Enterprise is a feature set, and how you deploy it is up to you.

Cosmo OSS can take you far. But at some point, the cost of maintaining it outweighs the speed it once gave you. Here are some signs it’s time to move forward.

As more teams and subgraphs join the graph, schema coordination becomes harder to manage. Without automated checks and version tracking, composition issues can go unnoticed until they cause production problems. What once felt nimble now feels brittle.

Without field-level usage data or per-subgraph metrics , it’s hard to connect symptoms to causes. When something breaks, you're left guessing instead of diagnosing. Reliability depends on observability, and OSS doesn’t give you enough to trace requests end to end.

If you're maintaining Redis, Postgres, ClickHouse, Keycloak, backups, dashboards, and alerts without a platform team, then you're not just running a graph but running an entire observability stack. The effort adds up fast.

If your organization is preparing for SOC 2, HIPAA, or internal audits, OSS alone won’t get you there. There’s no built-in RBAC, audit logging, SSO, or policy enforcement. You’ll have to either build and maintain those layers yourself or migrate to a platform that includes them.

When latency creeps up, config updates stall, and metrics start lagging behind traffic, it’s a sign the system isn’t keeping pace. Cosmo OSS is fast, but it’s not built for global-scale observability out of the box. As demand grows, you need infrastructure designed for it.

Cosmo Enterprise runs on Kafka and ClickHouse to power real-time analytics with global uptime and low latency—no matter the load.

If you're managing schema merges, writing internal docs, maintaining workflows, and resolving incidents across teams, you've taken on platform responsibilities. Cosmo Enterprise gives you production-grade tooling, observability, and governance out of the box, so your team can refocus on building products instead of maintaining infrastructure.

Migration doesn’t have to mean a full rebuild. Cosmo Enterprise is designed for gradual adoption. Whether you’re using Cosmo OSS, Apollo Federation, or another gateway, you can scale into the platform without rewriting schemas or disrupting your teams.

Most teams begin with a single subgraph, team, or environment. The OSS Router works with Cosmo Cloud out of the box, so you can enable analytics, governance, and studio without replatforming.

The Federation syntax and CLI stays the same. There is no need for you to retrain teams or rewrite pipelines.

Hybrid deployment is often the first move. You self-host the Router and connect it to Cosmo Cloud for schema registry, composition checks, studio, and analytics.

This gives you the benefits of governance and observability without touching your data plane. It’s the fastest way to unlock Enterprise value while maintaining full runtime control.

Cosmo is fully Apollo Federation–compatible. You can import your existing schemas, project structure, and composition logic using built-in tools. Basically, you can swap out your router, not your entire architecture.

Your subgraphs don’t change. Your SDLs don’t change. You keep using the same wgc CLI, Docker images, and Helm charts. Schema pushes work as they always have, and Routers pull updates automatically from the CDN.

The entire system is designed to be non-disruptive. The Routers remain live and responsive—even if the control plane is offline. Cosmo OSS and Enterprise share the same core engine, which means migration is incremental, reversible, and never a cliff.

Most of these teams upgraded to Cosmo Enterprise when OSS tools, homegrown systems, or operational gaps started to limit progress. Each migration was driven by different needs: compliance, performance, governance, or scale.

In eBay’s case, they didn’t switch to Enterprise, but partnered directly with WunderGraph to shape the OSS core itself. Their investment and feedback helped ensure Cosmo could meet the demands of large-scale, self-hosted environments.

eBay processes over 10 billion GraphQL requests per day. With their own data centers and dedicated infrastructure teams, they chose a fully self hosted federation model that fits their scale and operational priorities.

In 2025, they joined WunderGraph as a strategic investor and design partner, working closely with the team to shape Cosmo for use in large, complex environments.

WunderGraph’s partnership with eBay has been a two-way collaboration. eBay gets the flexibility of an open source federation platform that fits their needs, while WunderGraph benefits from their real-world scale and feedback. As CEO Jens Neuse explained in TechCrunch :

I would say we are experts in federation, but we don’t have experience in eBay-scale problems. And so by having this very close relationship, they taught us everything in terms of how we need to build our product so that it can be integrated into companies like eBay, because they have very specific requirements.

eBay’s partnership with WunderGraph is more than a technical implementation, it is a shared commitment to open standards and collaborative infrastructure design at global scale.

kHealth operates under strict U.S. healthcare regulations, including HIPAA. They needed a GraphQL federation platform that could meet high compliance standards while remaining operationally lean.

The team originally planned to self-host the full stack. But after evaluating Cosmo Enterprise, they adopted a hybrid model: the Router runs inside their infrastructure, while the control plane, analytics, and Studio are managed by WunderGraph.

This setup allows them to:

• Maintain full HIPAA compliance without building custom security layers
• Reduce infrastructure overhead by offloading observability and governance
• Balance control and convenience by combining local data routing with managed federation tooling

SoundCloud adopted Cosmo to reduce infrastructure overhead, improve routing efficiency, and accelerate development.

They saw immediate results:

• Infrastructure costs dropped from $14,000 to $9,750 per month—even after adding new components.
• CPU usage fell from 600 cores to just 80, cutting compute by 86% and saving an estimated $265,000 annually.
• Query performance improved, with lower latency and faster execution across the board.

Development also sped up. Teams deployed changes faster, with less operational overhead and better integration between frontend and backend. By simplifying their architecture, they made their platform easier to scale and maintain.

Soundtrack Your Brand adopted Cosmo Enterprise to gain clarity around schema usage and improve developer autonomy.

They gained:

• Field-level visibility through metrics and ART
• Better insight into subgraph performance
• Stronger collaboration through Studio and usage-based change validation

These capabilities improved the developer experience and reduced the overhead of coordinating across teams.

On The Beach replaced their in-house federation layer with Cosmo Enterprise after delivery pipelines became bottlenecked by schema coordination.

With Cosmo, they:

• Unblocked schema changes across multiple teams
• Centralized workflows using Cosmo Studio
• Reduced time-to-merge and reenabled automated composition checks

Governance and contract-based workflows give teams autonomy without compromising the graph.

As Jens said in the same episode of The Good Thing, “We made Cosmo OSS open because we want it to be the standard.” If you're building something small or short-lived, OSS may be all you need.

It’s the right fit for a prototype or side project. One team, one graph, no federation. No compliance or access control needs. If your team is comfortable managing metrics, infrastructure, and backups, you can move quickly without extra layers.

Cosmo OSS is production-ready, but it’s not support-ready. If you're running real workloads in production, you should be prepared to support it yourself.

Where OSS shines most is in evaluation. If you’re just beginning to explore Federation, Cosmo OSS gives you full access to the patterns and tools with no friction. You can test schema composition, try out subgraphs, and learn the workflow without vendor lock-in.

But OSS is not a safety net. Once you serve real users or hit scale, you need governance, observability, and platform support. That’s when Cosmo Enterprise becomes the right next step.

Open source Cosmo is a great place to start. It’s open, fast, and built for real-world use. But it’s not always the right place to stay.

When federation coordination gets risky, when visibility breaks down, when compliance expectations rise, or when platform overhead starts to eat into delivery time—those are signs you’ve outgrown OSS.

Cosmo Enterprise gives you the tooling, controls, and support to move forward safely. Whether you self-host or go fully managed, migration is incremental, CLI-based, and non-disruptive. No need to rebuild your graph. No need to lose momentum.

Start where you are and scale when you're ready.

Ready to move beyond OSS? Cosmo Enterprise gives you the governance, observability, and support to scale federation with confidence. Talk to our team today.

Note: All quotes from Jens and Stefan in this post are paraphrased from The Good Thing, Episode 16 .