roam-code
The local codebase intelligence layer that lets AI coding agents earn the right to change code — and prove they did.
Credential-free · 100% local by default (opt-in metrics-push is the only outbound surface) · tamper-evident ChangeEvidence packets · Apache 2.0 · runs entirely on your machine
241 commands · 227 MCP tools (57 in the default core preset) · 28 languages
Why Roam is different
Cursor, Cody, Aider, and Windsurf are human-first IDE surfaces that log a session. Roam is an agent-first CLI surface that gates the change and emits proof. Four properties no competitor combines today:
- Credential-free. No account, no API key, no cloud login.
pip installand run. - 100% local by default. Source code never leaves the machine; air-gapped repos work like cloud repos. The single outbound surface (
roam metrics-push) is opt-in, summary-only, and prints its exact payload under--dry-run. - Tamper-evident
ChangeEvidencepackets. Each AI-assisted change compiles into one portable packet — HMAC-chained run ledger + signed Code Graph Attestation + signed PR bundle — answering eight questions: who acted, what authority existed, what context was read, what changed, what could break, what policy applied, what verified it, who accepted risk. PR Replay answers 7 of 8 today; the remaining approvals question surfaces asproducer_not_available, never silently dropped. Cursor logs the run; Roam proves the change. - MCP runtime security at the wrapper boundary. Every MCP response is scrubbed for secrets on egress, gated against the active mode (
read_only/safe_edit/migration/autonomous_pr) with a closed-enumpolicy_decision, and each decision receipt is HMAC-linked into the signed run ledger. Inside-server controls; the gateway layer (Interlock / Lasso / Portkey) composes on top — seedev/MCP-SECURITY-POSTURE.md.
Underneath sits a SQLite-backed graph of symbols, calls, imports, layers, git history, runtime traces, smells, clones, security flows, and algorithmic patterns across 28 languages — the same local facts queried before, during, and after a change.
Dependency-aware, not string-based. Roam knows Flask has 47 dependents and 31 affected tests; grep knows it appears 847 times. One command replaces 5-10 tool calls — <0.5s per query, plain-ASCII output, --json and --sarif envelopes for agents and CI.
| | Without Roam | With Roam | |--|-------------|-----------| | Tool calls | 8 | 1 | | Wall time | ~11s | <0.5s | | Tokens consumed | ~15,000 | ~3,000 |
Illustrative — a typical agent workflow on a 200-file Python project (Flask). Reproducible smoke transcript in docs/fresh-install-smoke.md; full indexing-rate harness in benchmarks/. Exact numbers vary with repo size, agent prompt, and model.
Install + first four commands
Ten minutes from pip install to a verdict on whether your next edit is safe.
pip install "roam-code[mcp]" # 1. install with MCP server for Claude Code / Cursor / Continue
cd /path/to/your/repo
roam init # 2. index the repo into .roam/index.db (one-time, ~30s on most repos)
roam health # 3. composite 0-100 score: complexity, cycles, dark-matter coupling, dead code
roam preflight <symbol> # 4. blast radius + tests + complexity + architecture rules before you edit
Python 3.10+. pipx install roam-code and uv tool install roam-code work too. Drop [mcp] for CLI-only. See docs/fresh-install-smoke.md for a verbatim transcript of these four commands against a clean venv.
Step 4 is the payoff — roam preflight on a hot symbol returns a verdict before you touch it:
$ roam preflight open_db
VERDICT: Significant risk — CRITICAL, 1847 symbols in blast radius
Pre-flight check for `open_db (src/roam/db/connection.py:799)`:
Blast radius: 1847 symbols in 382 files [CRITICAL]
Affected tests: 617 direct, 962 transitive [OK]
Complexity: cc=30, nest=4 [CRITICAL]
Coupling: 2 files often change together [MEDIUM]
Conventions: no violations [OK]
Overall risk: CRITICAL
Risk driver: complexity (cc=30, CRITICAL)
An agent sees the blast radius before it edits — not after the tests fail.
pipx install roam-code # isolated environment (recommended)
uv tool install roam-code # uv-managed tool
pip install git+https://github.com/Cranot/roam-code.git # from source
# Docker (alpine-based)
docker build -t roam-code .
docker run --rm -v "$PWD:/workspace" roam-code index
docker run --rm -v "$PWD:/workspace" roam-code health
Works on Linux, macOS, and Windows. Windows: if roam is not found after installing with uv, run uv tool update-shell and restart your terminal.
