legacy-squad 1.0.1 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE CHANGED
@@ -1,21 +1,21 @@
1
- MIT License
2
-
3
- Copyright (c) 2026 Legacy Squad Team
4
-
5
- Permission is hereby granted, free of charge, to any person obtaining a copy
6
- of this software and associated documentation files (the "Software"), to deal
7
- in the Software without restriction, including without limitation the rights
8
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
- copies of the Software, and to permit persons to whom the Software is
10
- furnished to do so, subject to the following conditions:
11
-
12
- The above copyright notice and this permission notice shall be included in all
13
- copies or substantial portions of the Software.
14
-
15
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
- SOFTWARE.
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Legacy Squad Team
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md CHANGED
@@ -7,107 +7,176 @@
7
7
  </p>
8
8
  </p>
9
9
 
10
+ <p align="center">
11
+ <a href="https://www.npmjs.com/package/legacy-squad"><img src="https://img.shields.io/npm/v/legacy-squad?color=cb3837&label=npm" alt="npm version"></a>
12
+ <a href="https://www.npmjs.com/package/legacy-squad"><img src="https://img.shields.io/npm/dm/legacy-squad?color=blue" alt="downloads"></a>
13
+ <a href="https://github.com/hrpimenta/legacy-squad/blob/main/LICENSE"><img src="https://img.shields.io/badge/license-MIT-green.svg" alt="license"></a>
14
+ <a href="https://github.com/hrpimenta/legacy-squad/stargazers"><img src="https://img.shields.io/github/stars/hrpimenta/legacy-squad?style=social" alt="stars"></a>
15
+ <img src="https://img.shields.io/badge/status-beta-orange" alt="beta">
16
+ <img src="https://img.shields.io/badge/node-%E2%89%A518-brightgreen" alt="node">
17
+ </p>
18
+
10
19
  ---
11
20
 
12
- Legacy Squad is an open-source framework that installs inside your legacy project with a single command, automatically analyzes the codebase, and provides specialized AI agents in your IDE to produce a complete diagnostic — without changing a single line of code.
21
+ > **One command. Five AI agents in your IDE.**
22
+ > **50 findings, 4 engineering documents, and 37 execution specs** — without changing a single line of your code.
13
23
 
14
24
  ```bash
15
25
  npx legacy-squad install
16
26
  ```
17
27
 
18
- ---
28
+ <p align="center">
29
+ <img src="docs/assets/demo.svg" alt="Legacy Squad install output" width="780">
30
+ </p>
19
31
 
20
- ## The Problem
32
+ <p align="center">
33
+ 🔑 <strong>Zero API keys</strong> &nbsp;·&nbsp;
34
+ ☁️ <strong>Zero external servers</strong> &nbsp;·&nbsp;
35
+ 💻 <strong>Runs in your own IDE</strong> (Claude Code, Codex, Cursor)
36
+ </p>
21
37
 
22
- Legacy systems support critical processes, but frequently suffer from:
38
+ ---
23
39
 
24
- - Missing or outdated documentation
25
- - Hardcoded credentials in source code
26
- - Business rules buried in conditionals no one documented
27
- - Coupling that makes any change risky
28
- - Fear of modifying production code
29
- - Dependency on 1-2 developers who "know the system"
40
+ ## 📊 Validated in Production
30
41
 
31
- Traditional approaches (full rewrites, unstructured refactoring) are expensive, slow, and risky.
42
+ Real production mobile app — **~18,000 LoC**, **98 dependencies**, real financial transactions:
32
43
 
33
- ## The Solution
44
+ | | |
45
+ |---|---|
46
+ | 🔍 **50 findings** (7 deterministic + 43 from AI agents) | 📐 **63 business rules** extracted from code (11 implicit) |
47
+ | 📄 **4 official documents** (PRS · SDD · MMP · Specs) | 🎯 **37 execution specs**, atomic and deployable |
48
+ | 📈 **Execution Readiness:** 38 → 88 / 100 | 🚀 **Deployability:** scored per phase |
34
49
 
