nitro-graphql 1.7.0-beta.5 → 1.7.1

package/dist/index.d.mts

@@ -1,8 +1,15 @@
 import { StandardSchemaV1 } from "./types/standard-schema.mjs";
-import { ClientUtilsConfig, CodegenClientConfig, CodegenServerConfig, ExternalGraphQLService, ExternalServicePaths, FederationConfig, FileGenerationConfig, GenImport, GenericSdkConfig, NitroGraphQLOptions, PathsConfig, ScaffoldConfig, SdkConfig, SubscriptionsConfig, TypesConfig } from "./types/index.mjs";
+import { ClientUtilsConfig, CodegenClientConfig, CodegenServerConfig, ExternalGraphQLService, ExternalServicePaths, FederationConfig, FileGenerationConfig, GenImport, GenericSdkConfig, NitroGraphQLOptions, PathsConfig, ScaffoldConfig, SdkConfig, SecurityConfig, SubscriptionsConfig, TypesConfig } from "./types/index.mjs";
 import * as nitropack0 from "nitropack";
 
 //#region src/index.d.ts
+
+/**
+ * Resolve security config with environment-aware defaults
+ * In production: introspection off, playground off, errors masked, suggestions disabled
+ * In development: introspection on, playground on, errors shown, suggestions enabled
+ */
+declare function resolveSecurityConfig(config?: SecurityConfig): Required<SecurityConfig>;
 declare const _default: nitropack0.NitroModule;
 //#endregion
-export { ClientUtilsConfig, CodegenClientConfig, CodegenServerConfig, ExternalGraphQLService, ExternalServicePaths, FederationConfig, FileGenerationConfig, GenImport, GenericSdkConfig, NitroGraphQLOptions, PathsConfig, ScaffoldConfig, SdkConfig, StandardSchemaV1, SubscriptionsConfig, TypesConfig, _default as default };
+export { ClientUtilsConfig, CodegenClientConfig, CodegenServerConfig, ExternalGraphQLService, ExternalServicePaths, FederationConfig, FileGenerationConfig, GenImport, GenericSdkConfig, NitroGraphQLOptions, PathsConfig, ScaffoldConfig, SdkConfig, SecurityConfig, StandardSchemaV1, SubscriptionsConfig, TypesConfig, _default as default, resolveSecurityConfig };

package/dist/index.mjs

@@ -14,6 +14,20 @@ import { defineNitroModule } from "nitropack/kit";
 import { dirname, join, relative, resolve } from "pathe";
 
