mORMot Open Source

it's expected for a self-signed certificate, you should be able to read SEC_E_CERT_UNKNOWN / error 87. It means windows/SChannel cannot validate the certificate chain or certificate trust state. Ignore at debugger level. You can also add the certificate to your host store and test again (for the science..).

Im not on computer atm, will tell you that in an hour or so as I dont remember.

I reproduced it with sample on #60 - on Delphi 12.3 (not tested against fpc yet) and only with useHttpSocket. If you set thread pool to, eg. 8 you can get the issue quite fast. On delphi, debugger almost stay silent and program hung. If an instance of the services is registered on server, with the orm instance passed on constructor, then the debugger can catch the AV easily on delphi 12.3.

Thanks @zen. I remember now that you mentioned the BMAD method in another thread. I also remember that, after reading the README, I wanted to actively test it but then I completely forgot to do it!

Thanks for the reminder - I'll definitely give it a real try, and maybe eventually publish something specialized in the same way I did for superpowers.

Ok, let me write a better README, and I'll take the time to make a screencast or video comparing both runs: without, and with the plugin.

I assume you’re not familiar with the superpowers plugin. Do you use claude-code yourself?

The logs you just posted here only show what was already in your very first message, as also mentioned in the quote from my reply #16.

What I tried to ask there was not a new or overly simple piece of code, but a reproducible sample based on your actual code, with the relevant services, server initialization, database initialization, and related code simplified as much as possible.

What I mean is: if your code is not top-secret, copy your project, simplify it until the issue still happens, provide some dummy data, and then share it here privately if needed. By doing that, you will likely be able to identify where the issue really occurs.. or we will be able to help you and not only guess things as we already know the root cause.

the message itself really give hint about what @daniel is suggesting: wrong multi-thread usage.

you really need to give more information and eliminate causes. First answer @ab and tell us:

- version of libpq in use

then,
- check if is zeos-specific by running the same sql:
  1. psql,
  2. pgAdmin,
  3. a tiny test executable using only one connection and one thread

- eliminate the dll ambiguity:
  1. copy the chosen libpq.dll to the EXE folder (keep only the dependent DLLs required by that build)
  2. temporarily rename any other libpq.dll reachable through PATH

But again, it seem to be a thread issue:

https://www.postgresql.org/docs/current … -flow.html

I added a small extension to mormot.core.os that is "discussed" there. No patch needed, it just work as is.

@ab I will send the PR about the markdown patches soon. I fixed a bug recently and I have to finish to write the missing tests based on the 677 examples of the gfm spec to make the patches solids.

I'm not sure it's finished or stable yet either

I checked, tested it by adding it to the demo, and also read the reference. I now remember that I forgot to check it again against HtmlEscapeMarkdown(). I used this code a few years ago in a project where I needed full GFM support for an integrated editor.

In the core HtmlEscapeMarkdown(), the most notable missing feature is heading support, which is important and should be added imo.

See, first image is HtmlEscapeMarkdown(), second in the extension/GFM: https://imgur.com/a/eLaPCbH

The spec for the GFM dialect is there: https://github.github.com/gfm/

I've just added a new single-unit extension for processing markdown. It supports the common markdown dialects as well as GitHub Flavored Markdown (GFM). A VCL demo is included so you can experiment with it.

This extension was primarily created because I've long wanted to build a static site generator powered by mormot. You'll be able to see it in action in a MVC project that should be released this weekend. It will serve the documentation for the mormot-extensions repo (btw, I still need to brainstorm on the cli tool).

With this approach, only two mustache templates was made and documentation can simply be published as markdown files on the server, or updated automatically through a ci/cd pipeline after pushing changes to a git repository.

Exactly.

In the video there was not skill involved, I just connected the MCP (from the demos folder) and asked the agent to return my ip available mcp tools ("public_ip" that return ip and time, see there).

But a skill could have been set to tell the agent what to use and what to call when asked to return a public ip. You can read on @openai codex repo or claude cli, etc to see how they write skills there. I suggest you to read an introduction on what are skills, maybe on anthropic or openai blog, doesn't matter.

I will not get into hardware things, you know that if you run things on CPU it will be slow as f*** - that's said, you have a lot of available tools like ollama, lama.cpp, lmstudio.

To get started I recommend LM Studio:
- Really easy to use. It's easy to fetch, load and experiment different open source models - you can even literally paste the url of a model from huggingface.co into the app, it will download and be ready to use. You can also start an api server from the app to interact with.

