How Romp Works — J&G Studios

It watches everything.

Every file change. Every open port. Every login attempt. Every config edit. Romp sees it all and runs it through a proprietary AI trained to recognize what doesn't belong. It doesn't sleep. It doesn't take breaks. It doesn't forget to check.

Cyber Guard Dog + Red Otter + Yellow Otter + Orange Otter

It fights back.

When Romp finds a vulnerability, it doesn't just write a report. It generates a working patch. It tests whether the hole is actually exploitable. It hardens your config so it doesn't happen again. Then it keeps watching.

Black Otter + Grey Otter + Blue Otter + Green Otter

Nothing leaves.

The AI runs on your machine. Your code never gets uploaded. Your logs never leave your building. No cloud. No API keys. No vendor that can get breached and take your data with them. What's yours stays yours.

Air-gapped — zero exfiltration risk

Any machine. Anywhere.

That old desktop in the closet. A $50 GPU from a thrift store. A rack server. A laptop. If it has a CPU from the last decade and 4GB of RAM, it runs Romp. No enterprise hardware required. No GPU required. Just plug it in and let it work.

CPU-only capable — GPU optional

Implements CIS benchmarks (DoD standard), FISMA-required DAST scanning, and NIST 800-137 continuous monitoring. Air-gapped with zero cloud dependency — more aligned with classified network requirements than CrowdStrike.

Zero trust. Zero cloud. Zero exfiltration risk.

Under the Hood

Romp Core — the platform library.

Unified command executor — hardened spawn() wrapper with timeouts across all modules
Alert bus — fire-and-forget HTTP dispatch to White Otter with graceful degradation, plus external webhook delivery (Slack, Discord, or any URL)
Health endpoint — every module exposes /api/health automatically
Input validation — domain, IP, URL, port validation + shell argument sanitization
Local AI model — fine-tuned 1.5B parameter model served via Ollama, powers remediation, threat analysis, and interactive chat
Persistent store — JSON file-backed key-value storage with sync writes, survives restarts
Continuous monitoring — 4 background checks (file integrity, port watch, log threats, hardening drift) running 24/7
Security reports — full assessment combining data from all modules into one structured report via CLI or API
Offline license validation — HMAC-based key verification, no phone-home
Structured logging — JSON-line output with timestamp, module, severity