 //#region src/index.ts
+/**
+* Resolve security config with environment-aware defaults
+* In production: introspection off, playground off, errors masked, suggestions disabled
+* In development: introspection on, playground on, errors shown, suggestions enabled
+*/
+function resolveSecurityConfig(config) {
+	const isProd = process.env.NODE_ENV === "production";
+	return {
+		introspection: config?.introspection ?? !isProd,
+		playground: config?.playground ?? !isProd,
+		maskErrors: config?.maskErrors ?? isProd,
+		disableSuggestions: config?.disableSuggestions ?? isProd
+	};
+}
 var src_default = defineNitroModule({
 	name: "nitro-graphql",
 	async setup(nitro) {
@@ -50,13 +64,15 @@ var src_default = defineNitroModule({
 				};
 			}
 		});
+		const securityConfig = resolveSecurityConfig(nitro.options.graphql?.security);
 		nitro.options.runtimeConfig.graphql = defu(nitro.options.runtimeConfig.graphql || {}, {
 			endpoint: {
 				graphql: "/api/graphql",
 				healthCheck: "/api/graphql/health",
 				ws: "/api/graphql/ws"
 			},
-			playground: true
+			playground: securityConfig.playground,
+			security: securityConfig
 		});
 		if (nitro.options.graphql?.federation?.enabled) consola.info(`Apollo Federation enabled for service: ${nitro.options.graphql.federation.serviceName || "unnamed"}`);
 		const graphqlBuildDir = resolve(nitro.options.buildDir, "graphql");
@@ -118,42 +134,32 @@ var src_default = defineNitroModule({
 			const docs = await scanDocs(nitro);
 			nitro.scanDocuments = docs;
 			if (nitro.options.dev) {
+				const runtimeSecurityConfig = nitro.options.runtimeConfig.graphql?.security;
+				const isProd = process.env.NODE_ENV === "production";
 				consola.box({
 					title: "Nitro GraphQL",
 					message: [
 						`Framework: ${nitro.options.graphql?.framework || "Not configured"}`,
+						`Environment: ${isProd ? "production" : "development"}`,
 						`Schemas: ${schemas.length}`,
 						`Resolvers: ${resolvers.length}`,
 						`Directives: ${directives$1.length}`,
 						`Documents: ${docs.length}`,
 						"",
+						"Security:",
+						`├─ Introspection: ${runtimeSecurityConfig?.introspection ? "enabled" : "disabled"}`,
+						`├─ Playground: ${runtimeSecurityConfig?.playground ? "enabled" : "disabled"}`,
+						`├─ Error Masking: ${runtimeSecurityConfig?.maskErrors ? "enabled" : "disabled"}`,
+						`└─ Field Suggestions: ${runtimeSecurityConfig?.disableSuggestions ? "disabled" : "enabled"}`,
+						"",
 						"Debug Dashboard: /_nitro/graphql/debug"
 					].join("\n"),
 					style: {
-						borderColor: "cyan",
+						borderColor: isProd ? "yellow" : "cyan",
 						borderStyle: "rounded"
 					}
 				});
-				if (resolvers.length > 0) {
-					const totalExports = resolvers.reduce((sum, r) => sum + r.imports.length, 0);
-					const typeCount = {
-						query: 0,
-						mutation: 0,
-						resolver: 0,
-						type: 0,
-						subscription: 0,
-						directive: 0
-					};
-					for (const resolver of resolvers) for (const imp of resolver.imports) if (imp.type in typeCount) typeCount[imp.type]++;
-					const breakdown = [];
-					if (typeCount.query > 0) breakdown.push(`${typeCount.query} query`);
-					if (typeCount.mutation > 0) breakdown.push(`${typeCount.mutation} mutation`);
-					if (typeCount.resolver > 0) breakdown.push(`${typeCount.resolver} resolver`);
-					if (typeCount.type > 0) breakdown.push(`${typeCount.type} type`);
-					if (typeCount.subscription > 0) breakdown.push(`${typeCount.subscription} subscription`);
-					if (typeCount.directive > 0) breakdown.push(`${typeCount.directive} directive`);
-					if (breakdown.length > 0) consola.success(`[nitro-graphql] ${totalExports} resolver export(s): ${breakdown.join(", ")}`);
-				} else consola.warn("[nitro-graphql] No resolvers found. Check /_nitro/graphql/debug for details.");
+				if (resolvers.length === 0) consola.warn("[nitro-graphql] No resolvers found. Check /_nitro/graphql/debug for details.");
 			}
 		});
 		await rollupConfig(nitro);
@@ -196,16 +202,15 @@ var src_default = defineNitroModule({
 				route: wsEndpoint,
 				handler: join(runtime, "apollo-server-ws")
 			});
+			nitro.options.plugins ??= [];
+			nitro.options.plugins.push(join(runtime, "ws-shutdown"));
 			consola.info(`[nitro-graphql] WebSocket subscriptions enabled at: ${wsEndpoint}`);
 		}
-		if (nitro.options.dev) {
-			nitro.options.handlers.push({
-				route: "/_nitro/graphql/debug",
-				handler: join(runtime, "debug"),
-				method: "get"
-			});
-			consola.info("[nitro-graphql] Debug dashboard available at: /_nitro/graphql/debug");
-		}
+		if (nitro.options.dev) nitro.options.handlers.push({
+			route: "/_nitro/graphql/debug",
+			handler: join(runtime, "debug"),
+			method: "get"
+		});
 		if (nitro.options.imports) {
 			nitro.options.imports.presets ??= [];
 			nitro.options.imports.presets.push({
@@ -350,4 +355,4 @@ declare module 'h3' {
 });
 
 //#endregion
-export { src_default as default };
+export { src_default as default, resolveSecurityConfig };

package/dist/rollup.mjs

@@ -62,15 +62,13 @@ function virtualSchemas(app) {
 			}
 			const importStatements = imports.map((handler) => `import ${getImportId(handler)} from '${handler}';`);
 			const schemaArray = imports.map((h) => `{ def: ${getImportId(h)} }`);
-			const code = `
+			return `
 ${importStatements.join("\n")}
 
 export const schemas = [
 ${schemaArray.join(",\n")}
 ];
     `;
-			if (app.options.dev) app.logger.success(`[nitro-graphql] Generated virtual schema module: ${imports.length} schema(s)`);
-			return code;
 		} catch (error) {
 			app.logger.error("[nitro-graphql] Failed to generate virtual schema module:", error);
 			return "export const schemas = []";
@@ -108,7 +106,7 @@ function virtualResolvers(app) {
 				for (const msg of invalidImports) app.logger.warn(`  - ${msg}`);
 			}
 			const data = imports.map(({ imports: importList }) => importList.map((i) => `{ resolver: ${i.as} }`).join(",\n")).filter(Boolean).join(",\n");
-			const code = [
+			return [
 				...importsContent,
 				"",
 				"export const resolvers = [",
@@ -116,11 +114,6 @@ function virtualResolvers(app) {
 				"]",
 				""
 			].join("\n");
-			if (app.options.dev) {
-				const totalExports = imports.reduce((sum, r) => sum + r.imports.length, 0);
-				app.logger.success(`[nitro-graphql] Generated virtual resolver module: ${totalExports} export(s) from ${imports.length} file(s)`);
-			}
-			return code;
 		} catch (error) {
 			app.logger.error("[nitro-graphql] Failed to generate virtual resolver module:", error);
 			return "export const resolvers = []";
@@ -155,7 +148,7 @@ function virtualDirectives(app) {
 				for (const msg of invalidImports) app.logger.warn(`  - ${msg}`);
 			}
 			const data = imports.map(({ imports: importList }) => importList.map((i) => `{ directive: ${i.as} }`).join(",\n")).filter(Boolean).join(",\n");
-			const code = [
+			return [
 				...importsContent,
 				"",
 				"export const directives = [",
@@ -163,11 +156,6 @@ function virtualDirectives(app) {
 				"]",
 				""
 			].join("\n");
-			if (app.options.dev) {
-				const totalExports = imports.reduce((sum, d) => sum + d.imports.length, 0);
-				app.logger.success(`[nitro-graphql] Generated virtual directive module: ${totalExports} directive(s) from ${imports.length} file(s)`);
-			}
-			return code;
 		} catch (error) {
 			app.logger.error("[nitro-graphql] Failed to generate virtual directive module:", error);
 			return "export const directives = []";
@@ -187,7 +175,10 @@ export { importedConfig }
 function virtualModuleConfig(app) {
 	app.options.virtual ??= {};
 	app.options.virtual["#nitro-internal-virtual/module-config"] = () => {
-		const moduleConfig = app.options.graphql || {};
+		const moduleConfig = {
+			...app.options.graphql,
+			security: app.options.runtimeConfig.graphql?.security
+		};
 		return `export const moduleConfig = ${JSON.stringify(moduleConfig, null, 2)};`;
 	};
 }

package/dist/routes/apollo-server-ws.d.mts

@@ -1,6 +1,12 @@
-import * as h31 from "h3";
+import * as h33 from "h3";
 
 //#region src/routes/apollo-server-ws.d.ts
-declare const _default: h31.EventHandler<h31.EventHandlerRequest, never>;
+
+/**
+ * Gracefully shutdown all WebSocket connections.
+ * Called by the Nitro runtime plugin on server close.
+ */
+declare function shutdownAllConnections(): Promise<void>;
+declare const _default: h33.EventHandler<h33.EventHandlerRequest, never>;
 //#endregion
-export { _default as default };
+export { _default as default, shutdownAllConnections };

package/dist/routes/apollo-server-ws.mjs

@@ -13,6 +13,34 @@ const isDev = process.env.NODE_ENV === "development";
 function devLog(message, ...args) {
 	if (isDev) console.log(message, ...args);
 }
+const WS_STATE_KEY = "__nitro_graphql_ws_apollo__";
+function getWsState() {
+	if (!globalThis[WS_STATE_KEY]) globalThis[WS_STATE_KEY] = {
+		activePeers: /* @__PURE__ */ new Set(),
+		cleanupFns: /* @__PURE__ */ new Map()
+	};
+	return globalThis[WS_STATE_KEY];
+}
+/**
+* Gracefully shutdown all WebSocket connections.
+* Called by the Nitro runtime plugin on server close.
+*/
+async function shutdownAllConnections() {
+	const state = getWsState();
+	const peers = Array.from(state.activePeers);
+	if (peers.length > 0) devLog(`[Apollo WS] Shutting down ${peers.length} connection(s)...`);
+	for (const peer of peers) {
+		const cleanup = state.cleanupFns.get(peer);
+		if (cleanup) try {
+			await cleanup();
+		} catch {}
+		try {
+			peer.close(1012, "Service Restart");
+		} catch {}
+	}
+	state.activePeers.clear();
+	state.cleanupFns.clear();
+}
 const DEFAULT_MAX_SUBSCRIPTIONS_PER_PEER = 20;
 const DEFAULT_PING_INTERVAL_MS = 15e3;
 const DEFAULT_PONG_TIMEOUT_MS = 5e3;
@@ -250,6 +278,12 @@ async function getSchema() {
 }
 var apollo_server_ws_default = defineWebSocketHandler({
 	async open(peer) {
+		const state = getWsState();
+		state.activePeers.add(peer);
+		state.cleanupFns.set(peer, async () => {
+			stopKeepAlive(peer);
+			await cleanupSubscriptions(peer, true);
+		});
 		devLog("[Apollo WS] Client connected");
 		peer.context.subscriptions = /* @__PURE__ */ new Map();
 	},
@@ -285,6 +319,9 @@ var apollo_server_ws_default = defineWebSocketHandler({
 		}
 	},
 	async close(peer, details) {
+		const state = getWsState();
+		state.activePeers.delete(peer);
+		state.cleanupFns.delete(peer);
 		devLog("[Apollo WS] Client disconnected:", details);
 		stopKeepAlive(peer);
 		await cleanupSubscriptions(peer, true);
@@ -295,4 +332,4 @@ var apollo_server_ws_default = defineWebSocketHandler({
 });
 
