For teams running Cursor, Claude Code, Codex, Gemini in real repos

Give every AI coding agent
a map of your repo before it edits.

Maps before agents edit. Gates before they merge. Evidence after every run. Roam is the local code-graph and MCP server your coding agent calls to check blast radius, find clones, run static analysis, and emit tamper-evident evidence — credential-free, zero network egress, your source stays on your machine.

Install the free CLI Replay your last 5 PRs

Free CLI · Apache 2.0 · 28 languages · 57 core agent tools · 227 total MCP tools · 7,731 PyPI installs/month

Agentic code intelligence

Semantic reviewers read what the code does. Roam reads what it touches. Callers, clones, layers, tests, hot paths — the structural layer your reviewer doesn't see.

What Roam catches

Across 22,000 developers, Faros AI's 2026 telemetry analysis reported AI-assisted teams saw more bugs per developer and more than 3x incidents per PR. The pattern is consistent: agents write plausible code faster than human reviewers can inspect its structural consequences. Roam catches three classes of structural consequence the agent and the reviewer both tend to miss. Source: Faros AI, 2026 telemetry analysis (exact figures: bugs/dev +54%, incidents/PR +242.7%; archive).

Blast-radius the agent didn't measure

Same failure class as the PocketOS incident, April 2026 — production database and three months of backups gone in nine seconds. Not the exact diff; the illustrative output below shows what Roam's blast-radius check would flag on a similar change. Source · archive.

An AI agent rewrites a cleanup_old_records() job. The diff looks fine. What it actually changed: the WHERE clause now matches every row. 

$ git diff | roam critique
VERDICT: BLOCK  (1 high)
  cleanup_old_records  db/maintenance.py:84
  reaches: 3 entry points, 1 destructive op
  runtime: 1,247 calls/day in trace_ingest
  flag: DELETE without LIMIT

→ Nine seconds vs nine months of backups.

The clone the agent forgot to update

Same failure class as Amazon's Treadwell 90-day code-controls reset, March 2026 — senior signoff added on agent-generated changes after outages including one linked to an internal AI coding tool. Illustrative Roam output, not the exact diff. Source.

AI agents fix bugs by pattern-matching, then forget the other places the same pattern lives. Diff looks clean. Roam flags the unchanged copies: 

$ git diff | roam critique
VERDICT: REVIEW  (clones-not-edited)
  order_service.py:142  [edited]
  billing/refunds.py:89  [UNCHANGED]
  admin/bulk_ops.py:201  [UNCHANGED]
  confidence: 0.94 (AST exact + identifier rename)

→ Senior signoff plus a structural diff is better than senior signoff alone.

The runtime-hot path the agent treated as cold

Shape: the diff-touches-more-than-the-reviewer-thinks pattern Faros's 22,000-developer study quantified above.

AI-written code touches more places than the reviewer sees. Roam weights blast-radius by production traffic to surface the hot paths: 

$ git diff | roam critique --runtime
VERDICT: REVIEW  (runtime-hot path)
  serialize_user  api/v2/users.py:34
  trace ingest: 3.2M calls/day (top 0.1%)
  diff: response shape changed
  downstream: 4 mobile clients, 2 webhooks

→ The rate isn't fixed by fewer AI commits — by reviewing structural impact at machine speed.

Want to see what Roam would have caught on your last 5 PRs? pip install roam-code && roam pr-replay --tier sample — no email, no upload. Or jump to the paid PR Replay tiers for a written report.

How agents use Roam

Three steps: install once, hand the MCP server to your editor, and your coding agent gains 57 core structured questions to ask about the codebase. The free CLI gives you the same engine to run the same checks from your terminal or CI.

  1. 1 You install Roam locally. One command. The MCP server starts up alongside your editor or terminal.
  2. 2 Your AI agent asks structural questions. What else does this function affect? Where are the tests for this? Is this a clone of another implementation?
  3. 3 The agent writes better code. Now it edits like someone who's been on the team for a year — knows what breaks, what's a clone, what needs a test.

The five calls your agent makes most

roam understandMap an unfamiliar codebase before editing.
roam retrievePull the exact spans for the task at hand.
roam contextList the files and lines that matter.
roam preflightCheck what a change will break.
roam critiqueReview a patch against the graph.

