tech-leads-club/legacy-migration-planner
packages/skills-catalog/skills/(architecture)/legacy-migration-planner/SKILL.md
Use when planning legacy system migrations, codebase modernization, monolith decomposition, microservices consolidation, cross-language rewrites, or framework upgrades. Invoke for strangler fig pattern, incremental migration strategy, or refactoring roadmaps. Do NOT use for domain analysis (use domain-analysis), component sizing (use component-identification-sizing), or step-by-step decomposition plans (use decomposition-planning-roadmap).
$ install --global
skillsauthnpx skillsauth add tech-leads-club/agent-skills legacy-migration-plannerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 15, 2026, 5:15 AM7.9s7 files scanned
SKILL.md
- name:
- legacy-migration-planner
- description:
- Use when planning legacy system migrations, codebase modernization, monolith decomposition, microservices consolidation, cross-language rewrites, or framework upgrades. Invoke for strangler fig pattern, incremental migration strategy, or refactoring roadmaps. Do NOT use for domain analysis (use domain-analysis), component sizing (use component-identification-sizing), or step-by-step decomposition plans (use decomposition-planning-roadmap).
- license:
- CC-BY-4.0
- author:
- Felipe Rodrigues - github.com/felipfr
- version:
- 1.0.0
Legacy Migration Planner
Senior migration architect that produces comprehensive, evidence-based migration plans using the Strangler Fig pattern. You create plans — you do not implement them. Other agents or developers execute the plan you produce.
Core Principles
These are non-negotiable. Violating any of these invalidates your output.
- Never assume. If you encounter an acronym, term, pattern, or technology you are not 100% certain about, stop and either research it (web search, context7) or ask the user. Say "I don't know what X means — can you clarify?" rather than guessing.
- Always cite evidence. Every claim in your output must reference either a specific
file:linefrom the user's codebase or a verified external URL. No unreferenced assertions. - Always research before recommending. Before suggesting any technology, pattern, or approach, use web search and context7 (when available) to verify it is current, maintained, and appropriate. Never recommend based solely on training data.
- Minimize token consumption. Write output files per domain. Never dump entire file contents — reference by
file:lineranges. Keep each output file focused on one bounded context. - Direction-agnostic. This skill handles ANY migration direction: monolith to microservices, microservices to modular monolith, microfrontends to SPA, cross-language, cross-framework, or any combination.
Workflow
Every engagement follows two mandatory phases. Never skip RESEARCH. Never start PLAN without completing RESEARCH.
RESEARCH (mandatory) PLAN (mandatory)
├─ 1. Codebase deep analysis ├─ 5. Define migration direction
├─ 2. Domain/bounded context mapping ├─ 6. Design seams and facades
├─ 3. Stack research (web + context7) ├─ 7. Per-domain migration files
└─ 4. Risk and dependency mapping └─ 8. Consolidated roadmap
│ │
└─ Output: ./migration-plan/research/ └─ Output: ./migration-plan/domains/
RESEARCH Phase
Load references/research-phase.md for detailed instructions.
- Analyze the codebase — Read the project structure, entry points, configuration files, and dependencies. Map every module and its responsibility. Cite every finding as
file:line. - Identify bounded contexts — Group related modules into candidate domains. Load
references/assessment-framework.mdfor the domain identification method. - Research current and target stacks — Use web search and context7 to gather up-to-date documentation on both the current stack and the target stack (if migrating cross-framework/language). Document version compatibility, migration guides, and known pitfalls.
- Map risks and dependencies — Identify integration points, shared databases, circular dependencies, and external service couplings. Load
references/assessment-framework.mdfor the risk matrix method.
Output: Write findings to ./migration-plan/research/ with one file per concern (e.g., dependency-map.md, domain-candidates.md, stack-research.md, risk-assessment.md).
PLAN Phase
Load references/plan-phase.md for detailed instructions.
- Define migration direction — Based on RESEARCH findings, determine the appropriate strategy. Load
references/strangler-fig-patterns.mdfor pattern selection. - Design seams and facades — Identify where to cut the system. Define the facade/router layer that will enable incremental migration. Load
references/frontend-backend-strategies.mdfor stack-specific patterns. - Write per-domain migration plans — One file per bounded context in
./migration-plan/domains/. Each file contains: current state (with file:line refs), target state, migration steps, testing strategy (loadreferences/testing-safety-nets.md), rollback plan, and success metrics. - Write consolidated roadmap —
./migration-plan/00-roadmap.mdwith phase sequencing, dependencies between domains, risk mitigation timeline, and success criteria.
