Skip to main content

Overview

Modernization fails not because organizations can’t read their legacy code, but because they can’t ensure that the new code does what the old code did. 71% of Fortune 500 companies still run mainframes. Most modernization projects fail — and the primary drivers are organizational (misaligned expectations, governance gaps, skills shortages), not technical. A third of COBOL programmers will retire by 2030. The pressure to modernize is real. The risk of doing it wrong is enormous. The industry has responded with AI-assisted code reading and translation tools. But reading legacy code was never the hard part. The hard parts are understanding behavioral semantics across non-code artifacts, mapping hidden dependencies that span decades of accretion, proving behavioral equivalence between old and new systems, and sequencing the work so nothing breaks mid-flight. These are the problems that CoreStory addresses with the patterns in this playbook. CoreStory provides persistent architectural intelligence across the entire modernization lifecycle — not just during discovery, but through decomposition, execution, and verification. It serves three roles:
  • Expert — explains system behavior, architectural patterns, dependency chains, and data flows across the full codebase
  • Navigator — points to specific files, methods, and code paths where business logic, coupling, and risk live
  • Verifier — compares legacy and modernized implementations to confirm behavioral equivalence
These roles map to a simple temporal model: before migration, CoreStory accelerates discovery from months to days by producing a structured specification automatically. During migration, it guides and verifies each work package against that specification — business rules, data contracts, integration behavior. After migration, it persists as the living specification for the modernized system, preventing the documentation decay that causes the next legacy crisis. This playbook follows established industry frameworks (AWS, Google Cloud, Azure, Gartner) while going deeper in the areas where CoreStory adds unique value: persistent cross-session intelligence that accumulates understanding over time, rather than starting fresh with every query. Who this is for: Engineering leaders, architects, and modernization teams planning or executing legacy system transformations. Also useful for consultants, PE portfolio teams, and system integrators managing modernization engagements. What you’ll get: A universal six-phase workflow linking to detailed sub-playbooks for each phase, plus architecture-to-architecture variants for the most common modernization patterns.

When to Use This Playbook

  • You’re planning or executing a modernization of a legacy system (mainframe, monolith, legacy framework, on-prem infrastructure)
  • You need a structured methodology that goes beyond “ask AI to rewrite the code”
  • You have a codebase where business logic is scattered across application code, configuration, batch jobs, and non-code artifacts
  • You need to prove behavioral equivalence between legacy and modernized systems
  • You’re evaluating which modernization strategy (the 7 Rs) to apply to different components
  • You want to sequence a multi-month modernization program into executable work packages

When to Skip This Playbook

  • You’re building a greenfield application with no legacy system to migrate from — use Spec-Driven Development instead
  • You need to understand a single legacy codebase for acquisition purposes — use M&A Technical Due Diligence
  • You need to extract business rules from a codebase but aren’t planning a modernization — use Business Rules Extraction
  • The modernization is a simple lift-and-shift (Rehost) with no code changes — CoreStory adds minimal value to infrastructure-only moves
  • The codebase is trivially small (under ~10k LOC) — you can refactor it directly without a phased methodology

Prerequisites

Organizational (address before Phase 1)

  • Executive sponsor with budget authority and cross-team mandate
  • Governance model: who approves architectural decisions, who owns the migration backlog, who resolves cross-team conflicts
  • Realistic timeline and budget expectations. Reference: failed modernization projects routinely cost seven figures over 12–18 months. Plan accordingly.
  • Skills assessment. 70% of organizations struggle to hire modernization-capable talent (Kyndryl 2025). Plan for upskilling or partner engagement. CoreStory + AI agents serve as a force multiplier for thin teams, but they don’t replace architectural judgment.
  • Compliance and regulatory constraints identified upfront. 94% of enterprises say compliance highly influences modernization plans. Some patterns may be impossible for regulated workloads (data residency, PCI-DSS, HIPAA, SOX).
  • Change management strategy: how will affected teams learn the new systems?

Technical

  • A CoreStory account with the legacy codebase ingested and ingestion complete
  • An AI coding agent with CoreStory MCP configured (see Supercharging AI Agents for setup)
  • Repository access for the legacy codebase under analysis
  • (Recommended) Access to architecture documentation, if it exists
  • (Recommended) Domain experts who can validate business rules and architectural decisions — especially for mainframe systems where business logic hides in non-code artifacts (JCL, copybooks, CICS configuration, VSAM data stores)
  • (Optional) Jira, Azure DevOps, or Linear MCP for Phase 4 work package creation (see Using CoreStory with Jira)

How It Works

The Six-Phase Framework

Modernization is a multi-month, multi-phase engineering program — not a code translation task. This playbook breaks it into six phases, each with a dedicated sub-playbook.

