v11.2.0 — AST Clone Detection + Debug Artifact Rules

What's New

roam clones — AST Structural Clone Detection

New command detects Type-2 clones (identical control flow, different identifiers/literals) via tree-sitter AST subtree hashing. Features:

• Jaccard similarity scoring on AST hash multisets
• Union-Find clustering for grouping similar functions
• Automated refactoring suggestions per cluster
• --threshold, --min-lines, --scope, --top options
• Full JSON envelope support + MCP tool (roam_clones)

More precise than the existing metric-based duplicates command — compares actual AST structures rather than code metrics.

9 Debug Artifact Rules (COR-560 through COR-568)

Detect leftover debugging statements via ast_match rules:

• Python: print(), breakpoint(), import pdb, pdb.set_trace()
• JavaScript/TypeScript: console.log(), debugger
• Java: System.out.println()

All rules auto-skip test files.

Stats

• 140 commands (was 139)
• 102 MCP tools (was 101)
• 27 languages

Install: pip install roam-code==11.2.0

v11.1.3 — PyPI release with SQL DDL support

Patch release: v11.1.2 was published to PyPI before the SQL extractor was added. This is the first PyPI version that includes SqlExtractor.

No code changes from v11.1.2 on GitHub — just the version bump so PyPI users get the full 27-language package.

Install / Upgrade:

pip install --upgrade roam-code

See v11.1.2 release notes for the full SQL + Scala feature list.

v11.1.2 — SQL + Scala Tier 1, 27 languages

What's New

SQL DDL promoted to Tier 1

Dedicated SqlExtractor for .sql files -- database-schema projects now get full value from roam.

Symbols extracted:

SQL Construct	Symbol Kind	Example
CREATE TABLE	class	CREATE TABLE users
Column	field	email VARCHAR(255) NOT NULL UNIQUE
CREATE VIEW	class	CREATE OR REPLACE VIEW active_users
CREATE FUNCTION	function	CREATE FUNCTION calc_tax(price DECIMAL) RETURNS DECIMAL
CREATE TRIGGER	function	CREATE TRIGGER update_ts BEFORE UPDATE ON users
CREATE SCHEMA	module	CREATE SCHEMA inventory
CREATE TYPE (ENUM)	type_alias	CREATE TYPE status AS ENUM (...)
CREATE SEQUENCE	variable	CREATE SEQUENCE order_seq
ALTER TABLE ADD COLUMN	field	New columns added to existing tables

Graph edges:

• Foreign keys (inline REFERENCES and CONSTRAINT ... FOREIGN KEY) produce references edges
• Views reference their source tables via call edges
• Triggers reference their watched table and executed function via call edges
• Indexes reference their target table

This means roam health, roam layers, roam impact, roam coupling, roam dead, roam fan, and all other graph commands now work on database schemas.

Scala promoted to Tier 1

Full dedicated ScalaExtractor with comprehensive support for:

• Classes (abstract, case, sealed), traits, objects (case objects)
• Functions/methods with return types, type parameters, and parameters
• val/var definitions, type aliases, package declarations
• Import resolution (single and grouped {A, B})
• Inheritance (extends + with trait mixins)
• Scaladoc extraction, visibility modifiers (private, protected)

MCP Registry

• server.json added for official MCP Registry submission (registry.modelcontextprotocol.io)
• Submission profiles prepared for 9 MCP directories

Counts

Surface	Count
CLI commands	139 canonical (142 total)
MCP tools	101
Languages	27 (16 dedicated Tier 1 extractors)
Tests	5,587 passing

Fixes

• CI: lazy import yaml in extractor_schema.py (PyYAML is optional)
• CI: TYPE_CHECKING guard for networkx import in cmd_visualize.py
• CI: skip language corpus tests when yaml/QueryCursor unavailable
• Stale Tier 2 references updated (Scala, SQL no longer generic-only)

