Product Demo Runbook
This runbook is the definitive guide for demonstrating the capabilities of the IBM i AI Platform. It covers the three primary surfaces: the Web Application, the Desktop Application, and the standalone MCP Server.
1. Application Overview
1.1 Web Application
The Web Application provides a full-featured, authenticated, multi-user experience. It is designed for enterprise environments where governance and auditability are paramount.
- Key Features: DB-backed approval workflows, multi-role access control (e.g., Security Officer vs. Operator), conversation history, and rich visual analytics.
- Best For: Demonstrating governed administration, team-based operations, and long-running audit trails.
1.2 Desktop Application
The Desktop Application is a localized, high-performance surface focused on observability and deep system diagnostics.
- Key Features: Native chart rendering, direct system integration, and support for various AI providers (Anthropic, OpenAI, Gemini, xAI, GitHub Copilot, Local).
- Best For: Individual operators, rapid troubleshooting, and interactive visual data analysis.
1.3 Standalone MCP Server
The standalone Model Context Protocol (MCP) server allows you to bring IBM i capabilities into any AI-powered tool that supports the MCP standard.
- Key Features: Standardized tool definitions, lightweight execution, and broad compatibility.
- Best For: Developers and power users who want to use IBM i tools within Codex, VS Code, Cursor, Claude Desktop, or Antigravity CLI.
- Usage: Run directly via
npx @bdkinc/ibmi-mcp.
2. Getting Started: IBM i Connection Guide
Before running a demo, ensure your environment can connect to the target IBM i partition.
2.1 Prerequisites
- IBM i Access ODBC Driver: Required for database-backed tools and metadata retrieval.
- Network Access: The client machine must have connectivity to the IBM i host (Ports: 449, 8470-8476, 9470-9476 for ODBC/SQL; Port 22 for SSH).
- User Profile: A valid IBM i user profile with appropriate authorities for the tools you intend to demonstrate (e.g.,
*JOBCTLfor job management,*SECADMfor user management).
2.2 SSH Connection & Caveats
Many advanced tools (like job log retrieval or IFS operations) rely on SSH for execution.
- SSH Daemon: Must be active on the IBM i (
STRTCPSVR SERVER(*SSH)). - Environment Variables: Some tools may require
PASEenvironment variables to be correctly set in the user profile. - Key-Based Auth: While password authentication is supported, key-based authentication is recommended for the most seamless experience.
- Caveat: Ensure the
SSHterminal on IBM i is configured to handle the expected character encoding (usually UTF-8) to avoid data corruption in logs or IFS files.
3. Tool Integrations (MCP Server)
The standalone MCP server (npx @bdkinc/ibmi-mcp) can be added to any compliant client.
3.1 Claude Desktop
Add the following to your claude_desktop_config.json:
{ "mcpServers": { "ibmi": { "command": "npx", "args": ["-y", "@bdkinc/ibmi-mcp"], "env": { "IBMI_HOST": "your-system-name", "IBMI_USER": "your-user", "IBMI_PASSWORD": "your-password" } } } }
3.2 VS Code
Install the MCP Client extension (or similar) and add a new server configuration using the same npx command and environment variables as above.
3.3 Cursor / AI Code Editors
In Cursor, go to Settings > Features > MCP and add a new server:
- Type:
command - Command:
npx -y @bdkinc/ibmi-mcp - Ensure your environment variables (Host, User, Password) are set in your system shell or the editor's environment settings.
3.4 Codex
Codex can run the standalone IBM i MCP server as a local MCP tool source. Add an ibmi server entry to your Codex MCP configuration:
[mcp_servers.ibmi] command = "npx" args = ["-y", "@bdkinc/ibmi-mcp"] [mcp_servers.ibmi.env] IBMI_HOST = "your-system-name" IBMI_USER = "your-user" IBMI_PASSWORD = "your-password"
Restart Codex after saving the configuration, then ask Codex to list available MCP tools or run a read-only IBM i observation such as Check QSYSOPR and tell me whether any messages still require attention.
3.5 Antigravity CLI
If you are using Antigravity CLI, you can activate the IBM i capabilities by adding the server to your agent configuration.
4. Desktop App Configuration (AI Providers)
The Desktop Application allows you to choose your preferred AI provider for reasoning and tool orchestration.
4.1 Supported Providers
- Anthropic: Best-in-class reasoning and tool use (requires an API Key).
