Skip to content

feat(package): Add gridfm-graphkit Nexus package#157

Open
romeokienzler wants to merge 8 commits into
IBM:mainfrom
romeokienzler:add_gridfm_graphkit-0.8.0rc3
Open

feat(package): Add gridfm-graphkit Nexus package#157
romeokienzler wants to merge 8 commits into
IBM:mainfrom
romeokienzler:add_gridfm_graphkit-0.8.0rc3

Conversation

@romeokienzler

Copy link
Copy Markdown
Collaborator

Description

Adds the gridfm-graphkit algorithm package (version 0.8.0rc3) to the ecosystem variant of Algorithm Nexus, with the corresponding Nexus package under packages/gridfm-graphkit/.

Additional Information

  • gridfm-graphkit does not declare vllm as a dependency, so it belongs to the ecosystem variant only.
  • gridfm-graphkit==0.8.0rc3 pins gridfm-datakit==1.0.5rc1 (a prerelease) to skip 1.0.4's broken gridfm-datakit-winblock marker. To let this transitive prerelease pin resolve, prerelease = "allow" was added to [tool.uv]. This can be dropped once a stable gridfm-datakit/gridfm-graphkit ships.
  • gridfm-datakit is pulled in transitively via gridfm-graphkit — it is not declared as a dedicated dependency.
  • uv.lock and requirements-ecosystem.txt were regenerated via the documented uv add / uv export steps.

I need help with this PR

N/A — dependency resolution succeeds with prerelease = "allow" enabled.

Related Issues

See gridfm/gridfm-graphkit#81 for the upstream gridfm-datakit prerelease context.

@christian-pinto christian-pinto added the ci Enable CI integration label Jul 1, 2026
@romeokienzler romeokienzler force-pushed the add_gridfm_graphkit-0.8.0rc3 branch from d792985 to 7234664 Compare July 1, 2026 07:56
@christian-pinto

christian-pinto commented Jul 1, 2026

Copy link
Copy Markdown
Member

@romeokienzler let's wait until a proper release of both gridfm-graphkit and gridfm-datakit are available.

@christian-pinto

christian-pinto commented Jul 1, 2026

Copy link
Copy Markdown
Member

@romeokienzler just to give you a feedback on the rest. I see you have not defined any models with the package. Is this the intended outcome? Note that models are required to have a HuggingFace ID

@christian-pinto

Copy link
Copy Markdown
Member

@romeokienzler please merge with the latest master and then run

git restore --source origin/main -- uv.lock
uv lock

Then add the new uv.lock and commit. Make sure the pre-commit hooks are installed becuase they will re-generate the requirement files.

@christian-pinto

Copy link
Copy Markdown
Member

@romeokienzler could you please have a loot at this PR? See my latest comment for instructions. Thanks.

@romeokienzler romeokienzler force-pushed the add_gridfm_graphkit-0.8.0rc3 branch from 7234664 to db2e966 Compare July 13, 2026 10:50

@christian-pinto christian-pinto left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If something is not working on your PR, just send a message here and we'll see what can be done. This is related to the changes i to the secrets file as well as the constraint-dependencies.

Comment thread pyproject.toml Outdated
Comment thread .secrets.baseline
@romeokienzler romeokienzler force-pushed the add_gridfm_graphkit-0.8.0rc3 branch from ceedc7e to c9c61c3 Compare July 13, 2026 14:44
@romeokienzler

Copy link
Copy Markdown
Collaborator Author

@romeokienzler please merge with the latest master and then run

git restore --source origin/main -- uv.lock
uv lock

Then add the new uv.lock and commit. Make sure the pre-commit hooks are installed becuase they will re-generate the requirement files.

uv lock produced no changes to the lock file. This means the uv.lock on origin/main already contained everything needed

@romeokienzler

Copy link
Copy Markdown
Collaborator Author

@romeokienzler just to give you a feedback on the rest. I see you have not defined any models with the package. Is this the intended outcome? Note that models are required to have a HuggingFace ID

Since gridfm-graphkit has no published Hugging Face checkpoints to reference, the nexus.yaml correctly contains only the package.name field with no models: section. All other packages in the repo (bmfm-targets, terratorch, tokamind, terrakit) are in the same situation — none of them declare models in their nexus.yaml either. Did I get something wrong here?

@romeokienzler

Copy link
Copy Markdown
Collaborator Author

Also can't access the pipelines, so no idea what the problem is
image

Comment thread .secrets.baseline
@christian-pinto

Copy link
Copy Markdown
Member

@romeokienzler just to give you a feedback on the rest. I see you have not defined any models with the package. Is this the intended outcome? Note that models are required to have a HuggingFace ID

Since gridfm-graphkit has no published Hugging Face checkpoints to reference, the nexus.yaml correctly contains only the package.name field with no models: section. All other packages in the repo (bmfm-targets, terratorch, tokamind, terrakit) are in the same situation — none of them declare models in their nexus.yaml either. Did I get something wrong here?

terratorch and tokamind both define models inside the models folder within the nexus package. Deinifing models is not mandatory. In your case all is good then.

@christian-pinto

Copy link
Copy Markdown
Member

Also can't access the pipelines, so no idea what the problem is <img alt="image" width="1072" height="338"

Some issues with secrets detection. Revert that change on the secrets file and we try again

@romeokienzler

Copy link
Copy Markdown
Collaborator Author

@christian-pinto done

@DRL-NextGen

Copy link
Copy Markdown
Member

Checks Summary

Last run: 2026-07-15T16:11:40.308Z

Mend Unified Agent vulnerability scan found 4 vulnerabilities:

Severity Identifier Package Details Fix
❗ Critical CVE-2025-69872 diskcache-5.6.3-py3-none-any.whl
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attac...DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
Not Available
🔷 Medium CVE-2025-3000 torch-2.11.0-cp312-cp312-manylinux_2_28_x86_64.whl
A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function to...A vulnerability classified as critical has been found in PyTorch 2.6.0. This affects the function torch.jit.script. The manipulation leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Not Available
🔷 Medium CVE-2026-59890 setuptools-80.10.2-py3-none-any.whl
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python...setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unicode normalization, so on macOS APFS or HFS+ an NFD file name could bypass an NFC exclusion rule and be packed into a source distribution. This issue is fixed in version 83.0.0.
Upgrade to version setuptools - 83.0.0,setuptools - 83.0.0,https://github.com/pypa/setuptools.git - 83.0.0
🔸 Low CVE-2025-63396 torch-2.11.0-cp312-cp312-manylinux_2_28_x86_64.whl
An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.prof...An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service (DoS).
Not Available

@christian-pinto

christian-pinto commented Jul 15, 2026

Copy link
Copy Markdown
Member

@romeokienzler DCO is failing. There are at least three commits that I can see that have no signoff. All commits are required to have a Signed-off-by tag.

@romeokienzler romeokienzler force-pushed the add_gridfm_graphkit-0.8.0rc3 branch from 433eb31 to e64e14d Compare July 15, 2026 16:19
romeokienzler and others added 5 commits July 16, 2026 10:42
Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
…0.5 stable)

Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
…kit PR

Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
@romeokienzler romeokienzler force-pushed the add_gridfm_graphkit-0.8.0rc3 branch from 21f7c58 to 3b0bb04 Compare July 16, 2026 08:42
Comment thread pyproject.toml
Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
Signed-off-by: Romeo Kienzler <romeo.kienzler1@ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci Enable CI integration

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants