Code Audit
Code Audit shows line-level evidence for work routed through MergeLoom.
It is designed for engineering teams that need to understand which repositories, files, tickets, and runs produced AI-written code.
Where Code Audit Lives
Section titled “Where Code Audit Lives”| Execution mode | Where to open Code Audit |
|---|---|
| Cloud Hosted | Customer controller, Audit, Code Audit tab |
| Self Hosted | Local worker UI, /audit/code |
For Self Hosted, Code Audit evidence is worker-owned and stays with the local worker gateway.
Repository View
Section titled “Repository View”The repository view shows:
- repository name and provider
- default branch
- total repository LOC, when available
- current MergeLoom-written lines
- touched lines
- pending evidence
- failed evidence
Total LOC means the approximate line count for the whole repository snapshot that was inspected. Current lines and Touched lines are about MergeLoom evidence, not the whole repository.
File Diff View
Section titled “File Diff View”Open a repository to see file-level evidence.
The diff view is intended to feel familiar to engineers:
- files are grouped and collapsible
- removed lines are shown as removals
- added lines are shown as additions
- toggles let you switch between all changes and new lines only
- each tracked line has evidence metadata
Use the line evidence marker to see:
- ticket ID
- workspace user
- date/time
- PR or MR link when available
- audit status
Depending on the view and plan, job/run identifiers may appear elsewhere in Ticket Audit or the job detail page rather than inside the line marker itself.
Common audit statuses include:
| Status | Meaning |
|---|---|
| Current | The line is still present and attributed to a MergeLoom run. |
| Moved | The line appears to have moved after the original PR/MR. |
| Deleted | The line is no longer present. |
| Superseded | Later changes replaced or superseded the original evidence. |
| Unknown | MergeLoom cannot confidently reconcile the current line state. |
| Waiting for local workspace | Reconciliation needs the Self Hosted worker workspace or local evidence before it can finish. |
What Code Audit Is Good For
Section titled “What Code Audit Is Good For”Use Code Audit to answer:
- what did MergeLoom write?
- which ticket caused this line?
- did a human change the code after MergeLoom published the PR or MR?
- which repository areas are being touched most often?
- is AI-written code concentrated in one module or spread across many?
What Code Audit Is Not
Section titled “What Code Audit Is Not”Code Audit is not a replacement for Git history or code review.
Use your code host for review, approval, blame, and merge decisions. Use MergeLoom Code Audit to connect AI-written code back to the workflow, ticket, run, and audit trail that produced it.
Retention
Section titled “Retention”Retention depends on execution mode and plan.
Cloud Hosted retention is managed through the cloud workspace plan.
Self Hosted retention is managed by the worker gateway and local worker data store. If you operate the worker, back up the worker data volume if audit evidence must survive host replacement.
Set an explicit retention policy for regulated environments instead of relying on the default worker retention settings.