codesuture 0.7.0__tar.gz → 0.7.1__tar.gz

codesuture-0.7.1/.gitignore

@@ -0,0 +1,53 @@
+# ---------------------------
+# Python
+# ---------------------------
+__pycache__/
+*.pyc
+*.pyo
+*.egg-info/
+dist/
+build/
+
+# ---------------------------
+# Virtual environments
+# ---------------------------
+.venv/
+env/
+venv/
+
+# ---------------------------
+# IDE / editor
+# ---------------------------
+.vscode/
+.idea/
+*.code-workspace
+
+# ---------------------------
+# CodeSuture runtime artifacts
+# ---------------------------
+.codesuture_store/
+.codesuture_cache/
+.livepatch_cache/
+.codesuture_fingerprints
+.models/
+
+# ---------------------------
+# Test / CI artifacts
+# ---------------------------
+.pytest_cache/
+htmlcov/
+.coverage
+*.log
+
+# ---------------------------
+# Planning & roadmap (local only)
+# ---------------------------
+ROADMAP.md
+implementation_plan.md
+task.md
+walkthrough.md
+
+# ---------------------------
+# Old verification suites (deleted)
+# ---------------------------
+v4test/

{codesuture-0.7.0 → codesuture-0.7.1}/CHANGELOG.md

@@ -5,6 +5,74 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.7.1] - 2026-05-25
+
+### Fixed — Safety Hardening
+- **Index guard no longer returns wrong item:** `index_guard` now returns a
+  type-appropriate default value instead of clamping the index to 0 (which
+  silently returned `list[0]` — a data corruption bug)
+- **Callable guard no longer replaces unknown functions with `lambda: 0`:**
+  Unknown callables are skipped with a warning instead of being silently
+  replaced with a stub that could bypass validation logic
+- **Exception tracebacks shown by default:** `_codesuture_excepthook` now
+  prints a structured summary of self-healed exceptions instead of
+  suppressing all output; use `--silent` to restore old behavior
+- **Rollback restores runtime code:** `codesuture rollback` now restores
+  original bytecode in memory (not just deletes files); original code
+  objects are backed up before patching and saved as `.orig.code` files
+- **Marshal integrity checks:** Persisted `.code` files now include SHA-256
+  checksums in metadata; tampered files are refused on load
+- **Thread safety:** Added locking on `HEALED_FUNCTIONS`,
+  `ANNOUNCED_HEALED_FUNCTIONS`, `_retried_exc_types`, fingerprint registry,
+  and `CodeSutureMetaFinder` recursion guard (now uses `threading.local()`)
+- **`_INLINE_STRATEGIES` set populated:** Try-block detection for inline
+  strategies (`subscript_guard`, `key_guard`, `division_guard`,
+  `chain_subscript_guard`) is now active — previously disabled by empty set
+- **Safe tuple propagation:** Replaced dangerous `ctypes` memory write into
+  tuple `ob_item` array with safe `code.replace(co_consts=...)` approach
+
+### Added — CPython 3.12+ Compatibility
+- **`codesuture/opcodes.py`:** Version-aware opcode abstraction layer
+  providing correct opcode names, instruction builders, and opcode name
+  sets for Python 3.11, 3.12, and 3.13+
+- All guard builders now use `opcodes.py` instead of hardcoded 3.11-only
+  opcode names (`PRECALL`, `POP_JUMP_FORWARD_IF_FALSE`, `LOAD_METHOD`)
+- Pattern matcher uses opcode sets for resilient bytecode analysis across
+  Python versions
+- Frame rewind offset detection is now runtime-detected instead of
+  hardcoded to CPython 3.11 struct layout (`id(frame) + 40`)
+- CLI: added `--silent` flag to `codesuture run`
+
+### Changed
+- Removed old test files, v4test/ verification suite, and heavily-mocked
+  tracer test; replaced with comprehensive new test suite
+
+### Fixed — Audit Round (Post-Release)
+- **`_eval_fix.py`:** Fixed `ImportError` — was importing `apply_fix_with_info`
+  which doesn't exist; changed to `apply_fix`
+- **`_build_subscript_guarded_code`:** No longer calls `.get()` on lists/tuples;
+  now checks `isinstance(container, dict)` before using `.get()`, falls back to
+  direct subscript for non-dict containers
+- **`rollback_runtime`:** Removed dead `gc.get_referrers` loop that had only `pass`
+  in its body
+- **`middleware.py`:** Retry tracking now uses `(exc_type, filename, func_name)`
+  tuple instead of bare exception type — prevents second crash of same type in
+  different function from being silently ignored
+- **`persistence.py`:** Thread name now uses `threading.current_thread().name`
+  instead of hardcoded `"MainThread"`; `datetime.utcnow()` replaced with
+  `datetime.now(timezone.utc)` (Python 3.12 deprecation fix);
+  `_iter_cached_function_names` now excludes `.orig.code` files
+- **`audit.py`:** Unicode box-drawing characters now actually used when terminal
+  supports them (was identical ASCII `|` on both branches);
+  `datetime.utcnow()` deprecation fixed
+- **`rollback.py`:** `datetime.utcnow()` replaced with timezone-aware datetime
+  (was causing `TypeError` when comparing with timezone-aware `patched_at` values)
+- **`tracer.py`:** `--silent` flag now gates ALL 20+ informational print statements
+  (fingerprint hits, patch applied, already healed, etc.); errors/warnings still
+  always print
+- **`opcodes.py`:** Added Python 3.13 compatibility documentation; expanded
+  `SUBSCRIPT_OPCODES` to include `BINARY_SLICE` for 3.13 slice operations
+
 ## [0.7.0] - 2026-05-17
 
