Clean up repo metadata for Rootly fork

- Point pyproject.toml URLs and description to Rootly-AI-Labs
- Rewrite ARCHITECTURE.md and SECURITY.md for Rootly pipeline
- Add Rootly copyright to LICENSE, keep upstream credit
- Add Rootly context to AGENTS.md
- Remove upstream demo data (worked/)
- Remove redundant README sections

Author: sylvainkalache

AGENTS.md

@@ -1,9 +1,9 @@
-# graphify
+# rootly-graphify
 
-This project has a graphify knowledge graph at graphify-out/.
+This project turns Rootly incident data into a knowledge graph. The Rootly corpus lives in `graphify-rootly-data/` and the graph output in `graphify-out/`.
 
 **Always-on rules:**
-- Before answering architecture or codebase questions, read `graphify-out/GRAPH_REPORT.md` for god nodes and community structure
+- Before answering incident or architecture questions, read `graphify-out/GRAPH_REPORT.md` for god nodes and community structure
 - If `graphify-out/wiki/index.md` exists, navigate it instead of reading raw files
 - After modifying code files, run: `python -c "from graphify.watch import _rebuild_code; from pathlib import Path; _rebuild_code(Path('.'))"` to keep the graph current
 

ARCHITECTURE.md

@@ -1,84 +1,67 @@
 # Architecture
 
-graphify is a Claude Code skill backed by a Python library. The skill orchestrates the library; the library can be used standalone.
+rootly-graphify connects the Rootly API to the graphify knowledge graph pipeline. It has two phases: collection (Rootly API → local corpus) and graph analysis (corpus → knowledge graph).
 
 ## Pipeline
 
 ```
-detect()  →  extract()  →  build_graph()  →  cluster()  →  analyze()  →  report()  →  export()
+Rootly API  →  rootly_export  →  rootly_runner  →  cluster()  →  analyze()  →  report()  →  export()
 ```
 
-Each stage is a single function in its own module. They communicate through plain Python dicts and NetworkX graphs - no shared state, no side effects outside `graphify-out/`.
-
 ## Module responsibilities
 
 | Module | Function | Input → Output |
 |--------|----------|----------------|
-| `detect.py` | `collect_files(root)` | directory → `[Path]` filtered list |
-| `extract.py` | `extract(path)` | file path → `{nodes, edges}` dict |
-| `build.py` | `build_graph(extractions)` | list of extraction dicts → `nx.Graph` |
+| `rootly_export.py` | `run_rootly_export()` | Rootly API → local corpus (markdown + JSON) |
+| `rootly_runner.py` | `rootly_build_graph()` | corpus → `nx.Graph` with typed nodes and edges |
 | `cluster.py` | `cluster(G)` | graph → graph with `community` attr on each node |
 | `analyze.py` | `analyze(G)` | graph → analysis dict (god nodes, surprises, questions) |
 | `report.py` | `render_report(G, analysis)` | graph + analysis → GRAPH_REPORT.md string |
-| `export.py` | `export(G, out_dir, ...)` | graph → Obsidian vault, graph.json, graph.html, graph.svg |
-| `ingest.py` | `ingest(url, ...)` | URL → file saved to corpus dir |
-| `cache.py` | `check_semantic_cache / save_semantic_cache` | files → (cached, uncached) split |
-| `security.py` | validation helpers | URL / path / label → validated or raises |
-| `validate.py` | `validate_extraction(data)` | extraction dict → raises on schema errors |
-| `serve.py` | `start_server(graph_path)` | graph file path → MCP stdio server |
-| `watch.py` | `watch(root, flag_path)` | directory → writes flag file on change |
-| `benchmark.py` | `run_benchmark(graph_path)` | graph file → corpus vs subgraph token comparison |
-
-## Extraction output schema
-
-Every extractor returns:
-
-```json
-{
-  "nodes": [
-    {"id": "unique_string", "label": "human name", "source_file": "path", "source_location": "L42"}
-  ],
-  "edges": [
-    {"source": "id_a", "target": "id_b", "relation": "calls|imports|uses|...", "confidence": "EXTRACTED|INFERRED|AMBIGUOUS"}
-  ]
-}
-```
+| `export.py` | `export(G, out_dir, ...)` | graph → graph.json, graph.html |
 
-`validate.py` enforces this schema before `build_graph()` consumes it.
+## Rootly collection (`rootly_export.py`)
 
-## Confidence labels
+1. Validate API key (from `.env` or `--api-key-env`)
+2. Prompt for time window (7, 30, or 90 days)
+3. Fetch incidents whose `started_at` falls inside the window
+4. Fetch triggered alerts per incident via sub-resource endpoint
+5. Fetch all teams
+6. Write markdown + raw JSON to corpus directory
+7. Write `.graphifyignore` to exclude retrospectives from graph
 
