codesuture 0.5.0__tar.gz → 0.5.1__tar.gz

codesuture-0.5.1/.gitignore

@@ -0,0 +1,32 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+.venv/
+venv/
+*.egg-info/
+dist/
+build/
+.pytest_cache/
+.coverage
+htmlcov/
+
+# CodeSuture specific
+.codesuture_cache/
+.codesuture_store/
+.codesuture_knowledge/
+.codesuture_fingerprints
+.models/
+
+# Exclude internal / dev scripts
+codesuture_verify*.py
+livepatch_verify*.py
+realbugg.py
+real.py
+*.zip
+.livepatch_*/
+
+# IDE / OS
+.vscode/
+.idea/
+.DS_Store

codesuture-0.5.1/CHANGELOG.md

@@ -0,0 +1,56 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.5.1] - 2026-05-11
+
+### Fixed
+- propagate_patch: skip list/dict/set/generator comprehensions
+  instead of crashing with AttributeError on __code__
+- key_guard, subscript_guard, chain_subscript_guard: infer
+  correct default type from downstream bytecode usage
+  (string methods -> "" default, numeric ops -> 0 default)
+- KeyError on chained subscripts (e.g. request["headers"]["auth"].strip())
+  now produces a chain_subscript_guard instead of a simple key_guard,
+  preventing secondary TypeError from None subscript access
+
+## [0.5.0] - 2026-05-08
+
+### Added
+- Async/await support (CO_COROUTINE frame detection) — automatic `RESUME 0` preservation for coroutine bytecode patching.
+- Watch mode: `codesuture watch --max-restarts N` — subprocess loop with automatic crash-patch-restart cycle.
+- Explain command: `codesuture explain [func_name]` — detailed table of active patches with safety assessment (LIKELY/RISKY/UNKNOWN).
+- WSGI middleware: `CodeSutureMiddleware` — intercepts request handler exceptions, patches, and retries with `X-CodeSuture` response header.
+
+## [0.4.0] - 2026-05-07
+
+### Added
+- `codesuture rollback` command to selectively remove persisted patches (`codesuture rollback <func>`, `--all`, and `--dry-run`).
+- Three new guard types:
+  - `type_coercion_guard` for `TypeError` and `ValueError` during type conversions.
+  - `index_guard` for `IndexError` bounds checking.
+  - `key_guard` for safe dictionary `KeyError` fallbacks.
+- Enhanced `--dry-run` mode with confidence levels (HIGH/MEDIUM/LOW) based on fingerprint registry hits.
+- Full PyPI packaging structure (`pyproject.toml`, complete `README.md`, `CHANGELOG.md`).
+
+### Changed
+- Migrated legacy guards `list_bound_guard` to `index_guard` and `dict_get_guard` to `key_guard` for consistency.
+- Standardized CLI output format and improved error reporting.
+
+## [0.3.0] - 2026-05-06
+
+### Added
+- Dark Upgrade D1: Semantic diff safety gate to prevent runaway bytecode corruption.
+- Dark Upgrade D2: Caller-aware patch propagation to automatically fix closures and bound methods in-memory.
+- Dark Upgrade D3: Shadow execution mode (`--shadow`) to monitor and warn when sentinel defaults leak downstream.
+- Dark Upgrade D4: Patch expiry TTL warnings to nudge developers toward source-level fixes.
+- Dark Upgrade D5: Bytecode fingerprint registry for instant cache hits on known crash patterns.
+- Dark Upgrade D6: `codesuture audit` command for viewing all active patches in a formatted table.
+
+### Fixed
+- Addressed Windows `UnicodeDecodeError` and `cp1252` terminal limitations by enforcing `utf-8` encoding.
+- Resolved a race condition where patch persistence was executing after the code object swap, preventing correct caller identification.
+- Fixed namespace pollution during nested patching.

