legacy-squad 1.0.1 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +132 -84
- package/README.pt-br.md +187 -134
- package/dist/cli.mjs +194 -73
- package/dist/templates/claude-commands/architecture.md +2 -1
- package/dist/templates/claude-commands/business-rules.md +52 -52
- package/dist/templates/claude-commands/generate-mmp.md +3 -1
- package/dist/templates/claude-commands/generate-prs.md +2 -1
- package/dist/templates/claude-commands/generate-sdd.md +3 -1
- package/dist/templates/claude-commands/generate-specs.md +1 -1
- package/dist/templates/claude-commands/legacy-code.md +2 -1
- package/dist/templates/claude-commands/modernization.md +2 -1
- package/dist/templates/claude-commands/scan.md +1 -1
- package/dist/templates/claude-commands/security.md +2 -1
- package/package.json +59 -58
package/LICENSE
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
|
-
MIT License
|
|
2
|
-
|
|
3
|
-
Copyright (c) 2026 Legacy Squad Team
|
|
4
|
-
|
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
-
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
-
in the Software without restriction, including without limitation the rights
|
|
8
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
-
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
-
furnished to do so, subject to the following conditions:
|
|
11
|
-
|
|
12
|
-
The above copyright notice and this permission notice shall be included in all
|
|
13
|
-
copies or substantial portions of the Software.
|
|
14
|
-
|
|
15
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
-
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
-
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
-
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
-
SOFTWARE.
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 Legacy Squad Team
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
package/README.md
CHANGED
|
@@ -7,107 +7,176 @@
|
|
|
7
7
|
</p>
|
|
8
8
|
</p>
|
|
9
9
|
|
|
10
|
+
<p align="center">
|
|
11
|
+
<a href="https://www.npmjs.com/package/legacy-squad"><img src="https://img.shields.io/npm/v/legacy-squad?color=cb3837&label=npm" alt="npm version"></a>
|
|
12
|
+
<a href="https://www.npmjs.com/package/legacy-squad"><img src="https://img.shields.io/npm/dm/legacy-squad?color=blue" alt="downloads"></a>
|
|
13
|
+
<a href="https://github.com/hrpimenta/legacy-squad/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-green.svg" alt="license"></a>
|
|
14
|
+
<a href="https://github.com/hrpimenta/legacy-squad/stargazers"><img src="https://img.shields.io/github/stars/hrpimenta/legacy-squad?style=social" alt="stars"></a>
|
|
15
|
+
<img src="https://img.shields.io/badge/status-beta-orange" alt="beta">
|
|
16
|
+
<img src="https://img.shields.io/badge/node-%E2%89%A518-brightgreen" alt="node">
|
|
17
|
+
</p>
|
|
18
|
+
|
|
10
19
|
---
|
|
11
20
|
|
|
12
|
-
|
|
21
|
+
> **One command. Five AI agents in your IDE.**
|
|
22
|
+
> **50 findings, 4 engineering documents, and 37 execution specs** — without changing a single line of your code.
|
|
13
23
|
|
|
14
24
|
```bash
|
|
15
25
|
npx legacy-squad install
|
|
16
26
|
```
|
|
17
27
|
|
|
18
|
-
|
|
28
|
+
<p align="center">
|
|
29
|
+
<img src="docs/assets/demo.svg" alt="Legacy Squad install output" width="780">
|
|
30
|
+
</p>
|
|
19
31
|
|
|
20
|
-
|
|
32
|
+
<p align="center">
|
|
33
|
+
🔑 <strong>Zero API keys</strong> ·
|
|
34
|
+
☁️ <strong>Zero external servers</strong> ·
|
|
35
|
+
💻 <strong>Runs in your own IDE</strong> (Claude Code, Codex, Cursor)
|
|
36
|
+
</p>
|
|
21
37
|
|
|
22
|
-
|
|
38
|
+
---
|
|
23
39
|
|
|
24
|
-
|
|
25
|
-
- Hardcoded credentials in source code
|
|
26
|
-
- Business rules buried in conditionals no one documented
|
|
27
|
-
- Coupling that makes any change risky
|
|
28
|
-
- Fear of modifying production code
|
|
29
|
-
- Dependency on 1-2 developers who "know the system"
|
|
40
|
+
## 📊 Validated in Production
|
|
30
41
|
|
|
31
|
-
|
|
42
|
+
Real production mobile app — **~18,000 LoC**, **98 dependencies**, real financial transactions:
|
|
32
43
|
|
|
33
|
-
|
|
44
|
+
| | |
|
|
45
|
+
|---|---|
|
|
46
|
+
| 🔍 **50 findings** (7 deterministic + 43 from AI agents) | 📐 **63 business rules** extracted from code (11 implicit) |
|
|
47
|
+
| 📄 **4 official documents** (PRS · SDD · MMP · Specs) | 🎯 **37 execution specs**, atomic and deployable |
|
|
48
|
+
| 📈 **Execution Readiness:** 38 → 88 / 100 | 🚀 **Deployability:** scored per phase |
|
|
34
49
|
|
|
35
|
-
|
|
50
|
+
From a single `npx legacy-squad install` followed by 9 slash commands in the IDE.
