implemented Pillar 10: Zero-Trust Security.

Author: ProgrammerKR

include/ast.h

@@ -42,7 +42,8 @@ typedef enum {
   EXPR_DICTIONARY, EXPR_TERNARY, EXPR_LAMBDA,
   EXPR_DICTIONARY, EXPR_TERNARY, EXPR_LAMBDA,
   EXPR_AWAIT, EXPR_THIS, EXPR_SUPER, EXPR_NEW,
-  EXPR_SANITIZE
+  EXPR_SANITIZE,
+  EXPR_CRYPTO // Encrypt/Decrypt
 } ExprType;
 
 typedef enum {
@@ -62,7 +63,8 @@ typedef enum {
   STMT_MODEL_DECL,
   STMT_MODEL_DECL,
   STMT_QUANTUM_BLOCK,
-  STMT_GPU_BLOCK
+  STMT_GPU_BLOCK,
+  STMT_VERIFY
 } StmtType;
 
 // --- List Structures ---
@@ -115,6 +117,7 @@ typedef struct { char *name; } VariableExpr;
 typedef struct { char *name; Expr *value; } AssignExpr;
 typedef struct { Expr *left; char *operator; Expr *right; } LogicalExpr;
 typedef struct { Expr *value; } SanitizeExpr;
+typedef struct { Expr *value; bool isEncrypt; } CryptoExpr; // isEncrypt=true (encrypt), false (decrypt)
 typedef struct { Expr *callee; ExprList *arguments; } CallExpr;
 typedef struct { Expr *object; char *name; } GetExpr;
 typedef struct { Expr *object; char *name; Expr *value; } SetExpr;
@@ -138,6 +141,7 @@ struct Expr {
     BinaryExpr binary; UnaryExpr unary; LiteralExpr literal; GroupingExpr grouping;
     VariableExpr variable; AssignExpr assign; LogicalExpr logical;
     SanitizeExpr sanitize;
+    CryptoExpr crypto;
     // ... struct pointers for others due to C union size limit usually
     struct { Expr *callee; ExprList *arguments; } call;
     struct { Expr *object; char *name; } get;
@@ -170,13 +174,19 @@ typedef struct { char *name; StringList *params; TypeInfo returnType; } IntentDe
 typedef struct { char *name; char *targetIntent; StmtList *body; } ResolverDeclStmt;
 typedef struct { char *name; StringList *params; TypeInfo returnType; } IntentDeclStmt;
 typedef struct { char *name; char *targetIntent; StmtList *body; } ResolverDeclStmt;
+typedef struct { char *name; StringList *params; TypeInfo returnType; } IntentDeclStmt;
+typedef struct { char *name; char *targetIntent; StmtList *body; } ResolverDeclStmt;
 typedef struct { StmtList *body; char *strategy; int retryCount; StmtList *recoveryBody; } ResilientStmt;
 typedef struct { char *policyName; char *target; StmtList *rules; } PolicyDeclStmt;
 typedef struct { char *name; StringList *capabilities; } NodeDeclStmt;
 typedef struct { char *name; StmtList *fields; } DistributedDeclStmt; 
+typedef struct { char *name; StmtList *fields; } DistributedDeclStmt; 
+typedef struct { char *name; StringList *capabilities; } NodeDeclStmt;
+typedef struct { char *name; StmtList *fields; } DistributedDeclStmt; 
 typedef struct { char *name; char *architecture; StmtList *body; } ModelDeclStmt;
 typedef struct { StmtList *body; } QuantumBlockStmt;
 typedef struct { char *kernelName; StmtList *body; } GPUBlockStmt;
+typedef struct { char *identityName; StmtList *body; } VerifyStmt; // verify identity <name> { ... }
 
 struct Stmt {
   StmtType type;
@@ -201,6 +211,7 @@ struct Stmt {
     ModelDeclStmt model_decl;
     QuantumBlockStmt quantum_block;
     GPUBlockStmt gpu_block;
+    VerifyStmt verify_stmt;
   } as;
 };
 
