[moraesc]

We’re currently working on a feature that lets admins archive PRs. The goal is to give maintainers more control over how they manage contributions in their repositories. Archived PRs would be visible to admins only, so maintainers still have access to contributor history for auditing purposes and to meet any organizational or compliance requirements. Would this be helpful for you?

[karussell]

Not OP but requested this feature since years.

Your suggestion would help a bit but I would prefer the opposite: before someone can 'pollute' my pull request space and draw attention from subscribers I would prefer an acceptance step (just like a moderator on a forum) instead of having to archive the PRs.

This is especially important as (AI) spam increases and just because I am away for a few days or weeks I don't want those PRs lurking around.

[darccio]

A PR staging area. This would be a good step forward.

[bloppe]

That kinda sounds like draft PRs. You can make all PRs drafts by default. I guess it would be cool to have a setting where only maintainers can change it to ready-for-review.

[halapro]

If the PR exists on my repo, it's already too late.

Either you let me block 6-month old accounts from opening PRs, or you let me delete them.

PRs, draft or not, show up in searches and spammers can continue opening new ones as well as leaving comments on them.

[jmuguy]

Boot spammers off your platform, stop them from coming back. Its a moderation issue, the more companies want to pretend like its not their problem - the worse it gets.

[halapro]

This doesn't help with PR spam if that junk still shows up in regular "is:pr" searches. I don’t think unrequested unmerged AI PR spam is useful for compliance, just like deleted comments and issues aren't.

[hpjev]

I can only speak for myself, being a maintainer of a project in the crypto space. We are getting spammed with AI slop and also scam comments (though this lessened for some reason).

My usual experience is this:

1. We open an issue that needs to be fixed 2. slop bots create multiple slop PRs 3. slop bots spam comments on the issues, pointing to their slop PRs

The only general methods for preventing this are are restricting PR's (not comments, I believe) to contributors - which is a hassle to maintain, and restricting to older accounts - which doesn't work because the bot accounts are not newly created.

Then we need to perform _way too many_ just to get rid of the slop: - navigate multiple pages and confirmations to ban the account from our org - open each PR manually - close it manually

This takes at least 15 clicks and is made _so much worse_ by how slooooooooow the UI is. Every click takes 2 seconds!!! How can "ban this account and delete everything it ever did" be more than a max of 2 clicks?

What we really need is a "locked down mode" where every interaction (PR, issue, comment) with the repo that isn't from maintainers or specifically whitelisted people goes into a moderation queue. Maintainers can confirm or deny the action using a single click (which does not take 2 fucking seconds to load).

[halapro]

This has two good points:

- add "Pull Request requests" that operate like Friend requests. You can't open PRs until you've been whitelisted (temporarily or not) or are proven to be a good OSS citizen (TBD)

- add a "Burn it with fire" action in new PRs that deletes all comments and PRs opened by the user across the repo, as well as blocking the user.

Organizations already sort of have this, but the action does not delete/close PRs.