Works with Claude Code, Cursor, Windsurf, VS Code, Codex, Gemini — and any MCP-aware editor.

Local code graph in seconds. Free forever.

Roam indexes a typical 100k-LOC repo in seconds and exposes the result as deterministic local tools your agent can call before, during, and after every change. Your code, your control, your audit trail — evidence stays on your machine and verifies offline.

zeroAPI keys required
zeronetwork egress at analysis time
tamper-evidentHMAC-chained evidence packets
28language families
459GitHub stars
7,731PyPI installs / month

snapshot as of

pip install roam-code && roam init

Your first 5 minutes

  1. cd into any Git repo
  2. roam init — build the local graph (a typical 100k-LOC repo finishes in seconds)
  3. roam understand — guided architectural tour
  4. git diff | roam critique — structural review of your current changes
  5. roam mcp — start the MCP server so your agent can call the 57-tool core preset

More detail in the getting-started guide and the MCP usage guide.

The questions agents miss

Each row is one engineering question AI agents commonly skip because they can't see the answer. The CLI surface is organised around the questions — not around an encyclopaedic command list.

Codebase sight "What does this repo do? What should I read?" roam understand · roam map · roam tour · roam describe
Context retrieval "Pull the exact spans I need for this task." roam retrieve · roam context · roam search-semantic · roam agent-context
Change safety "What breaks if I edit this? Which tests run?" roam preflight · roam impact · roam affected-tests · roam diff
PR review "Did the AI miss a clone, a caller, a test?" roam critique · roam pr-analyze · roam pr-risk · roam clones
Algorithmic judgment "Is this code correct but slow?" roam math · roam algo · roam n1 · roam missing-index · roam hotspots Catches AI patterns that pass tests but become O(n²): nested-loop lookups, N+1 queries, regex compiled in loops, repeated JSON parsing, branching recursion without memoisation.
Architecture governance "Is the architecture drifting?" roam layers · roam cycles · roam health · roam dark-matter · roam fitness
Refactor safety "Can I simulate this refactor first?" roam simulate · roam mutate · roam safe-delete · roam plan-refactor
Multi-agent coordination "Can multiple agents work on this graph in parallel?" roam fleet · roam partition · roam orchestrate · roam agent-plan
Evidence + compliance "Can we prove what was checked, signed, and gated?" roam attest · roam cga · roam audit-trail-export · roam --sarif

See it in action: eight concrete scenarios where AI ships a plausible patch and Roam catches the problem before merge. Or jump to the full command reference.

What Roam looks like in practice

Two surfaces. Your terminal — free, available today. A comment on every PR — paid, in early access.

In your terminal — example output (illustrative)

$ git diff main..HEAD | roam critique
VERDICT: BLOCK  (1 high, 3 medium, 0 low)
  reason: clones-not-edited (high)
         AI updated api/users.py:create_user but left
         admin/users.py:create_user (95% similar) untouched.
         Both call db.commit(); behavior will diverge.

  reason: blast-radius (medium)
         UserService.authenticate has 47 callers.
         Add tests covering the new error path.

  reason: layer-violation (medium)
         Domain layer now imports HTTP layer.
         Move side-effect to controller.

$ echo $?
5

Exit code 5 fails CI. Same engine powers Roam Review on every pull request.

On a pull request — example comment (illustrative)

roam-review-bot · bot · commented now
Roam check failed — 1 high, 3 medium structural risks · gates merge
  1. High clones-not-edited confidence 0.94

    api/users.py:42 admin/users.py:38 95% AST similar

    AI updated one copy of create_user. The other still calls db.commit() with the prior logic; merging this leaves silent divergence.

    Suggested fix · admin/users.py:38 
      self.session.add(user)
+ self.db.commit()
  return user
  2. Medium blast-radius 47 callers · 12 files

    UserService.authenticate is called from 12 files; test coverage is at 64% on the new error path.

    authenticate · 47 reach
  3. Medium layer-violation domain → http

    Domain layer now imports HTTP layer (requests.post). Move the side-effect to a controller.

Posted on every PR by Roam Review (early access). Suggested fixes render as reviewable GitHub diffs.

