Currently it is not crystal clear what is API and what is not.

Clearly top level classes such as GraphQL and ExecutionStrategy are API

But what about graphql.execution.Execution or graphql.execution.ValuesResolver. Are they API or implementation detail?

If we had to add new aspects to these classes and changed constructors etc are we breaking consumers?

I suggest that the API be made more clear.

Annotations are a great way to do this. The project could have 3 new annotations

@publicapi (things you can call and wont change)
@PublicSPI (things you are meant to implement)
@internal (public things that are not API and may change)

This will allow the project to better keep semver sematics while evolving as necessary.