This page documents how to report vulnerabilities, what's in scope, our response commitment, and the security posture of the products we ship. The operational companion to the trust & compliance posture page — that page covers framework status (SOC 2 / ISO 42001 / EU AI Act Article 12 / NIST AI RMF) and the procurement artifact set; this page covers vulnerability disclosure, supply-chain integrity, and the secure-defaults of the products we ship.
Reporting a vulnerability
Email security@roam-code.com with details. Please include:
- A clear description of the issue and how to reproduce it
- The affected URL, command, or code path
- Your assessment of impact (data exposure, availability, etc.)
- Optional: a proof-of-concept
Acknowledgement within one business day (Athens, Greece time), with a substantive triage response within two business days. For high-severity issues we engage immediately on receipt. (These SLAs match the procurement-facing commitment on the trust page security-contact row.)
Safe-harbour commitment
We will not pursue legal action against good-faith security research that:
- Avoids accessing, modifying, or destroying customer data
- Doesn't degrade service availability for other users
- Stops at proof-of-concept (no exfiltration, no ransom, no public disclosure before fix)
- Gives us a reasonable window to remediate (default 90 days; extendable on request)
In scope
roam-code.comand all sub-paths/sub-domains we control- The
roam-codePython package on PyPI and any binary releases - The
Cranot/roam-codeGitHub repository (source + workflows) - The MCP server (
roam mcp) and its tool surface - Anything reachable from
/docs/
Out of scope
- Findings on third-party services (Cloudflare, GitHub, PyPI) — please report to those vendors directly
- Self-hosted installations of customer code that include Roam — those are the customer's responsibility
- Non-security bugs (e.g. UI glitches, broken links) — open a regular GitHub issue instead
Hall of thanks
We acknowledge security researchers who report responsibly. Once we have a name to credit, it goes here. Send us how you'd like to be credited (full name, handle, or anonymous).
No reports yet — be the first.
A formal monetary bug-bounty program is [TBD: bug-bounty policy and reward tiers — pending live-payment setup; until then, public acknowledgement in this hall plus an optional written reference for your CV]. Same placeholder is cited from the trust page vulnerability-disclosure row.
Security posture
The CLI runs locally
The roam-code CLI is
100% local, no API key, no vendor cloud endpoint.
It writes a SQLite file in your repo's .roam/
directory. No network calls. No telemetry. No phone-home. No
model-training upload. No inbound network listener. This same
local-only stance is contractually committed in
DPA §6
(Security measures).
The engine is
Apache 2.0;
audit the source on
GitHub and
rebuild every release from the tagged commit.
Supply-chain integrity
- PyPI releases use OIDC Trusted Publishing (no long-lived API tokens) — see
.github/workflows/publish.yml - Each release is built reproducibly from a tagged commit
- Sigstore attestations are produced by the publish workflow (verifiable provenance)
- CycloneDX SBOM emitted on every release as a separate artifact (audit-grade dependency manifest)
- The repo enables Dependabot security updates + secret scanning + push-protection
For context on why this matters: in August 2025 a hosted code-review vendor was compromised through a CI/CD path — researchers achieved RCE plus write access to roughly one million repositories (archive). Roam's CLI is open source and runs entirely on your machine — that whole class of attack doesn't apply. The Sigstore + SBOM chain above lets you verify the wheel you install matches the tagged commit you can read.
Verify a release yourself
After installing from PyPI, you can confirm provenance with the Sigstore client. The wheel and its attestation are both fetched from the publish workflow's GitHub OIDC chain — no per-release keys to manage.
$ pip install sigstore $ pip download roam-code --no-deps -d /tmp/roam $ sigstore verify github \ --cert-identity-regexp 'https://github.com/Cranot/roam-code/.github/workflows/publish.yml@.*' \ --bundle /tmp/roam/roam_code-*.whl.publish.attestation \ /tmp/roam/roam_code-*.whl
SBOM (CycloneDX) and the workflow's GitHub Attestations view are linked from each GitHub release.