I suggest you start with following models: Mistral, Llama 3, or Qwen and for more models look there, @TheBloke's published models

- fun but experimental, stay with Pascal: https://github.com/BeRo1985/pasllm

MCP servers are cool. MCP is not an AI model. It's more a bridge that gives the model access to tools, local or remote (and i'm sure you already heard about Skills too).

For example, with an MCP you can expose a tool so the model can fetch specific data from your REST service (for example using "orm.RetrieveDocVariantArray()"), and then analyze this data with a dedicated Skill.

If we take the mvc-blog sample:

- the MCP gives the model a tool to return a list of posts based on your own criteria,
- the Skill lets the model act like an analytics expert and produce a summary.

We could then automate the SEO and posting of our blog - you can see how the model could update or rewrite articles with this kind of flow:

1. MCP: get analytics data from your Google SearchConsole
2. Skill: analyze low-ranked articles
3. MCP: fetch the articles from your system
4. Skill: analyze the content and think about improvements
5. MCP: update the post in the database

So the Skill handles the thinking and SEO logic, and the MCP handles the access to real data and real actions.

Another example: if your MCP exposes tools like "FindWindow()", "MoveMouse()", "SendKey()", etc. then the model could really interact with your computer.

So basically:

Skill = how the model thinks (expert logic).
MCP = what the model can do (actions).

Most of the time you need both: a skill for reasoning, and an MCP to connect and act in the real world. Possibilities are endless.

Use "OrmMapExternal()" - example

Hello everyone,

first of all, thanks Javierus for throwing tokens into this set of samples!

disclaimer: I really don't want to sound like a party pooper

IMHO, when samples are generated with AI models, we should enforce a simple rule: the sample should include its own tests.

Not to annoy anyone, but rather for quality reasons, and to avoid potential frustration for new users. As @rcla already mentioned, there are still errors. I personally tested two samples (26-middleware_analytics and 51-react), and neither of them worked, tested with Delphi 12.3 and FPC.

My opinion, having non-working samples in the official repository can negatively impact how newcomers perceive mormot when they just want to try things out. I strongly believe in quality over quantity. I'm allowing myself to say this because, just this week, I tried again to give FMX (with Alcinoe) a LAST chance for an iOS/Android project... failed miserably and ended up coding the apps natively with Xcode/Swift and Android Studio, simply because the IDE combined with the libraries (and the samples) generated too much frustration  (remember that gif?)

The only thing that works exactly as I expect, without complaining, is my mORMot servers

To me I liked @mpv idea suggested in this topic.

Yeah, I know... in the end, I am a bit of a party pooper

Got it, I read a thread about it and found the og templates.

My previous comment still apply, add your security schemes and security prop to paths like how its explained in the doc (anyway you have to look at the doc of swagger v2).

You need to add securitySchemes and then defining a scheme on your auth endpoint (path). Just check swagger doc.

I might have read your post in diagonal and misunderstood some parts of it - will read it again

hi gcarreno,

Append `/json` at the end of the url to see what happen   (it was primarly made for debugging purpose, but it can be consumed as is too).

I wrote some parts of rock migration, a module used by ProcessWire community (I am pretty sure you know it) so I can clearly see what you have in mind. As you already mentioned, things turn a bit different with a compiled approach but not that much I think.

I've just published a very minimal example here showing how to compare current model table with external table fields to remove orphaned columns. Then, imagine you set up a proper ci/cd pipelnie for example with jenkins and fpc, you could write migration files to be consumed by your flow, compile, deploy. And as mormot is able to serialize any class/record into a json object, writing a migration module similar to what you’d have on cakephp to keep or rollback your db/api definition should be ok. Anyway, nothing native yet  

Hope this points you in more or less the right direction

Idk if the following is related and could give some hints. I have the same issue on Windows 7; Recently, we switched new deployed computers on Windows 10 and the same issue is happening.

The current http server is apache reverse proxy for a specific reason using a Sectigo RSA certificate. Actually, I havn't tried to fix it, but I observed the following:
- on my own computer, the error isn't triggered.
- some months ago, I could fix it on Windows 7 by registering missing certs on the local certificate store.

So on my side, I suspect a problem on the certificate chain. I will have more info in the next day as we have renewed the certificate and I will update the server conf.

