fivedev/five
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f26911177f707192446dc6e7b7a99375cb4d4da5
five/rag/README.md
CharlesKWON f26911177f docs(rag): add security idioms & gotchas (06-security.md) 
Capture the hardening patterns from the solmade audit so future Five work
reuses them: authorize on resolved function name (not URL path), CSPRNG
session tokens stored as hashes, argon2id with legacy-verify + upgrade,
login rate-limit + timing-safe dummy hash, bluemonday HTML sanitize vs
EscHtml, security headers + nonce CSP, upload allowlist (no SVG), bind-all
SQL. Theme: thin Go RTL over an ecosystem crypto lib. INDEX/README updated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-15 15:49:49 +09:00

2.3 KiB
Raw Blame History

Five RAG — knowledge corpus for LLM agents writing Five

A compact, retrieval-ready knowledge base that lets an LLM read and write Five (xBase/Harbour → Go) code correctly without prior training on it. This is the practical form of "give the model the grammar via RAG": grammar + RTL surface + real idioms + the long-tail gotchas.

Why this exists

Five is token-dense, so the corpus needed to teach a model is small and cheap to inject — a dense language is cheaper to RAG than a verbose one. Grammar/RTL retrieval closes most of the gap; the accumulating gotchas file closes the semantic long tail.

Contents

File What it covers
01-overview.md What Five is, design priorities, the two runtimes, compile model
02-syntax.md Declarations, literals, operators, control flow, code blocks
03-rtl-catalog.md Runtime-library functions (strings, array, hash, JSON, date, regex, charset, …)
04-idioms.md Web/worker patterns: HTTP endpoint, routing, Postgres, job queue, LLM, build/deploy
05-gotchas.md Non-obvious traps + fixes (the highest-signal file)
06-security.md Web security patterns: authz, sessions, password hashing, XSS, CSP, uploads
INDEX.md Retrieval manifest (doc → keywords + one-line)

Every file has YAML frontmatter (doc, title, keywords, summary) for ranking.

How to consume

  • Direct context injection (simplest): for a small/medium task, paste the relevant doc(s). For broad work, 01+02+05 fit easily; pull 03/04 sections as needed.
  • Keyword retrieval (e.g. bluge / ripgrep): index the .md files; rank on the frontmatter keywords + body. INDEX.md is a hand-curated routing table.
  • Embedding RAG: chunk by ## headers (each section is self-contained). Frontmatter summary makes a good chunk preamble.

Suggested system-prompt pointer: "When writing Five (.prg) code, consult the Five RAG at fivedev/five/rag/ — especially 05-gotchas.md — and prefer patterns from 04-idioms.md."

Maintenance

  • Keep 03-rtl-catalog.md honest against hbrtl/register.go (names are authoritative; rare signatures may drift).
  • Append every new trap to 05-gotchas.md. That file is the compounding asset.
  • Grammar truth: compiler/{lexer,parser,ast}. Idiom truth: the solmade app.
Reference in New Issue View Git Blame Copy Permalink