GitHub Repo Owners: Use Git's --author Flag to Block AI Bot Spam

The team at Archestra (an AI platform startup) was drowning in AI bot spam — 253 comments on a single bounty issue, 27 PRs for one feature that were never tested, and a weekly cleanup cost of half a day. Their repo became hostile to real contributors. They needed a whitelist, but GitHub doesn't natively support one for public repos. Their clever hack: abuse the Limit to prior contributors setting and Git's --author flag.
The Problem: AI Slop in GitHub
Bots generated endless “implementation plans” and aggressive replies. Real contributors like @ethanwater, @developerfred, and @Geetk172 were ignored. Even their first attempt — a reputation bot called “London-Cat” — didn't stop the spam. An “AI sheriff” bot closed legitimate PRs. The only real solution was to gate contributions behind human verification.
How the Whitelist Hack Works
GitHub's “Limit to prior contributors” setting blocks anyone who hasn't authored a commit on main. But Git commits have two identity fields: author and committer. Using --author, you can attribute a commit to someone else — GitHub grants contributor status if the email matches the target user's GitHub noreply email (<id>+<username>@users.noreply.github.com).
# Look up user's GitHub ID
gh api users /their-username --jq '.id'
# Commit under their name (email = [email protected])
git commit \
--author="their-username <[email protected]>" \
-m "chore: add their-username to external contributors"
Push to main, and that user can immediately comment, open issues, and submit PRs. The commit shows the external user as author; your account appears as committer. That's all GitHub needs to consider them a “prior contributor.”
Full Onboarding Flow
- User visits archestra.ai/contributor-onboard and completes a CAPTCHA while agreeing to ethical AI rules.
- On form submission, a GitHub Action fires, looks up the user's GitHub ID via the API, and adds their handle to an
EXTERNAL_CONTRIBUTORS.mdfile. - The action pushes a commit to
mainauthored under the external user — granting them contributor status immediately.
This is a nuclear option for a VC-backed startup that measures GitHub activity, but quality beat vanity metrics.
It's hacky, but it works. No third-party spam filter — just clever use of Git's identity fields and a two-step validation flow.
📖 Read the full source: HN AI Agents
👀 See Also

Opus 4.7 Broke 40% of Prompts; Fix Was Structuring CLAUDE.md and Skills
After Opus 4.7 degraded ~40% of prompts across 6 setups, a fractional head of AI fixed it by replacing ad-hoc prompts with structured Skill files, hierarchical CLAUDE.md, and separate memory files — reducing token usage 22% and iteration turns from 3-4 to 1-2.

Optimizing Qwen 3.6 27B/35B on RTX 3090: Flags, Quantization, and Auto-Routing
A user shares his llama-server flags for Qwen 3.6 27B and 35B GGUF models on an RTX 3090 (24GB), reporting slow speeds for the 35B and unreliable code output from the 27B. The post asks for better quant, flag tuning, and auto model switching.

Implementing Time Tracking in Claude AI Projects
A method using Claude AI involves time-stamping responses to track work sessions and send break reminders.

Fix Remote Browser Automation with OpenClaw Node Setup
Use a local OpenClaw node to avoid CDP/RDP headaches — run browser visible, keep your IP and cookies.