Encryption & Security

Last modified: 24 May 2026

What is this?

ArkCode features native cryptography and security functions baked directly into the interpreter engine.

What is its purpose?

To eliminate the need for integrating complex third-party security libraries. It provides immediate, zero-setup protection for files and directories at rest.

Where and how it can be used

You can use it to secure sensitive user data, API tokens, or configuration files in your applications by locking them behind password-protected encryption blocks. You can secure individual files or lock down entire directory trees recursively.

// Encrypt a single file
encryptfilepasswd("config.json") = "admin_secret_key"

// Recursively secure an entire user data folder
encryptfolderpasswd("/var/app_data") = "master_key_9000"

How it works

When the compiler intercepts an encryption token, it pauses standard execution. The target file is opened natively in C++, and its byte array is piped through ArkCode's internal encryption algorithms using the payload string as the initialization key. The bytes on the disk are then safely mutated, rewritten, and sealed.

Low-Level System Crash Interception & Source Mapping

To prevent unhandled hardware-level segmentation faults (SIGSEGV) or arithmetic exceptions (SIGFPE) from silently killing the runtime, ArkCode registers custom native signal handlers. The compiler injects thread-local source mapping code during AOT and JIT execution passes. If a low-level engine crash occurs, the signal handler captures it, translates the instruction pointer back to the original source file, line number, and column offset, and outputs a clean, non-emoji message: [ArkCode Runtime Error] Low-level system crash along with the source mapping traceback details.

Static Analysis Warning System

ArkCode includes a compile-time static analyzer that scans the syntax tree before compilation or execution begins. It detects potential code quality or configuration issues and prints clear warning diagnostics prefixed with [ArkCode Warning]. Currently, the compiler alerts developers for:

• Variables declared mutable via varue but never reassigned/modified throughout the code scope.
• Remote packages imported via insecure, unencrypted HTTP URLs (http://).

Where it can't be used and why

It cannot be used for asymmetric network cryptography or generating SSL certificates. The built-in encryption is strictly designed for local disk data-at-rest protection. It does not handle remote TLS handshakes or public/private keypair generation.