// Analyzes authentication flows, authorization rules, middleware logic, and side-effects. Use when extracting business rules, Passport configurations, or mailer logic from an Express application.
Compares a modernized Next.js application against its legacy Express counterpart using runtime side-by-side verification. Use when ensuring functional and business logic parity between two systems.
Manages the end-to-end modernization of legacy Express monoliths into Next.js architectures. Orchestrates subagents for auditing, scaffolding, and verification. Use when starting or managing a greenfield rewrite project.
Systematically probe a modernized Next.js application for logic flaws, security vulnerabilities, or missing features. Use this to find bugs or cases where the migration failed to match legacy behavior.
Analyzes Express route definitions and controller logic to document API endpoints, payloads, and response structures. Use when reverse-engineering an existing Express application's API surface.
Analyzes legacy ORM models (Mongoose, Sequelize) to extract schemas, validations, and relationships. Use when reverse-engineering a legacy data layer for a modern rewrite.
Analyzes legacy UI templates (Pug, EJS, HTML) to extract a comprehensive inventory of components, layouts, and conditional logic. Use when reverse-engineering a legacy frontend for a modern rewrite.
| name | auditing-business-logic |
| description | Analyzes authentication flows, authorization rules, middleware logic, and side-effects. Use when extracting business rules, Passport configurations, or mailer logic from an Express application. |
Analyze the implicit "rules" and external behaviors of a legacy application to ensure they are accurately replicated in the modern architecture.
Reverse-engineer the application's authentication flows, authorization logic (RBAC/ABAC), and any asynchronous side-effects (Mailers, External APIs, File Storage).
Copy this checklist and track your progress:
Task Progress:
- [ ] Step 1: Analyze AuthN & AuthZ Flows
- [ ] Step 2: Map Side-Effects (External APIs, Mailers)
- [ ] Step 3: Analyze Global Middleware
- [ ] Step 4: Draft Modernization Advisory
- [ ] Step 5: Generate Business_Logic_Rules.md
config/passport.js). Document the login strategies (Local, OAuth, etc.) and required fields.requiresRole('admin') or isOwner(resource_id)).Identify actions that occur outside of the primary request/response cycle:
package.json and controllers for Stripe (Payments), Twilio (SMS), SendGrid (Email), etc.mailer/ or services/email/ directory. Does creating a resource trigger an automated notification?Examine app.js or config/express.js. Document global middlewares such as helmet, cors, custom loggers, or csurf. Determine which remain relevant for a modern Next.js API.
Flag potential pitfalls for the modern stack (e.g., Next-Auth vs Passport). Recommend modern equivalents for legacy side-effects (e.g., moving from local file storage to S3/Uploadthing).
Compile findings into docs/legacy-audit/Business_Logic_Rules.md. Additionally, identify specific logic-parity probes (e.g., "Attempt to submit a form without the required OAuth session to verify the redirect loop matches legacy"). Append these logic-specific test cases to docs/verification/Verification_Plan.md.