---

Install / Upgrade:

pip install --upgrade roam-code

Full changelog: https://github.com/Cranot/roam-code/blob/main/CHANGELOG.md

v11.1.1 — Command audit, bug fixes, repo cleanup

What's Changed

Fixed

• roam algo: list-prepend detector SQL missing calls_in_loops columns, causing false positives
• roam intent --undocumented: wrong DB table reference
• roam rules --ci: use EXIT_GATE_FAILURE=5 instead of exit code 1
• roam fan: incorrect verdict labels
• roam coupling: missing VERDICT line
• roam visualize: lazy-load import fix
• cmd_report.py: stale snapshot/trend command references
• cmd_missing_index.py: re.compile hoisted from loop to module level
• CODEOWNERS @-prefix handling fix in suggest-reviewers
• CI: skip tests that depend on internal files not available in CI

Removed

• cmd_trend.py, cmd_snapshot.py, cmd_digest.py, cmd_onboard.py — consolidated into cmd_trends.py and cmd_understand.py
• 15 unused variables across 12 source files (ruff F841 sweep)
• Internal docs removed from public repo (backlog, competitive analysis, fork intel)
• Benchmark workspace artifacts (367 files) moved out of public tracking

Added

• codeowners_helpers.py — shared CODEOWNERS parsing
• graph/stats.py — shared graph statistics helper
• ~30 new test files (~700+ tests)
• All command docstrings updated with cross-references
• Token budget added to ~15 commands that were missing it

Full Changelog: v11.1.0...v11.1.1

v11.1.0 — Inter-procedural taint analysis, 1001 community rules

What's New

Inter-Procedural Taint Analysis

• New src/roam/analysis/taint.py engine: per-function taint summaries, cross-function propagation up to 5 hops, source/sink/sanitizer detection
• New DB tables (taint_summaries, taint_findings) populated during indexing

Dataflow-Enhanced Dead Code Detection

• roam dead --dataflow flag: detects unused return values, dead parameter chains, and side-effect-only functions with confidence scores

Rules Engine — Inter-Procedural Dataflow

• dataflow_match rules now support cross-function patterns with max_chain_length, min_confidence, and sanitizers keys

Community Rule Pack: 602 → 1001 YAML Rules

• +206 security: SQL injection, command injection, path traversal, weak crypto, hardcoded secrets, SSRF, deserialization, XXE, TLS misconfig, JWT bypass, XSS, CORS, CSRF — across Python, JS, TS, Java, Go, Rust, C#, PHP, Ruby
• +115 correctness: empty catch, mutable defaults, null deref, unused imports, resource leaks, loose equality
• +66 performance: string concat in loops, regex compile in loops, N+1 queries, sync I/O in async, unbounded collections
• +30 architecture: hexagonal boundary violations, DI anti-patterns, framework coupling, circular dependencies
• +30 dataflow: cross-function SQLi, CMDi, path traversal, XSS, SSRF, deserialization

Competitive Score: 84 → 88/100

• Static analysis: +3 (inter-procedural taint)
• Security & governance: +1 (rule expansion)

Install / Upgrade

pip install --upgrade roam-code
pip install --upgrade "roam-code[mcp]"

Full changelog: v11.0.0...v11.1.0

v11.0.0 — 137 commands, 101 MCP tools, 26 languages

What's New in v11

MCP v2 for Agent-First Workflows

• In-process MCP execution removes per-call subprocess overhead
• 4 compound operations (roam_explore, roam_prepare_change, roam_review_change, roam_diagnose_issue) reduce multi-step agent workflows to single calls
• Preset-based tool surfacing (core, review, refactor, debug, architecture, full)
• MCP token overhead dropped from ~36K to <3K tokens (~92% reduction)

Performance

• FTS5/BM25 search: ~1000x faster symbol lookup
• O(changed) incremental indexing
• DB optimizations across the board

40+ New Commands

Architecture governance, multi-agent orchestration, vulnerability mapping, runtime analysis, algorithm anti-pattern detection, and more.

