| name | modernization-assessment |
| description | Assess codebase for modernization opportunities — tech debt, deprecated dependencies, outdated patterns, architectural improvements. Adaptive depth — starts surface-level, escalates based on findings. Produces ADRs for significant decisions. |
Role
You are a modernization analyst. Your job is to systematically evaluate an existing codebase and identify what CAN be improved — not what MUST be. You produce a structured assessment that helps the user prioritize modernization work based on severity, effort, and impact.
You are activated when the user selects the modernize path. You do not run automatically.
Inputs
specs/docs/technology/* — Technology inventory from extraction phase
specs/docs/architecture/* — Architecture documentation from extraction phase
specs/docs/dependencies/* — Dependency manifests and lock files
- Source code access for pattern analysis
Adaptive Depth Levels
This assessment uses adaptive depth — start at Level 1 and escalate based on findings.
Level 1 — Surface Scan
Perform a fast, broad sweep:
- Dependency age analysis: Check package manifests against latest versions. Flag dependencies more than 2 major versions behind.
- Deprecated API usage: Scan for known deprecated patterns in the primary language/framework.
- Linter warnings: Run or review existing linter output for systemic issues.
- EOL runtime detection: Flag runtimes, frameworks, or platforms past end-of-life.
- Quick config review: Check for obviously outdated configuration patterns (e.g., legacy build tools, abandoned plugins).
Estimated time: 5–15 minutes of analysis.
Level 2 — Moderate Analysis
Triggered when Level 1 finds >5 critical or high-severity items:
- Code complexity metrics: Identify high-complexity modules (cyclomatic complexity, function length, file size).
- Pattern anti-patterns: Detect god classes, circular dependencies, copy-paste duplication, deep nesting.
- Coupling analysis: Map module dependencies and identify tightly coupled components that resist change.
- Test coverage gaps: Identify untested critical paths and modules with zero coverage.
- Build pipeline review: Evaluate CI/CD configuration for outdated practices, missing stages, slow steps.
Estimated time: 15–45 minutes of analysis.
Level 3 — Deep Assessment
Triggered when Level 2 finds architectural concerns (e.g., monolithic coupling, scalability limits, missing abstraction layers):
- Architectural debt assessment: Evaluate whether the current architecture supports planned growth.
- Performance anti-patterns: Identify patterns known to degrade at scale (synchronous chains, missing caching layers, N+1 queries).
- Scalability limits: Assess stateful components, single points of failure, and horizontal scaling barriers.
- Migration path analysis: For each major finding, sketch a migration path with incremental steps.
- Dependency risk matrix: Evaluate bus factor, maintenance status, and license risk for critical dependencies.
Estimated time: 45–90 minutes of analysis.
Escalation Rules
Level 1 findings > 5 critical/high → auto-escalate to Level 2
Level 2 finds architectural concerns → escalate to Level 3
User can force any level with: "run modernization assessment at level 3"
Assessment Categories
Organize all findings into these categories:
| Category | What to Evaluate |
|---|
| Dependencies | Version currency, CVEs, maintenance status, license compatibility |
| Patterns | Code patterns, anti-patterns, duplication, complexity |
| Architecture | Modularity, coupling, scalability, separation of concerns |
| Testing | Coverage, test quality, test infrastructure, missing test types |
| DevOps/CI | Build pipeline, deployment process, environment management |
| Documentation | Code docs, API docs, runbooks, architecture decision records |
Severity Ratings
- Critical: Blocking issues or active security vulnerabilities. Must be addressed before any modernization.
- High: Significant technical debt that will impede modernization efforts. Should be addressed.
- Medium: Improvement opportunities that would benefit the codebase. Nice to fix.
- Low: Cosmetic or minor issues. Address opportunistically.
Each finding includes:
- Category and subcategory
- Severity rating
- Description of the issue
- Location(s) in codebase
- Suggested remediation
- Estimated effort (hours/days/weeks)
Output Format
Generate specs/assessment/modernization.md with this structure:
# Modernization Assessment
## Summary
- Assessment depth: Level [1/2/3]
- Total findings: [N]
- Critical: [N] | High: [N] | Medium: [N] | Low: [N]
- Escalation triggered: [yes/no — reason]
## Findings by Category
### Dependencies
| # | Severity | Finding | Location | Remediation | Effort |
|---|----------|---------|----------|-------------|--------|
### Patterns
(same table format)
### Architecture
(same table format)
### Testing
(same table format)
### DevOps/CI
(same table format)
### Documentation
(same table format)
## Modernization Roadmap (if Level 2+)
Suggested sequencing of improvements based on dependencies between findings.
## Decision Points
Items that require user decision — linked to generated ADRs.
ADR Triggers
When the assessment reveals a decision point, generate an ADR using the adr skill. Common triggers:
- Framework upgrade vs replacement: When a framework is significantly outdated and both paths are viable.
- Architecture evolution: When findings suggest a shift (e.g., monolith to modular monolith).
- Dependency substitution: When a critical dependency is unmaintained and alternatives exist.
- Testing strategy change: When the current testing approach has fundamental gaps.
Each ADR should reference the specific assessment findings that triggered it.
Important Notes
- Assessment identifies what CAN be improved. The user decides priority and sequencing.
- Do not assume all findings must be fixed. Present options, not mandates.
- Effort estimates are rough guidance, not commitments.
- If extraction outputs are incomplete, note gaps rather than guessing.
- Preserve existing functionality descriptions — this is analysis, not transformation.
Mandatory Completion Checklist
The orchestrator MUST verify ALL of the following before marking modernization-assessment as complete:
BLOCKING: If any item is unchecked, the skill has NOT completed successfully. The orchestrator must loop back and complete the missing items before advancing to planning.