# Pitfall Log

Project: CodeGraphContext/CodeGraphContext

Summary: Found 36 structured pitfall item(s), including 10 high/blocking item(s). Top priority: Installation risk - Installation risk requires verification.

## 1. Installation risk - Installation risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1030

## 2. Installation risk - Installation risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1331

## 3. Installation risk - Installation risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1333

## 4. Configuration risk - Configuration risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1322

## 5. Runtime risk - Runtime risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a runtime risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1328

## 6. Runtime risk - Runtime risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a runtime risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1308

## 7. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1102

## 8. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1306

## 9. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1059

## 10. Security or permission risk - Security or permission risk requires verification

- Severity: high
- Evidence strength: source_linked
- Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1332

## 11. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: Improve Readme Formatting and Structure
- User impact: Developers may fail before the first successful local run: Improve Readme Formatting and Structure
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1030

## 12. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: Python graph builder crashes with 'NoneType' object has no attribute 'split' during post-parse relationship resolution
- User impact: Developers may fail before the first successful local run: Python graph builder crashes with 'NoneType' object has no attribute 'split' during post-parse relationship resolution
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1334

## 13. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: VSCode-Extension-v0.1.0
- User impact: Upgrade or migration may change expected behavior: VSCode-Extension-v0.1.0
- Evidence: failure_mode_cluster:github_release | https://github.com/CodeGraphContext/CodeGraphContext/releases/tag/v0.1.0-alpha

## 14. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: bug: Multi-database backend selection uses silent fallback chain — when FalkorDB Lite fails on Python 3.13, the actual active backend is never logged, leaving users unaware whic...
- User impact: Developers may fail before the first successful local run: bug: Multi-database backend selection uses silent fallback chain — when FalkorDB Lite fails on Python 3.13, the actual active backend is never logged, leaving users unaware whic...
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1331

## 15. Installation risk - Installation risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1334

## 16. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: AI: Implement Prompt Text Truncation Safety
- User impact: Developers may misconfigure credentials, environment, or host setup: AI: Implement Prompt Text Truncation Safety
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1102

## 17. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Bug: bundle import fails with "Create node n expects primary key name as input" - _PK_MAP missing DbTable/ExternalClass
- User impact: Developers may misconfigure credentials, environment, or host setup: Bug: bundle import fails with "Create node n expects primary key name as input" - _PK_MAP missing DbTable/ExternalClass
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1322

## 18. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: Fix invalid gradient usage in graph node stylin
- User impact: Developers may misconfigure credentials, environment, or host setup: Fix invalid gradient usage in graph node stylin
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1306

## 19. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: feat/chore: Add automated validation for database credentials in the MCP setup wizard
- User impact: Developers may misconfigure credentials, environment, or host setup: feat/chore: Add automated validation for database credentials in the MCP setup wizard
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1059

## 20. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: feat: `codegraphcontext analyze dead-code` has no confidence scoring — it reports all unreferenced symbols equally, producing high false-positive rates on Python dunder methods,...
- User impact: Developers may misconfigure credentials, environment, or host setup: feat: `codegraphcontext analyze dead-code` has no confidence scoring — it reports all unreferenced symbols equally, producing high false-positive rates on Python dunder methods,...
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1332

## 21. Configuration risk - Configuration risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1059

## 22. Capability evidence risk - Capability evidence risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: capability.assumptions | https://github.com/CodeGraphContext/CodeGraphContext

## 23. Runtime risk - Runtime risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a runtime risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/CodeGraphContext/CodeGraphContext/issues/1306

## 24. Runtime risk - Runtime risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a runtime risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: packet_text.keyword_scan | https://github.com/CodeGraphContext/CodeGraphContext

## 25. Maintenance risk - Maintenance risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this migration risk before relying on the project: Extension: Clean Event Listeners on Panel Disposal
- User impact: Developers may hit a documented source-backed failure mode: Extension: Clean Event Listeners on Panel Disposal
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1117

## 26. Maintenance risk - Maintenance risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow.
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/CodeGraphContext/CodeGraphContext

## 27. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: downstream_validation.risk_items | https://github.com/CodeGraphContext/CodeGraphContext

## 28. Security or permission risk - Security or permission risk requires verification

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: risks.scoring_risks | https://github.com/CodeGraphContext/CodeGraphContext

## 29. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: [Bug]: og:image and twitter:image use relative URLs — social preview images broken on all platforms
- User impact: Developers may hit a documented source-backed failure mode: [Bug]: og:image and twitter:image use relative URLs — social preview images broken on all platforms
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1308

## 30. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this capability risk before relying on the project: chore(a11y): Form field elements missing "id" or "name" attributes on landing page
- User impact: Developers may hit a documented source-backed failure mode: chore(a11y): Form field elements missing "id" or "name" attributes on landing page
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1305

## 31. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: [Bug]: Stale GitHub repository URLs point to old owner in package metadata and docs
- User impact: Developers may hit a documented source-backed failure mode: [Bug]: Stale GitHub repository URLs point to old owner in package metadata and docs
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1328

## 32. Capability evidence risk - Capability evidence risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: feat: `codegraphcontext analyze complexity` threshold flag has no documented output format and no machine-readable export — CI integration is impossible without parseable output
- User impact: Developers may hit a documented source-backed failure mode: feat: `codegraphcontext analyze complexity` threshold flag has no documented output format and no machine-readable export — CI integration is impossible without parseable output
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1333

## 33. Runtime risk - Runtime risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this performance risk before relying on the project: feat(parsers): add Rust parser using Tree-sitter for functions, structs, traits, and impl blocks
- User impact: Developers may hit a documented source-backed failure mode: feat(parsers): add Rust parser using Tree-sitter for functions, structs, traits, and impl blocks
- Evidence: failure_mode_cluster:github_issue | https://github.com/CodeGraphContext/CodeGraphContext/issues/1339

## 34. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/CodeGraphContext/CodeGraphContext

## 35. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: May increase setup, validation, or first-run risk for the user.
- Evidence: evidence.maintainer_signals | https://github.com/CodeGraphContext/CodeGraphContext

## 36. Maintenance risk - Maintenance risk requires verification

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v0.0.11-alpha
- User impact: Upgrade or migration may change expected behavior: v0.0.11-alpha
- Evidence: failure_mode_cluster:github_release | https://github.com/CodeGraphContext/CodeGraphContext/releases/tag/v0.0.11-alpha
