1
2
Fork
You've already forked userscripts
1

ai-files: Search /commits endpoint to find more bots #2

Manually merged
jacksonchen666 merged 0 commits from 0x4261756D/userscripts:main into main 2026年01月10日 02:25:19 +01:00
Contributor
Copy link

By querying the last 100 commits and checking their author and commit message for AI bots many repos that slipped through the cracks no longer do. By only checking files if no committer was found the API usage should be lower on average.
This is not a replacement for #1 since both only show the last 100 commits/contributors. On e.g. https://github.com/home-assistant/core neither claude nor Copilot isn't one of the last 100 contributors but one of the last 100 commit (co-)authors but the inverse can also be true, i.e. a repo where AI bots are among the last 100 contributors but the last 100 commits were ethically sourced.

By querying the last 100 commits and checking their author and commit message for AI bots many repos that slipped through the cracks no longer do. By only checking files if no committer was found the API usage should be lower on average. This is not a replacement for https://codeberg.org/jacksonchen666/userscripts/issues/1 since both only show the last 100 commits/contributors. On e.g. https://github.com/home-assistant/core neither claude nor Copilot isn't one of the last 100 contributors but one of the last 100 commit (co-)authors but the inverse can also be true, i.e. a repo where AI bots are among the last 100 contributors but the last 100 commits were ethically sourced.
This only adds a single API call and checks the author and message of the
last 100 commits for sign of AI bots.
Also by only using the more API-call-expensive file search if the authors
came up empty, this should use fewer API calls over all.
With this method some repos that previously slipped through the cracks
(e.g. https://github.com/home-assistant/core) no longer do so.

Oh hi someone, thanks for the unexpected PR?!

I'm personally more keen on contributor list rather than last commits because commits are more volatile. Although I did not give it proper thought, so this isn't a final decision. (I also haven't looked at the PR proper and probably won't for a bit)

Oh hi someone, thanks for the unexpected PR?! I'm personally more keen on contributor list rather than last commits because commits are more volatile. Although I did not give it proper thought, so this isn't a final decision. (I also haven't looked at the PR proper and probably won't for a bit)
Also checks the commit's commit's author now.
Author
Contributor
Copy link

I also have an implementation of #1 now (https://codeberg.org/0x4261756D/userscripts/src/branch/contributor_and_commit_check) but it depends on this code. Should I update this PR or make a new one? I can also try to disentangle the contributor code from the commit stuff so they can be two clean separate PRs.

I also have an implementation of https://codeberg.org/jacksonchen666/userscripts/issues/1 now (https://codeberg.org/0x4261756D/userscripts/src/branch/contributor_and_commit_check) but it depends on this code. Should I update this PR or make a new one? I can also try to disentangle the contributor code from the commit stuff so they can be two clean separate PRs.

Hi, my attention on this has been quite sporadic, but I currently have the contributors+commits check userscript installed for testing (more on that on the 4th paragraph).

API rate limits are my biggest concern with these extra checks. Only 60/hour is available without authentication (and we are without authentication), and after some thought, I think the script should only do 2 per repo at best to allow browsing at an average of 30 repos per hour (2 minutes per repo, which is probably enough time to check instruction files, give up on that repo, and then find another repo). The current script without anything else would already do 3 requests max, and probably 2 requests for the average project (1 for files at project root, 1 for .github/). A commits check (1 API) and a contributors check (1 API) would already increase that to 4 API requests per repo if nothing was found (and it was commits, contributors, then files).

As for mitigating that issue, I'm not sure. One idea I have is to allow for configuration to enable/disable checks (and probably default to contributors then files, commits not default on because pretty volatile), something that I'll implement after this PR. Another is adding support for authenticating with GitHub tokens for 5000/hour, but even with 1000/hour it's 16 requests max per 60 repo per hour, which should be plenty. But that does require having a GitHub account, and identifies you to GitHub.