|
|
36
51
|
|
|
37
|
-
|
|
38
|
-
|----------|-------------|
|
|
39
|
-
| **Repo Index** | Full inventory: stack, modules, dependencies, integrations, hotspots |
|
|
40
|
-
| **Findings** | Security findings with evidence, impact, OWASP reference and recommendation |
|
|
41
|
-
| **Security Assessment** | Deep analysis of auth, secrets, LGPD/GDPR, API security |
|
|
42
|
-
| **Architecture Assessment** | C4 diagrams, coupling analysis, structural risks, target architecture |
|
|
43
|
-
| **Legacy Code Assessment** | Hotspots, JS→TS migration, duplication, test coverage |
|
|
44
|
-
| **Business Rules Assessment** | 60+ rules extracted from code, preservation checklist |
|
|
45
|
-
| **Modernization Assessment** | Incremental phased roadmap with rollback and scores |
|
|
46
|
-
| **PRS** | Product Refactor Specification — consolidated diagnostic report |
|
|
47
|
-
| **SDD** | Software Design Document — current/target architecture with ADRs |
|
|
48
|
-
| **MMP** | Modernization Master Plan — phased roadmap with Execution Readiness + Deployability scores |
|
|
49
|
-
| **Execution Specs** | Atomic, individually deployable units of work with binary acceptance criteria and rollback |
|
|
52
|
+
[**→ Read the full case study**](docs/CASE_STUDY.md)
|
|
50
53
|
|
|
51
54
|
---
|
|
55
|
+
## 🚀 Quick Start
|
|
52
56
|
|
|
53
|
-
|
|
57
|
+
> From zero to your first AI-generated finding in minutes.
|
|
54
58
|
|
|
55
59
|
### Prerequisites
|
|
56
60
|
|
|
57
|
-
- Node.js ≥ 18
|
|
58
|
-
- An AI-enabled IDE
|
|
61
|
+
- **Node.js ≥ 18**
|
|
62
|
+
- **An AI-enabled IDE:** [Claude Code](https://docs.anthropic.com/en/docs/claude-code), [Codex CLI](https://github.com/openai/codex), or [Cursor](https://cursor.sh)
|
|
59
63
|
|
|
60
|
-
###
|
|
64
|
+
### 1. Install in your legacy project
|
|
61
65
|
|
|
62
66
|
```bash
|
|
63
67
|
cd your-legacy-project
|
|
64
68
|
npx legacy-squad install
|
|
65
69
|
```
|
|
66
70
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
71
|
+
Immediately after, you'll see the framework artifacts in `.legacy-squad/memory/`:
|
|
72
|
+
|
|
73
|
+
- `repo-index.json` — full inventory (stack, modules, dependencies, integrations)
|
|
74
|
+
- `findings.json` — deterministic security findings (OWASP / CWE)
|
|
75
|
+
- `context-packs.json` — context per module, prepared for the AI agents
|
|
76
|
+
|
|
77
|
+
<details>
|
|
78
|
+
<summary><strong>What the install command does internally</strong></summary>
|
|
79
|
+
|
|
80
|
+
1. Detects the stack via manifest (`package.json`, `composer.json`, `.csproj`, `pom.xml`)
|
|
81
|
+
2. Scans the repository and builds the inventory
|
|
82
|
+
3. Runs the Compliance Engine with OWASP / CWE rules
|
|
83
|
+
4. Generates Context Packs per module (token-efficient)
|
|
84
|
+
5. Installs the 9 agents as slash commands in your IDE
|
|
85
|
+
6. Verifies the installation (8 health checks)
|
|
74
86
|
|
|
75
|
-
|
|
87
|
+
</details>
|
|
76
88
|
|
|
89
|
+
### 2. Run your first AI agent
|
|
90
|
+
|
|
91
|
+
Open your IDE in the project and trigger the Security Agent.
|
|
92
|
+
|
|
93
|
+
**Claude Code**
|
|
94
|
+
```bash
|
|
95
|
+
claude
|
|
96
|
+
/legacy-squad-security
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
**Codex CLI**
|
|
77
100
|
```bash
|
|
78
|
-
|
|
101
|
+
codex
|
|
102
|
+
@legacy-squad-security
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
The assessment is written to:
|
|
106
|
+
|
|
107
|
+
```
|
|
108
|
+
.legacy-squad/outputs/assessments/security.md
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
Evidence-driven: every finding includes file:line references, OWASP / CWE mapping, impact, and recommendation — generated by AI running entirely inside your IDE.
