Local codebase intelligence CLI and MCP server for AI coding agents with change-safety gates and audit evidence.
roam-code is easy to set up with strong trust signals. Check agent compatibility and use-case fit before adding it to your workflow.
gh repo view Cranot/roam-code --webOpen the official README and confirm the supported install method.
Add the server entry to your MCP client config.
Restart your agent and verify that the server tools appear.
Roam is a tool that helps AI coding agents understand your codebase before making changes. It builds a local graph of your code's symbols, calls, and dependencies, and provides commands to query this graph. It also generates tamper-evident evidence packets that prove what changes were made and why, ensuring accountability.
Roam is a credential-free, 100% local codebase intelligence layer designed for AI coding agents. It combines a CLI with 241 commands and an MCP server with 227 tools (57 in the default core preset) to provide deep code understanding across 28 languages. Roam builds a SQLite-backed graph of symbols, calls, imports, layers, git history, runtime traces, smells, clones, security flows, and algorithmic patterns. It introduces change-safety gates that enforce policies (read-only, safe-edit, migration, autonomous PR) and generates tamper-evident ChangeEvidence packets that answer eight questions about who acted, what authority existed, what context was read, what changed, what could break, what policy applied, what verified it, and who accepted risk. Roam is dependency-aware, not string-based, and can replace 5-10 tool calls with a single command that completes in under 0.5 seconds. It is designed for agent-first workflows and integrates with MCP-compatible clients like Claude Code, Cursor, and Windsurf.
Strong trust signals; still review the README and permissions before production use.
Last commit was about 3 days ago.
470 GitHub stars indicate community interest.
2 open issues signal maintenance load.
Apache-2.0 license detected.
AI coding agents can query code dependencies and impact analysis before making changes.
Developers can audit AI-assisted changes with tamper-evident evidence packets.
CI/CD pipelines can enforce change-safety policies and verify code integrity.
Code review can be automated with dependency-aware analysis and risk assessment.
Local-first development without cloud dependencies or API keys.
100% local by default; source code never leaves the machine.
Opt-in metrics-push is the only outbound surface and prints payload under --dry-run.
MCP responses are scrubbed for secrets on egress.
470
Stars
47
Forks
2
Issues
Apache-2.0
License
An offline MCP server that indexes your codebase for semantic search, code search, and git history retrieval.
Official MCP reference servers from Anthropic. Includes servers for filesystem, GitHub, Postgres, Slack, and more.
An MCP server that transforms large codebases into searchable, hierarchical feature graphs using RAG, AST, and spectral clustering.
3 security/trust notes recorded.
Setup difficulty is 2/5.