 ### Added

{codesuture-0.7.0 → codesuture-0.7.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: codesuture
-Version: 0.7.0
+Version: 0.7.1
 Summary: Runtime Python bytecode patcher with guard knowledge base, persistence, and self-healing re-execution
 License-Expression: MIT
 Project-URL: Source, https://github.com/codesuture/codesuture
@@ -11,6 +11,7 @@ Classifier: Topic :: Software Development :: Debuggers
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Requires-Python: >=3.11
 Description-Content-Type: text/markdown
 License-File: LICENSE
@@ -21,7 +22,14 @@ Dynamic: license-file
 
 # CodeSuture
 
-**Runtime guard synthesis for CPython. Catches structural crashes, patches live bytecode, keeps your server running.**
+![CodeSuture Banner](assets/banner.png)
+
+**Runtime guard synthesis for CPython 3.11+. Catches structural crashes, patches live bytecode, keeps your server running.**
+
+[![Version](https://img.shields.io/badge/version-0.7.1-blue)]()
+[![Python](https://img.shields.io/badge/python-3.11%2B-brightgreen)]()
+[![License: MIT](https://img.shields.io/badge/license-MIT-green)](LICENSE)
+[![Status](https://img.shields.io/badge/status-beta-orange)]()
 
 ```
 pip install codesuture
@@ -97,11 +105,11 @@ No 500. No traceback. Server process intact.
 
 ## How it works
 
-1. **Catch** — `sys.settrace` intercepts exceptions at the exact frame and bytecode offset.
+1. **Catch** — `sys.settrace` (3.11) or `sys.monitoring` (3.12+) intercepts exceptions at the exact frame and bytecode offset.
 2. **Analyze** — The pattern matcher walks the instruction chain and identifies the failing variable or operation.
 3. **Patch** — The guard synthesizer injects new bytecode into the function's code object. A semantic diff gate rejects patches that change too much logic.
-4. **Rewind** — Execution restarts from the patched function. The guard prevents recurrence.
-5. **Persist** — The patched code object is serialized to `.codesuture_store/` with JSON metadata. Subsequent runs load it before the first call.
+4. **Rewind** — Execution restarts from the patched function via `f_lineno` setter. The guard prevents recurrence.
+5. **Persist** — The patched code object is serialized to `.codesuture_store/` with SHA-256 integrity checks and JSON metadata. Subsequent runs load it before the first call.
 
 No source files are modified.
 
@@ -121,6 +129,7 @@ No source files are modified.
 | `str_coerce_guard` | `TypeError` on string concat | `"age: " + 25` |
 | `file_guard` | `FileNotFoundError` | `open(path)` when file is missing |
 | `callable_guard` | `TypeError` calling `None` | `func()` when `func` is `None` |
+| `return_guard` | `TypeError` on `None` return | Downstream use of a `None` return value |
 
 ---
 
@@ -129,16 +138,17 @@ No source files are modified.
 | Command | Flags | What it does |
 |---|---|---|
 | `codesuture run <script>` | | Run with live patching |
-| `codesuture run <script>` | `--verbose` | Show patch diffs and instruction deltas |
