chore(deps): bump graphiti-core from 0.28.2 to 0.29.1

[dependabot]

Bumps graphiti-core from 0.28.2 to 0.29.1.

Release notes

Sourced from graphiti-core's releases.

v0.29.1 - Optimizations and Efficiencies

Patch release covering quality and reliability improvements landed since 0.29.0.

Extraction quality

Attribute-hallucination guards (#1498) — addresses a customer report of up to 9KB of LLM meta-reasoning landing in entity attribute fields (e.g. phones, industry). The LLM was dumping internal deliberation and echoing schema description text back into values. Three layered defenses:

1. Prompt-level: extract_attributes prompts for both nodes and edges now have hard rules forbidding parenthetical reasoning, deliberative phrases, candidate alternatives, schema-description echoes, and null/N/A sentence stand-ins. Includes positive/negative examples.
2. Combined-extraction prompt: new OUTPUT DISCIPLINE block closes the "topic-as-Person" failure mode (full-sentence entity names) and pre-empts reasoning leaks into fact text and relation_type.
3. Provider-level preamble: a shared _apply_attribute_extraction_preamble on LLMClient mutates the system message across OpenAI, Anthropic, Gemini, and GLiNER2 so the "field descriptions are format specs, not values" instruction reaches every provider regardless of how structured output is wired. Sentinel-based idempotency.

Structural backstop — cap_string_attributes: drops any string attribute >250 chars before it reaches the graph. Configurable per-field via Pydantic Field(max_length=...) or globally via GRAPHITI_ATTRIBUTE_MAX_LENGTH. Also handles list[str] (per-item + aggregate cap of max_len * 8). Required-field carve-out retains the value with a louder WARNING rather than dropping (avoids ValidationError-ing the whole entity). Edge writes use scoped merge for over-cap drops only — fields the LLM legitimately omitted still clear. group_id flows to the log line for tenant correlation.

Combined-extraction entity & edge precision (#1498) — targets six classes of low-quality entities (multi-choice fragments, clock times, quantities, coordinates, imperative tip phrases, slogans) plus two systematic edge regressions (location-fragmentation through scenery intermediaries, dropped multi-episode setup facts).

• ENTITY RULE 6 expanded into 8 sub-bullets covering the skip classes; ENTITY RULE 9 added for didactic / tutorial scaffolding.
• FACT RULE 4 strengthened around narrative announcements, forward commitments, plans, and emotional setup in conversational episodes; FACT RULE 8 added requiring direct speaker-to-target edges over fragmenting through scenery intermediaries.
• Negative-examples block (A–G) added with paired source-and-extraction guidance per class.

Locomo 500-example eval (prompt change only):

• Entity F1: 0.674 (flat); precision −0.028, recall +0.025
• Edge volume: +7.7% over baseline; gold-edge recall +0.9pp
• Fact-text Jaccard on matched edges: 0.341 → 0.381
• Targeted entity classes on LME-derivative sample: quantities −93%, imperative tips −40%

Saga summarization

Episode-time watermarks for sagas (#1498) — saga (thread summary) timestamps now reflect originating-episode time rather than wall-clock time. SagaNode now carries two deliberately distinct watermarks:

• last_summarized_at (wall-clock) — the filter watermark. summarize_saga picks up any episode whose created_at > this value. Wall-clock + created_at comparison keeps backfilled episodes reachable on the next run.
• last_summarized_episode_valid_at (episode time) — the temporal watermark. Max valid_at across episodes covered by the current summary; advances monotonically. Public/temporal consumers ("how recent is this summary's content in event-time?") should use this field.

saga_get_episode_contents now returns list[(content, valid_at)] tuples so callers can compute the watermark. _get_or_create_saga renames now → created_at; callers pass the episode's valid_at so a newly minted saga's created_at matches the episode that produced it.

Docker / packaging

... (truncated)

Commits

• 34f56e6 Bump graphiti-core version to 0.29.1 (#1499)
• 7514b44 Forward-port: attribute-hallucination guards, combined-extraction precision, ...
• 9a2d6d0 fix: install MCP provider extras in Docker images (#1461)
• 304f4cc fix(docker): mount FalkorDB volume to actual data path (#1462)
• c427615 Bump the uv group across 2 directories with 4 updates (#1473)
• e381eaf docs(graphiti): drop stale add_episode_bulk edge-invalidation/date-extraction...
• 56cf7b3 Bump graphiti-core version to 0.29.0 (#1444)
• 164030f feat: add custom edge type support to combined extraction prompt (#1443)
• 9cdcc93 Bump the uv group across 4 directories with 2 updates (#1430)
• 673902c forward-port: combined node+edge extraction + prompt refinements (#1432)
• Additional commits viewable in compare view

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

uv.lock

Package	Version	License	Issue Type
graphiti-core	0.29.1	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/graphiti-core	0.29.1	Unknown	Unknown

Scanned Files

• uv.lock

[overcut-ai]

Completed Working on "Code Review"

✅ Code review complete. No issues found - all changes look good! ✅

✅ Workflow completed successfully.

---

👉 View complete log

[dependabot]

Superseded by #589.