- OpenAI: Industry standard for speed and capability (requires an API Key).
- Google Gemini: Strong multimodal and long-context reasoning (requires an API Key).
- xAI: Grok models for teams that want xAI-hosted reasoning (requires an API Key).
- GitHub Copilot: Leverage your existing GitHub Copilot subscription.
- Local Models: Connect to local instances via Ollama or LM Studio (ideal for high-security environments).
4.2 Configuration
- Open the Settings panel in the Desktop App.
- Select the AI Provider tab.
- Choose your provider and enter the required API Key or Base URL (for local models).
- Save the settings and the app will automatically reconnect to the AI service.
5. Guided Demo Flows
5.1 The "Best Short Demo" (10 Minutes)
Use this sequence for a high-impact overview of the platform.
- Platform Readiness:
Run a system health check and summarize the biggest risks.(Invokesinspect_systemview:"health") - Visual Analytics (Desktop):
Create a pie chart showing the top libraries and their storage usage.(Invokesinspect_storageview:"consumers"andrender_chart) - Operational Triage:
Check whether QSYSOPR has any unanswered messages right now.(Invokesinspect_messagesview:"qsysopr") - Governed Change:
Plan resetting DEMOUSR's password to DemoPwd123 and require a password change at next sign-on. Show the preview approval workflow.(Invokesmanage_user_profileoperation:"reset_password", mode:"preview")- Presenter note: on partitions where
QPWDMAXLENis8, this intentionally demonstrates live IBM i password-policy validation. Explain the rejection, then retry withDemo1234to show the successful path.
- Presenter note: on partitions where
5.2 Desktop Application Narrative
Focus: Observability, diagnostics, and rich visual feedback.
- Part 1: Broad Observability
Run a system health check and summarize the biggest risks.(Invokesinspect_systemview:"health") - Part 2: Visual Grounded Analytics
Create a pie chart showing the top libraries and their storage usage.(Invokesinspect_storageview:"consumers"andrender_chart) - Part 3: Focused Drill-Down
Find active jobs that are currently waiting, then inspect the job log for job 123456/QUSER/QPADEV0001 and summarize the last 20 messages.(Invokesinspect_jobsview:"active"followed byinspect_messagesview:"job_log") - Part 4: Safe Admin Workflows
Plan resetting DEMOUSR's password to DemoPwd123 and require a password change at next sign-on.(Invokesmanage_user_profileoperation:"reset_password", mode:"preview") If the target policy rejects the password length, call out that this is the platform enforcing IBM i system values, then retry withDemo1234.
5.3 Web Application Narrative
Focus: Multi-user collaboration, compliance, and zero-trust governance.
- Part 1: Multi-User Observability
Run a system health check and summarize the biggest risks.(Invokesinspect_systemview:"health") - Part 2: Compliance Review
Check system audit journal readiness. Tell me whether auditing is enabled.(Invokesinspect_securityview:"audit_configuration") - Part 3: Advanced Guardrails
Plan stopping the FTP server.(Invokesmanage_tcp_serveroperation:"end", mode:"preview") - Part 4: Approval Lifecycle
Plan a privileged IBM i command execution for CHKOBJ OBJ(QSYS/QGPL) OBJTYPE(*LIB) to generate an approval request.(Invokesplan_run_ibmi_command) (Note: Demonstrate how another user with the 'Security Officer' role would approve this request in the Web UI, generating an approvalTicket to execute withrun_ibmi_command).
6. Comprehensive Prompt Bank
Use these prompts to explore the full depth of the platform's capabilities.
