fivedev/five
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4ce927a8de2a7c624acb108c2b95a1fedbb83017
five/rag/INDEX.md
CharlesKWON f26911177f docs(rag): add security idioms & gotchas (06-security.md) 
Capture the hardening patterns from the solmade audit so future Five work
reuses them: authorize on resolved function name (not URL path), CSPRNG
session tokens stored as hashes, argon2id with legacy-verify + upgrade,
login rate-limit + timing-safe dummy hash, bluemonday HTML sanitize vs
EscHtml, security headers + nonce CSP, upload allowlist (no SVG), bind-all
SQL. Theme: thin Go RTL over an ecosystem crypto lib. INDEX/README updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 15:49:49 +09:00

2.4 KiB
Raw Blame History

Five RAG — retrieval manifest

Route a query to the right doc(s). Each row: file · when to retrieve · keywords.

File Retrieve when the task involves… Keywords
01-overview.md orienting on what Five is, runtimes, compile model, "where do I look" five, fivenode, overview, philosophy, token-density, harbour, xbase, compile, go, runtime, gengo intrinsic
02-syntax.md writing any Five code — declarations, control flow, literals, operators, blocks syntax, grammar, FUNCTION, PROCEDURE, LOCAL, STATIC, IF, FOR, FOR EACH, DO WHILE, DO CASE, BEGIN SEQUENCE, IIF, code block, array, hash, string literal, operators, := == $
03-rtl-catalog.md "what function does X" — string/array/hash/json/date/regex/charset/math/crypto builtins rtl, builtin, Len, SubStr, Left, Right, At, Upper, AllTrim, PadL, PadR, StrTran, Chr, Asc, Val, Str, hb_NToS, hb_CStr, AAdd, AScan, AEval, hb_HGetDef, hb_HHasKey, hb_jsonDecode, hb_jsonEncode, ValType, HB_ISHASH, regex, HB_GETCHARSET, date, hb_ATokens
04-idioms.md building an endpoint, DB access, async/queue work, calling the LLM, building/deploying idioms, http, endpoint, routing, AP_BODY, AP_GETPAIRS, AP_JSONRESPONSE, ctx_set, ctx_get, LABDB_GET_PG, PG_QUERY, PG_EXEC, PG_LAST_ERROR, RETURNING, CREATE TABLE IF NOT EXISTS, text_tasks, FOR UPDATE SKIP LOCKED, job queue, LLM_CHAT, fnode, build.sh, launchctl
05-gotchas.md debugging "why doesn't this work", or BEFORE editing string funcs / charset / SQL / LLM gotcha, trap, intrinsic, gengo, charset, utf8, string escape, Chr, pgrtl string columns, Val, hb_CStr, model local, ResolveLlmModel, two runtimes, fnode, analyzer warning, CWD module resolution
06-security.md adding auth/login, sessions, password hashing, file uploads, or rendering user content into HTML security, auth, authorization, role gate, session token, csprng, crypto/rand, argon2, password hash, xss, bluemonday, sanitize, csp, security headers, rate limit, cookie, upload, sql injection

Quick routing heuristics

  • Writing new code → 02 + 04, and skim 05 first.
  • "Which builtin?" → 03.
  • Bug that defies the grammar → 05 (almost always the answer is here).
  • "Why is my hbrtl edit ignored?" → 05 §1 (inlined intrinsics).
  • Korean/multibyte length/char issues → 05 §2,§3 + 03 charset section.
  • Numbers read from DB are wrong → 05 §4.
Reference in New Issue View Git Blame Copy Permalink