Thanks for the suggestions. I've considered to protect some branches, but in the end decided against it. I was not looking forward to review all their huge amounts of slop code. It would also be different from reviewing code of a "real" developer. Feedback would normally be a way to help each other and improve as a team, and be received with a certain amount of gratitude or at least understanding. In this case, they would not read the feedback, at best they would feed it to a bot. They would see it as a needless obstacle. I agree to scope my parts of the project as much as possible. Then it might still be realistic to continue working on it.

It should be in your contract that you are the sole dev and that the client cannot add code. At best they should be able to send a spec or feature request but not an actual PR.

I don't know how you could word it, but you could tell them to use an LLM to generate specs so that you can understand the needs and implement the features yourself (even if it's also LLM-assisted).