About

What Roam is for

AI coding agents — Claude Code, Cursor, Codex, Copilot — write code that compiles and passes the tests, but breaks something else. The "something else" is what we built Roam to surface before a human sees the PR. Roam reads what your code touches — callers, dependency cycles, layer violations, copy-paste duplicates, blast radius — not just what it does.

Existing reviewers (CodeRabbit, Greptile, Qodo) operate on the diff as text. Roam operates on the diff as a graph mutation. Different layer, different bugs. Most teams want both signals.

Why now

2025–2026 changed how teams ship code. Senior engineers stopped being the only people writing PRs; agents started shipping them too. The tooling kept up on the generate side and not on the verify side. We saw the bills come in:

• PocketOS — production database + 3 months of backups gone in 9 seconds. The agent was confident.
• Amazon — 6.3M lost orders in a single AI-related outage; SVP Treadwell now requires senior signoff on every agent change.
• Faros AI 2026 telemetry — bugs/dev up 54%, incidents/PR up 242.7% on AI-adopting teams.

Roam is the missing audit layer. It runs locally (the engine is Apache 2.0, free forever) and ships paid layers — Review (PR bot), Cloud (dashboard), Self-Hosted (your network) — on top when teams need them.

Who built it

Roam is built by Dimitris (handle: Cranot), a sole-trader operating from Athens, Greece. Solo founder; the company structure is a Greek atomiki epicheirisi (sole proprietorship). Customer-funded, no external investors. No exit plan beyond "build something useful and stay independent."

Find me on GitHub, or email [email protected].

What we believe

• Code stays on your machine by default. The CLI does not phone home. No telemetry, no analytics, no "anonymous usage data." If you want a dashboard or PR bot, you opt in by paying — and we still don't take your source code.
• Verifiable claims beat marketing copy. Every analysis Roam runs writes a tamper-evident audit-trail file plus signed records (in-toto v1, verifiable with cosign). When the EU AI Act Article 12 deadline hits in August 2026, you'll have the evidence. We don't ask you to trust us; we give you the receipts.
• Open source is the default for the engine. Apache 2.0. Fork it, audit it, ship a competitor. The CLI will stay free forever — we make money from the hosted layers, not from gatekeeping the engine.
• Privacy isn't a feature; it's the floor. Zero cookies, zero tracking, zero analytics on this site (see the receipt). After the August 2025 CodeRabbit RCE that leaked write access to ~1M repos, "we don't store your code" stopped being a differentiator and became the minimum bar.
• EU is home, not a market. Built in Athens. Made in the EU. GDPR-native. The EU AI Act is the regulation we'll feel first; we'd rather build for it than retrofit later.

Funding model

Roam is customer-funded. The free CLI exists because it earns the right to charge for the hosted layers — once teams trust the engine, they pay to run it on every PR (Review), in a shared dashboard (Cloud), or inside their network (Self-Hosted). No VC, no acquisition track. The company stays small enough to answer email personally.

Roadmap

See the changelog for what's shipped. Near-term: GitHub App MVP for Roam Review, Cloud dashboard scaffold, expanded language support (Dart for Flutter, cross-language bridges for GraphQL). Each ships when it ships. We don't pre-announce roadmap items because plans are guesses until they're code.

Where to find us

• Site: roam-code.com
• Docs: cranot.github.io/roam-code
• GitHub: github.com/Cranot/roam-code
• PyPI: pypi.org/project/roam-code
• Email: [email protected]
• Security disclosures: [email protected] (see policy)

Want to write about Roam? See the press kit for logos and screenshots.