How the Phases Connect

The phases form a dependency chain with an iterative loop at the end:
  • Phase 1 produces the assessment that informs Phase 3 (strategy selection). You can’t choose a modernization pattern without understanding what you’re modernizing.
  • Phase 2 produces the behavioral contract that Phase 6 verifies against. The business rules inventory is the definition of “correct” that the modernized system must satisfy.
  • Phase 3 selects the pattern that determines which Phase 5 variant to use. A monolith-to-microservices migration executes differently than a mainframe-to-cloud migration.
  • Phase 4 produces the sequenced work plan that Phase 5 executes. Each work package has dependencies, acceptance criteria, and a defined order.
  • Phases 5 and 6 are iterative — each component cycles through execution and verification. A component isn’t done until its behavioral equivalence is confirmed.

CoreStory MCP Tools Used

This playbook and its sub-playbooks use the following tools from the CoreStory MCP server: A note on the PRD and TechSpec: These documents are often very large — too large for an agent to hold in a single context window. Rather than reading them end-to-end, query CoreStory about their contents via send_message. CoreStory has already ingested these documents and can answer targeted questions about them efficiently.

Human-in-the-Loop Gates

Modernization involves irreversible architectural decisions and production-impacting deployments. CoreStory informs these decisions; humans make them. The following gates are non-negotiable checkpoints where human judgment is required. These gates exist because AI is excellent at analysis but should not make organizational commitments. Every gate produces an artifact (report, decision record, or approval) that becomes part of the modernization audit trail.

The 7 Rs: Choosing a Modernization Strategy

The “7 Rs” taxonomy originated with Gartner (5 Rs), was extended by AWS to 6 and then 7, and has become the industry-standard decision framework for modernization strategy. Phase 3 of this playbook guides you through selecting the right R for each component. Here’s the landscape and where CoreStory adds value: This playbook is most valuable for Refactor / Re-architect — the R that requires deep, persistent codebase understanding across the full lifecycle. It also adds significant value to Repurchase (via business rules inventory and gap analysis) and to the Retire / Retain decision itself (via rigorous assessment).
A note on “Rebuild”: Some frameworks cite Rebuild as an 8th R (ground-up rewrite). This playbook treats it as a variant of Refactor / Re-architect because the methodology is the same — the difference is scope, not process. Behavioral verification is equally critical regardless.
A note on hybrid strategies: Kyndryl data shows 53% of enterprises pursue hybrid strategies — applying different Rs to different components rather than a single approach across the entire portfolio. This is expected and healthy. The assessment phase (Phase 1) should produce a per-component recommendation, not a single system-wide strategy.

Working with AI-Derived Findings

CoreStory’s specification is AI-derived. It produces high-confidence structured artifacts from code analysis — but not every finding carries the same certainty, and not every behavior in the legacy system should be preserved unchanged. Two complementary systems govern how teams navigate these realities across phases.

The Confidence Protocol

The Confidence Protocol governs how much human validation each finding requires. It prevents two failure modes: reviewing everything (doesn’t scale) and reviewing nothing (too risky). SME time stays proportional to uncertainty, not system size. On Contradicted findings: This is an expected occurrence, not a system failure. Contradictions surface cases where either the code does something different from what stakeholders believe (valuable: you’ve found a latent bug or undocumented change), or CoreStory misinterpreted a code path (fix the spec and continue). Both outcomes improve the modernization’s accuracy. The Confidence Protocol applies across phases: Phase 1 (Assessment) assigns initial confidence states, Phase 2 (Business Rules) refines them, and Phase 6 (Verification) can upgrade Hypothesized findings to High-confidence or Verified as evidence accumulates.

Behavior Tagging

During Phase 3 (Target Architecture), every behavior identified in the spec gets tagged with an explicit migration intent. This forces a deliberate decision about each behavior — no silent changes. If [CHANGE] + [NEW] exceeds ~20% of tagged items in a work unit, the unit is drifting from modernization to rewrite — different risk characteristics. Flag to the program manager for scope review. The full tagging workflow is covered in Target Architecture. The tags flow forward into Phase 4 (each work package’s scope is defined by its tags), Phase 5 (TDD assertions differ by tag), and Phase 6 (verification criteria differ by tag).

Execution Patterns

Phase 5 (Iterative Execution) follows one of three incremental migration patterns. The Strangler Fig is the default; the others are used when the façade approach isn’t feasible.

