Ahmet is a Principal Solutions Engineer at WunderGraph, helping teams adopt Cosmo. He leads technical evaluations, builds prototypes, and runs workshops to accelerate adoption, while improving SDKs, documentation, and onboarding to enhance the developer experience.
Compare REST, GraphQL, and federation by where the complexity actually lives — data fetching, caching, security, contracts, and governance.
Enforce per-tool OAuth scopes on MCP servers using your GraphQL schema. AI agents get least-privilege access with automatic scope step-up — no BFF needed.
Cosmo ConnectRPC compiles GraphQL operations into Protocol Buffers and serves them as gRPC, REST, and typed SDKs — no separate API layer required.
MCP standardized how AI agents invoke tools — but not what they can see or do. Here's why the real bottleneck in enterprise AI is data readiness, not protocol adoption.
Cosmo's MCP server already exposes your graph as AI-ready tools. When we added per-tool OAuth scope step-up authorization so clients don't need a god token, we hit an infinite loop. The root cause: a gap between the MCP spec and RFC 6750 on scope challenges, plus SDK behavior that overwrites scopes instead of accumulating them. Here's what we found and how we're approaching it.
The September 2025 GraphQL spec update added official support for operation descriptions. This solved a real problem: how to document GraphQL operations for MCP tools without custom hacks or non-standard conventions.
Curated GraphQL Persisted Operations (POs) provide a secure, task-level facade for exposing APIs to LLMs via the Modex Context Protocol (MCP). They reduce complexity, enforce security, and ensure stable tool use compared to raw REST APIs.
Product
Resources
Related Projects
Certified & Compliant
SOC 2 Type II
HIPAA
ISO 27001© 2026 WunderGraph, Inc. All rights reserved.