35
- Legacy Squad combines **deterministic analysis** (scanner + compliance engine with OWASP/CWE rules) with **specialized AI agents** that run in your IDE (Claude Code, Codex, Cursor) to produce:
50
+ From a single `npx legacy-squad install` followed by 9 slash commands in the IDE.
36
51
 
37
- | Artifact | What it does |
38
- |----------|-------------|
39
- | **Repo Index** | Full inventory: stack, modules, dependencies, integrations, hotspots |
40
- | **Findings** | Security findings with evidence, impact, OWASP reference and recommendation |
41
- | **Security Assessment** | Deep analysis of auth, secrets, LGPD/GDPR, API security |
42
- | **Architecture Assessment** | C4 diagrams, coupling analysis, structural risks, target architecture |
43
- | **Legacy Code Assessment** | Hotspots, JS→TS migration, duplication, test coverage |
44
- | **Business Rules Assessment** | 60+ rules extracted from code, preservation checklist |
45
- | **Modernization Assessment** | Incremental phased roadmap with rollback and scores |
46
- | **PRS** | Product Refactor Specification — consolidated diagnostic report |
47
- | **SDD** | Software Design Document — current/target architecture with ADRs |
48
- | **MMP** | Modernization Master Plan — phased roadmap with Execution Readiness + Deployability scores |
49
- | **Execution Specs** | Atomic, individually deployable units of work with binary acceptance criteria and rollback |
52
+ [**→ Read the full case study**](docs/CASE_STUDY.md)
50
53
 
51
54
  ---
55
+ ## 🚀 Quick Start
52
56
 
53
- ## Quick Start
57
+ > From zero to your first AI-generated finding in minutes.
54
58
 
55
59
  ### Prerequisites
56
60
 
57
- - Node.js ≥ 18
58
- - An AI-enabled IDE: [Claude Code](https://docs.anthropic.com/en/docs/claude-code), [Codex CLI](https://github.com/openai/codex), or [Cursor](https://cursor.sh)
61
+ - **Node.js ≥ 18**
62
+ - **An AI-enabled IDE:** [Claude Code](https://docs.anthropic.com/en/docs/claude-code), [Codex CLI](https://github.com/openai/codex), or [Cursor](https://cursor.sh)
59
63
 
60
- ### Installation
64
+ ### 1. Install in your legacy project
61
65
 
62
66
  ```bash
63
67
  cd your-legacy-project
64
68
  npx legacy-squad install
65
69
  ```
66
70
 
67
- The command:
68
- 1. Detects the stack (React Native, PHP, .NET, Java, Node — via manifest)
69
- 2. Scans the repository and generates the inventory
70
- 3. Runs the Compliance Engine (OWASP/CWE rules)
71
- 4. Generates Context Packs per module
72
- 5. Installs agents as slash commands in your IDE
73
- 6. Verifies the installation (8 checks)
71
+ Immediately after, you'll see the framework artifacts in `.legacy-squad/memory/`:
72
+
73
+ - `repo-index.json` full inventory (stack, modules, dependencies, integrations)
74
+ - `findings.json` deterministic security findings (OWASP / CWE)
75
+ - `context-packs.json` context per module, prepared for the AI agents
76
+
77
+ <details>
78
+ <summary><strong>What the install command does internally</strong></summary>
79
+
80
+ 1. Detects the stack via manifest (`package.json`, `composer.json`, `.csproj`, `pom.xml`)
81
+ 2. Scans the repository and builds the inventory
82
+ 3. Runs the Compliance Engine with OWASP / CWE rules
83
+ 4. Generates Context Packs per module (token-efficient)
84
+ 5. Installs the 9 agents as slash commands in your IDE
85
+ 6. Verifies the installation (8 health checks)
74
86
 