25/06/2025 07:49:02.464	Enter	73	 mormot.rest.http.client.TRestHttpClientSocket(77b1a0).CallBackGet api/timestamp
25/06/2025 07:49:02.464	Enter	73	    mormot.rest.http.client.TRestHttpClientSocket(77b1a0).InternalUri GET
25/06/2025 07:49:03.560	Exception	73	       ESChannel {Message:"<the.domain.fr>: HandshakeStep returned 8009030F [SEC_E_MESSAGE_ALTERED], System Error 5 [ERROR_ACCESS_DENIED]"} [] at 01285bdf mormot.net.sock.windows.inc TSChannelNetTls.ESChannelRaiseLastError (1927)   {65529.79 4.99 12 0.8GB/2GB 1db10a01}
25/06/2025 07:49:03.560	Exception	73	       ESChannel {Message:"recv: Handshake aborted"} [] at 01285d26 mormot.net.sock.windows.inc TSChannelNetTls.FreeAndCheckSocket (1948)   {65529.79 4.99 12 0.8GB/2GB 1db10a01}
25/06/2025 07:49:03.560	Exception	73	       ESChannel {Message:"recv: Handshake aborted"} [] at 01285d26 mormot.net.sock.windows.inc TSChannelNetTls.FreeAndCheckSocket (1948)   {65529.79 4.99 12 0.8GB/2GB 1db10a01}
25/06/2025 07:49:03.560	Client	73	       mormot.rest.http.client.TRestHttpClientSocket(77b1a0) GET api/timestamp status=666 len=0 state=0
25/06/2025 07:49:03.560	Leave	73	    01.102.694
25/06/2025 07:49:03.560	Enter	73	    mormot.rest.http.client.TRestHttpClientSocket(77b1a0).InternalUri GET
25/06/2025 07:49:04.720	Client	73	       mormot.rest.http.client.TRestHttpClientSocket(77b1a0) GET api/timestamp status=200 len=12 state=0
25/06/2025 07:49:04.720	Leave	73	    01.173.370
25/06/2025 07:49:04.720	Service return	73	    mormot.rest.http.client.TRestHttpClientSocket(77b1a0) 135919590467
25/06/2025 07:49:04.720	Leave	73	 02.276.213

The issues I'm aware of (using ssl tools):
- The chain doesn't contain any intermediate certificates

This is beyond the scope of jwt thing, you didn't described how you are adding user and I then assume you are adding manually an user into the external auth user table: if ORM cache is enabled, then this behavior is expected. You could read that you are hitting orm cache on the console by enabling server logs (and by reading the manual).

Thats said, set db.usecache to false or write a small rest client tool for adding your users..

I see, your file is probably missing something or contain a bad formatting. Swagger doesn't care about the server itself, it's about the file definition.

Yes I've read your comment (I edited it on the PR )  It was not really a bug but a change on the framework implementation. I didn't had the time to push my changes and merging @koraycayiroglu code.

Yes you can, just register your service with bypassauthentication true. On the initial sample they were implemented as service methods as I think it fit better to access service context. You can mix both interface/service methods without problem.

Personal taste, I feel more comfortable using IDocDict/List. Maybe take a look at this blog post if it helps (check the advanced features: filtering, searching):

https://blog.synopse.info/?post/2024/02 … hi-and-FPC

Hi @ab, I did some testing - Delphi 12.3 and FPC - and then:

- without rsoPerConnectionNone, client auth is fine (this was failing).
- enabling rsoPerConnectionNone, client fail at CheckPassoword()

fServer.fOptions:

[rsoNoInternalState,rsoNoTableURI,rsoMethodUnderscoreAsSlashUri,rsoPerConnectionNonce]

srvr       mormot.rest.server.TRestServerRoutingRest(0334c340)   Method GET root/auth?username=Admin=200 out=77 B in 3.09s
ret         ServerApiHost.TAppServer(033e9f40) Method len=77 {"result":"bd1a5ead8e255448fd09484e56e33a66ea8cefc3f6d3804735cb6cf7a46881c0"}
[debug] GET /root/auth?username=Admin&password=e23f6a5756da303c6b36de49077cb51d6828768a2763b0b82678122deba05ac8&clientnonce=58671B01_0fb7691644db0de2e1bd776ed8466eb2
[BeforeBody][aInHeaders]: 
  - X-Real-IP: 127.0.0.1
  - X-Forwarded-For: 127.0.0.1
  - X-Forwarded-Proto: https
  - X-Conn-ID: 17
  - Accept: */*