Using Git's --author Flag to Block AI Bot Spam in GitHub Repos

AI-assisted workflows are producing a new class of noise in shared repositories: automated commits from bots and agents that clutter history, trigger CI pipelines, and obscure genuine contributor activity. The team at Archestra hit this in their own GitHub repo and solved it with something already in Git.

The approach centers on Git's --author flag, which scopes log queries, blame output, and related commands to a specific author identity. When AI agents commit under predictable or identifiable author strings, that signal becomes filterable. The repo can enforce contribution hygiene by rejecting or isolating commits that match known bot author patterns before they land in main.

This matters more now than it did a year ago. As agent-driven development pipelines become standard, the distinction between human-authored and machine-authored commits is a real operational concern. Code review tooling, audit trails, and contribution graphs all degrade when bot commits are indistinguishable from human ones. Using author identity as a first-class signal is a low-friction way to restore that separation.

The technique requires no new dependencies. It works with existing Git hooks, CI filters, or simple shell scripts that inspect commit metadata before merge. Teams already running pre-receive hooks on self-hosted Git servers can add author-pattern matching in a few lines. GitHub Actions workflows can do the same on push events.

The limitation is that author strings are self-reported and spoofable. Any agent configured with a human-looking identity string bypasses this check. The technique works against default agent configurations, not adversarial ones. Pairing it with signed commits adds a harder boundary.

For teams running mixed human-agent repos today, this is a practical, zero-cost control worth adding. The full breakdown is at archestra.ai/blog/only-responsible-ai.

Source