Skip to main content

Local-First Model

PastePrompt is designed to operate as a local-first macOS app. The core workflow reads source code from a repository on your Mac, builds a context bundle locally, runs local checks, and then lets you decide whether to copy or export that bundle.

This model reduces the need to upload entire repositories into web tools just to prepare LLM context. It does not remove every risk. Once you copy, export, paste, attach, sync, email, or otherwise share a generated bundle, that content is outside PastePrompt's local boundary.

What runs locally

The PastePrompt app is responsible for local repository workflows:

  • Selecting a repository from the macOS filesystem.
  • Scanning the local file tree.
  • Applying .gitignore and .pastepromptignore rules.
  • Searching paths and filenames.
  • Previewing readable source files.
  • Estimating token counts.
  • Reading local Git metadata and diffs.
  • Selecting related files from the local file tree.
  • Applying prompt templates.
  • Generating XML-like or Markdown context bundles.
  • Running the secret scanner before copy or export when scanner mode is enabled.
  • Exporting Markdown files to a user-selected local path.

These actions should not require uploading source code to a PastePrompt backend.

What PastePrompt reads

PastePrompt reads files from the repository folder you select. The selected repository root is the main boundary for filesystem access. The app should canonicalize and validate paths before reading files, opening files in an editor, or exporting generated bundles.

By default, PastePrompt should respect:

  • .gitignore for repository-level ignored files.
  • .pastepromptignore for PastePrompt-specific exclusions.
  • macOS file permissions.
  • explicit warnings for unreadable files, binary files, very large files, symlinks, and nested repositories.

See File system access for details.

What leaves your Mac

PastePrompt does not upload source code as part of the local context-building workflow. Source code can leave your Mac when you take an explicit action such as:

  1. Copying a generated bundle to the clipboard.
  2. Exporting a Markdown bundle and saving, syncing, emailing, or uploading it.
  3. Pasting or attaching a bundle into ChatGPT, Claude, Codex, Cursor, Gemini, a local model UI, or another LLM tool.
  4. Sharing screenshots, prompts, reports, or notes that include source content.

After you paste or upload a bundle into another tool, that tool's privacy, retention, logging, and access policies apply.

What may be stored locally

PastePrompt may store local application data so repeated workflows are usable:

  • App settings.
  • Workspace references and presets.
  • Selected paths and repository-specific options.
  • Prompt templates.
  • Prompt history metadata.
  • Generated output summaries or hashes.
  • License metadata.
  • Release or update preferences when configured.

This data should be stored locally by the app and should not require a cloud account for V1.

What is not stored by default

PastePrompt should avoid storing full source contents in prompt history by default. Prompt history should prefer references, metadata, selections, template names, generated output summaries, timestamps, and hashes instead of full file contents.

PastePrompt should also avoid storing raw secret values from scanner findings as persistent app data by default. Scanner warnings should be treated as review-time signals. If you export a bundle that still contains a secret, the exported file itself contains that secret and must be handled accordingly.

If a future setting allows saving full generated bundles or full source contents in history, it should be explicit because it changes local storage risk.

Optional external interactions

Some workflows can involve external systems even though repository analysis is local:

  • License and checkout links: paid plan purchase, license download, invoices, or support may open external websites. These flows should be separate from source-code processing.
  • Update checks: if configured, an update check may contact a release manifest or release server for version metadata. It should not need repository contents or generated bundles.
  • External editor opening: opening a file in VS Code, Cursor, Finder, or the system default app launches local tools using local paths.
  • LLM tools: ChatGPT, Claude, Codex, Cursor, Gemini, and other tools receive source content only after you copy, export, paste, attach, or otherwise share a generated bundle.

Practical secure use

  1. Keep selections narrow.
  2. Use .pastepromptignore for local exclusions that should not enter LLM context.
  3. Review the generated bundle preview before sharing.
  4. Run the secret scanner and inspect every warning.
  5. Use trusted LLM providers and accounts appropriate for the repository sensitivity.
  6. Treat exported bundles as sensitive source-code artifacts.