graphify turns any folder of code, docs, papers, images, or videos into a queryable knowledge graph. 0.9.16 is a correctness and privacy release: it fixes two regressions from 0.9.15 that could zero out a graph, closes a residual path leak, and lands a batch of extraction and reliability fixes, most from community reports.
Highlights
- Two 0.9.15 regressions that could empty your graph are fixed (#1873 / #1887 / #1880). A nested
.gitignorewith a bare*(a common scratch-dir idiom) was applied to the whole tree instead of its own directory, sodetect()returned zero files and produced an empty graph;graphify updatethen saw 0 nodes and refused to overwrite. Nested ignore patterns are now scoped to their own subtree. - Residual path/username leak closed (#1899). Out-of-scan-root reference targets (an out-of-root
.csproj/.slnproject, a bashsource) and degenerate symbols (a minified$, a JSONC"//"key) could still embed the absolute scan path in a committedgraph.json. Both are now portable. - Silently-lost documents are now surfaced (#1890). When the semantic pass returns a clean response that omits some dispatched documents, the run now reconciles dispatched-vs-returned and warns instead of dropping them without a trace.
All fixes
- Fix: nested
.gitignore/.graphifyignorepatterns are scoped to their own subtree; a nested bare*no longer zeroes the corpus (#1873 / #1887 / #1885, thanks @Alwyn93). - Fix:
graphify updateno longer emits 0 nodes and refuses to overwrite when the tree has a nested broad.gitignore(#1880). - Fix: close residual absolute-path/username leaks for out-of-root reference targets and degenerate symbols (#1899).
- Fix: the incremental semantic-cache checkpoint no longer fails on sliced (oversized) documents (#1870).
- Fix:
--excludepatterns persist intoupdate/watch/hook rebuilds instead of applying only to the initial scan (#1886). - Fix: Python calls to an imported module (
module.function()) now produce acallsedge (#1883). - Fix: semantic cache writes are scoped so a mis-attributed
source_filecannot clobber another file's entry — including the per-chunk checkpoint (#1757 / #1835, thanks @TPAteeq). - Fix: a full
graphify updateno longer evicts the LLM semantic edges of a re-extracted document (#1865 / #1868, thanks @xor-xe). - Fix: ID-collision resolves to a deterministic survivor and warns only about real loss (#1851 / #1852, thanks @bchan84x).
- Fix:
--cargohonors Cargo'spackage = "..."dependency rename (#1858 / #1861, thanks @thejesh23). - Fix:
detect_incrementalre-extracts a legacy-manifest file when its mtime moves backwards (#1859 / #1862, thanks @thejesh23). - Fix: the dedup summary reports the fuzzy-merge count even with zero exact merges (#1857 / #1860, thanks @thejesh23).
- Fix: uppercase TypeScript extensions (
.TS/.TSX/.MTS/.CTS) are parsed with the TypeScript grammar (#1881, thanks @xkam7ar). - Fix: Kotlin builtin/stdlib types are filtered from the references graph (#1876, thanks @kebwlmbhee).
- Fix: the stale/missing-skill version warning prints to stderr, not stdout (#1805 / #1893, thanks @Mzt00).
- Fix: semantic extraction reconciles dispatched vs returned files and warns on silently-omitted documents (#1890).
Install
pip install --upgrade graphifyy
# or
uv tool install graphifyy@0.9.16
Then graphify install to update the skill for your agent.