75
- ### Usage with Claude Code
87
+ </details>
76
88
 
89
+ ### 2. Run your first AI agent
90
+
91
+ Open your IDE in the project and trigger the Security Agent.
92
+
93
+ **Claude Code**
94
+ ```bash
95
+ claude
96
+ /legacy-squad-security
97
+ ```
98
+
99
+ **Codex CLI**
77
100
  ```bash
78
- claude # Open Claude Code in the project
101
+ codex
102
+ @legacy-squad-security
103
+ ```
104
+
105
+ The assessment is written to:
106
+
107
+ ```
108
+ .legacy-squad/outputs/assessments/security.md
109
+ ```
110
+
111
+ Evidence-driven: every finding includes file:line references, OWASP / CWE mapping, impact, and recommendation — generated by AI running entirely inside your IDE.
79
112
 
80
- # Step 1 Analysis (5 agents, run in order)
113
+ ### 3. Run the full diagnostic
114
+
115
+ Once you're satisfied with the first agent, run the remaining four and the four artifact generators.
116
+
117
+ <details>
118
+ <summary><strong>Full workflow — 5 agents + 4 generators</strong></summary>
119
+
120
+ **Step 1 — Analysis (run in order)**
121
+
122
+ ```bash
81
123
  /legacy-squad-security # Security Agent
82
124
  /legacy-squad-architecture # Architecture Agent
83
125
  /legacy-squad-legacy-code # Legacy Code Agent
84
126
  /legacy-squad-business-rules # Business Rules Agent
85
127
  /legacy-squad-modernization # Modernization Agent
128
+ ```
86
129
 
87
- # Step 2 — Consolidated artifacts (4 generators, run after analysis)
130
+ **Step 2 — Consolidated artifacts (run after analysis)**
131
+
132
+ ```bash
88
133
  /legacy-squad-generate-prs # Product Refactor Specification
89
134
  /legacy-squad-generate-sdd # Software Design Document
90
135
  /legacy-squad-generate-mmp # Modernization Master Plan
91
136
  /legacy-squad-generate-specs # Execution Specs (one YAML per unit of work)
92
137
  ```
93
138
 
94
- ### Usage with Codex CLI
95
-
96
- ```bash
97
- codex # Open Codex in the project
98
- # AGENTS.md at the root defines available agents
99
- @legacy-squad-security # Activate Security Agent
100
- ```
139
+ </details>
101
140
 
102
- ### Other Commands
141
+ ### Other commands
103
142
 
104
143
  ```bash
105
144
  npx legacy-squad scan # Re-scan without reinstalling agents
106
145
  npx legacy-squad doctor # Verify installation health
107
146
  ```
147
+ ## Why Legacy Squad
108
148
 
109
- ---
149
+ Most existing tools cover one dimension of legacy modernization. Legacy Squad covers the full lifecycle — from inventory to executable plan — and treats AI agents as **methodology-bound contributors**, not free-form chat.
110
150
 
151
+ | Capability | Static Analyzers<br>(SonarQube) | SAST / SCA<br>(Snyk, Checkmarx) | AI Coding Assistants<br>(Copilot, Cursor) | **Legacy Squad** |
152
+ |---|:---:|:---:|:---:|:---:|
153
+ | Deterministic security rules (OWASP / CWE) | ✅ | ✅ | — | ✅ |
154
+ | CVE / dependency vulnerabilities | — | ✅ | — | — |
155
+ | Code smells & cognitive complexity | ✅ | partial | — | ✅ |
156
+ | Architecture mapping (C4, coupling) | — | — | — | ✅ |
157
+ | Business rules extraction from code | — | — | — | ✅ |
158
+ | Phased modernization plan (MMP) | — | — | — | ✅ |
159
+ | Atomic, deployable execution specs | — | — | — | ✅ |
160
+ | AI agents with evidence-bound output | — | — | free-form | ✅ |
161
+ | Runs in your own IDE (no server, no API key) | — | — | ✅ | ✅ |
162
+ | Repository never sent in full to an LLM | n/a | n/a | — | ✅ |
163
+
164
+ In one sentence: Legacy Squad pairs **deterministic scanning** with **methodology-bound AI agents** that produce **structured engineering artifacts** (PRS, SDD, MMP, Execution Specs) — not chat history.
165
+
166
+ ### When Legacy Squad fits
167
+
168
+ - You have a legacy system in production and need a **structured diagnostic** before deciding what to modernize.
169
+ - You want every finding to carry **evidence, framework reference, impact, and recommendation** — not unjustified suggestions.
170
+ - You need a **phased modernization plan** that is reversible, deployable, and approvable by humans before execution.
171
+ - You want AI assistance **without sending your codebase to an external server** or paying for another seat.
172
+
173
+ ### When it doesn't
174
+
175
+ - For pure CVE / dependency vulnerability scanning, use [Snyk](https://snyk.io), [Dependabot](https://github.com/dependabot), or equivalents — they specialize in this and Legacy Squad does not replace them.
176
+ - For continuous CI/CD code-quality gates, use [SonarQube](https://www.sonarsource.com/products/sonarqube/) — Legacy Squad is a **diagnostic and planning** framework, not a continuous quality monitor.
177
+ - For in-editor autocomplete or general coding chat, [GitHub Copilot](https://github.com/features/copilot) and [Cursor](https://cursor.sh) already serve that purpose — Legacy Squad starts where those stop.
178
+
179
+ ---
111
180
  ## How It Works
112
181
 
113
182
  ```
@@ -364,30 +433,13 @@ Focus: **Modernize**
364
433
 
365
434
  ## Roadmap
366
435
 
367
- ### V1 Discovery Platform (Community Edition) ✅
368
-
369
- - [x] Scanner + Compliance Engine
370
- - [x] Install command + IDE integration
371
- - [x] Context Manager (basic)
372
- - [x] End-to-end validation with real project (mobile, ~18k LoC)
373
- - [x] Multi-stack rule catalog (PHP, .NET, Java, Node, mobile)
374
- - [x] Language-agnostic agent templates (stack-aware analysis)
375
- - [x] 4 official artifacts (PRS, SDD, MMP, Execution Specs)
376
-
377
- ### V1 — Continuous improvements
378
-
379
- - [ ] Cursor + Gemini CLI support
380
- - [ ] Framework-specific rule packs (Eloquent raw queries, EF Core, Hibernate HQL)
381
- - [ ] AST-based scanner (current is regex-based)
382
-
383
- ### V2 — Execution Platform (Enterprise Edition) — In development
436
+ | Horizon | Phase | Status |
437
+ |---|---|---|
438
+ | **Now** | V1 Community — continuous improvements | 🔵 Active |
439
+ | **Next** | V2 Enterprise execution, refactoring, PRs | 🟡 In design |
440
+ | **Later** | V3 Autonomous — continuous modernization | ⚪ Vision |
384
441
 
385
- - [ ] Execution Engine (AI-assisted refactoring from Execution Specs)
386
- - [ ] Pull Request Engine
387
- - [ ] QA Gates
388
- - [ ] CI/CD Integration
389
- - [ ] Custom Rule Packs
390
- - [ ] Dashboard + Team Collaboration
442
+ [**→ Full roadmap**](ROADMAP.md)
391
443
 
392
444
  ---
393
445
 
@@ -442,19 +494,15 @@ npx vitest --watch # Watch mode
442
494
 
443
495
  ## Contributing
444
496
 
445
- 1. Fork the repository
446
- 2. Create a branch (`git checkout -b feature/my-feature`)
447
- 3. Follow the standards: TDD (Red→Green→Refactor), SOLID, Clean Architecture
448
- 4. Run tests (`npx vitest run`)
449
- 5. Open a PR
497
+ We welcome contributions. See [CONTRIBUTING.md](CONTRIBUTING.md) for:
450
498
 
451
- ### Ways to contribute
499
+ - How to add a Compliance Engine rule
500
+ - How to improve agent templates
501
+ - How to add IDE support
502
+ - Engineering standards (TDD, SOLID, security)
503
+ - Commit conventions and PR process
452
504
 
453
- - New rules for the Compliance Engine (PHP, .NET, Java)
454
- - Agent template improvements
455
- - New IDE support
456
- - Documentation and translation
457
- - Tests and fixtures for other stacks
505
+ For questions and proposals, [open a discussion](https://github.com/hrpimenta/legacy-squad/discussions).
458
506
 
459
507
  ---
460
508