codesuture-0.5.1/MANIFEST.in

@@ -0,0 +1,14 @@
+include pyproject.toml
+include README.md
+include CHANGELOG.md
+include LICENSE
+include .gitignore
+
+recursive-include codesuture *.py
+recursive-include tests *.py
+
+exclude codesuture_verify*.py
+exclude livepatch_verify*.py
+exclude realbugg.py
+exclude real.py
+exclude *.zip

codesuture-0.5.1/PKG-INFO

@@ -0,0 +1,167 @@
+Metadata-Version: 2.4
+Name: codesuture
+Version: 0.5.1
+Summary: Runtime Python bytecode patcher with guard knowledge base, persistence, and self-healing re-execution
+License-Expression: MIT
+Project-URL: Source, https://github.com/codesuture-py/codesuture
+Keywords: bytecode,runtime,patching,self-healing,debugging,null-safety,resilience
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Topic :: Software Development :: Debuggers
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: bytecode>=0.15.1
+Provides-Extra: autonomous
+Requires-Dist: llama-cpp-python; extra == "autonomous"
+Dynamic: license-file
+
+# CodeSuture
+
+> Runtime Python bytecode patcher. Catches crashes, synthesizes guards, rewrites functions in-memory, and persists fixes across runs.
+
+---
+
+## What it does
+
+CodeSuture sits between your Python program and its crashes. When an exception occurs, it intercepts the failing frame, disassembles the bytecode to identify the root cause, injects a deterministic guard directly into the function's code object, and retries execution — all without touching a single source file.
+
+The fix persists. On subsequent runs, CodeSuture loads the patched bytecode before the first function call. The crash is gone until you choose to remove the patch.
+
+It is a surgical tool for keeping programs running when structural failures — null access, missing keys, type mismatches, out-of-bounds reads — would otherwise bring them down.
+
+---
+
+## Installation
+
+```bash
+pip install codesuture
+```
+
+Python 3.11+ required.
+
+---
+
+## Quick start
+
+```bash
+codesuture run your_script.py
+```
+
+```
+[CodeSuture] Caught AttributeError: 'NoneType' object has no attribute 'bio'
+[CodeSuture] Applying null_guard on 'profile' ...
+[CodeSuture] Patch applied to get_bio().
+[CodeSuture] Re-executing after 1 patch(es)...
+
+Session summary:
+  Patches applied: 1
+```
+
+Run it again:
+
+```
+[CodeSuture] Already healed, skipping: loaded persistent patch for get_bio
+[CodeSuture] Session summary:
+  Patches applied: 0
+```
+
+---
+
+## How it works
+
+1. **Catch** — A `sys.settrace` callback intercepts exceptions at the exact frame and bytecode offset where they occur.
+2. **Analyze** — The pattern matcher disassembles the function's bytecode, walks the instruction chain, and identifies the failing variable or operation.
+3. **Patch** — The guard synthesizer injects new bytecode instructions into the function's code object in memory. A semantic diff gate rejects patches that would change too much of the function's logic.
+4. **Rewind** — Execution restarts from the patched function. The guard prevents the crash from recurring.
+5. **Persist** — The patched code object is serialized to `.codesuture_store/` with JSON metadata. On subsequent runs it loads before execution begins.
+
+No source files are modified at any point.
+
+---
+
+## Supported guard types
+
+| Guard type | Triggers on | Example |
+|---|---|---|
+| `null_guard` | `AttributeError` on `None` | `user.profile.bio` when `profile` is `None` |
+| `index_guard` | `IndexError` | `items[10]` when `len(items) == 2` |
+| `key_guard` | `KeyError` | `cfg["timeout"]` when key is missing |
+| `subscript_guard` | `TypeError` subscripting `None` | `data["key"]` when `data` is `None` |
+| `chain_subscript_guard` | Nested subscript on `None` | `data["user"]["name"]` |
+| `type_coercion_guard` | `TypeError` on conversion | `int("not_a_number")` |
+| `division_guard` | `ZeroDivisionError` | `x / count` when `count == 0` |
+| `str_coerce_guard` | `TypeError` on string concat | `"age: " + 25` |
+| `file_guard` | `FileNotFoundError` | `open(path)` when file is missing |
+| `callable_guard` | `TypeError` calling `None` | `func()` when `func` is `None` |
+
+---
+
+## CLI reference
+
+| Command | Flags | What it does |
+|---|---|---|
