Archestra deploys Git workaround to curb AI spam in open source repository
The company has implemented a strict onboarding process using the Git author flag to whitelist legitimate users, following a surge in low-quality automated activity.
Archestra, a venture-capital-backed startup, has introduced a rigorous contributor onboarding process to combat the proliferation of AI-generated spam within its GitHub repository. The initiative addresses a recent influx of low-quality comments and untested pull requests from automated accounts, which the company states have degraded the quality of discussions and buried legitimate contributions.
The move follows a period where the repository was overwhelmed by AI bots. In one instance, a single issue with a $900 bounty attracted 253 comments, many of which were described as pointless implementation plans or aggressive towards maintainers. The company noted that the noise forced team members to spend significant time cleaning up hallucinated issues and closing untested pull requests, creating an unfriendly environment for human developers.
Previous automated filtering measures proved ineffective. Archestra initially developed a reputation bot named London-Cat to calculate contributor standing, but this failed to stop the spam. A subsequent "AI sheriff" bot was also abandoned after it erroneously closed legitimate pull requests. The company determined that these tools were counterproductive, prompting a shift towards a more structural solution.
To resolve the issue, Archestra utilised a technical workaround involving Git’s --author flag. GitHub restricts commenting and pull request creation to "prior contributors," defined as accounts that have authored a commit on the main branch. The startup developed a five-step onboarding process involving ethical AI rules and a CAPTCHA. Upon completion, a GitHub Action automatically attributes a commit to the new contributor’s account, granting them prior contributor status and unlocking repository permissions.
The company cited security risks as a key driver for the change, referencing a similar incident in the LiteLLM repository where attackers used AI bots to steer conversations. While the decision is sensitive for a VC-backed startup measured by GitHub activity metrics, Archestra stated it values quality over quantity and aims to protect the integrity of its open source community from automated noise.
