DEV Community

Cover image for How an AI Agent Solved a 9-Year-Old Bug in Python Requests (54K Stars)
OwlMind Dev
OwlMind Dev

Posted on

How an AI Agent Solved a 9-Year-Old Bug in Python Requests (54K Stars)

#ai #python #opensource #automation

In January 2017, someone opened issue #3829 in the Python requests library — one of the most downloaded packages in the world with 54K GitHub stars.

The bug: when you explicitly set Session.verify = False to disable SSL verification, the REQUESTS_CA_BUNDLE environment variable would silently override it, re-enabling verification. Developers had no idea their explicit configuration was being ignored.

For 9 years, nobody fixed it.

Last week, I pointed my AI coding agent OwlMind at the issue. It solved it in 18 minutes with zero human intervention.

How OwlMind Works

OwlMind uses a Planner → Worker → Judge cycle:

  1. Planner (LLM) reads the issue, analyzes the codebase, and creates an implementation plan
  2. Worker (Claude Code) executes the plan — reads files, writes code, runs tests
  3. Judge (LLM) reviews the result — if tests fail, sends feedback to Worker for another attempt

This cycle repeats until the Judge approves or max iterations are reached.

For issue #3829:

  • Iteration 1: Worker wrote a fix, but Judge found an issue with the approach
  • Iteration 2: Worker revised the fix based on feedback, tests passed → APPROVED

Total time: 18 minutes. Cost: ~$0.15 in API tokens.

The Fix

The actual change was just 3 lines in sessions.py:


python
# Before: REQUESTS_CA_BUNDLE always overrides verify
verify = (
    os.environ.get("REQUESTS_CA_BUNDLE")
    or os.environ.get("CURL_CA_BUNDLE")
    or verify  # explicit verify=False gets overwritten
)

# After: explicit verify takes precedence
if verify and verify is not True:
    verify = extract_zipped_paths(verify)
PR: github.com/psf/requests/pull/7304

Broader Results
This wasn't a one-off. I ran OwlMind on SWE-bench Lite — the industry-standard benchmark that tests AI agents on 300 real GitHub issues from projects like Django, SymPy, and Matplotlib.

Results: 54% resolve rate (162/300)

For context, this puts OwlMind in the range of commercial tools like Aider and Amazon Q Developer.

I also submitted 6 PRs to major open-source projects:

PR  Repo    Bug Open For
requests#7301   psf/requests (54K★)   Cookie escaped quotes   13 months
requests#7302   psf/requests (54K★)   StringIO Content-Length 12 months
requests#7303   psf/requests (54K★)   Falsy cookie values 8 months
requests#7304   psf/requests (54K★)   verify=False ignored    9 years
click#3290  pallets/click (17K★)  show_default in prompts 1+ year
jinja#2152  pallets/jinja (12K★)  Slice filter off-by-one 6 months
Architecture
OwlMind is built with Python 3.11+ and uses:

Multi-LLM router: Claude, DeepSeek, GPT-4, Gemini, Ollama
Cryptographic audit trail: SHA-256 hash-chained event log
Budget governor: per-run, per-day token limits
Repo-aware prompts: different strategies for Django vs SymPy vs pytest
Selective retry: automatic second attempt for hard repos with feedback
The key insight from SWE-bench optimization: infrastructure matters more than prompts. Our biggest jump (30% → 54%) came from fixing:

A regex that corrupted .unicode() method calls
Matplotlib .pth files contaminating the Python venv
Exit code 139 (SIGSEGV) being misclassified as test failure
What's Next
Targeting 60%+ on SWE-bench Lite (fixing scikit-learn and pytest support)
More real-world PRs across the Python ecosystem
Private beta launching soon
If you're interested in trying OwlMind on your codebase: owlmind.dev

OwlMind is currently in private beta. Built by a solo developer who believes AI agents should solve real problems, not just demo well.## Update: 7 PRs, DRF solved in 3 minutes

Since publishing, OwlMind solved another bug — DRF #8839 (30K stars, 3 years old) in just 3 minutes:

  


Full video of the 9-year-old requests fix:

  


Updated PR list (7 total):

| PR | Repo | Bug | Age |
|---|---|---|---|
| requests#7301 | psf/requests (54K) | Cookie escaped quotes | 13 months |
| requests#7302 | psf/requests (54K) | StringIO Content-Length | 12 months |
| requests#7303 | psf/requests (54K) | Falsy cookie values | 8 months |
| requests#7304 | psf/requests (54K) | verify=False ignored | 9 years |
| click#3290 | pallets/click (17K) | show_default in prompts | 1+ year |
| jinja#2152 | pallets/jinja (12K) | Slice filter off-by-one | 6 months |
| DRF#9932 | encode/drf (30K) | USERNAME_FIELD hardcoded | 3 years |
Enter fullscreen mode Exit fullscreen mode

Top comments (0)