|
|
79
112
|
|
|
80
|
-
|
|
113
|
+
### 3. Run the full diagnostic
|
|
114
|
+
|
|
115
|
+
Once you're satisfied with the first agent, run the remaining four and the four artifact generators.
|
|
116
|
+
|
|
117
|
+
<details>
|
|
118
|
+
<summary><strong>Full workflow — 5 agents + 4 generators</strong></summary>
|
|
119
|
+
|
|
120
|
+
**Step 1 — Analysis (run in order)**
|
|
121
|
+
|
|
122
|
+
```bash
|
|
81
123
|
/legacy-squad-security # Security Agent
|
|
82
124
|
/legacy-squad-architecture # Architecture Agent
|
|
83
125
|
/legacy-squad-legacy-code # Legacy Code Agent
|
|
84
126
|
/legacy-squad-business-rules # Business Rules Agent
|
|
85
127
|
/legacy-squad-modernization # Modernization Agent
|
|
128
|
+
```
|
|
86
129
|
|
|
87
|
-
|
|
130
|
+
**Step 2 — Consolidated artifacts (run after analysis)**
|
|
131
|
+
|
|
132
|
+
```bash
|
|
88
133
|
/legacy-squad-generate-prs # Product Refactor Specification
|
|
89
134
|
/legacy-squad-generate-sdd # Software Design Document
|
|
90
135
|
/legacy-squad-generate-mmp # Modernization Master Plan
|
|
91
136
|
/legacy-squad-generate-specs # Execution Specs (one YAML per unit of work)
|
|
92
137
|
```
|
|
93
138
|
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
```bash
|
|
97
|
-
codex # Open Codex in the project
|
|
98
|
-
# AGENTS.md at the root defines available agents
|
|
99
|
-
@legacy-squad-security # Activate Security Agent
|
|
100
|
-
```
|
|
139
|
+
</details>
|
|
101
140
|
|
|
102
|
-
### Other
|
|
141
|
+
### Other commands
|
|
103
142
|
|
|
104
143
|
```bash
|
|
105
144
|
npx legacy-squad scan # Re-scan without reinstalling agents
|
|
106
145
|
npx legacy-squad doctor # Verify installation health
|
|
107
146
|
```
|
|
147
|
+
## Why Legacy Squad
|
|
108
148
|
|
|
109
|
-
|
|
149
|
+
Most existing tools cover one dimension of legacy modernization. Legacy Squad covers the full lifecycle — from inventory to executable plan — and treats AI agents as **methodology-bound contributors**, not free-form chat.
|
|
110
150
|
|
|
151
|
+
| Capability | Static Analyzers<br>(SonarQube) | SAST / SCA<br>(Snyk, Checkmarx) | AI Coding Assistants<br>(Copilot, Cursor) | **Legacy Squad** |
|
|
152
|
+
|---|:---:|:---:|:---:|:---:|
|
|
153
|
+
| Deterministic security rules (OWASP / CWE) | ✅ | ✅ | — | ✅ |
|
|
154
|
+
| CVE / dependency vulnerabilities | — | ✅ | — | — |
|
|
155
|
+
| Code smells & cognitive complexity | ✅ | partial | — | ✅ |
|
|
156
|
+
| Architecture mapping (C4, coupling) | — | — | — | ✅ |
|
|
157
|
+
| Business rules extraction from code | — | — | — | ✅ |
|
|
158
|
+
| Phased modernization plan (MMP) | — | — | — | ✅ |
|
|
159
|
+
| Atomic, deployable execution specs | — | — | — | ✅ |
|
|
160
|
+
| AI agents with evidence-bound output | — | — | free-form | ✅ |
|
|
161
|
+
| Runs in your own IDE (no server, no API key) | — | — | ✅ | ✅ |
|
|
162
|
+
| Repository never sent in full to an LLM | n/a | n/a | — | ✅ |
|
|
163
|
+
|
|
164
|
+
In one sentence: Legacy Squad pairs **deterministic scanning** with **methodology-bound AI agents** that produce **structured engineering artifacts** (PRS, SDD, MMP, Execution Specs) — not chat history.
|
|
165
|
+
|
|
166
|
+
### When Legacy Squad fits
|
|
167
|
+
|
|
168
|
+
- You have a legacy system in production and need a **structured diagnostic** before deciding what to modernize.