+| `codesuture run <script>` | | Run script with live patching enabled |
+| `codesuture run <script>` | `--verbose` | Show patch diffs and instruction deltas |
+| `codesuture run <script>` | `--shadow` | Warn when patched functions return sentinel values |
+| `codesuture run <script>` | `--dry-run` | Preview what would be patched without applying |
+| `codesuture run <script>` | `--ttl DAYS` | Set patch expiry in days (default: 7) |
+| `codesuture run <script>` | `--retries N` | Max re-execution attempts per crash (default: 3) |
+| `codesuture watch <script>` | `--max-restarts N` | Run continuously, restart after each patch |
+| `codesuture audit` | | Show all active patches in a formatted table |
+| `codesuture explain` | | Human-readable breakdown of what each patch changed |
+| `codesuture explain <name>` | | Explain one function's patch |
+| `codesuture rollback <name>` | | Remove one persisted patch |
+| `codesuture rollback` | `--all` | Remove all patches and the fingerprint registry |
+| `codesuture rollback` | `--dry-run` | Preview what would be removed |
+
+---
+
+## Runtime Intelligence
+
+Beyond basic patching, CodeSuture includes a set of higher-order behaviors that make it safe to use in real codebases:
+
+**Semantic diff gate** — Patches that would modify too many instructions relative to the guard type are automatically rejected. The engine will never corrupt a complex function to patch a simple crash.
+
+**Caller-aware propagation** — After patching a function, CodeSuture uses `gc.get_referrers` to find every live reference to the original code object — closures, bound methods, partials — and updates them all. No in-memory copy of the broken function survives.
+
+**Shadow execution mode** — `--shadow` monitors the return value of patched functions. If a sentinel default (`""`, `0`, `None`) leaks into downstream logic, CodeSuture logs a warning before it causes a second failure.
+
+**Patch expiry** — Every persisted patch carries a configurable TTL. When a patch ages past its limit, CodeSuture logs a reminder that the underlying bug should be addressed in source code. Patches are scaffolding, not permanent fixes.
+
+**Bytecode fingerprint registry** — Crash sites are hashed by their surrounding instruction window. When the same crash pattern appears again, CodeSuture applies the known guard directly without re-running analysis.
+
+**Audit trail** — `codesuture audit` displays every active patch: function name, guard type, target variable, default value, age, and rollback instructions. `codesuture explain` gives a plain-language breakdown of exactly what each patch changed and whether the default value is safe for downstream consumers.
+
+---
+
+## What CodeSuture is not
+
+**Not a logger.** It does not record exceptions and move on. It patches the function and retries.
+
+**Not a fuzzer or static analyzer.** It operates at runtime on live bytecode, not on source.
+
+**Not autonomous.** Patches should be reviewed via `codesuture audit` and `codesuture explain`. The goal is to keep your program running while you address the root cause — not to replace the fix.
+
+---
+
+## Limitations
+
+**Python 3.11+ only.** CodeSuture depends on bytecode structures introduced in CPython 3.11. Earlier versions are not supported.
+
+**List and dict comprehensions are not patchable.** Comprehensions are implemented as anonymous nested code objects in CPython. CodeSuture detects crashes inside them and logs a warning, but does not attempt to patch them. Refactor the comprehension into a named function to enable patching.
+
+**Semantic bugs are not patchable.** CodeSuture fixes structural crashes — null access, missing keys, type mismatches, bounds errors. It cannot fix logic errors where the code runs but produces wrong results.
+
+**Single-process scope.** Patches apply per-process. Multi-process applications need a CodeSuture instance per worker. The `.codesuture_store/` directory is shared on disk, so patches load correctly on restart.
+
+**Async support is experimental.** `async def` functions with standard `CO_COROUTINE` frames are patched. Async generators and deeply nested `await` chains may not be handled correctly in all cases.
+
+---
+
+## License
+
+MIT. See [LICENSE](LICENSE) for details.