Now, I've been testing the contributors+commits checking script. I've just left it installed since the last time I tried working on this PR. I have used it and have managed to catch this: github.com/Futsch1/medTimer@1423c75d It does look like a true positive to me, but it wasn't something I was expecting (github.

Should I update this PR or make a new one? I can also try to disentangle the contributor code from the commit stuff so they can be two clean separate PRs.

Do whatever I guess. You could force-push this PR with both checks and also disentangle them somewhat, doesn't have to be separate PRs.

And an actual review the contributors+commits check thing:

  • Maybe good idea to move the whole multiple checks thing tying in with Promise.resolve into its own async function, instead of just adding on top of what already exists
  • Add links to commits or commit hash references when something commits is found

I probably have more things, but I think I forgot them. So I'm sending this comment now.

Oh and thank you for all your work on this so far!

Hi, my attention on this has been quite sporadic, but I currently have the contributors+commits check userscript installed for testing (more on that on the 4th paragraph). API rate limits are my biggest concern with these extra checks. Only 60/hour is available without authentication (and we are without authentication), and after some thought, I think the script should only do 2 per repo at best to allow browsing at an average of 30 repos per hour (2 minutes per repo, which is probably enough time to check instruction files, give up on that repo, and then find another repo). The current script without anything else would already do 3 requests max, and probably 2 requests for the average project (1 for files at project root, 1 for `.github/`). A commits check (1 API) and a contributors check (1 API) would already increase that to 4 API requests per repo if nothing was found (and it was commits, contributors, then files). As for mitigating that issue, I'm not sure. One idea I have is to allow for configuration to enable/disable checks (and probably default to contributors then files, commits not default on because pretty volatile), something that I'll implement after this PR. Another is adding support for authenticating with GitHub tokens for 5000/hour, but even with 1000/hour it's 16 requests *max* per 60 repo per hour, which should be plenty. But that does require having a GitHub account, and identifies you to GitHub. Now, I've been testing the contributors+commits checking script. I've just left it installed since the last time I tried working on this PR. I have used it and have managed to catch this: https://github.com/Futsch1/medTimer/commit/1423c75d It does look like a true positive to me, but it wasn't something I was expecting (github. > Should I update this PR or make a new one? I can also try to disentangle the contributor code from the commit stuff so they can be two clean separate PRs. Do whatever I guess. You could force-push this PR with both checks and also disentangle them somewhat, doesn't have to be separate PRs. And an actual review the contributors+commits check thing: - Maybe good idea to move the whole multiple checks thing tying in with [`Promise.resolve`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/resolve) into its own async function, instead of just adding on top of what already exists - Add links to commits or commit hash references when something commits is found I probably have more things, but I think I forgot them. So I'm sending this comment now. Oh and thank you for all your work on this so far!

Pingy? Would it be fine if I take over this PR? (I also have a bunch of small code changes I kinda want to do, so I feel like I should probably do all of that instead of relaying all requested changes to you)

Pingy? Would it be fine if I take over this PR? (I also have a bunch of small code changes I kinda want to do, so I feel like I should probably do all of that instead of relaying all requested changes to you)
Author
Contributor
Copy link

Hi, sorry for the late reply. You can take over the PR no problem, would you like it in the current state or should I push the commits+contributors branch onto it? Either is fine by me.

Hi, sorry for the late reply. You can take over the PR no problem, would you like it in the current state or should I push the commits+contributors branch onto it? Either is fine by me.

It appears that I may have made a comment which was never sent. Either way, commits+contributors stuff please

It appears that I may have made a comment which was never sent. Either way, commits+contributors stuff please
Author
Contributor
Copy link

Alrighty, done.

Alrighty, done.
jacksonchen666 referenced this pull request from a commit 2026年01月09日 19:24:27 +01:00
Sign in to join this conversation.
No reviewers
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
jacksonchen666/userscripts!2
Reference in a new issue
jacksonchen666/userscripts
No description provided.
Delete branch "0x4261756D/userscripts:main"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?