-| `codesuture run <script>` | `--shadow` | Warn when patched functions return sentinel values |
-| `codesuture run <script>` | `--dry-run` | Preview patches without applying |
-| `codesuture run <script>` | `--ttl DAYS` | Set patch expiry (default: 7 days) |
-| `codesuture run <script>` | `--retries N` | Max re-execution attempts (default: 3) |
+| | `--verbose` | Show patch diffs and instruction deltas |
+| | `--shadow` | Warn when patched functions return sentinel values |
+| | `--dry-run` | Preview patches without applying |
+| | `--silent` | Suppress all informational output |
+| | `--ttl DAYS` | Set patch expiry (default: 7 days) |
+| | `--retries N` | Max re-execution attempts (default: 3) |
 | `codesuture watch <script>` | `--max-restarts N` | Run continuously, restart after each patch |
 | `codesuture audit` | | Show all active patches in a table |
 | `codesuture explain` | | Plain-language breakdown of every patch |
 | `codesuture explain <name>` | | Explain one function's patch |
-| `codesuture rollback <name>` | | Remove one persisted patch |
+| `codesuture rollback <name>` | | Remove one persisted patch and restore runtime code |
 | `codesuture rollback` | `--all` | Remove all patches and fingerprint registry |
 | `codesuture rollback` | `--dry-run` | Preview what would be removed |
 
@@ -156,15 +166,6 @@ Every patched response carries:
 X-CodeSuture: patched=1; guard=<type>; target=<variable>
 ```
 
-Four crash types, one server, all returning 200:
-
-```
-"GET /user-data HTTP/1.1"       200  ← null_guard on None object
-"GET /config HTTP/1.1"          200  ← key_guard on missing key
-"GET /process-payment HTTP/1.1" 200  ← type_coercion_guard on bad input
-"GET /latest-user HTTP/1.1"     200  ← chain_subscript_guard on out-of-bounds
-```
-
 ### WSGI middleware
 
 ```python
@@ -173,21 +174,19 @@ from codesuture.middleware import CodeSutureMiddleware
 app = CodeSutureMiddleware(wsgi_app)
 ```
 
----
+See the implementation in [codesuture/middleware.py](codesuture/middleware.py).
 
-## Runtime Intelligence
-
-**Semantic diff gate** — Patches that modify too many instructions for the guard type are automatically rejected. The engine never corrupts a complex function to patch a simple crash.
-
-**Caller-aware propagation** — After patching, CodeSuture uses `gc.get_referrers` to update every live reference to the original code object: closures, bound methods, partials. No stale copy survives.
-
-**Shadow execution mode** — `--shadow` monitors return values of patched functions. If a sentinel default leaks into downstream logic, a warning fires before it causes a second failure.
-
-**Patch expiry** — Every persisted patch carries a TTL. When it ages past the limit, CodeSuture logs a reminder to fix the root cause in source. Patches are scaffolding, not permanent fixes.
+---
 
-**Bytecode fingerprint registry** — Crash sites are hashed by their surrounding instruction window. Repeat patterns get instant cached guard application without re-analysis.
+## Safety features
 