Strangler Fig (Default)

The most widely recommended pattern for incremental modernization. Named by Martin Fowler after the strangler fig plant that gradually envelops its host tree.
  1. Transform: Build the modernized version of the component using Spec-Driven Development.
  2. Coexist: Run both old and new versions simultaneously. Route traffic through a façade/proxy layer. Validate behavioral equivalence.
  3. Eliminate: Once the modernized component is verified (Phase 6), retire the legacy component and remove the façade.
The façade enables instant rollback — if the modernized component fails verification, traffic routes back to legacy with no downtime.

Branch by Abstraction

For deeply embedded components where a façade can’t intercept traffic — shared libraries, data access layers, utility modules.
  1. Introduce an abstraction layer within the codebase that both old and new implementations satisfy.
  2. Build the new implementation behind the abstraction.
  3. Switch consumers to the new implementation incrementally.
  4. Remove the old implementation and (optionally) the abstraction layer.
Reference: Sam Newman, Monolith to Microservices. Use when: shared data access layers, utility libraries, deeply coupled internal components.

Parallel Run (Shadow Traffic)

For high-risk components where behavioral equivalence must be proven in production before cutover.
  1. Route copies of production requests to both legacy and modernized systems.
  2. Compare responses; flag discrepancies.
  3. Run until the discrepancy rate drops below threshold (typically below 0.01% for critical services).
  4. Cut over to the modernized system; decommission legacy.
Use when: payment processing, financial calculations, regulatory-sensitive logic — anywhere a behavioral difference has catastrophic consequences.
Data synchronization during coexistence: A rising pattern combines Strangler Fig with Change Data Capture (CDC) via Apache Kafka or Debezium to keep legacy and modern data stores in sync during the coexistence phase. This avoids the dual-write problem and enables real-time data consistency without modifying the legacy system’s write path.

Architecture-to-Architecture Variants

Phase 5 links to architecture-specific variant playbooks that provide pattern-specific guidance for the most common modernization patterns.

Monolith → Microservices (available now)

The most common enterprise modernization pattern. Covers service boundary identification, API gateway introduction, data decomposition (the hardest challenge in this pattern), Saga pattern for distributed transactions, and the Strangler Fig execution workflow per service. Read the Monolith to Microservices playbook →

Legacy Framework → Modern Framework (coming soon)

E.g., Struts → Spring Boot, .NET Framework → .NET Core, AngularJS → React. Same codebase structure, modern runtime. Focuses on dependency upgrades, API contract preservation, and incremental migration.

Mainframe → Cloud-Native (coming soon)

COBOL/mainframe systems to Java/Python on cloud infrastructure. Addresses the unique challenges of mainframe coupling, JCL batch jobs, VSAM data stores, CICS transaction processing, copybook data definitions, and the non-code artifacts that encode business logic never captured in application code.

On-Prem → Cloud-Native (coming soon)

Infrastructure modernization with application refactoring. Covers cloud-native patterns (containers, serverless, managed services), data migration, and the operational shift from on-prem to cloud.

Step-by-Step Overview

Each phase has a dedicated sub-playbook with full walkthroughs. This section provides a condensed overview of what happens at each phase and what it produces.

Phase 1: Codebase Assessment

Goal: Systematically evaluate the legacy codebase’s modernization readiness.
The assessment covers architecture mapping, dependency analysis, tech debt identification, security and compliance review, testability evaluation, data architecture analysis, and — critically for mainframe systems — non-code artifact inventory (JCL, copybooks, CICS, VSAM, sort utilities, system exits, middleware configuration). Deliverable: A Modernization Readiness Report with component-level readiness scores and a recommended modernization strategy per component. Read the full Codebase Assessment playbook →

Phase 2: Business Rules Inventory

Goal: Extract, catalog, and validate every business rule the modernized system must preserve. This phase uses the existing Business Rules Extraction playbook. The business rules inventory becomes the behavioral contract that Phase 6 verifies against — if a rule is missing from the inventory, it won’t be verified. Deliverable: A structured Business Rules Inventory using the BR-XXX template format. Read the Business Rules Extraction playbook →

Phase 3: Target Architecture & Strategy

Goal: Choose the modernization pattern and define the target architecture. This is the most human-driven phase. CoreStory provides the analysis — natural service boundaries, coupling hotspots, data dependency maps — but the architectural decision belongs to the architect and stakeholders.
Deliverable: An Architectural Decision Record documenting the selected strategy, target architecture, migration scope, constraints, and stakeholder approval. Read the Target Architecture playbook →