codesuture-0.5.1/README.md

@@ -0,0 +1,146 @@
+# CodeSuture
+
+> Runtime Python bytecode patcher. Catches crashes, synthesizes guards, rewrites functions in-memory, and persists fixes across runs.
+
+---
+
+## What it does
+
+CodeSuture sits between your Python program and its crashes. When an exception occurs, it intercepts the failing frame, disassembles the bytecode to identify the root cause, injects a deterministic guard directly into the function's code object, and retries execution — all without touching a single source file.
+
+The fix persists. On subsequent runs, CodeSuture loads the patched bytecode before the first function call. The crash is gone until you choose to remove the patch.
+
+It is a surgical tool for keeping programs running when structural failures — null access, missing keys, type mismatches, out-of-bounds reads — would otherwise bring them down.
+
+---
+
+## Installation
+
+```bash
+pip install codesuture
+```
+
+Python 3.11+ required.
+
+---
+
+## Quick start
+
+```bash
+codesuture run your_script.py
+```
+
+```
+[CodeSuture] Caught AttributeError: 'NoneType' object has no attribute 'bio'
+[CodeSuture] Applying null_guard on 'profile' ...
+[CodeSuture] Patch applied to get_bio().
+[CodeSuture] Re-executing after 1 patch(es)...
+
+Session summary:
+  Patches applied: 1
+```
+
+Run it again:
+
+```
+[CodeSuture] Already healed, skipping: loaded persistent patch for get_bio
+[CodeSuture] Session summary:
+  Patches applied: 0
+```
+
+---
+
+## How it works
+
+1. **Catch** — A `sys.settrace` callback intercepts exceptions at the exact frame and bytecode offset where they occur.
+2. **Analyze** — The pattern matcher disassembles the function's bytecode, walks the instruction chain, and identifies the failing variable or operation.
+3. **Patch** — The guard synthesizer injects new bytecode instructions into the function's code object in memory. A semantic diff gate rejects patches that would change too much of the function's logic.
+4. **Rewind** — Execution restarts from the patched function. The guard prevents the crash from recurring.
+5. **Persist** — The patched code object is serialized to `.codesuture_store/` with JSON metadata. On subsequent runs it loads before execution begins.
+
+No source files are modified at any point.
+
+---
+
+## Supported guard types
+
+| Guard type | Triggers on | Example |
+|---|---|---|
+| `null_guard` | `AttributeError` on `None` | `user.profile.bio` when `profile` is `None` |
+| `index_guard` | `IndexError` | `items[10]` when `len(items) == 2` |
+| `key_guard` | `KeyError` | `cfg["timeout"]` when key is missing |
+| `subscript_guard` | `TypeError` subscripting `None` | `data["key"]` when `data` is `None` |
+| `chain_subscript_guard` | Nested subscript on `None` | `data["user"]["name"]` |
+| `type_coercion_guard` | `TypeError` on conversion | `int("not_a_number")` |
+| `division_guard` | `ZeroDivisionError` | `x / count` when `count == 0` |
+| `str_coerce_guard` | `TypeError` on string concat | `"age: " + 25` |
+| `file_guard` | `FileNotFoundError` | `open(path)` when file is missing |
+| `callable_guard` | `TypeError` calling `None` | `func()` when `func` is `None` |
+
+---
+
+## CLI reference
+
+| Command | Flags | What it does |
+|---|---|---|
+| `codesuture run <script>` | | Run script with live patching enabled |
+| `codesuture run <script>` | `--verbose` | Show patch diffs and instruction deltas |
+| `codesuture run <script>` | `--shadow` | Warn when patched functions return sentinel values |
+| `codesuture run <script>` | `--dry-run` | Preview what would be patched without applying |
+| `codesuture run <script>` | `--ttl DAYS` | Set patch expiry in days (default: 7) |
+| `codesuture run <script>` | `--retries N` | Max re-execution attempts per crash (default: 3) |
+| `codesuture watch <script>` | `--max-restarts N` | Run continuously, restart after each patch |
+| `codesuture audit` | | Show all active patches in a formatted table |
+| `codesuture explain` | | Human-readable breakdown of what each patch changed |
+| `codesuture explain <name>` | | Explain one function's patch |
+| `codesuture rollback <name>` | | Remove one persisted patch |
+| `codesuture rollback` | `--all` | Remove all patches and the fingerprint registry |
+| `codesuture rollback` | `--dry-run` | Preview what would be removed |
+
+---
+
+## Runtime Intelligence
+
+Beyond basic patching, CodeSuture includes a set of higher-order behaviors that make it safe to use in real codebases:
+
+**Semantic diff gate** — Patches that would modify too many instructions relative to the guard type are automatically rejected. The engine will never corrupt a complex function to patch a simple crash.
+
+**Caller-aware propagation** — After patching a function, CodeSuture uses `gc.get_referrers` to find every live reference to the original code object — closures, bound methods, partials — and updates them all. No in-memory copy of the broken function survives.
+
+**Shadow execution mode** — `--shadow` monitors the return value of patched functions. If a sentinel default (`""`, `0`, `None`) leaks into downstream logic, CodeSuture logs a warning before it causes a second failure.
+
+**Patch expiry** — Every persisted patch carries a configurable TTL. When a patch ages past its limit, CodeSuture logs a reminder that the underlying bug should be addressed in source code. Patches are scaffolding, not permanent fixes.
+
+**Bytecode fingerprint registry** — Crash sites are hashed by their surrounding instruction window. When the same crash pattern appears again, CodeSuture applies the known guard directly without re-running analysis.
+
+**Audit trail** — `codesuture audit` displays every active patch: function name, guard type, target variable, default value, age, and rollback instructions. `codesuture explain` gives a plain-language breakdown of exactly what each patch changed and whether the default value is safe for downstream consumers.
+
+---
+
+## What CodeSuture is not
+
+**Not a logger.** It does not record exceptions and move on. It patches the function and retries.
+
+**Not a fuzzer or static analyzer.** It operates at runtime on live bytecode, not on source.
+
+**Not autonomous.** Patches should be reviewed via `codesuture audit` and `codesuture explain`. The goal is to keep your program running while you address the root cause — not to replace the fix.
+
+---
+
+## Limitations
+
+**Python 3.11+ only.** CodeSuture depends on bytecode structures introduced in CPython 3.11. Earlier versions are not supported.
+
+**List and dict comprehensions are not patchable.** Comprehensions are implemented as anonymous nested code objects in CPython. CodeSuture detects crashes inside them and logs a warning, but does not attempt to patch them. Refactor the comprehension into a named function to enable patching.
+
+**Semantic bugs are not patchable.** CodeSuture fixes structural crashes — null access, missing keys, type mismatches, bounds errors. It cannot fix logic errors where the code runs but produces wrong results.
+
+**Single-process scope.** Patches apply per-process. Multi-process applications need a CodeSuture instance per worker. The `.codesuture_store/` directory is shared on disk, so patches load correctly on restart.
+
+**Async support is experimental.** `async def` functions with standard `CO_COROUTINE` frames are patched. Async generators and deeply nested `await` chains may not be handled correctly in all cases.
+
+---
+
+## License
+
+MIT. See [LICENSE](LICENSE) for details.