What's New
v13.4 (released 2026-05-21) — Perf wave + Pattern-1 stabilisation + assurance hardening. Major detector speed-ups (clones 43.8s → 13.1s, intent 66s → 12s, doc-staleness 93s → 19s, sbom 30s → 9s — all byte-identical output), 17 commands now emit isError/status on error envelopes + 11 commands route their argless --json path through a proper envelope (Pattern-1C drift-guards added), a persisted per-snapshot spectral gap powering a real roam forecast failure budget, MCP prompt-injection marker scan on tool-call egress, release supply-chain hardening (PEP 740 attestations, tag-bound artifacts), and large false-positive cuts in feature-envy / shotgun-surgery / god-components. Full diff in CHANGELOG.md.
v13.3 (released 2026-05-19) — MCP runtime security + UX polish
- Egress secret-redaction at the MCP wrapper boundary, 4-mode
policy_decisionenforcement with shadow-mode (ROAM_MODE_DRY_RUN), HMAC-linkedMcpDecisionReceipt+receipt_integrityverdict onroam runs verify. - 3 new persisting detectors (
boundary,test-hermeticity,compatibility),roam doctoradvisory-vs-blocking split, and--jsonwarnings-channel discipline.
v13.2 (released 2026-05-16) — Evidence freshness + resolution disclosure
- Canonical unresolved-path envelopes across
impact/preflight/trace/test-map/context/safe-delete/split/why— one explicit "not found" shape in JSON mode. - Evidence freshness stamped at the producer. Runs record hashes for
.roam-rules.yml,.roam/constitution.yml,.roam/control-map.yml. - PR Replay evidence coverage improved. Replay path answers 7 of the 8 evidence questions completely; remaining approvals question marked
producer_not_availableinstead of silently omitted.
v13.1 (released 2026-05-15) — Pattern-2 propagation + shared YAML helper + 3 flagship silent-fallback seals
- 3 flagship silent-fallback seals.
cmd_taint,cmd_health,cmd_doctornow emitstate="empty_corpus"+partial_success=Trueon unanalyzed repos instead of falseHealthy 100/100/No taint findings/all checks passedverdicts. - Shared YAML config-loader helper (
load_yaml_with_warnings). 5 of 7 surveyed loaders migrated; ~125 LOC removed. - 5 new live smell detectors.
type-switch,speculative-generality,empty-catch,cross-layer-clone,parallel-hierarchy—roam smellsnow ships 24 deterministic detectors. - 30+ behavioral Pattern-2 fixes + empty-corpus smoke sweep across 25+ detectors.
v13.0 (released 2026-05-13) — Agent-OS substrate + Laravel idioms + Vue SFC
- Agent-OS control plane. Repo-local substrates under
.roam/: constitution, HMAC-chained run ledger, multi-agent leases, portable agent memory, 4 cumulative modes (read_only→safe_edit→migration→autonomous_pr). - World-model classifiers (R28).
roam side-effects,roam idempotency,roam causal-graph,roam tx-boundaries. - Laravel dynamic-dispatch idioms. 7 of 8 implicit-edge idioms (Route closures, Eloquent scopes, Policy resolution, Observer registration, Job/Queue/Artisan dispatch).
- Vue SFC import graph.
.vuetemplate/script/style blocks parsed; component registrations resolved across the SFC boundary. - ~20 new CLI commands (
brief,next,mode,constitution,laws,memory,lease,runs,replay,agent-score,agents-md, …) and schema bump (USER_VERSION 12 → 13).
Full release notes in CHANGELOG.md.
Best for
- Agent-assisted coding — structured answers that cut tokens vs raw file exploration
- Large codebases (100+ files) — graph queries beat linear search at scale
- Architecture governance — health scores, CI quality gates, budget enforceme