Phase 4: Decomposition & Sequencing

Goal: Break the modernization plan into executable work packages and order them by dependency. CoreStory maps dependencies between components and identifies which must be modernized together (can’t be separated) versus which can be extracted independently. The output is a sequenced migration plan with work packages ready for Jira or Linear.
Deliverable: A sequenced set of work packages with scope, acceptance criteria, dependencies, and estimated effort — optionally pushed to Jira/Linear as epics or stories. Read the Decomposition & Sequencing playbook →

Handling Change During Execution

Read this section before starting Phase 5. It applies throughout. Modernization programs take months. The business doesn’t pause during migration. Feature requests arrive, bugs get filed against the legacy system, and the target architecture evolves as the team learns. The behavior tagging system and CoreStory’s persistent conversations are the mechanisms for handling this. New feature request arrives during migration. Query CoreStory to identify which work unit the feature touches. If the module hasn’t migrated yet, implement in legacy and tag as [NEW] for the work unit. If migration is in progress, implement in the target and add to the unit’s scope. If the module already migrated, use the Feature Implementation playbook against the modern codebase. Legacy bug discovered during migration. Document in the work unit’s CoreStory conversation. Tag the buggy behavior as [CHANGE] with rationale: “Legacy bug — correcting during migration.” Write tests asserting the correct behavior (not the legacy bug). Get product owner sign-off that the behavioral change is intentional. Target architecture evolves mid-migration. Document in the Phase 3 conversation. Assess impact on completed work units. Re-validate with CoreStory: “Given this architectural change, do any completed migration units need adjustment?” Scope creep management. Monitor the tagging ratio per work unit. If [CHANGE] + [NEW] exceeds ~20% of tagged items, flag to the program manager — the unit is drifting from modernization to rewrite.

Phase 5: Iterative Execution

Goal: Execute the modernization component by component using the Transform → Coexist → Eliminate pattern. This phase uses the existing Spec-Driven Development playbook for generating delta specs per component, plus the relevant architecture-to-architecture variant for pattern-specific guidance. Deliverable: Modernized components with façade/proxy layers for traffic routing during coexistence. Existing playbook: Spec-Driven Development → First variant: Monolith to Microservices →

Phase 6: Behavioral Verification

Goal: Prove that each modernized component preserves the business rules cataloged in Phase 2. Verification uses a four-tier strategy:
  1. Static verification (CoreStory-assisted, no running code): Rule tracing, invariant checking, data flow comparison, edge case generation.
  2. Dynamic verification (requires running code): Characterization testing (Golden Master), contract testing.
  3. Production-grade verification (requires production-like environment): Shadow traffic testing, record-replay testing.
  4. Data migration verification (if applicable): Row counts, checksums, semantic validation, referential integrity checks.
CoreStory is most powerful in Tier 1 (it holds both codebases’ semantic understanding) and in generating test cases for Tiers 2–3. The dynamic tiers require additional tooling, but CoreStory guides what to test and interprets the results. Deliverable: A Behavioral Equivalence Report with rule-by-rule verification status, behavioral differences analysis, and a recommendation (ready to eliminate legacy / needs remediation / needs domain expert review). Read the Behavioral Verification playbook →

How This Relates to Other Playbooks


Agent Implementation Guides

The skill file shown below is plain markdown. The workflow it encodes works in any agentic harness — only the install location differs. Common conventions:
Want a single install that works across the most harnesses? Append the content to AGENTS.md at your repository root. The AGENTS.md spec is read by Codex, Aider, Cursor, Factory, Jules, Gemini CLI, Windsurf, GitHub Copilot’s coding agent, JetBrains Junie, Warp, and others — so a single file covers most users without harness-specific setup.
If your harness isn’t listed, the SKILL.md content itself is portable — install it wherever your harness loads workflow context and adapt the activation step (auto-trigger, slash command, explicit invocation) to your harness’s conventions. The accordions below walk through end-to-end setup (skill file, slash command, version control) for the four most common harnesses. If you’re on a different harness, copy the SKILL.md content from any accordion and install it per the conventions above.

Setup

  1. Configure the CoreStory MCP server in your Claude Code settings (see CoreStory MCP Server Setup Guide).
  2. Add the skill file. Create the skill directory and file:
Create .claude/skills/code-modernization/SKILL.md with the content from the skill file below.
  1. (Optional) Add the slash command:
Create .claude/commands/modernize.md with a short description referencing the six-phase modernization workflow.
  1. Commit to version control:

Usage

The skill activates automatically when Claude Code detects modernization-related requests:
Or invoke explicitly:

Tips

  • This skill is a router, not an executor. It determines which phase the user needs and delegates to the dedicated phase skill. It should never execute phase steps directly.
  • Each phase has its own skill file with full procedural detail. The hub skill intentionally omits that detail to prevent Claude Code from racing through all phases at once.
  • Create separate CoreStory conversations per phase to keep findings organized and produce clean audit trails.
  • Keep the SKILL.md under 500 lines for reliable loading.