codesuture-0.5.1/codesuture/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.5.1"

{codesuture-0.5.0 → codesuture-0.5.1}/codesuture/cli.py

@@ -5,7 +5,7 @@ from codesuture.tracer import install, uninstall
 def main():
     parser = argparse.ArgumentParser(prog='codesuture',
                                      description='Runtime Python bytecode patcher with self-healing re-execution')
-    parser.add_argument('--version', action='version', version='codesuture 0.5.0')
+    parser.add_argument('--version', action='version', version='codesuture 0.5.1')
     sub = parser.add_subparsers(dest='command', required=True)
 
     run_parser = sub.add_parser('run', help='Run a script with live patching')

{codesuture-0.5.0 → codesuture-0.5.1}/codesuture/guard_synthesizer.py

@@ -1,4 +1,4 @@
-"""
+"""
 Synthesises guard + original bytecode for all deterministic strategies.
 """
 from bytecode import Bytecode, Instr, Label, Compare
@@ -25,6 +25,22 @@ def validate_patch(original_code, patched_code):
 
 def propagate_patch(original_func, patched_code) -> int:
     import gc
+    import logging
+    if original_func is None:
+        return 0
+    if not hasattr(original_func, '__code__'):
+        return 0
+    name = getattr(original_func, '__qualname__', '') or \
+           getattr(original_func, '__name__', '')
+    if '<listcomp>' in name or '<genexpr>' in name or \
+       '<dictcomp>' in name or '<setcomp>' in name:
+        import logging
+        logging.getLogger(__name__).debug(
+            "[CodeSuture] Skipping %s — "
+            "comprehensions are not patchable via __code__", name
+        )
+        return 0
+
     original_code = original_func.__code__
     propagated = 0
 

{codesuture-0.5.0 → codesuture-0.5.1}/codesuture/pattern_matcher.py

@@ -1,4 +1,4 @@
-from types import FrameType
+from types import FrameType
 from typing import Optional, NamedTuple
 import dis
 import re
@@ -182,6 +182,48 @@ def _infer_default(var_name, instructions=None, crash_idx=None):
         return []
     return ""
 