 //#endregion
-export { apollo_server_ws_default as default };
+export { apollo_server_ws_default as default, shutdownAllConnections };

package/dist/routes/apollo-server.d.mts

@@ -1,6 +1,6 @@
-import * as h35 from "h3";
+import * as h39 from "h3";
 
 //#region src/routes/apollo-server.d.ts
-declare const _default: h35.EventHandler<h35.EventHandlerRequest, Promise<any>>;
+declare const _default: h39.EventHandler<h39.EventHandlerRequest, Promise<any>>;
 //#endregion
 export { _default as default };

package/dist/routes/apollo-server.mjs

@@ -10,6 +10,7 @@ import { schemas } from "#nitro-internal-virtual/server-schemas";
 import { makeExecutableSchema } from "@graphql-tools/schema";
 import { defineEventHandler } from "h3";
 import { ApolloServer } from "@apollo/server";
+import { ApolloServerPluginLandingPageDisabled } from "@apollo/server/plugin/disabled";
 import { ApolloServerPluginLandingPageLocalDefault } from "@apollo/server/plugin/landingPage/default";
 import { startServerAndCreateH3Handler } from "nitro-graphql/utils/apollo";
 
@@ -64,10 +65,34 @@ let apolloServer = null;
 let serverStarted = false;
 async function createApolloServer() {
 	if (!apolloServer) {
-		apolloServer = new ApolloServer(defu({
-			schema: await createMergedSchema(),
+		const schema = await createMergedSchema();
+		const securityConfig = moduleConfig.security || {
 			introspection: true,
-			plugins: [ApolloServerPluginLandingPageLocalDefault({ embed: true })]
+			playground: true,
+			maskErrors: false,
+			disableSuggestions: false
+		};
+		const plugins = [];
+		if (securityConfig.playground) plugins.push(ApolloServerPluginLandingPageLocalDefault({ embed: true }));
+		else plugins.push(ApolloServerPluginLandingPageDisabled());
+		apolloServer = new ApolloServer(defu({
+			schema,
+			introspection: securityConfig.introspection,
+			plugins,
+			formatError: securityConfig.maskErrors ? (formattedError, _error) => {
+				const code = formattedError?.extensions?.code;
+				if (code && [
+					"BAD_USER_INPUT",
+					"GRAPHQL_VALIDATION_FAILED",
+					"UNAUTHENTICATED",
+					"FORBIDDEN",
+					"BAD_REQUEST"
+				].includes(code)) return formattedError;
+				return {
+					message: "Internal server error",
+					extensions: { code: "INTERNAL_SERVER_ERROR" }
+				};
+			} : void 0
 		}, importedConfig));
 		if (!serverStarted) {
 			await apolloServer.start();

package/dist/routes/debug.d.mts

@@ -1,4 +1,4 @@
-import * as h37 from "h3";
+import * as h35 from "h3";
 
 //#region src/routes/debug.d.ts
 
@@ -10,7 +10,7 @@ import * as h37 from "h3";
  * - /_nitro/graphql/debug - HTML dashboard
  * - /_nitro/graphql/debug?format=json - JSON API
  */
-declare const _default: h37.EventHandler<h37.EventHandlerRequest, Promise<string | {
+declare const _default: h35.EventHandler<h35.EventHandlerRequest, Promise<string | {
   timestamp: string;
   environment: {
     dev: any;

package/dist/routes/graphql-yoga-ws.d.mts

@@ -1,6 +1,12 @@
-import * as h33 from "h3";
+import * as h30 from "h3";
 
