For teams using Cursor, Claude Code, and Copilot

Your AI writes the code.
Roam tells you what else it broke.

Free open-source CLI that maps every function, file, and dependency in your codebase. Plus a PR bot, a dashboard, and a self-hosted option for teams that need them.

Install the free CLI See what's in it

Apache 2.0 · Runs entirely on your machine · 27 languages · No telemetry, no API keys

What's in the free CLI

Install once. Works on any Git repo. Indexes 100k LOC in seconds. Asks the same questions a senior engineer would, before you merge.

190CLI commands
136MCP tools for AI agents
27languages
2,489+community rules
54code-quality checks
0 KBdata sent anywhere

pip install roam-code && roam init

Five verbs cover most of what you'll do day-to-day: understand, retrieve, context, preflight, critique. The other 185 commands are there when you need them.

PocketOS: the production database and three months of backups, gone in nine seconds. Thirty-hour outage. The AI agent was confident. The Register, April 2026

Amazon, March 2026: 6.3 million orders lost in a single outage traced to AI-assisted code. SVP Treadwell now requires senior-engineer signoff on every agent-generated change. — per CNBC, March 2026

Faros AI 2026 (22,000 developers): teams adopting AI saw bugs per developer rise +54% and incidents per PR rise +242.7%. Speed went up. So did the cleanup. Faros AI, 2026 telemetry analysis

For teams: three paid options

The free CLI is the engine. These are the places teams pay so the engine runs in the right places — on every PR, in a shared dashboard, or inside your own network.

Roam Review

A second opinion on every pull request.

  • Plain verdict on every PR: BLOCK, REVIEW, or APPROVE
  • Lists everything else the change touches — callers, tests, runtime hot spots
  • Catches when AI copied a function and only updated one of the copies
  • Inline severity, confidence score, and a one-click suggested fix
  • /roam re-review and /roam explain <file> slash commands
  • Two-click install from GitHub Marketplace
$25/dev/mo Annual · Free for open-source forever · 14-day Pro+ trial
Get early access

Roam Cloud

A dashboard for your code health over time. We never see your source.

  • Health, debt, and complexity tracked across every commit
  • Per-team and per-repo trend charts
  • One audit log across Cursor, Copilot, Claude Code, and Codex
  • Article 12 audit-trail browser (paid tiers)
  • Stripe self-serve, no sales call
$19/repo/mo $99/mo Team (10 repos) · $299/mo Growth · 30-day money back
Get early access

Roam Self-Hosted

Roam running entirely inside your network.

  • The full Roam stack — Review, Cloud, Audit Trail — in your cluster
  • SSO/SAML, audit logs, custom rules
  • Maps cleanly to ISO 42001 and SOC 2 controls
  • EU AI Act Article 12 conformity pack included
  • SLA, dedicated support, conformity-assessment-ready
from $15K/yr $25K Business · $50K-$100K Enterprise · for regulated buyers
Book a 30-min call
Apache 2.0 Free forever. GitHub · PyPI
The CLI never phones home No telemetry, no analytics, no API keys. After the August 2025 CodeRabbit RCE, that's not a feature — it's the floor.
27 languages Python · TypeScript · PHP · Go · Rust · Java · C# · Kotlin · Scala · SQL · 17 more
54 code-quality checks Every finding shows you exactly the patterns it matched.

Common questions

How is Roam different from CodeRabbit, Greptile, or Qodo?

They review what the code does — semantics. Roam reviews what the code touches — structure: callers, layers, dependency cycles, copy-paste duplicates. Different layer, different findings. Most teams keep their existing reviewer and add Roam alongside it.

Two extras most teams care about: (1) the CLI runs entirely on your machine — no PR diff is uploaded anywhere from local use, and (2) every analysis emits an EU AI Act Article 12 audit-trail entry.

Will the CLI stay free?

Yes. Forever. Apache 2.0. Free for individuals, teams, and companies of any size. We charge for the hosted PR bot, the dashboard, and the self-hosted bundle — not the local engine.

What does "EU AI Act Article 12 audit-trail support" mean?

Article 12 of the EU AI Act (text here) takes effect August 2, 2026 for high-risk AI systems. It requires automatic event logging built into the system, with penalties up to €15M or 3% of global turnover.

Roam emits in-toto attestations and a chained audit-trail JSONL file on every analysis. We give you the evidence a conformity assessment will ask for. Your own conformity assessment is still on you. Run roam article-12-check on your repo for a one-page readiness assessment.

Does any of my source code leave my machine?

From the CLI: no. It runs locally and only writes a SQLite file inside your repo's .roam/ directory.

From Roam Cloud: metrics only — health scores, complexity numbers, dependency counts. Never source code.

From Roam Review: the PR diff is processed in our cloud (or yours, if you self-host). Same scope as any other PR-bot product. The CodeRabbit August 2025 RCE (Kudelski writeup) is a useful reminder: ask any PR-bot vendor what's in their threat model.

Want us to roll this out for you?

Our AI Agent Readiness Audit walks your team through Roam adoption, threat-modelling for AI-assisted changes, and EU AI Act Article 12 readiness. Three tiers ($1.8K / $4.5K / $12K) depending on team size and depth. Email hello@roam-code.com.