-| Label | Meaning |
-|-------|---------|
-| `EXTRACTED` | Relationship is explicitly stated in the source (e.g., an import statement, a direct call) |
-| `INFERRED` | Relationship is a reasonable deduction (e.g., call-graph second pass, co-occurrence in context) |
-| `AMBIGUOUS` | Relationship is uncertain; flagged for human review in GRAPH_REPORT.md |
+## Rootly graph build (`rootly_runner.py`)
 
-## Adding a new language extractor
+Reads incident JSON and creates a typed graph:
 
-1. Add a `extract_<lang>(path: Path) -> dict` function in `extract.py` following the existing pattern (tree-sitter parse → walk nodes → collect `nodes` and `edges` → call-graph second pass for INFERRED `calls` edges).
-2. Register the file suffix in `extract()` dispatch and `collect_files()`.
-3. Add the suffix to `CODE_EXTENSIONS` in `detect.py` and `_WATCHED_EXTENSIONS` in `watch.py`.
-4. Add the tree-sitter package to `pyproject.toml` dependencies.
-5. Add a fixture file to `tests/fixtures/` and tests to `tests/test_languages.py`.
+**Nodes:**
+- Incident (labeled by title, colored by severity)
+- Alert (linked to triggering incident)
+- Team (organizational unit)
+- Service (affected infrastructure)
+- Severity level (SEV0–SEV3)
 
-## Security
+**Edges:**
+- `triggered` — alert → incident
+- `affects` — incident → service
+- `owns` — team → service
+- `responded_by` — incident → team
+- `has_severity` — incident → severity
+- `assigned_to_team` — incident → team
 
-All external input passes through `graphify/security.py` before use:
+## Confidence labels
 
-- URLs → `validate_url()` (http/https only) + `_NoFileRedirectHandler` (blocks file:// redirects)
-- Fetched content → `safe_fetch()` / `safe_fetch_text()` (size cap, timeout)
-- Graph file paths → `validate_graph_path()` (must resolve inside `graphify-out/`)
-- Node labels → `sanitize_label()` (strips control chars, caps 256 chars, HTML-escapes)
+| Label | Meaning |
+|-------|---------|
+| `EXTRACTED` | Relationship directly from Rootly API data (severity, team assignment) |
+| `INFERRED` | Reasonable deduction (shared service, co-occurrence) |
+| `AMBIGUOUS` | Uncertain — flagged for review |
 
-See `SECURITY.md` for the full threat model.
+## Optional deep enrichment
 
-## Testing
+Running `/graphify ./corpus --mode deep` dispatches parallel subagents over the markdown files to infer cross-incident themes, rationale, and conceptual links. This adds `INFERRED` and `semantically_similar_to` edges on top of the deterministic graph.
 
-One test file per module under `tests/`. Run with:
+## Testing
 
 ```bash
 pytest tests/ -q
 ```
-
-All tests are pure unit tests - no network calls, no file system side effects outside `tmp_path`.

LICENSE

@@ -1,6 +1,7 @@
 MIT License
 
-Copyright (c) 2026 Safi Shamsi
+Copyright (c) 2026 Rootly, Inc.
+Copyright (c) 2026 Safi Shamsi (graphify)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -77,12 +77,6 @@ run graphify on graphify-rootly-data --mode deep
 ```
 
 
----
-
-### Step 3: Open the current graph output
-
-After semantic enrichment, use the top-level output in `graphify-out/graph.html`. The current generic visualization already includes the maintained filters and visuals, so no separate re-apply command is needed.
-
 ---
 
 ## What you can explore
@@ -195,6 +189,3 @@ graphify rootly --api-key-env ROOTLY_API_KEY --days 30 --mode standard
 /graphify graphify-rootly-data --update
 ```
 
----
-
-Cloned from [graphify](https://github.com/safishamsi/graphify)

SECURITY.md

@@ -1,12 +1,5 @@
 # Security Policy
 
-## Supported Versions
-
-| Version | Supported |
-|---------|-----------|
-| 0.3.x   | Yes       |
-| < 0.3   | No        |
-
 ## Reporting a Vulnerability
 
 **Do not open a public GitHub issue for security vulnerabilities.**
@@ -22,32 +15,20 @@ We will acknowledge receipt within 48 hours and aim to release a fix within 7 da
 
 ## Security Model
 
-graphify is a **local development tool**. It runs as a Claude Code skill and optionally as a local MCP stdio server. It makes no network calls during graph analysis - only during `ingest` (explicit URL fetch by the user).
+rootly-graphify is a **local development tool**. It fetches data from the Rootly API during collection, then all graph analysis runs locally with no further network calls.
 