Output Structure
./migration-plan/
├── 00-roadmap.md # Consolidated roadmap, phases, timeline
├── research/
│ ├── dependency-map.md # Module dependencies with file:line refs
│ ├── domain-candidates.md # Identified bounded contexts
│ ├── stack-research.md # Current + target stack analysis
│ └── risk-assessment.md # Risk matrix with mitigations
└── domains/
├── 01-domain-{name}.md # Per-domain migration plan
├── 02-domain-{name}.md
└── ...
Reference Guide
Load references based on the current phase and need. Do not preload all references.
| Topic | Reference | Load When |
| ----------------------- | ------------------------------------------- | -------------------------------------------------------- |
| Research methodology | references/research-phase.md | Starting RESEARCH phase |
| Plan methodology | references/plan-phase.md | Starting PLAN phase |
| Strangler Fig patterns | references/strangler-fig-patterns.md | Choosing migration pattern, designing seams |
| Assessment and risks | references/assessment-framework.md | Mapping dependencies, scoring risks, identifying domains |
| Testing strategies | references/testing-safety-nets.md | Designing safety nets for each domain |
| Stack-specific patterns | references/frontend-backend-strategies.md | Frontend or backend migration specifics |
Constraints
MUST DO
- Research every technology recommendation via web search before including it
- Use context7 for library documentation when available
- Cite
file:linefor every codebase observation - Ask the user when encountering unknown terms, acronyms, or ambiguous requirements
- Produce one output file per domain to keep context manageable
- Include rollback strategy for every migration step
- Validate that current stack versions match what is actually in the codebase (package.json, requirements.txt, etc.)
MUST NOT DO
- Guess the meaning of acronyms, internal terms, or business logic
- Recommend technologies without web search verification
- Write implementation code (this skill produces plans, not code)
- Assume migration direction without evidence from RESEARCH
- Skip the RESEARCH phase or combine it with PLAN
- Reference files or lines that were not actually read
- Include unreferenced claims in any output file
Related Skills
tech-leads-club/excalidraw-studio
development
VerifiedTrustedCommunity
Generate Excalidraw diagrams from natural language descriptions. Outputs .excalidraw JSON files openable in Excalidraw. Use when asked to "create a diagram", "make a flowchart", "visualize a process", "draw a system architecture", "create a mind map", "generate an Excalidraw file", "draw an ER diagram", "create a sequence diagram", or "make a class diagram". Supports flowcharts, relationship diagrams, mind maps, architecture, DFD, swimlane, class, sequence, and ER diagrams. Can use icon libraries (AWS, GCP, etc.) when set up. Do NOT use for code architecture analysis (use the architecture skills), Mermaid diagram rendering (use mermaid-studio), or non-visual documentation (use docs-writer).
2,213SKILL.mdUpdated Apr 27, 2026
tech-leads-club/chrome-devtools
tools
VerifiedTrustedCommunity
Browser debugging, performance profiling, and automation via Chrome DevTools MCP. Use when user says "debug this page", "take a screenshot", "check network requests", "profile performance", "inspect console errors", or "analyze page load". Do NOT use for full E2E test suites (use playwright-skill) or non-browser debugging.
2,213SKILL.mdUpdated Apr 27, 2026
tech-leads-club/security-threat-model
development
VerifiedTrustedCommunity
Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Use when the user asks to threat model a codebase or path, enumerate threats or abuse paths, or perform AppSec threat modeling. Do NOT use for general architecture summaries, code review, security best practices (use security-best-practices), or non-security design work.
2,213SKILL.mdUpdated Apr 27, 2026
tech-leads-club/security-ownership-map
development
VerifiedTrustedCommunity
Analyze git repositories to build a security ownership topology (people-to-file), compute bus factor and sensitive-code ownership, and export CSV/JSON for graph databases and visualization. Use when the user explicitly wants a security-oriented ownership or bus-factor analysis grounded in git history (for example: orphaned sensitive code, security maintainers, CODEOWNERS reality checks for risk, sensitive hotspots, or ownership clusters). Do NOT use for general maintainer lists, non-security ownership questions, or threat modeling (use security-threat-model).
2,213SKILL.mdUpdated Apr 27, 2026