Skip to main content

Git Metadata

Git metadata records the repository state behind a context bundle. It helps you explain exactly what code version the bundle came from.

What it does

PastePrompt can read local Git metadata from the selected repository and include it in the app UI or generated bundle. Depending on repository state and configuration, metadata can include:

  • Current branch.
  • Current commit hash.
  • Dirty working-tree state.
  • Untracked or modified-file indicators.
  • Base and head refs when using Git diff mode.
  • Context hash or snapshot hash when supported.

PastePrompt reads this information locally. It does not need to upload repository metadata to provide Git context.

Why it matters

Security reviews are only useful when the reviewed code version is clear. A bundle without Git state can be hard to reproduce later, especially during sponsor fixes, retests, and report disputes.

Git metadata helps you:

  • Tie LLM context to a commit.
  • Notice when the working tree has uncommitted changes.
  • Compare sponsor fixes against the original review base.
  • Rebuild a context bundle from a known state.
  • Record audit evidence without relying on memory.

How to use it

  1. Select a Git repository.
  2. Check the current branch and commit in PastePrompt.
  3. Review whether the working tree is clean or dirty.
  4. Decide whether to include Git metadata in the generated bundle.
  5. If the working tree is dirty, decide whether that is intentional.
  6. Generate the bundle and keep the metadata with your audit notes.

How metadata appears in bundles

A bundle may include a metadata section similar to:

## Git Metadata

- repository: client-app-review
- branch: sponsor-fix-2
- commit: a1b2c3d4
- dirty: true
- base_ref: audit-base
- head_ref: sponsor-fix-2

The exact fields depend on the repository and enabled workflow.

Example workflow

  1. Open the repository on branch sponsor-fix-2.
  2. Confirm the current commit matches the sponsor-provided revision.
  3. Notice the working tree is dirty because you added local notes.
  4. Remove unrelated local changes or keep a note that the bundle includes dirty state.
  5. Generate a sponsor fix review bundle with Git metadata included.

Limitations

  • Git metadata is unavailable outside Git repositories.
  • Dirty-state detection can show local changes that are unrelated to the selected files.
  • Untracked files may matter even when they are not selected.
  • Metadata does not replace a committed tag, branch policy, or external audit handoff process.
  • Git metadata helps reproducibility, but it does not prove that exported source contents were not edited after generation unless a snapshot/hash workflow is used.