Multi-agent coordination

Built for parallel agents.

Most review tools assume one author per change. Roam assumes many — and gives every agent in the loop a shared structural map so they don't collide. Split work by graph partition, detect overlapping blast radius before two agents touch the same call chain, and produce per-agent review evidence before merge.

Partition the graph Louvain-based work splits — each agent gets an independent slice with minimised cross-cluster edges. roam partition · roam orchestrate
Claim and release leases Repo-local lease store stops two agents from editing the same subject simultaneously. roam lease claim · roam lease list
Score each agent's run Per-run evidence packets (HMAC-chained) + composite agent-score on 0..100 so reviewers can compare fleets, not commits. roam runs verify · roam agent-score

Early — but designed in from the substrate up. Background in the architecture guide.

Roam on Roam

Roam catches problems in Roam itself.

If the tool cannot gate its own codebase, it should not gate yours. Recent commits where Roam flagged something we missed, with the verifiable git hash:

  • f1101fb — split collect_symbol_metrics, cyclomatic complexity 99 → ~10
  • bc6d3ac — split alerts command, complexity 99 → ~10
  • 2fe3854 — split _parse_query_patterns, complexity 106 → ~5
  • 19064b3 — split _collect_inter_findings, complexity 107 → ~5

Browse the full history for the rest.

Roam does not replace your reviewer

Keep CodeRabbit, Greptile, Qodo, SonarQube, or CodeQL. Roam adds the structural layer they don't see: callers, clones, layers, tests, hot paths. Three layers, three jobs, three kinds of finding.

Layer What it sees Examples
Semantic reviewers What the diff does — correctness, style, prose-level review CodeRabbit, Greptile, Qodo
Static analyzers Known rule and security patterns inside a function SonarQube, Semgrep, CodeQL
Roam What the change touches — callers, clones, layers, tests, hot paths Roam (local CLI + MCP + CI)

Full feature-by-feature breakdown — including local-vs-cloud, MCP exposure, attestations, and pricing — at roam-code.com/compare → Also pairs with Cursor / Claude Code / Codex / Gemini via MCP, and exports SARIF for GitHub / GitLab CI. See something wrong? hello@roam-code.com.

Try it on your last 5 PRs

Roam runs against your last 5 / 30 / 90 merged PRs and produces a written structural-review report. What today's detectors would have caught pre-merge, the patterns worth wiring into CI, and the single-highest-impact gate to add today. No email, no upload.

Sample

Free · 5 PRs · self-serve

pip install roam-code && roam pr-replay --tier sample

No email. Watermarked. Same engine as the paid tiers.

Team

$2,500 · 30 PRs · 30-min walk-through

Aggregated detector breakdown, ranked PRs, recommended CI gates. 50% of fee credits toward a Roam Review subscription if started within 60 days. See sample output.

Buy Team — $2,500

Self-serve checkout launches soon; email orders go through today.

Turnaround: 5 business days from kickoff for Team, 10 business days for Deep. Reports ship as Markdown + PDF. We never train on or reuse buyer code; the engagement runs against a temporary clone we delete on completion. Full deliverable spec, FAQ, and credit math → See the DPA and security policy for details. Email hello@roam-code.com with questions before purchase.

For teams: three paid surfaces, one engine

Same engine, three deployment surfaces. Pick the ones your team needs — every pull request (Review, early access), shared visibility across repos (Cloud, early access), or a scoped private-deployment pilot. The paid PR Replay audit is available today and gives you a written report on your last 5 / 30 / 90 PRs before committing to a subscription.

Roam Review

A structural and algorithmic second opinion on every pull request — runs alongside CodeRabbit, Greptile, or Qodo, not instead.

  • Plain structural verdict on every PR: BLOCK, REVIEW, or APPROVE — different layer from semantic reviewers, so it runs alongside them
  • Lists everything else the change touches — callers, tests, runtime hot spots
  • Catches when AI copied a function and only updated one of the copies
  • Inline severity, confidence score, and a reviewable suggested-fix diff
  • /roam re-review and /roam explain <file> — slash commands invoked from a GitHub PR comment, ship with the bot at launch
  • Exports SARIF for GitHub Code Scanning and any compatible CI
  • GitHub Marketplace install on launch — join early access
Starter $99/mo Team $299 · Business $799 · Scale $1,499 · monthly or annual · 14-day trial · free for open-source forever
Get early access

Want history across releases? Add Roam Cloud → · Want to evaluate first? Run a paid PR Replay →

Roam Cloud

A dashboard for your code health over time. We never see your source.