+def _infer_subscript_default(instructions=None, crash_idx=None):
+    if instructions is not None and crash_idx is not None:
+        i = crash_idx + 1
+        while i < len(instructions):
+            instr = instructions[i]
+            if instr.opname in ('LOAD_CONST', 'LOAD_FAST'):
+                i += 1
+                continue
+            if instr.opname == 'BINARY_SUBSCR':
+                i += 1
+                continue
+            break
+        for j in range(i, min(i + 4, len(instructions))):
+            instr = instructions[j]
+            if instr.opname in ('LOAD_ATTR', 'LOAD_METHOD'):
+                string_methods = {
+                    'capitalize', 'casefold', 'center', 'encode', 'expandtabs',
+                    'format', 'format_map', 'join', 'ljust', 'lower', 'lstrip',
+                    'removeprefix', 'removesuffix', 'replace', 'rjust', 'strip',
+                    'swapcase', 'title', 'translate', 'upper', 'zfill',
+                    'split', 'startswith', 'endswith',
+                }
+                if instr.argval in string_methods:
+                    return ""
+            elif instr.opname in ('BINARY_OP', 'BINARY_ADD', 'BINARY_SUBTRACT',
+                                   'BINARY_MULTIPLY', 'BINARY_TRUE_DIVIDE'):
+                return 0
+            elif instr.opname == 'CALL':
+                for k in range(max(0, j - 2), j):
+                    if instructions[k].opname == 'LOAD_GLOBAL' and \
+                       instructions[k].argval in ('int', 'float'):
+                        return 0
+            elif instr.opname in ('LIST_APPEND', 'STORE_SUBSCR'):
+                return None
+            elif instr.opname in ('RETURN_VALUE', 'STORE_FAST'):
+                break
+            elif instr.opname in ('PRECALL',):
+                continue
+            else:
+                break
+    return None
+
 def _infer_attribute_default(attr_name, fallback_name, instructions=None, crash_idx=None):
     string_methods = {
         'capitalize', 'casefold', 'center', 'encode', 'expandtabs', 'format',
@@ -377,7 +419,7 @@ def _none_subscript_spec(frame):
         return None
 
     spec = PatchSpec('subscript_guard', var_name=container_var,
-                     default_value=_infer_default(final_key if isinstance(final_key, str) else '', instructions, idx),
+                     default_value=_infer_subscript_default(instructions, idx),
                      key_name=final_key)
 
     prop_origin = _check_property_origin(frame, instructions, idx)
@@ -444,7 +486,7 @@ def _try_chain_subscript(frame, instructions, failing_idx):
 
     last_instr_idx = failing_idx + len(keys_fwd) * 2  
     final_key = all_keys[-1]
-    default = _infer_default(final_key if isinstance(final_key, str) else '', instructions, last_instr_idx)
+    default = _infer_subscript_default(instructions, last_instr_idx)
 
     return PatchSpec('chain_subscript_guard', var_name=root_var,
                      default_value=default, key_name=tuple(all_keys))
@@ -470,18 +512,27 @@ def _dict_get_spec(frame, msg):
     match = re.search(r"KeyError\: '(\w+)'", msg)
     if not match:
         match = re.search(r"'(\w+)'", msg)
-    if not match:
-        return None
-    key = match.group(1)
+    key = match.group(1) if match else None
     instructions = list(dis.get_instructions(frame.f_code))
     tgt = _find_target_instr(instructions, frame.f_lasti)
     if tgt is None or tgt.opname != 'BINARY_SUBSCR':
         return None
     idx = instructions.index(tgt)
+
+    if key is None:
+        if idx > 0 and instructions[idx - 1].opname == 'LOAD_CONST':
+            key = instructions[idx - 1].argval
+        else:
+            return None
+
+    chain_spec = _try_chain_subscript(frame, instructions, idx)
+    if chain_spec is not None:
+        return chain_spec
+
     for i in range(idx-1, -1, -1):
         if instructions[i].opname in ('LOAD_FAST', 'LOAD_DEREF'):
             dict_var = frame.f_code.co_varnames[instructions[i].arg]
-            return PatchSpec('key_guard', dict_var, _infer_default(key, instructions, idx), key_name=key)
+            return PatchSpec('key_guard', dict_var, _infer_subscript_default(instructions, idx), key_name=key)
     return None
 
 def _str_concat_spec(frame, msg):

{codesuture-0.5.0 → codesuture-0.5.1}/codesuture/tracer.py

@@ -79,6 +79,16 @@ class CodeSutureTracer:
         if _is_internal_frame(frame):
             return
 
+        name = getattr(frame.f_code, 'co_qualname', '') or frame.f_code.co_name
+        if '<listcomp>' in name or '<genexpr>' in name or \
+           '<dictcomp>' in name or '<setcomp>' in name:
+            import logging
+            logging.getLogger(__name__).debug(
+                "[CodeSuture] Skipping %s — "
+                "comprehensions are not patchable via __code__", name
+            )
+            return
+
         from codesuture.persistence import HEALED_FUNCTIONS, _heal_key
         from codesuture.code_replacer import get_function_from_frame
         try: