GitHub maintainers can block AI bot spam using Git's --author flag

Archestra.ai has demonstrated that GitHub repository maintainers can block AI-generated bot spam by enforcing authorship checks via Git’s --author flag [Archestra.ai Blog]. The technique relies on filtering commits that lack verified human authorship, a growing concern as AI bots increasingly target open-source projects.

The --author flag lets committers set the author name and email in a commit. Maintainers can reject pull requests where the author field matches known bot patterns—such as generic emails like "ai-bot@company.com ↗" or "user@openai.com ↗"—using pre-receive hooks or CI checks [Archestra.ai Blog]. This creates a lightweight, immediate barrier to automated spam without requiring platform-level changes.

AI bot spam has already polluted repositories with low-quality, auto-generated code, often to inflate training data or manipulate project activity. Some bots push thousands of trivial changes across public repos, increasing maintenance overhead. By validating author metadata, maintainers can cut through this noise.

The fix isn’t perfect. Determined actors can spoof human names and emails. But it raises the cost of spam enough to deter bulk abuse. It also encourages projects to document contributor guidelines more clearly, filtering out not just bots but low-effort submissions.

This approach works now, using existing Git tooling. No new software or permissions are required—just a policy decision to reject unverified authorship.