  • Health, debt, and complexity tracked across every commit
  • Per-team and per-repo trend charts
  • One audit log across Cursor, Claude Code, Codex, and Gemini
  • Browse the AI-governance audit trail (paid tiers)
  • Self-serve checkout at launch, no sales call
$19/repo/mo $99/mo Team (10 repos) · $299/mo Growth · 30-day money back
Get early access

Cloud pairs with Roam Review →. Regulated stack? Talk to us about a private-deployment pilot →

Roam Self-Hosted

Private-deployment pilots for teams that cannot use hosted Review or Cloud.

  • Scoped deployment plan for Review, Cloud-style dashboards, and audit-trail evidence inside your environment
  • SSO/SAML, audit logs, custom rules, and network boundaries written into the SOW before build starts
  • Audit-trail artifacts designed to support SOC 2, ISO 42001, and AI-governance evidence packages (your auditor judges fit)
  • SLA and dedicated support are negotiated per pilot; the formal assessment remains the buyer's process
Custom Private pilot. Sized to team, support level, and compliance scope.
Discuss a pilot

Self-Hosted is customer-pulled infrastructure. Start with PR Replay or Review early access unless a private deployment is required.

Who Roam is for

Use Roam if AI agents write real PRs in your repo, your codebase has multiple services or modules, or you need review evidence you can hand to an auditor.
Probably skip if Tiny single-file repo, no AI-generated PRs, and no structural review pain yet. Come back when one of those changes.
Free forever The engine is Apache 2.0 and free for individuals, teams, and companies of any size. We charge for the team workflow: PR bot, dashboard, self-hosted.

Paste this into your agent's system prompt

Before editing this repo, run:
  roam understand     # map the codebase
  roam preflight <sym> # blast radius + tests + fitness

After editing, run:
  git diff | roam critique

Do not open a PR until Roam high-severity findings
are fixed or explained.

Works in Claude Code, Cursor, Windsurf, Codex, Gemini, and any MCP-aware editor. Full setup guide at /setup.

Apache 2.0 Free forever. GitHub · PyPI
Evidence that never leaves your machine Local SQLite, no telemetry, local by default (opt-in metrics-push is the only outbound surface) — and evidence packets that hash-verify offline. Your code stays on your machine; your audit trail lives in your repo. See the security page for our supply-chain posture and a comparison with hosted reviewers.
28 languages, 6 cross-language bridges Python · TypeScript · PHP · Go · Rust · Java · C# · Kotlin · Scala · SQL · Dart · 17 more. Bridges resolve Salesforce Apex → Aura, REST front-end → back-end routes, Django ORM, .proto stubs, Jinja/Django templates, env var → config.
Local audit trail Roam keeps local evidence of what was checked, so teams can show how AI-written code was reviewed. Tamper-evident log file plus signed records (in-toto v1, verifiable with cosign). Full framework-specific detail on the security page and the governance page; trust posture on the trust page.
We never train on your code Roam Review and Roam Cloud do not use your source, diffs, comments, or metrics to train, fine-tune, or evaluate any machine-learning model — ours, ours-via-third-party, or any third party's. Contractual commitment in the security policy; details in the procurement packet.

Common questions

How is Roam different from CodeRabbit, Greptile, or Qodo?

They review what the code does — semantics. Roam reviews what the code touches — structure: callers, layers, dependency cycles, copy-paste duplicates. Different layer, different findings. Most teams keep their existing reviewer and add Roam alongside it. See the full comparison.

Two extras most teams care about: (1) the CLI runs entirely on your machine — no PR diff is uploaded anywhere from local use, and (2) every analysis emits a tamper-evident audit-trail entry.

Will the CLI stay free?

Yes. Forever. Apache 2.0. Free for individuals, teams, and companies of any size. We charge for PR Replay, hosted Review/Cloud, and scoped private-deployment pilots — not the local engine.

