May 18, 2026
Commit crime, fight slime
We stopped AI bot spam in our GitHub repo using Git's –author flag
After 500 bot invaders, coders cheer the lockdown and roast the whole mess
TLDR: A code project hit by a flood of AI-generated spam locked down who can post by using a workaround that marks approved people as past contributors. Readers mostly cheered the bot crackdown, while also dragging GitHub and joking that fighting AI spam from a .ai site is peak internet irony.
A startup’s attempt to keep its public code project usable has turned into a full-on community therapy session about the state of the internet. The team says a single cash-reward post exploded into 253 comments, with real helpers drowned out by waves of low-effort AI-generated replies, fake plans, and untested submissions. One worker was reportedly spending half a day every week sweeping out the mess. Their solution? A hard gate: if you haven’t been approved through onboarding, you can’t post, comment, or submit changes. In plain English, the club now has a bouncer.
And the comments are where the real fireworks are. On Hacker News, some readers practically applauded from the rooftops, with one saying the team blocked at least 500 bots in the first week. Others immediately turned the blame toward the platform itself, arguing GitHub should punish accounts whose submissions are rejected almost all the time. Then came the spicy side quests: one brutally short reply to the team’s question about giving coding test tasks to job candidates simply said, “Yes.” Ouch.
There was humor too, because of course there was. A commenter gleefully pointed out the irony of the company using a .ai website address while fighting AI spam, which is exactly the kind of online contradiction people live for. The mood is a mix of exhausted, amused, and deeply suspicious: readers seem to agree the spam is real, but they’re also wondering whether open source code sharing is being pushed into a locked-door future nobody actually wanted.
Key Points
- •Archestra said AI-generated comments, issues, and pull requests flooded its GitHub repository, including a $900 bounty issue that reached 253 comments.
- •The article says an issue to add x.ai provider support received 27 pull requests, many of which were not tested.
- •The team first tried internal moderation tools, including the London-Cat reputation bot and an automated 'AI sheriff,' but said these did not stop the spam reliably.
- •Archestra then enabled GitHub's 'Limit to prior contributors' setting to restrict commenting, issue creation, and pull requests to users with a prior commit on main.
- •The article explains a workaround using Git's `--author` flag and a user's GitHub noreply email so maintainers can attribute a commit to approved users and grant contributor status.