GitHub Repo Owners: Use Git's --author Flag to Block AI Bot Spam
The team at Archestra (an AI platform startup) was drowning in AI bot spam — 253 comments on a single bounty issue, 27 PRs for one feature that were never tested, and a weekly cleanup cost of half a day. Their repo became hostile to real contributors. They needed a whitelist, but GitHub doesn't natively support one for public repos. Their clever hack: abuse the Limit to prior contributors setting and Git's --author flag.
The Problem: AI Slop in GitHub
Bots generated endless “implementation plans” and aggressive replies. Real contributors like @ethanwater, @developerfred, and @Geetk172 were ignored. Even their first attempt — a reputation bot called “London-Cat” — didn't stop the spam. An “AI sheriff” bot closed legitimate PRs. The only real solution was to gate contributions behind human verification.
How the Whitelist Hack Works
GitHub's “Limit to prior contributors” setting blocks anyone who hasn't authored a commit on main. But Git commits have two identity fields: author and committer. Using --author, you can attribute a commit to someone else — GitHub grants contributor status if the email matches the target user's GitHub noreply email (<id>+<username>@users.noreply.github.com).
# Look up user's GitHub ID
gh api users /their-username --jq '.id'# Commit under their name (email = [email protected])
git commit \
--author="their-username <[email protected]>" \
-m "chore: add their-username to external contributors"Push to main, and that user can immediately comment, open issues, and submit PRs. The commit shows the external user as author; your account appears as committer. That's all GitHub needs to consider them a “prior contributor.”
Full Onboarding Flow
- User visits archestra.ai/contributor-onboard and completes a CAPTCHA while agreeing to ethical AI rules.
- On form submission, a GitHub Action fires, looks up the user's GitHub ID via the API, and adds their handle to an
EXTERNAL_CONTRIBUTORS.mdfile. - The action pushes a commit to
mainauthored under the external user — granting them contributor status immediately.
This is a nuclear option for a VC-backed startup that measures GitHub activity, but quality beat vanity metrics.
It's hacky, but it works. No third-party spam filter — just clever use of Git's identity fields and a two-step validation flow.
📖 Read the full source: HN AI Agents
👀 See Also
Analysis of Claude Code's Production Engineering Patterns from Reverse-Engineered Source
A developer reverse-engineered approximately 500,000 lines of Claude Code's TypeScript source code into a 19-chapter technical handbook documenting production engineering patterns that emerge under real load, real money, and real adversaries.
OpenClaw Startup Costs: Hardware, APIs, and Monthly Budget
OpenClaw Memory Plugin Analysis: Lossless Claw + LanceDB Recommended
A developer tested OpenClaw memory plugins and found that the default setup causes token bloat, while Lossless Claw paired with LanceDB provides optimal performance for maintaining agent context without high costs.
Solving Gemini CLI write_file Not Found in OpenClaw: Two Fixes Required
OpenClaw agents using google-gemini-cli can't write files (write_file / default_api_write_file missing) due to wrong tools.profile and missing --approval-mode auto_edit flag in the subprocess. Fix: set profile to full and inject the flag via cliBackends config.