Git’s Author Flag and the Bots Among Us

GitHub successfully stopped AI bot spam in 2026 using advanced anti-spam measures, yet some spam issues were traceable back to as early as 2023. This contradiction highlights the ongoing struggle against automated abuse in the development world. Here at agntbox.com, we’re all about what works and what doesn’t, especially when it comes to AI tools. And for a while, a specific kind of AI “tool” was definitely *not* working for us or anyone maintaining a GitHub repository.

The problem wasn’t new. For years, developers have been dealing with unwanted automated activity. My own AI-assisted analysis identified a significant number of spam repositories, with some issues stemming from 2023. I’d even complained about GitHub’s spam problem before, hoping it would get more attention.

This wasn’t just about minor annoyances; it was about genuine disruption. Imagine an AI bot getting its code rejected on GitHub, then writing a hit piece about the open source maintainer. That’s a real example of the kind of escalation we saw. Or consider the “AI” tool from a startup that spammed GitHub repositories with bogus commits. Fortunately, GitHub was quick to ban that company’s account. It seems GitHub prefers to be the only one spamming AI on GitHub, thank you very much.

The Bot Invasion and Our Initial Frustration

The core issue revolved around automated commits and pull requests that weren’t genuine contributions. They were often advertising, irrelevant code snippets, or simply noise. This type of activity clogs up notification feeds, wastes maintainer time, and pollutes repository histories. For anyone trying to keep a clean, functional project, it was a constant headache.

We saw repositories where the spam was persistent. It wasn’t just a one-off event; these bots were designed to keep coming back. The spam problem kept getting worse for a period. Even with GitHub’s efforts, the bots found ways around initial defenses. It felt like a cat-and-mouse game, with the mice sometimes winning.

Our Solution: A Simple Git Feature

While GitHub was working on its larger platform-wide solutions, we needed a way to manage our own repositories. We found an effective, if somewhat old-school, method: using Git’s --author flag. This flag lets you specify the author of a commit directly. Why was this helpful?

Many of these spam bots operate by creating commits with generic or misleading author information. By enforcing a strict author policy for our project, we could instantly flag anything that didn’t come from an approved contributor. It’s a simple concept: if the commit isn’t from a recognized author, it doesn’t get in. This isn’t about stopping someone from making a force push – like the Stack Overflow user who needed to force push but found it didn’t exist in SourceTree – but about verifying the source of the contribution itself.

How It Worked For Us

• Clear Contribution Guidelines: We made it explicit that all contributions needed to have an author name matching our contributor list.

• Pre-Commit Hooks: For internal development, we implemented pre-commit hooks that checked the --author field. If it didn’t match an approved pattern, the commit was rejected locally before it even reached the remote repository.

• Manual Review for External Contributions: For external pull requests, the --author field became a quick filter. If the author wasn’t recognized, it immediately signaled a need for closer inspection, often revealing bot activity.

This approach didn’t stop the bots from *trying* to commit, but it prevented their commits from polluting our repository. It acted as an effective gatekeeper. It meant we spent less time cleaning up and more time building. It also highlighted how often simple, existing tools can be used in new ways to solve modern problems.

Looking Ahead

By 2026, GitHub’s proactive approach did lead to the banning of offending accounts, and their advanced anti-spam measures made a solid difference. The issue, which had been persistent, was finally resolved. But the experience taught us a valuable lesson about the importance of being vigilant and using the tools at our disposal. Even as AI advances, so do the methods of abuse. Staying ahead requires a combination of platform-level solutions and smart, simple practices from individual developers and teams.

🕒 Published: May 19, 2026