Three of my open-source pull requests got merged this week, into comtypes and Bluesky's atproto

Quiet milestone worth marking: three pull requests I opened to open-source projects got merged this week. Here is what they fixed, and the honest story of how they were made.

What

Three PRs, now merged:

• enthought/comtypes#942. A struct-packing error was being masked. The original PackingError got swallowed and resurfaced as a confusing UnboundLocalError, so the real cause was invisible to anyone debugging it. The fix restores the real error and adds a regression test.
• bluesky-social/atproto#5101. React Native OAuth login crashed because the code relied on AbortSignal.timeout, a Web API that is not available in React Native. The fix adds capability detection with a manual-timeout fallback so login works cross-platform.
• bluesky-social/atproto#5103. The OAuth consent screen told users an app could "manage your profile, posts, likes and follows" even when it only requested a couple of narrow scopes. The fix shows the actual per-collection permissions, and adds the French translations the maintainer asked for.

Why it matters

Two of these are small but real trust and correctness issues: a consent screen that overstates what it is granting (an informed-consent gap), and a login path that silently breaks on a whole platform. The third is the kind of swallowed-error bug that quietly costs other developers hours. None are glamorous. All three make the next person's day a little less painful.

Who it's for

Anyone who uses these libraries, and anyone curious whether an AI-assisted workflow can produce contributions that real maintainers actually accept rather than noise they have to reject.

How

The honest part: these came through an automated workflow I built. It scans GitHub for high-mergeability issues, re-verifies each one is still open and unclaimed, reproduces the bug, writes a minimal fix, runs the repo's own tests plus a security and quality review, captures real evidence, and opens a draft pull request. I review and finalize every one. Draft-only by design: it never marks a PR ready and never merges. What made it work was not volume, it was the discipline to verify before acting, which repeatedly killed wasted work on already-fixed, already-claimed, or closed issues.

The takeaway

A system that refuses to open a bad PR is worth more than one that opens many. Verify first, keep the human in the loop, and let the merges speak for themselves.