@@ -225,6 +236,8 @@ Expr *createAwaitExpr(Expr *expression, int line, int column);
 Expr *createThisExpr(int line, int column);
 Expr *createSuperExpr(const char *method, int line, int column);
 Expr *createNewExpr(Expr *clazz, ExprList *args, int line, int column);
+Expr *createSanitizeExpr(Expr *value, int line, int column); // Added prototype
+Expr *createCryptoExpr(Expr *val, bool isEncrypt, int line, int column);
 
 Stmt *createExpressionStmt(Expr *expression, int line, int column);
 Stmt *createVarDeclStmt(const char *name, Expr *init, bool is_const, bool isTemporal, int ttl, int line, int column);
@@ -254,6 +267,7 @@ Stmt *createDistributedDeclStmt(const char *name, StmtList *fields, int line, in
 Stmt *createModelDeclStmt(const char *name, const char *architecture, StmtList *body, int line, int column);
 Stmt *createQuantumBlockStmt(StmtList *body, int line, int column);
 Stmt *createGPUBlockStmt(const char *kernelName, StmtList *body, int line, int column);
+Stmt *createVerifyStmt(const char *identityName, StmtList *body, int line, int column);
 
 ExprList *createExprList();
 void appendExpr(ExprList *list, Expr *expr);

include/scanner.h

@@ -160,7 +160,12 @@ typedef enum {
   TOKEN_TENSOR,
   TOKEN_MATRIX,
   TOKEN_GPU,
+  TOKEN_GPU,
   TOKEN_KERNEL,
+  TOKEN_ENCRYPT,
+  TOKEN_DECRYPT,
+  TOKEN_VERIFY,
+  TOKEN_IDENTITY,
 
   TOKEN_ERROR,
   TOKEN_EOF

src/compiler/lexer/scanner.c

@@ -232,6 +232,9 @@ static PxTokenType identifierType(Scanner *scanner) {
         if (scanner->current - scanner->start > 2) {
           switch (scanner->start[2]) {
             case 'c':
+              // decay vs decrypt (dec...)
+              if (scanner->current - scanner->start > 3 && scanner->start[3] == 'r')
+                  return checkKeyword(scanner, 4, 3, "ypt", TOKEN_DECRYPT);
               return checkKeyword(scanner, 3, 2, "ay", TOKEN_DECAY); // decay
             case 'i': // distributed
               return checkKeyword(scanner, 2, 9, "stributed", TOKEN_DISTRIBUTED);
@@ -274,6 +277,7 @@ static PxTokenType identifierType(Scanner *scanner) {
       case 'n':
         if (scanner->current - scanner->start > 2) {
             switch (scanner->start[2]) {
+                case 'c': return checkKeyword(scanner, 3, 4, "rypt", TOKEN_ENCRYPT); // encrypt
                 case 'u': return checkKeyword(scanner, 3, 1, "m", TOKEN_ENUM);
                 case 't': return checkKeyword(scanner, 3, 4, "angle", TOKEN_ENTANGLE); // entangle
             }
@@ -541,7 +545,16 @@ static PxTokenType identifierType(Scanner *scanner) {
   case 'u':
     return checkKeyword(scanner, 1, 2, "se", TOKEN_USE);
   case 'v':
-    return checkKeyword(scanner, 1, 3, "oid", TOKEN_VOID);
+    if (scanner->current - scanner->start > 1) {
+         switch(scanner->start[1]) {
+             case 'a': return checkKeyword(scanner, 2, 1, "r", TOKEN_VAR);
+             case 'e': return checkKeyword(scanner, 2, 4, "rify", TOKEN_VERIFY); // verify
+             case 'o': return checkKeyword(scanner, 2, 2, "id", TOKEN_VOID);
+         }
+    }
+    // Fallback? Original 'void' used to be handled directly under 'v' -> check 1, 3 "oid"
+    // But now we branch.
+    return TOKEN_IDENTIFIER;
   case 'w':
     return checkKeyword(scanner, 1, 4, "hile", TOKEN_WHILE);
   }