 ### Threat Surface
 
 | Vector | Mitigation |
 |--------|-----------|
-| SSRF via URL fetch | `security.validate_url()` allows only `http` and `https` schemes, blocks private/loopback/link-local IPs, and blocks cloud metadata endpoints. Redirect targets are re-validated. All fetch paths including tweet oEmbed go through `safe_fetch()`. |
-| Oversized downloads | `safe_fetch()` streams responses and aborts at 50 MB. `safe_fetch_text()` aborts at 10 MB. |
-| Non-2xx HTTP responses | `safe_fetch()` raises `HTTPError` on non-2xx status codes - error pages are not silently treated as content. |
-| Path traversal in MCP server | `security.validate_graph_path()` resolves paths and requires them to be inside `graphify-out/`. Also requires the `graphify-out/` directory to exist. |
-| XSS in graph HTML output | `security.sanitize_label()` strips control characters, caps at 256 chars, and HTML-escapes all node labels and edge titles before pyvis embeds them. |
-| Prompt injection via node labels | `sanitize_label()` also applied to MCP text output - node labels from user-controlled source files cannot break the text format returned to agents. |
-| YAML frontmatter injection | `_yaml_str()` escapes backslashes, double quotes, and newlines before embedding user-controlled strings (webpage titles, query questions) in YAML frontmatter. |
-| Encoding crashes on source files | All tree-sitter byte slices decoded with `errors="replace"` - non-UTF-8 source files degrade gracefully instead of crashing extraction. |
-| Symlink traversal | `os.walk(..., followlinks=False)` is explicit throughout `detect.py`. |
-| Corrupted graph.json | `_load_graph()` in `serve.py` wraps `json.JSONDecodeError` and prints a clear recovery message instead of crashing. |
-
-### What graphify does NOT do
-
-- Does not run a network listener (MCP server communicates over stdio only)
-- Does not execute code from source files (tree-sitter parses ASTs - no eval/exec)
-- Does not use `shell=True` in any subprocess call
-- Does not store credentials or API keys
+| API key exposure | Key read from `.env` or environment variable, masked in logs, never written to graph output |
+| XSS in graph HTML output | `security.sanitize_label()` strips control characters, caps at 256 chars, and HTML-escapes all node labels and edge titles |
+| Path traversal in MCP server | `security.validate_graph_path()` resolves paths and requires them to be inside `graphify-out/` |
+| Encoding crashes on source files | All tree-sitter byte slices decoded with `errors="replace"` |
 
-### Optional network calls
+### What rootly-graphify does NOT do
 
-- `ingest` subcommand: fetches URLs explicitly provided by the user
-- PDF extraction: reads local files only (pypdf does not make network calls)
-- watch mode: local filesystem events only (watchdog does not make network calls)
+- Does not store your API key in any output file
+- Does not execute code from source files (tree-sitter parses ASTs — no eval/exec)
+- Does not use `shell=True` in any subprocess call
+- Does not make network calls during graph analysis — only during the initial Rootly API fetch

pyproject.toml

@@ -5,10 +5,10 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "graphifyy"
 version = "0.3.6"
-description = "AI coding assistant skill (Claude Code, Codex, OpenCode, OpenClaw) - turn any folder of code, docs, papers, or images into a queryable knowledge graph"
+description = "Turn Rootly incidents, alerts, and teams into a queryable knowledge graph"
 readme = "README.md"
 license = { file = "LICENSE" }
-keywords = ["claude", "claude-code", "codex", "opencode", "knowledge-graph", "rag", "graphrag", "obsidian", "community-detection", "tree-sitter", "leiden", "llm"]
+keywords = ["rootly", "incidents", "knowledge-graph", "claude-code", "codex", "graphrag", "community-detection", "incident-management", "on-call", "sre"]
 requires-python = ">=3.10"
 dependencies = [
     "networkx",
@@ -34,9 +34,9 @@ dependencies = [
 ]
 
 [project.urls]
-Homepage = "https://github.com/safishamsi/graphify"
-Repository = "https://github.com/safishamsi/graphify"
-Issues = "https://github.com/safishamsi/graphify/issues"
+Homepage = "https://github.com/Rootly-AI-Labs/rootly-graphify-importer"
+Repository = "https://github.com/Rootly-AI-Labs/rootly-graphify-importer"
+Issues = "https://github.com/Rootly-AI-Labs/rootly-graphify-importer/issues"
 
 [project.optional-dependencies]
 mcp = ["mcp"]