6.1 Health and Observability
Run a system health check and summarize the biggest risks.(Invokesinspect_systemview:"health")Check storage usage summary and tell me whether capacity looks healthy.(Invokesinspect_storageview:"summary")Create a pie chart showing the top libraries and their storage usage.(Invokesinspect_storageview:"consumers"andrender_chart)Check active jobs and show the top CPU jobs with subsystem names.(Invokesinspect_jobsview:"active")Check QSYSOPR and tell me whether any messages still require attention.(Invokesinspect_messagesview:"qsysopr")Check recent system history log messages and call out high-severity items.(Invokesinspect_messagesview:"history_log")Check memory pools and summarize the largest pools.(Invokesinspect_systemview:"memory_pools")
6.2 Diagnostics and Drill-Down
Get the job log for job 123456/QUSER/QPADEV0001 and summarize the last 20 messages.(Invokesinspect_messagesview:"job_log")Read the spooled file content for job 123456/QUSER/QPADEV0001 spool QPRINT.(Invokesinspect_spoolview:"spooled_file_content")Check active TCP listeners and tell me what is listening on common application ports.(Invokesinspect_networkview:"tcp_listeners")List objects in library QGPL and summarize the object types you find.(Invokesinspect_objectsview:"library_objects")List the IFS directory contents for /home/app and summarize what is present.(Invokesinspect_ifsview:"directory")Check the security system values.(Invokesinspect_systemview:"system_values")
6.3 Safe Preview Workflows (Recommend)
Plan creation of user DEMOUSR with text "Demo operations user" and limited capabilities.(Invokesmanage_user_profileoperation:"create", mode:"preview")Plan resetting DEMOUSR's password to DemoPwd123 and require a password change at next sign-on.(Invokesmanage_user_profileoperation:"reset_password", mode:"preview"; if rejected byQPWDMAXLEN, explain the policy check and retry withDemo1234.)Plan ending the FTP server and explain the risk.(Invokesmanage_tcp_serveroperation:"end", mode:"preview")Plan changing the owner of object QGPL/QPRINT of type *OUTQ to QSECOFR.(Invokesmanage_object_securityoperation:"change_owner", mode:"preview")Plan granting *USE authority on object QGPL/QPRINT to user IBMIAI.(Invokesmanage_object_securityoperation:"grant_authority", mode:"preview")
6.4 Admin Action Workflows (Act - After Approval)
Execute creation of user DEMOUSR (using previewId, previewToken, and approvalTicket).(Invokesmanage_user_profileoperation:"create", mode:"execute")Execute password reset for user DEMOUSR (using previewId, previewToken, and approvalTicket).(Invokesmanage_user_profileoperation:"reset_password", mode:"execute")Execute ending job 123456/QUSER/QPADEV0001 (using previewId, previewToken, and approvalTicket).(Invokesmanage_joboperation:"end", mode:"execute")Execute starting TCP server FTP (using previewId, previewToken, and approvalTicket).(Invokesmanage_tcp_serveroperation:"start", mode:"execute")Execute starting subsystem QINTER (using previewId, previewToken, and approvalTicket).(Invokesmanage_subsystemoperation:"start", mode:"execute")
6.5 Security Approval Flows
Plan a privileged command execution for CHKOBJ OBJ(QSYS/QGPL) OBJTYPE(*LIB) to generate an approval request.(Invokesplan_run_ibmi_command)Execute approved command for ticket 101.(Invokesrun_ibmi_commandwithapprovalTicket)
7. Learning Notes & Teach Moments for Self-Study
New to IBM i? This runbook is optimized for live demonstration, but every prompt here doubles as a self-study lesson. Below are learner pointers, a safety workflow diagram, and teach moments that connect each demo to deeper concepts. For a fully guided workbook, see the Self-Study Runbook.
7.1 Navigate the Learning Hub
Use these resources to go from demo spectator to confident operator.
| Resource | What You'll Find | Best For |
|---|---|---|
| Learning IBM i with AI | The Observe → Recommend → Act model, learning objectives, and progression overview | First-time users building mental models |
| Glossary | Plain-English definitions for 20+ core terms: Subsystem, ASP, Job Queue, Authority, IFS, etc. | Looking up jargon during a demo |
| Admin Playbooks | Curated daily scenarios: health checks, triage, user provisioning, PTF management | Applying demos to real operations |
| Self-Study Runbook | Structured exercises, checkpoints, and expected outcomes | Solo practice without an audience |
7.2 The Observe-Recommend-Act Workflow
Every capability in this platform follows the same safety loop. Use this diagram to recognize where you are before you press Enter.
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ OBSERVE │ --> │ RECOMMEND │ --> │ ACT │
│ (Read-only)│ │ (Plan/Safe) │ │ (Governed) │
└─────────────┘ └──────────────┘ └─────────────┘
│ │ │
▼ ▼ ▼
Gather system Explain risk and Execute only
facts, logs, preview before with approval,
and metrics making changes audit trail,
with safe previews and approval ticket
Safety rule: If you cannot articulate what you observed, do not proceed to Act. The AI always offers a Plan/Preview step before executing any changes.
