I've been wanting to to talk about some of the big changes that have been occuring in our organisation in respect to Domino. I previously mentioned how Domino was recognised as a critical part of our business after having been pushed to one side for so long but the other thing that is quite interesting is that within the IT itself, it's undergoing something of a renaissance. You see, we've discovered that we can use Domino to do a lot of the tasks that Office 365 and Azure aren't so good at. We've also discovered that you don't have to be a great domino developer if you have AI by your side.
In this example, one of our departments wanted to be able to pull some reports of shared calendar bookings and attendance for the year in Office 365. You'd think that this would be something that Microsoft would have baked into their product but no, you have to do it all via PowerShell.
Since we have to write a program anyway (can't be encouraging our users to use PowerShell for things), I figured, we might as well do this using Domino.
There were two parts to this;
- Get a Cmdlet written
- Write a Domino App
The Cmdlet
My boss and I like to play our AIs off against each other. He loves Claude and I love Gemini. The truth is really that both of these AIs are great. We've found that Claude is better at all-round coding while Gemini seems to be better at Domino in particular. Either way for both of us, our development days are mostly behind us - except when AI is there to help.
My boss (Claude) wrote the cmdlet to essentially wrap the PowerShell commands into a function that could be called with some parameters, Calendar Email Address, Start Date, End Date and of course the "secret key". The idea being that the call would simply produce JSON output.
Once we were able to use Postman to test this, we were ready to move things to Domino.
A Note on Security
At this point, it's probably worth mentioning that security is an important consideration. You can't go making API calls across the public internet with no security, so our Cmdlets are all hosted in a secure location in Azure which only accepts traffic from our domino server (and from other servers owned by our organisation).
Our secret keys are also not embedded in code. They're computed on the fly from other databases. This means that the traffic isn't observable by the users (who need to be logged in anyway) and it means that other people can't try to emulate our calls from other locations.
The Domino App
You're mainly here for the domino app, which we wrote with assistance from Gemini. The challenge wasn’t just "making the UI." We already had the backend cmdlet producing JSON in Postman. But Postman is easy; a production web app is not. Our problem was twofold:
- Security/Authentication: Our Azure endpoint requires that complex 54-character secret key for every call. We absolutely could not have that key sitting in the browser’s JavaScript (where any user could hit F12 and steal it).
- Date formatting: The user wants to select dates in a simple calendar picker (AEST, Sydney time). The Azure cmdlet expects clean YYYY-MM-DD strings.
The solution was to have a secured Domino Proxy Agent.
The Proxy Pattern
Instead of the browser calling Azure directly, the browser calls a standard Domino LotusScript agent on our server. This agent acts as a secure data broker. It has three jobs:
- Read the user's input (Email, Start Date, End Date) from the browser's request URL.
- Securely retrieve the secret key from our configuration database (using GetDocumentByKey in LotusScript). It's simple, robust, and completely hidden from the user.
- Perform the backend POST using NotesHTTPRequest.
This pattern keeps our secret key entirely server-side. The traffic is point-to-point between our trusted Domino server and our trusted Azure endpoint. Even better, it means the user must be authenticated against Domino to even run the report.
It’s an incredibly secure and efficient architecture, and yet, it's remarkably few lines of code.
 |
| A screenshot of the system in action (edited to anonymize data) |
Tweaks to the Output
So having seen the output presented quite nicely (I'd asked Gemini to use the bootstrap CDN that we have locally on our server), I wondered if there was a way to output the data, so I asked for a CSV download and Gemini built it and attached it to a button.
Having looked at the returned data however, I realised that we had full details of all attendees, so I decided to ask Gemini to also build a "detailed CSV" that included all attendees.
One interesting hurdle presented itself. The API returns everything in UTC. Since we're located in a single place, Gemini quickly provided the JavaScript logic to force the browser to display and export everything in local time, regardless of where the server is actually sitting.
The AI Future is Here
The whole domino app took only half a day to build and in this case, I didn't have to write a single line of code. It's not the first Domino app we've built using AI and it won't be the last. Other apps that we've built with AI assistance include;
- Systems to authenticate users on bespoke systems hosted on Azure using the domino login and MFA (our MFA is from CyOne and it's highly recommended).
- Systems to lookup users on Azure B2B Systems and report their attributes and groups.
- Systems to sync users and groups between Office 365 and Domino (we used AI for the cmdlets but had a real developer do the domino work because the stakes were high).
- Systems to export data in and out of Domino using the REST API and JSON so that complex statistics can be dealt with in SQL tables on Azure.
Who is Piloting the AI?
AI is not here to get rid of developers. It's here to empower them. To help them to make their code more secure and efficient, to assist in comparing possible solutions and to do the heavy lifting on complex coding tasks.
I know some in our community are worried that if AI can write the code, the developer becomes redundant. In my experience, the opposite is true. AI isn't the architect; it’s the power tool.
To build this app, I didn't need to type every bracket, but I did need to provide the "Architectural Intent." An AI wouldn't have known to:
- Propose a Proxy Agent to keep API keys off the public web.
- Structure the security model to check Domino authentication first.
- Identify that UTC was the culprit in the date-mismatch and ask for a timezone-specific fix.
If you are a Domino developer, your value is shifting from "knowing the syntax" to "knowing the system." The AI needs a pilot who understands how Domino works, how security should be handled, and how to verify that the output is actually safe and efficient.
The developers who will thrive in this "Renaissance" are those who stop worrying about the typing and start focusing on the solution design. You keep your job by being the person who knows what to ask for and how to verify it.
...and then there's Domino
I am constantly surprised by how well the domino engine handles everything we throw at it. How much effort HCL have put into opening this previously closed system so that it communicates well with pretty much everything. Domino today is still one of the most powerful and secure systems available.
If you're not already using AI with your domino systems, give it a go.
Comments