How Archestra Stopped AI Bot Spam in Their GitHub Repo Using Git's --author Flag
Original: We stopped AI bot spam in our GitHub repo using Git's -author flag View original →
The Problem: AI Bot Spam at Scale
Open-source maintainers increasingly face a new kind of contributor noise. For Archestra, the numbers were stark: a single bounty issue accumulated 253 AI-generated bot comments, a feature request spawned 27 untested pull requests, and one team member spent half their week removing spam. Legitimate contributors were buried.
The Solution
Step 1 — Onboarding verification: Before gaining repository access, contributors must complete an ethical AI usage agreement and CAPTCHA verification. GitHub's "limit to prior contributors" setting then blocks unvetted accounts from commenting or opening PRs.
Step 2 — Git's --author flag: Git distinguishes between a commit's author and its committer. By using the --author flag with a user's noreply email format ([email protected]), the team can create commits attributed to an external contributor without giving that person direct push access.
The workflow: once a user completes onboarding, a GitHub Action retrieves their ID via the API, the team creates a commit authored under their account, and that person becomes recognized as a prior contributor — unlocking commenting and PR permissions going forward.
The Insight
Repository metrics like contributor count and PR volume do not reflect quality. The real target is not AI-assisted contributions — it's unverified, mass-generated AI output. This approach creates a practical boundary between the two, without blocking AI tools entirely.
Related Articles
A public issue carrying hostile instructions became the evidence HN needed for a sharper debate about agent permissions.
Security alerts are moving from volume to trust. GitHub says LLM-based contextual verification reduced secret-scanning false positives by 75.76%, beating its 65% target.
AI coding automation tool OpenClaw has overtaken React to become the most-starred software project in GitHub history, achieving an unprecedented growth rate. Questions about star authenticity have emerged alongside the milestone.