7.3 Teach Moments
Teach moments are conceptual anchors tied to specific demo prompts. Use them to turn a scripted demo into an active coaching session.
Moment 1: Why the Health Check Comes First
Demo prompt: Run a system health check and summarize the biggest risks.
Concept: Observation without action is the foundation of safe administration.
The health check is read-only. It gathers disk capacity, active job counts, message queue status, and security posture in a single pass. Beginners often want to "fix" things immediately; this prompt teaches the discipline of gathering evidence before forming a hypothesis.
Common beginner mistake: Skipping the health check and jumping straight to job logs. You risk treating symptoms while missing the systemic cause (for example, a runaway job that is simultaneously filling disk and consuming CPU).
Moment 2: The Approval Lifecycle Value
Demo prompt: Plan a privileged command execution for CHKOBJ OBJ(QSYS/QGPL) OBJTYPE(*LIB) to generate an approval request.
Concept: Governance is not friction; it is memory.
In the Web Application, planned commands create an approval request that a second role (for example, Security Officer) must ratify. This mirrors real-world segregation of duties. For learners, it demonstrates that Act is never a free action—it leaves an audit trail.
Common beginner mistake: Confusing Plan with Execute. A plan is a promise; execution requires consent. Teach learners to read the approval summary before executing.
Moment 3: Visual Grounding Before Narrative
Demo prompt: Create a pie chart showing the top libraries and their storage usage.
Concept: Visuals turn abstract storage into actionable memory.
The Desktop Application renders native charts. For a beginner, "disk is 80% full" is abstract; a pie chart showing QSYS, QGPL, and user libraries as proportional slices makes the problem tangible and shareable.
Common beginner mistake: Ignoring relative proportions. A large library may be completely normal if it hosts your primary application. Always pair visuals with the question: Is this expected for this system?
Moment 4: Safe Preview Workflows
Demo prompt: Plan resetting DEMOUSR's password to DemoPwd123 and require a password change at next sign-on.
Concept: Preview every change that affects identity or availability.
Password resets, user creation, and authority changes are mutating actions with human impact. The Plan variant of these tools (using "preview" mode) shows exactly what will change—command, parameters, and target—before it changes.
Host-policy teaching moment: Some partitions set QPWDMAXLEN to 8, which means DemoPwd123 should be rejected. Treat that as a feature demo: the assistant checked live IBM i policy before acting. After explaining it, retry with Demo1234 to show the passing path.
Common beginner mistake: Trying to execute a direct change without reviewing the plan and approvals first. Build the habit of asking for a plan, validating it, and only then promoting it to action.
7.4 Turn This Demo into Self-Study
Use the checkpoints below to run through this runbook solo. Do not advance until you can answer the question out loud.
| Checkpoint | Prompt to run | Self-study question |
|---|---|---|
| C1: Connect | Verify your Desktop or Web app connects to your IBM i partition. | Can I name the three connection prerequisites (ODBC driver, network ports, user profile)? |
| C2: Observe | Run a system health check and summarize the biggest risks. | What is the top risk, and which tool category would I use to investigate it? |
| C3: Visualize | Create a pie chart showing the top libraries and their storage usage. | Which library is largest, and is that expected on this partition? |
| C4: Diagnose | Find active jobs that are currently waiting, then inspect the job log for job 123456/QUSER/QPADEV0001 and summarize the last 20 messages. | What is a job log, and why do we read messages in chronological order? |
| C5: Plan | Plan resetting DEMOUSR's password to DemoPwd123 and require a password change at next sign-on. | What does the plan preview show, and how does it respond if host password policy rejects the proposed value? |
| C6: Govern | Plan a privileged command execution for CHKOBJ OBJ(QSYS/QGPL) OBJTYPE(*LIB) to generate an approval request. | Who approves this request in the Web UI, and where is the audit record stored? |
Solo study protocol
- Run the prompt.
- Read the AI response slowly—look up any glossary term you do not recognize.
- Ask, "What could go wrong?" before every Act step.
- Document your answers in a personal notebook or the Self-Study Runbook.
- Repeat the checkpoint the next day without looking at your previous answers.
Safety reminder: The platform separates observation from action. If you ever feel uncertain, default to the "preview" or inspect variant of a prompt. The safest administrator is the one who gathers facts before issuing commands.
Last updated: 2026-05-21