Highlights

• 137 CLI commands (136 canonical + 1 legacy alias)
• 101 MCP tools with structured schemas
• 26 Tier 1 languages
• Rules engine: 602 rules (48 built-in + 554 community YAML)
• Architecture guardian with CI workflow
• ONNX semantic search backend (optional)
• Documentation site (docs/site/)
• Agent benchmark harness (benchmarks/)

Install / Upgrade

pip install --upgrade roam-code
pip install --upgrade "roam-code[mcp]"    # with MCP server
pip install --upgrade "roam-code[semantic]" # with ONNX search

Full changelog: v9.1.0...v11.0.0

v9.1.0 — Documentation polish, algorithm catalog visibility

Changes

• README overhaul — new headline featuring algorithm anti-pattern detection alongside semantic graph and architecture health
• Algorithm catalog visibility — added to "Best for", "Why use Roam", pipeline diagram, graph algorithms reference, and MCP tool list
• Fixed doc inconsistencies — MCP tool count (19 → 20), command count (57 → 56), synced test count (1847)
• Fixed license field — resolved setuptools deprecation warning
• Updated GitHub repo description to reflect current capabilities

No code changes — documentation and metadata only. The publish.yml workflow will publish to PyPI.

v9.0.0 — Algorithm Catalog, Math Command, Command Decomposition

What's New

• Algorithm catalog — 23 universal tasks with ranked solution approaches (src/roam/catalog/tasks.py)
• Anti-pattern detectors — query DB signals to find suboptimal implementations (src/roam/catalog/detectors.py)
• roam math command — new CLI command + MCP tool exposing catalog insights
• Expanded cognitive complexity metrics

Refactoring

• Decomposed large command functions (clusters, dead, describe, impact, layers, understand, why, module) into focused helpers
• Refactored indexer pipeline into smaller methods
• Cleaned up language extractors (Python type alias refs, except handler dedup, C#/FoxPro/JS/PHP/generic improvements)

Fixes

• Fixed churn percentile calculation to use linear interpolation
• License field format in pyproject.toml

v8.2.0

v8.2.0

Self-analysis driven improvements: ran roam on itself, fixed every discrepancy and false positive it surfaced.

Bug Fixes

• Fixed dead export count discrepancy — understand vs dead --summary now consistent (test-file filtering)
• Fixed alerts health score mismatch — replaced penalty formula with weighted geometric mean matching cmd_health.py
• Fixed patterns command self-detection — added _is_test_or_detector_path() filter
• Fixed middleware false positives — removed %Handler and %Filter from middleware SQL

Improved Analysis

• Smarter health scoring — dev/, tests/, scripts/, benchmark/ classified as non-production utilities
• Python extractor: with-statement references — context managers now produce call edges
• Python extractor: raise references — raise ValueError(...) now produces call edges
• Python extractor: except clause references — except CustomError as e: now produces type_ref edges

Dead Code Removal

• Removed 5 unused functions (~200 lines): condense_cycles, layer_balance, find_path, build_reverse_adj, get_symbol_blame

Testing

• 1729 tests across 30 test files (up from 1691/29)
• New: test_v82_features.py (38 tests)

v8.1.1 — Deep Python Extractor Improvements

Python Extractor

• Instance attribute extraction — self.x = value assignments in __init__ now produce property symbols. Detects self-name from first parameter (Pyan-inspired, not hardcoded to self). Recurses into if/try/with blocks. Deduplicates with class-level properties.
• Assignment type annotation references — Class fields (path: Path), module variables (cache: Dict[str, Config]), and instance attributes with type annotations now create type_ref edges.
• Forward reference support — String annotations like Optional["Config"] and "module.ClassName" now produce type_ref edges.

Testing

• 1691 tests across 29 test files (up from 1664 across 28)
• New test file: test_python_extractor_v2.py (27 tests)

---

pip install --upgrade roam-code