What audit-trail evidence does Roam produce?

On every analysis, Roam writes two things: a tamper-evident log file (each entry chained with a SHA-256 hash to the previous one) and signed records you can verify with cosign. The kind of evidence SOC 2 CC8.1 (change management), ISO 42001 (AI management system), and internal AI-governance policies want to see.

Roam is provided as evidence-generation tooling — the artefact, not the framework mapping. EU AI Act Article 12 (record-keeping) only attaches to providers of high-risk AI systems listed in Annex III; code-generation tooling is not in Annex III, so most teams using Cursor, Claude Code, or Codex have no direct Article 12 obligation. If your own product is a high-risk AI system (HR-tech, edtech, fintech credit-scoring, healthtech), Roam's review attestations are useful as Article 14 human-oversight evidence — not Article 12 logs themselves. The classification call is for you and your DPO or counsel.

Does any of my source code leave my machine?

From the CLI: no. It runs locally and only writes a SQLite file inside your repo's .roam/ directory.

From Roam Cloud (when launched, early access): metrics only — health scores, complexity numbers, dependency counts. Never source code.

From Roam Review (when launched, early access): the PR diff is processed ephemerally in our cloud. Private-deployment pilots are scoped separately when hosted processing is blocked by policy. Always a fair question to ask any PR-bot vendor what their threat model is.

Does Roam fit into my CI?

Yes. roam --sarif health exports findings in the SARIF 2.1.0 format, which GitHub Code Scanning, GitLab, and most CI platforms understand natively. Ready-to-drop GitHub Actions templates ship with the package. roam critique returns exit code 5 on any high-severity finding so a CI step can gate on it.

How long does it take to index a typical repo?

A 100k-line monorepo indexes in roughly 20-40 seconds on a modern laptop. Incremental rebuilds after a single PR's worth of changes are sub-second. The DB lives in .roam/index.sqlite in your repo; agents and CI both read from the same artefact.

What languages does Roam support?

28 languages with tree-sitter grammars: Python, JavaScript, TypeScript, Go, Rust, Java, Kotlin, Scala, C, C#, C++, PHP, Ruby, Swift, Apex, SQL DDL, FoxPro, plus YAML, HCL, JSON, XML configs and framework-specific bridges (Django, Salesforce, REST APIs, .proto stubs, Jinja/Django templates, env-var configs). Most of the 28 languages have dedicated extractors with first-class symbol extraction; the rest use generic tree-sitter walks.

Does Roam replace my existing reviewer?

No, and we recommend against it. CodeRabbit, Greptile, Qodo, and SonarQube each catch a class of bug Roam doesn't (semantic correctness, code-style violations, security smells inside a single function). Roam catches the bugs between the code: callers two layers up, tests that no longer assert, clones modified inconsistently, runtime hot paths that just got slower. Most teams keep their existing reviewer and add Roam alongside it on a flat tier (Starter $99/mo, Team $299/mo, Business $799/mo) so adding a structural layer doesn't trigger a per-seat headcount conversation.

What data does Roam Cloud send back?

Metrics only. Health scores, complexity numbers, dependency counts, architectural-layer counts, churn aggregates, test-coverage ratios. Never function bodies, identifier names, file paths, or commit messages. The shipping payload is a JSON envelope with numeric fields and bucket aggregates only — auditable per push at .roam/cloud-payload.json before it leaves your machine.

How does Roam Self-Hosted differ from running the CLI offline?

The CLI is already 100% local by default (opt-in metrics-push is the only outbound surface) — that's the free path. A private- deployment pilot would scope the extra pieces you actually need: long-lived indexing, Review-style PR checks, Cloud-style dashboards, and centrally collected signed evidence. It is not a boxed GA product today; deployment, support, and retention terms are written into the pilot SOW.

Why no analytics or telemetry on this site?

Two reasons. First, every third-party script is part of the attack surface — less surface, fewer surprises. Second, we sell to teams that read Privacy policies. Asking them to read ours and seeing zero cookies, zero trackers, zero "anonymous usage data" is a stronger signal than any logo wall. See the receipt; the supply-chain detail lives on the security page.