Skill File

Save as .claude/skills/code-modernization/SKILL.md:
GitHub Copilot supports agent skills — folders containing a SKILL.md file with YAML frontmatter that Copilot loads when relevant to a task.Create .github/skills/code-modernization/SKILL.md:
Custom instructions (lightweight alternative): Add to .github/copilot-instructions.md:
Create .cursor/rules/code-modernization/RULE.md:
Create .factory/droids/code-modernization.md:

Tips & Best Practices

Start with Phase 1, even if you think you know the codebase. Engineers who’ve worked on a system for years consistently discover architectural connections, dead code paths, and undocumented dependencies during a formal assessment. CoreStory surfaces things that tribal knowledge misses. Create separate CoreStory conversations per phase. Don’t reuse a single thread across all six phases. Separate conversations keep findings organized, produce clean audit trails, and allow different team members to own different phases. Retain is a legitimate outcome. 53% of enterprises pursue hybrid strategies (Kyndryl 2025). Not every component needs to be modernized. The assessment phase should identify components where the cost of modernization exceeds the benefit — and “retain” is the correct strategy for those components. Don’t skip the business rules inventory. Phase 2 is the most frequently shortcut phase and the most common source of modernization failure. If you don’t know what the legacy system does, you can’t verify that the modernized system does the same thing. The business rules inventory is not optional. Sequence by dependency chain, not by perceived difficulty. Teams often want to start with the “easiest” component. But if that component depends on a shared database that three other components also use, you’ll immediately hit data decomposition challenges. Let the dependency graph drive the sequence. Use the architecture variant playbooks. Generic modernization guidance is insufficient for the specific challenges of each pattern. Monolith-to-microservices has different hard problems (data decomposition, distributed transactions) than mainframe-to-cloud (JCL translation, VSAM migration, CICS session management). Query specificity matters. “Tell me about the architecture” produces vague answers. “Which modules access the same database tables? Map the shared data dependencies between the order processing and inventory modules” produces actionable findings with file paths. Always name the specific component, entity, or workflow.

Troubleshooting

CoreStory returns generic or shallow answers about the legacy system. Your queries are too broad. After retrieving the Tech Spec, use the architectural vocabulary it provides — specific service names, module names, data model names — in your queries. “What are the dependencies?” is weak. “What are the dependencies between the OrderService and InventoryService, including shared database tables and message queue interactions?” is strong. The assessment reveals the system isn’t ready for modernization. This is a valid and valuable finding. Common blockers: no test coverage (can’t verify), extreme coupling (can’t decompose), missing domain knowledge (can’t validate business rules), insufficient budget or timeline. Use the assessment to build the case for investing in readiness before attempting modernization. Phase 3 produces analysis paralysis — too many options, no clear strategy. Start with the component that has the highest business value and the lowest coupling. Prove the methodology works on one component before scaling. The architectural decision doesn’t have to cover every component upfront — you can reassess after the first few components are modernized. Work packages from Phase 4 are too large or too tightly coupled. Ask CoreStory more targeted decomposition questions: “What is the smallest independently-deployable subset of [component]?” and “If we extract just [feature], what temporary integration points are needed?” The goal is work packages that can be completed in 1–3 sprints. Behavioral verification reveals differences between legacy and modernized systems. Not all differences are bugs. Some are intentional improvements (better error handling, more consistent validation). The verification report should classify each difference as: (a) equivalent behavior, (b) intentional improvement, (c) acceptable deviation, or (d) bug requiring remediation. Only (d) blocks the Eliminate phase. Project not found or CoreStory tools unavailable. See the Supercharging AI Agents troubleshooting section for MCP connection issues. Verify the project has completed ingestion by calling list_projects and checking the status.

What’s Next

Start here: Codebase Assessment → — Phase 1 is where every modernization engagement begins. For business rules extraction: Business Rules Extraction → — Phase 2 of the workflow. For the first architecture variant: Monolith to Microservices → — the most common enterprise modernization pattern. For agent setup: Supercharging AI Agents with CoreStory → — MCP server configuration and agent setup. For Jira integration: Using CoreStory with Jira → — Phase 4 work package integration.