Audit-trail evidence
Roam itself emits in-toto v1 attestation statements and an
HMAC-chained run ledger on every analysis. Run
roam runs verify to confirm the ledger chain and
roam cga verify STATEMENT.json to confirm the
in-toto predicate before consuming the artefact in CI.
Optional cosign signing of bundles is
[TBD: cosign keyless signing of CGA bundles — currently
wired for PyPI release SBOMs (see Supply-chain integrity
above); same-pipeline extension to per-run bundles is
roadmapped].
Hosted services posture
- roam-code.com — static site on Cloudflare Pages. Strict CSP, HSTS preload, COOP+CORP, Permissions-Policy, X-Frame-Options DENY. No JavaScript except Cloudflare's email-obfuscation helper. No third-party analytics.
- Roam Cloud (when launched) — metrics-only ingestion. Source code is never uploaded.
- Roam Review (when launched) — PR diffs are processed ephemerally in our cloud. Private-deployment pilots are scoped by SOW when hosted processing is blocked by policy. Diffs discarded after analysis. Audit-trail metadata retained per the Privacy Policy.
Disclosure timing
We aim to remediate high-severity issues within 30 days, medium within 90 days, low at our next scheduled release. We'll coordinate any public disclosure with the reporter. Default public-disclosure window is 90 days from initial report; we may extend on request when more time is genuinely needed.
PGP / encrypted reports
Both hello@roam-code.com and security@roam-code.com
have OpenPGP keys auto-published by Proton. Look them up via:
- Proton public key server:
https://api.protonmail.ch/pks/lookup?op=get&search=security@roam-code.com - Or send any email and Proton attaches the public key in headers
(
Autocryptstandard).
Once you have the key, encrypt your report with PGP and send to security@roam-code.com. We'll decrypt and respond from the same address with the same key.
For the most current contact info, see our security.txt — it lists the encryption-key URL too.
Compliance posture
Evidence support, not certification. Roam maps to and supports evidence for the controls below; it does not certify, attest, or make a customer compliant. No current independent attestation against any of these frameworks. See the trust & compliance posture page for framework-by-framework status and roadmap candor.
- SOC 2 CC8.1 (change management) — Roam's tamper-evident audit-trail and proof bundles map to the change-management control; they supply evidence inputs an auditor would draw from, not the attestation itself.
- ISO/IEC 42001 (AI management system) — the AI management system standard published April 2024. Roam's structural-review records and in-toto attestations support clauses on documentation, monitoring, and operational controls for AI-generated artefacts.
- Internal AI-governance policies — most Series B-C companies are now writing internal policies covering AI-assisted code; Roam supplies the per-PR evidence those policies need to be auditable.
- EU AI Act — Article 12 (record-keeping) attaches only to providers of high-risk AI systems listed in Annex III. Code-generation tooling is not in Annex III, so most teams using Cursor/Claude Code/Codex have no direct Article 12 obligation. If your own product is a high-risk AI system (HR-tech, edtech, fintech credit-scoring, healthtech), Roam's review attestations are circumstantial evidence for the human-oversight obligation in Article 14 — not Article 12 logs themselves. Talk to your DPO or counsel.
- GDPR — see Privacy Policy for data-processing details + sub-processors, and templates/legal/dpa.md for the Article 28 processor agreement.
- SOC 2 / ISO/IEC 42001 / ISO 27001 — control mappings exist as evidence-support templates; standalone certification and packaged Self-Hosted controls are roadmapped, with no current independent attestation. See trust page framework status for current roadmap candor.
Procurement-trio companions: the trust & compliance posture page covers framework status and the procurement artifact set; the privacy policy covers data processing, retention, and sub-processors; this page is the operational security companion. The DPA, NDA template, security procurement packet, and master SOW are all public at templates/legal/.
Questions about this policy? security@roam-code.com.