|
|
169
|
+
- You want every finding to carry **evidence, framework reference, impact, and recommendation** — not unjustified suggestions.
|
|
170
|
+
- You need a **phased modernization plan** that is reversible, deployable, and approvable by humans before execution.
|
|
171
|
+
- You want AI assistance **without sending your codebase to an external server** or paying for another seat.
|
|
172
|
+
|
|
173
|
+
### When it doesn't
|
|
174
|
+
|
|
175
|
+
- For pure CVE / dependency vulnerability scanning, use [Snyk](https://snyk.io), [Dependabot](https://github.com/dependabot), or equivalents — they specialize in this and Legacy Squad does not replace them.
|
|
176
|
+
- For continuous CI/CD code-quality gates, use [SonarQube](https://www.sonarsource.com/products/sonarqube/) — Legacy Squad is a **diagnostic and planning** framework, not a continuous quality monitor.
|
|
177
|
+
- For in-editor autocomplete or general coding chat, [GitHub Copilot](https://github.com/features/copilot) and [Cursor](https://cursor.sh) already serve that purpose — Legacy Squad starts where those stop.
|
|
178
|
+
|
|
179
|
+
---
|
|
111
180
|
## How It Works
|
|
112
181
|
|
|
113
182
|
```
|
|
@@ -364,30 +433,13 @@ Focus: **Modernize**
|
|
|
364
433
|
|
|
365
434
|
## Roadmap
|
|
366
435
|
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
- [x] End-to-end validation with real project (mobile, ~18k LoC)
|
|
373
|
-
- [x] Multi-stack rule catalog (PHP, .NET, Java, Node, mobile)
|
|
374
|
-
- [x] Language-agnostic agent templates (stack-aware analysis)
|
|
375
|
-
- [x] 4 official artifacts (PRS, SDD, MMP, Execution Specs)
|
|
376
|
-
|
|
377
|
-
### V1 — Continuous improvements
|
|
378
|
-
|
|
379
|
-
- [ ] Cursor + Gemini CLI support
|
|
380
|
-
- [ ] Framework-specific rule packs (Eloquent raw queries, EF Core, Hibernate HQL)
|
|
381
|
-
- [ ] AST-based scanner (current is regex-based)
|
|
382
|
-
|
|
383
|
-
### V2 — Execution Platform (Enterprise Edition) — In development
|
|
436
|
+
| Horizon | Phase | Status |
|
|
437
|
+
|---|---|---|
|
|
438
|
+
| **Now** | V1 Community — continuous improvements | 🔵 Active |
|
|
439
|
+
| **Next** | V2 Enterprise — execution, refactoring, PRs | 🟡 In design |
|
|
440
|
+
| **Later** | V3 Autonomous — continuous modernization | ⚪ Vision |
|
|
384
441
|
|
|
385
|
-
|
|
386
|
-
- [ ] Pull Request Engine
|
|
387
|
-
- [ ] QA Gates
|
|
388
|
-
- [ ] CI/CD Integration
|
|
389
|
-
- [ ] Custom Rule Packs
|
|
390
|
-
- [ ] Dashboard + Team Collaboration
|
|
442
|
+
[**→ Full roadmap**](ROADMAP.md)
|
|
391
443
|
|
|
392
444
|
---
|
|
393
445
|
|
|
@@ -442,19 +494,15 @@ npx vitest --watch # Watch mode
|
|
|
442
494
|
|
|
443
495
|
## Contributing
|
|
444
496
|
|
|
445
|
-
|
|
446
|
-
2. Create a branch (`git checkout -b feature/my-feature`)
|
|
447
|
-
3. Follow the standards: TDD (Red→Green→Refactor), SOLID, Clean Architecture
|
|
448
|
-
4. Run tests (`npx vitest run`)
|
|
449
|
-
5. Open a PR
|
|
497
|
+
We welcome contributions. See [CONTRIBUTING.md](CONTRIBUTING.md) for:
|
|
450
498
|
|
|
451
|
-
|
|
499
|
+
- How to add a Compliance Engine rule
|
|
500
|
+
- How to improve agent templates
|
|
501
|
+
- How to add IDE support
|
|
502
|
+
- Engineering standards (TDD, SOLID, security)
|
|
503
|
+
- Commit conventions and PR process
|
|
452
504
|
|
|
453
|
-
|
|
454
|
-
- Agent template improvements
|
|
455
|
-
- New IDE support
|
|
456
|
-
- Documentation and translation
|
|
457
|
-
- Tests and fixtures for other stacks
|
|
505
|
+
For questions and proposals, [open a discussion](https://github.com/hrpimenta/legacy-squad/discussions).
|
|
458
506
|
|
|
459
507
|
---
|
|
460
508
|
|