-**Audit trail** — `codesuture audit` shows every active patch: function, guard type, target, default value, age. `codesuture explain` gives a plain-language breakdown of what changed and whether the default is safe downstream.
+- **Semantic diff gate** — Patches that modify too many instructions are rejected. The engine never corrupts a complex function to fix a simple crash.
+- **SHA-256 integrity** — Persisted patches are checksummed. Tampered `.code` files are refused on load.
+- **Caller-aware propagation** — After patching, `gc.get_referrers` updates every live reference: closures, bound methods, partials. No stale copy survives.
+- **Patch validation** — Synthesized bytecode is checked for `LOAD_FAST` references to variables not in `co_varnames`. Invalid patches are rejected before application.
+- **Patch expiry (TTL)** — Every patch carries a time-to-live. Aged patches trigger a warning to fix the root cause in source.
+- **Thread safety** — All shared state (fingerprint registry, persistence store, healed function sets) is protected by locks.
+- **Rollback** — `codesuture rollback` removes persisted files AND restores original code in the running process.
 
 ---
 
@@ -197,12 +196,13 @@ app = CodeSutureMiddleware(wsgi_app)
 
 **Not a static analyzer.** It operates at runtime on live bytecode, not on source.
 
-**Not autonomous.** Patches should be reviewed via `codesuture audit` and `codesuture explain`. The goal is to keep your program running while you fix the root cause — not to replace the fix.
+**Not autonomous by default.** All patches are deterministic rule-based guards. An opt-in `--autonomous` flag exists for experimental LLM-powered suggestions via local models, but it is off by default and never auto-applies fixes.
 
 ---
 
-## Limitations
+## Known limitations
 
+<<<<<<< HEAD
 **Python 3.11+ only.** CodeSuture depends on CPython 3.11 bytecode structures.
 
 **Comprehensions are not patchable.** List, dict, set, and generator comprehensions are anonymous nested code objects. CodeSuture logs a warning and skips them. Refactor into a named function to enable patching.
@@ -219,16 +219,31 @@ app = CodeSutureMiddleware(wsgi_app)
 
 ## Roadmap
 
-Tracked in `ROADMAP.md`. v1.0 themes:
+Tracked in [ROADMAP.md](ROADMAP.md). v1.0 themes:
 
 - `sys.monitoring` as the default engine on Python 3.12+ (zero line-tracing overhead on hot paths)
 - Stronger transaction recovery boundaries across web frameworks
 - Verified source-level repair proposals via local LLM
 - Fleet governance, audit lifecycle, and incident export
 - Language-neutral incident protocol for future polyglot adapters
+=======
+- **Python 3.11+ only.** Depends on CPython bytecode structures introduced in 3.11.
+- **3.12+ frame rewind.** The Python-level `f_lineno` setter is used on 3.12+. The ctypes fallback is disabled on 3.12+ to prevent memory corruption from struct layout changes.
+- **Comprehensions are not patchable.** List/dict/set/generator comprehensions are anonymous nested code objects. CodeSuture logs a warning and skips them.
+- **Semantic bugs are out of scope.** CodeSuture fixes structural crashes — null access, missing keys, type mismatches, bounds errors. Logic errors that produce wrong results without crashing cannot be detected.
+- **Single-process scope.** Patches apply per-process. `.codesuture_store/` is shared on disk, so patches persist across restarts.
+- **Async support is experimental.** Standard `async def` functions are patched. Async generators and deeply nested `await` chains may not be handled correctly.
+- **HTTP recovery is validated against `http.server`.** Full ASGI framework support is not yet implemented.
+>>>>>>> 0cedff8 (v0.7.1: safety hardening, audit fixes, 3.12+ compat, 120 tests)
 
 ---
 
 ## License
 
-MIT. See `LICENSE` for details.
+<<<<<<< HEAD
+MIT. See [LICENSE](LICENSE) for details. For a detailed history of changes, see the [Changelog](CHANGELOG.md).
+=======
+MIT. See [LICENSE](LICENSE) for details.
+
+For a detailed history of changes, see the [Changelog](CHANGELOG.md).
+>>>>>>> 0cedff8 (v0.7.1: safety hardening, audit fixes, 3.12+ compat, 120 tests)