 //#region src/routes/graphql-yoga-ws.d.ts
-declare const _default: h33.EventHandler<h33.EventHandlerRequest, never>;
+
+/**
+ * Gracefully shutdown all WebSocket connections.
+ * Called by the Nitro runtime plugin on server close.
+ */
+declare function shutdownAllConnections(): Promise<void>;
+declare const _default: h30.EventHandler<h30.EventHandlerRequest, never>;
 //#endregion
-export { _default as default };
+export { _default as default, shutdownAllConnections };

package/dist/routes/graphql-yoga-ws.mjs

@@ -13,6 +13,34 @@ const isDev = process.env.NODE_ENV === "development";
 function devLog(message, ...args) {
 	if (isDev) console.log(message, ...args);
 }
+const WS_STATE_KEY = "__nitro_graphql_ws_yoga__";
+function getWsState() {
+	if (!globalThis[WS_STATE_KEY]) globalThis[WS_STATE_KEY] = {
+		activePeers: /* @__PURE__ */ new Set(),
+		cleanupFns: /* @__PURE__ */ new Map()
+	};
+	return globalThis[WS_STATE_KEY];
+}
+/**
+* Gracefully shutdown all WebSocket connections.
+* Called by the Nitro runtime plugin on server close.
+*/
+async function shutdownAllConnections() {
+	const state = getWsState();
+	const peers = Array.from(state.activePeers);
+	if (peers.length > 0) devLog(`[GraphQL WS] Shutting down ${peers.length} connection(s)...`);
+	for (const peer of peers) {
+		const cleanup = state.cleanupFns.get(peer);
+		if (cleanup) try {
+			await cleanup();
+		} catch {}
+		try {
+			peer.close(1012, "Service Restart");
+		} catch {}
+	}
+	state.activePeers.clear();
+	state.cleanupFns.clear();
+}
 const DEFAULT_MAX_SUBSCRIPTIONS_PER_PEER = 20;
 const DEFAULT_PING_INTERVAL_MS = 15e3;
 const DEFAULT_PONG_TIMEOUT_MS = 5e3;
@@ -250,6 +278,12 @@ async function getSchema() {
 }
 var graphql_yoga_ws_default = defineWebSocketHandler({
 	async open(peer) {
+		const state = getWsState();
+		state.activePeers.add(peer);
+		state.cleanupFns.set(peer, async () => {
+			stopKeepAlive(peer);
+			await cleanupSubscriptions(peer, true);
+		});
 		devLog("[GraphQL WS] Client connected");
 		peer.context.subscriptions = /* @__PURE__ */ new Map();
 	},
@@ -285,6 +319,9 @@ var graphql_yoga_ws_default = defineWebSocketHandler({
 		}
 	},
 	async close(peer, details) {
+		const state = getWsState();
+		state.activePeers.delete(peer);
+		state.cleanupFns.delete(peer);
 		devLog("[GraphQL WS] Client disconnected:", details);
 		stopKeepAlive(peer);
 		await cleanupSubscriptions(peer, true);
@@ -295,4 +332,4 @@ var graphql_yoga_ws_default = defineWebSocketHandler({
 });
 
 //#endregion
-export { graphql_yoga_ws_default as default };
+export { graphql_yoga_ws_default as default, shutdownAllConnections };

package/dist/routes/graphql-yoga.d.mts

@@ -1,6 +1,6 @@
-import * as h30 from "h3";
+import * as h31 from "h3";
 
 //#region src/routes/graphql-yoga.d.ts
-declare const _default: h30.EventHandler<h30.EventHandlerRequest, Promise<Response>>;
+declare const _default: h31.EventHandler<h31.EventHandlerRequest, Promise<Response>>;
 //#endregion
 export { _default as default };

package/dist/routes/graphql-yoga.mjs

@@ -77,12 +77,23 @@ async function createMergedSchema() {
 }
 let yoga;
 var graphql_yoga_default = defineEventHandler(async (event) => {
-	if (!yoga) yoga = createYoga(defu({
-		schema: await createMergedSchema(),
-		graphqlEndpoint: "/api/graphql",
-		landingPage: false,
-		renderGraphiQL: () => apolloSandboxHtml
-	}, importedConfig));
+	if (!yoga) {
+		const schema = await createMergedSchema();
+		const securityConfig = moduleConfig.security || {
+			introspection: true,
+			playground: true,
+			maskErrors: false,
+			disableSuggestions: false
+		};
+		yoga = createYoga(defu({
+			schema,
+			graphqlEndpoint: "/api/graphql",
+			landingPage: securityConfig.playground,
+			graphiql: securityConfig.playground ? { defaultQuery: "# Welcome to the GraphQL Playground" } : false,
+			renderGraphiQL: securityConfig.playground ? () => apolloSandboxHtml : void 0,
+			maskedErrors: securityConfig.maskErrors
+		}, importedConfig));
+	}
 	const request = toWebRequest(event);
 	const response = await yoga.handleRequest(request, event);
 	return new Response(response.body, response);

package/dist/routes/health.d.mts

@@ -1,7 +1,7 @@
-import * as h39 from "h3";
+import * as h37 from "h3";
 
 //#region src/routes/health.d.ts
-declare const _default: h39.EventHandler<h39.EventHandlerRequest, Promise<{
+declare const _default: h37.EventHandler<h37.EventHandlerRequest, Promise<{
   status: string;
   message: string;
   timestamp: string;

package/dist/routes/ws-shutdown.d.mts

@@ -0,0 +1,11 @@
+import * as nitropack0 from "nitropack";
+
+//#region src/routes/ws-shutdown.d.ts
+
+/**
+ * Nitro runtime plugin for graceful WebSocket shutdown.
+ * Registered when subscriptions are enabled.
+ */
+declare const _default: nitropack0.NitroAppPlugin;
+//#endregion
+export { _default as default };

package/dist/routes/ws-shutdown.mjs

@@ -0,0 +1,22 @@
+import { defineNitroPlugin } from "nitropack/runtime";
+
+//#region src/routes/ws-shutdown.ts
+/**
+* Nitro runtime plugin for graceful WebSocket shutdown.
+* Registered when subscriptions are enabled.
+*/
+var ws_shutdown_default = defineNitroPlugin((nitroApp) => {
+	nitroApp.hooks.hook("close", async () => {
+		if (globalThis.__nitro_graphql_ws_yoga__?.activePeers?.size > 0) try {
+			const { shutdownAllConnections } = await import("./graphql-yoga-ws.mjs");
+			await shutdownAllConnections();
+		} catch {}
+		if (globalThis.__nitro_graphql_ws_apollo__?.activePeers?.size > 0) try {
+			const { shutdownAllConnections } = await import("./apollo-server-ws.mjs");
+			await shutdownAllConnections();
+		} catch {}
+	});
+});
+
+//#endregion
+export { ws_shutdown_default as default };

package/dist/types/index.d.mts

@@ -16,6 +16,13 @@ type GenericSdkConfig = Omit<Parameters<typeof plugin$1>[2], 'documentMode'> & {
 };
 type CodegenClientConfig = TypeScriptPluginConfig & TypeScriptDocumentsPluginConfig & {
   endpoint?: string;
+  /**
+   * Generate TypedDocumentNode exports for urql/Apollo Client compatibility.
+   * When enabled, generates typed document constants that can be used with
+   * any GraphQL client that supports TypedDocumentNode.
+   * @default false
+   */
+  typedDocumentNode?: boolean;
 };
 interface IESMImport {
   name: string;
@@ -198,6 +205,34 @@ interface SubscriptionsConfig {
   /** WebSocket protocol (currently only graphql-ws is supported) */
   protocol?: 'graphql-ws';
 }
+/**
+ * Security configuration for production environments
+ * All options auto-detect based on NODE_ENV when not explicitly set
+ */
+interface SecurityConfig {
+  /**
+   * Enable GraphQL introspection queries
+   * @default true in development, false in production
+   */
+  introspection?: boolean;
+  /**
+   * Enable GraphQL playground/sandbox UI
+   * @default true in development, false in production
+   */
+  playground?: boolean;
+  /**
+   * Mask internal error details in responses
+   * When enabled, internal errors show "Internal server error" instead of actual message
+   * @default false in development, true in production
+   */
+  maskErrors?: boolean;
+  /**
+   * Disable "Did you mean X?" field suggestions in error messages
+   * Prevents attackers from discovering field names via brute force
+   * @default false in development, true in production
+   */
+  disableSuggestions?: boolean;
+}
 interface NitroGraphQLOptions {
   framework: 'graphql-yoga' | 'apollo-server';
   endpoint?: {
@@ -256,6 +291,11 @@ interface NitroGraphQLOptions {
    * Customize base directories for file generation
    */
   paths?: PathsConfig;
+  /**
+   * Security configuration for production environments
+   * Auto-detects NODE_ENV and applies secure defaults in production
+   */
+  security?: SecurityConfig;
 }
 //#endregion
-export { ClientUtilsConfig, CodegenClientConfig, CodegenServerConfig, ExternalGraphQLService, ExternalServicePaths, FederationConfig, FileGenerationConfig, GenImport, GenericSdkConfig, NitroGraphQLOptions, PathsConfig, ScaffoldConfig, SdkConfig, SubscriptionsConfig, TypesConfig };
+export { ClientUtilsConfig, CodegenClientConfig, CodegenServerConfig, ExternalGraphQLService, ExternalServicePaths, FederationConfig, FileGenerationConfig, GenImport, GenericSdkConfig, NitroGraphQLOptions, PathsConfig, ScaffoldConfig, SdkConfig, SecurityConfig, SubscriptionsConfig, TypesConfig };

package/dist/utils/client-codegen.mjs

@@ -7,9 +7,10 @@ import { printSchemaWithDirectives } from "@graphql-tools/utils";
 import { createHash } from "node:crypto";
 import { codegen } from "@graphql-codegen/core";
 import { preset } from "@graphql-codegen/import-types-preset";
-import { plugin } from "@graphql-codegen/typescript";
-import { plugin as plugin$1 } from "@graphql-codegen/typescript-generic-sdk";
-import { plugin as plugin$2 } from "@graphql-codegen/typescript-operations";
+import { plugin } from "@graphql-codegen/typed-document-node";
+import { plugin as plugin$1 } from "@graphql-codegen/typescript";
+import { plugin as plugin$2 } from "@graphql-codegen/typescript-generic-sdk";
+import { plugin as plugin$3 } from "@graphql-codegen/typescript-operations";
 import { GraphQLFileLoader } from "@graphql-tools/graphql-file-loader";
 import { loadDocuments, loadSchemaSync } from "@graphql-tools/load";
 import { UrlLoader } from "@graphql-tools/url-loader";
@@ -207,7 +208,7 @@ async function generateClientTypes(schema, docs, config = {}, sdkConfig = {}, ou
 				plugins: [{ pluginContent: {} }, { typescript: {} }],
 				pluginMap: {
 					pluginContent: { plugin: pluginContent },
-					typescript: { plugin }
+					typescript: { plugin: plugin$1 }
 				}
 			}),
 			sdk: `// THIS FILE IS GENERATED, DO NOT EDIT!
@@ -236,21 +237,28 @@ export function getSdk(requester: Requester): Sdk {
 }
 `
 		};
+		const enableTypedDocumentNode = config.typedDocumentNode === true;
+		const plugins = [
+			{ pluginContent: {} },
+			{ typescript: {} },
+			{ typescriptOperations: {} }
+		];
+		const pluginMap = {
+			pluginContent: { plugin: pluginContent },
+			typescript: { plugin: plugin$1 },
+			typescriptOperations: { plugin: plugin$3 }
+		};
+		if (enableTypedDocumentNode) {
+			plugins.push({ typedDocumentNode: {} });
+			pluginMap.typedDocumentNode = { plugin };
+		}
 		const output = await codegen({
 			filename: outputPath || "client-types.generated.ts",
 			schema: parse(printSchemaWithDirectives(schema)),
 			documents: [...docs],
 			config: mergedConfig,
-			plugins: [
-				{ pluginContent: {} },
-				{ typescript: {} },
-				{ typescriptOperations: {} }
-			],
-			pluginMap: {
-				pluginContent: { plugin: pluginContent },
-				typescript: { plugin },
-				typescriptOperations: { plugin: plugin$2 }
-			}
+			plugins,
+			pluginMap
 		});
 		const typesPath = virtualTypesPath || (serviceName ? `#graphql/client/${serviceName}` : "#graphql/client");
 		const sdkOutput = await preset.buildGeneratesSection({
@@ -262,7 +270,7 @@ export function getSdk(requester: Requester): Sdk {
 			plugins: [{ pluginContent: {} }, { typescriptGenericSdk: {} }],
 			pluginMap: {
 				pluginContent: { plugin: pluginContent },
-				typescriptGenericSdk: { plugin: plugin$1 }
+				typescriptGenericSdk: { plugin: plugin$2 }
 			}
 		});
 		const sdkContent = (await Promise.all(sdkOutput.map(async (config$1) => {

package/dist/utils/type-generation.mjs

@@ -232,7 +232,6 @@ async function serverTypeGeneration(app) {
 		if (serverTypesPath) {
 			mkdirSync(dirname(serverTypesPath), { recursive: true });
 			writeFileSync(serverTypesPath, data, "utf-8");
-			consola.success(`[nitro-graphql] Generated server types at: ${serverTypesPath}`);
 		}
 	} catch (error) {
 		consola.error("Server schema generation error:", error);
@@ -293,13 +292,11 @@ async function generateMainClientTypes(nitro) {
 	if (clientTypesPath) {
 		mkdirSync(dirname(clientTypesPath), { recursive: true });
 		writeFileSync(clientTypesPath, types.types, "utf-8");
-		consola.success(`[nitro-graphql] Generated client types at: ${clientTypesPath}`);
 	}
 	const sdkPath = resolveFilePath(sdkConfig.main, sdkConfig.enabled, true, "{clientGraphql}/default/sdk.ts", placeholders);
 	if (sdkPath) {
 		mkdirSync(dirname(sdkPath), { recursive: true });
 		writeFileSync(sdkPath, types.sdk, "utf-8");
-		consola.success(`[nitro-graphql] Generated SDK at: ${sdkPath}`);
 	}
 	if (nitro.options.framework?.name === "nuxt") {
 		generateNuxtOfetchClient(nitro, nitro.graphql.clientDir, "default");
@@ -310,7 +307,6 @@ async function generateMainClientTypes(nitro) {
 async function generateExternalServicesTypes(nitro) {
 	const externalServices = nitro.options.graphql?.externalServices || [];
 	for (const service of externalServices) try {
-		consola.info(`[graphql:${service.name}] Processing external service`);
 		await downloadAndSaveSchema(service, nitro.options.buildDir);
 		const schema = await loadExternalSchema(service, nitro.options.buildDir);
 		if (!schema) {
@@ -344,16 +340,13 @@ async function generateExternalServicesTypes(nitro) {
 		if (serviceTypesPath) {
 			mkdirSync(dirname(serviceTypesPath), { recursive: true });
 			writeFileSync(serviceTypesPath, types.types, "utf-8");
-			consola.success(`[graphql:${service.name}] Generated types at: ${serviceTypesPath}`);
 		}
 		const serviceSdkPath = resolveFilePath(service.paths?.sdk ?? sdkConfig.external, sdkConfig.enabled, true, "{clientGraphql}/{serviceName}/sdk.ts", placeholders);
 		if (serviceSdkPath) {
 			mkdirSync(dirname(serviceSdkPath), { recursive: true });
 			writeFileSync(serviceSdkPath, types.sdk, "utf-8");
-			consola.success(`[graphql:${service.name}] Generated SDK at: ${serviceSdkPath}`);
 		}
 		if (nitro.options.framework?.name === "nuxt") generateExternalOfetchClient(nitro, service, service.endpoint);
-		consola.success(`[graphql:${service.name}] External service types generated successfully`);
 	} catch (error) {
 		consola.error(`[graphql:${service.name}] External service generation failed:`, error);
 	}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "nitro-graphql",
   "type": "module",
-  "version": "1.7.0-beta.5",
+  "version": "1.7.1",
   "description": "GraphQL integration for Nitro",
   "license": "MIT",
   "repository": {
@@ -55,10 +55,6 @@
     "./nuxt": {
       "types": "./dist/ecosystem/nuxt.d.mts",
       "import": "./dist/ecosystem/nuxt.mjs"
-    },
-    "./subscribe": {
-      "types": "./dist/subscribe/index.d.mts",
-      "import": "./dist/subscribe/index.mjs"
     }
   },
   "module": "./dist/index.mjs",
@@ -89,10 +85,11 @@
     "@apollo/subgraph": "^2.12.2",
     "@graphql-codegen/core": "^5.0.0",
     "@graphql-codegen/import-types-preset": "^3.0.1",
-    "@graphql-codegen/typescript": "^5.0.6",
+    "@graphql-codegen/typed-document-node": "^6.1.5",
+    "@graphql-codegen/typescript": "^5.0.7",
     "@graphql-codegen/typescript-generic-sdk": "^4.0.2",
-    "@graphql-codegen/typescript-operations": "^5.0.6",
-    "@graphql-codegen/typescript-resolvers": "^5.1.4",
+    "@graphql-codegen/typescript-operations": "^5.0.7",
+    "@graphql-codegen/typescript-resolvers": "^5.1.5",
     "@graphql-tools/graphql-file-loader": "^8.1.8",
     "@graphql-tools/load": "^8.1.7",
     "@graphql-tools/load-files": "^7.0.1",
@@ -107,24 +104,24 @@
     "graphql-scalars": "^1.25.0",
     "knitwork": "^1.3.0",
     "ohash": "^2.0.11",
-    "oxc-parser": "^0.102.0",
+    "oxc-parser": "^0.104.0",
     "pathe": "^2.0.3",
     "tinyglobby": "^0.2.15"
   },
   "devDependencies": {
-    "@antfu/eslint-config": "^6.6.1",
+    "@antfu/eslint-config": "^6.7.2",
     "@nuxt/kit": "^4.2.2",
     "@nuxt/schema": "^4.2.2",
-    "@types/node": "^24.10.3",
+    "@types/node": "^25.0.3",
     "bumpp": "^10.3.2",
     "changelogen": "^0.6.2",
     "crossws": "0.3.5",
-    "eslint": "^9.39.1",
+    "eslint": "^9.39.2",
     "graphql": "16.11.0",
-    "graphql-yoga": "^5.17.1",
+    "graphql-yoga": "^5.18.0",
     "h3": "1.15.3",
     "nitropack": "^2.12.9",
-    "tsdown": "^0.17.2",
+    "tsdown": "^0.18.2",
     "typescript": "^5.9.3",
     "vitepress-plugin-llms": "^1.9.3"
   },
@@ -143,7 +140,6 @@
     "docs:build": "cd .docs && pnpm install && pnpm build",
     "docs:preview": "cd .docs && pnpm preview",
     "lint": "eslint .",
-    "lint:fix": "eslint . --fix",
-    "typecheck": "tsc --noEmit"
+    "lint:fix": "eslint . --fix"
   }
 }