User Management
Location: Admin → Users
Creating Users
Click "Add User" and fill in username (unique), email, full name, role, initial password, and collection assignments.
Roles
| Role | Access |
|---|---|
admin | Full access: user management, configuration, builds, audit, all collections |
user | View assigned collections, browse documentation, use chat |
viewer | Read-only access to assigned collections |
qa | Read-only collection access, trigger builds, project management access |
User Lifecycle
- Deactivate — Immediately revokes all sessions. Account preserved for audit history.
- Force Logout — Revokes all active sessions without deactivating the account.
- Collection Assignment — Add or remove collection access. Changes take effect on next API request.
Collection Management
Location: Admin → Collections
Each collection is an isolated application with its own source code, documentation, search indices, tags, and user access controls.
Creating a Collection
| Field | Description | Example |
|---|---|---|
| Name | Internal identifier (no spaces) | cblNinja |
| Display Name | Human-readable name in UI | CBL Ninja System |
| Language | Output language for generated docs | en or he |
| Source Library | IBM i library containing source files | CBLNINJA |
| Root Program | Entry point for call tree | OVDIM |
| Call Depth | How deep to trace call hierarchy | 9 |
| Max Programs | Maximum programs to analyze | 99 |
| Library List | IBM i library list for name resolution | CBLNINJA QGPL QTEMP |
| App Code | 3-character code for extraction job | NJA |
AS/400 Connection & Extraction
Afunana connects to IBM i via JDBC to extract source code, call relationships, file structures, and field definitions. The extraction is non-invasive — no changes are made to production objects.
Connection Setup
Location: Admin → Configuration → AS/400 Connection
Prerequisites: IBM i accessible via TCP/IP, ports 8471 (JDBC) and 21 (FTP) open, a read-only user account, and the TTDOCPGM1 extraction program installed.
| Setting | Description |
|---|---|
AS400_HOST | IBM i hostname or IP address |
AS400_PORT | JDBC port (default: 8471) |
AS400_USER | IBM i user profile |
AS400_PASSWORD | IBM i password |
AS400_SSL | Enable SSL for JDBC |
Click "Test Connection" to verify JDBC connectivity before extracting.
Extraction Process
Admin triggers extract → SBMJOB on IBM i → TTDOCPGM1 runs → IFS output → FTP download → Data/{collection}/- Afunana submits a batch job (
SBMJOB) that runsTTDOCPGM1on the IBM i - TTDOCPGM1 extracts source members, relationships, and metadata into CSV files on the IFS
- Afunana polls the IFS every 60 seconds for a
TTDOC_DONEflag file - Files are downloaded via FTP in binary mode and stored in
Data/{collection}/
Extraction Output
| File | Content |
|---|---|
TTPGMOUT.csv | Program list with metadata (name, type, description, source file, library) |
TTPGM2PGM.csv | Call relationships (caller, called, location, type) |
TTPGM2FIL.csv | Program-to-file usage (program, file, access mode R/W/U) |
TTFIL2FLD.csv | File-to-field definitions (file, field, position, length, type) |
TTFLDKEY.csv | Key field definitions (file, field, key sequence) |
| Source members | Raw COBOL/RPG/CL source code (EBCDIC to UTF-8) |
Source Member Operations
Beyond extraction, Afunana can read and write individual source members on the IBM i for the AI change plan executor:
- Read:
as400_connector.read_source_member(library, srcfile, member) - Write:
as400_connector.write_source_member(library, srcfile, member, records) - IFS copy:
as400_connector.copy_from_ifs_to_member(ifs_path, library, srcfile, member)
Building Documentation
Click "Build" on the collection. The AI pipeline processes all programs in the background:
- Parse — CSV metadata to structured data
- Build Documents — LLM generates program documentation JSON
- System Overview — LLM generates architecture analysis
- Embeddings — ChromaDB + BM25 search indices
- Auto-Tagging — AI classifies programs by business function
Monitor progress via the floating log window. Build history shows past builds with status, timing, and error counts.
Build Controls
| Action | Behavior |
|---|---|
| Pause/Resume | Checkpoint build for later resumption |
| Cancel | Stop running build, preserve completed programs |
| Rebuild | Re-process all programs from scratch |
Specification Documents
On-demand generation of formal specs at three audience levels (business, analyst, programmer). Available for individual programs (Programs → Documents tab) and entire collections (System Overview → Documents). Documents are cached and regenerated when source changes.
Tags & Classification
Location: Admin → Tags
Tags classify programs and files for filtering and organization. Create tags with a key, Hebrew/English labels, color (8 options), and entity type (program or file).
During the build pipeline (Stage 5), the AI automatically assigns tags based on business function. Tags can be manually overridden. Users see tag pills on Programs and Files pages for filtering.
Configuration
Location: Admin → Configuration. Organized by category:
- API Keys — OpenAI, Anthropic, HuggingFace. Keys are masked; click to reveal (action is audited).
- AS/400 Connection — Host, port, credentials, SSL, FTP port, extraction timeouts. "Test Connection" button.
- LLM Pipeline — Model selection per role. Token limits, thinking budgets, parallelism.
- Security — Session timeouts, password policy, lockout thresholds.
- Audit & SIEM — Enable/disable logging, categories, severity, SIEM forwarding config, hash chain.
- Organization — Name, branding, CORS URL, default language.
Prompt Management
Location: Admin → Prompts. System prompts control AI documentation and chat behavior. Editable per group (Build Program/File/System Overview, Chat Classifier/Planner/Tools). Changes take effect on the next build or chat query.
Monitoring & Logs
| View | Location | Content |
|---|---|---|
| Audit Log | Admin → Audit Log | Security events with filtering by type, actor, severity, date. Export CSV/JSON. Hash chain verification. |
| Chat Log | Admin → Chat Log | User chat sessions: conversations, tool invocations, token counts |
| Build History | Admin → Build History | Past builds: status, timing, program/file counts, error messages |
| App Log | Admin → App Log | Backend errors/warnings with timestamps, severity, stack traces |
| Health Check | GET /health | Real-time system status (database, AS/400 connectivity) |