**Description**: Orchestrate a team of specialist agents to upgrade a project to be modern, secure, well-tested, and performant
Orchestrates a team of specialist agents to systematically upgrade projects to be modern, secure, well-tested, and performant
/plugin marketplace add laird/agents/plugin install modernize@plugin-marketplaceDescription: Orchestrate a team of specialist agents to upgrade a project to be modern, secure, well-tested, and performant
Version: 2.0
Purpose: Coordinate multiple specialist agents to systematically upgrade any software project
Team: Migration Coordinator, Security Agent, Architect Agent, Coder Agent, Tester Agent, Documentation Agent
Inputs: Optional ASSESSMENT.md and PLAN.md from /modernize-assess and /modernize-plan
Before starting, this command checks for:
# Check for assessment
if [ -f "ASSESSMENT.md" ]; then
echo "✅ Found ASSESSMENT.md - will use assessment findings"
USE_ASSESSMENT=true
else
echo "⚠️ No ASSESSMENT.md - recommend running /modernize-assess first"
echo " Continue with basic assessment? (y/n)"
USE_ASSESSMENT=false
fi
# Check for plan
if [ -f "PLAN.md" ]; then
echo "✅ Found PLAN.md - will follow existing plan"
USE_PLAN=true
else
echo "⚠️ No PLAN.md - will create plan on-the-fly"
echo " Recommend running /modernize-plan first for better accuracy"
USE_PLAN=false
fi
Recommendation Workflow:
/modernize-assess → /modernize-plan → /modernize-project/modernize-plan → /modernize-project/modernize-project (will create minimal assessment/plan inline)This protocol orchestrates a multi-agent team to modernize and secure your project through a systematic, phased approach. The team works in coordination to ensure:
Core Principle: Systematic, agent-coordinated modernization with quality gates at every stage.
Active Agents: Migration Coordinator, Security Agent, Architect Agent
Input Handling:
IF ASSESSMENT.md EXISTS:
✅ Skip detailed assessment
✅ Use existing scores, risks, estimates
✅ Focus on validation and updates
Duration: 0.5-1 day (validation only)
ELSE:
⚠️ Run full assessment (as described below)
Duration: 1-2 days
Activities:
⚠️ CRITICAL: Test Environment Setup MUST Be First Task
Test Environment Setup (MANDATORY FIRST - NEW per Recommendation 1)
dotnet build (establish baseline)dotnet test (establish pass rate baseline)dotnet list package --vulnerable --include-transitiveSecurity Baseline (BLOCKING - Now uses verified scan from Task 1)
100 - (CRITICAL×10 + HIGH×5 + MEDIUM×2 + LOW×0.5)Project Analysis
Technology Assessment
Test Baseline Analysis
Outputs:
With Existing Assessment:
Quality Gate (UPDATED per Recommendation 1 & 3):
Active Agents: Security Agent (lead), Coder Agent, Tester Agent
Activities:
Fix Critical Vulnerabilities (P0)
Fix High-Priority Vulnerabilities (P1)
Post-Update Security Validation (BLOCKING - NEW per Recommendation 3)
dotnet list package --vulnerable --include-transitive > security-after-phase1.txtdiff security-baseline.txt security-after-phase1.txtOutputs:
Quality Gate (UPDATED per Recommendation 3):
Active Agents: Architect Agent (lead), Migration Coordinator
Input Handling:
IF PLAN.md EXISTS:
✅ Use existing architecture decisions
✅ Validate ADRs are current
✅ Follow defined strategy
Duration: 0.5-1 day (validation only)
ELSE:
⚠️ Create architecture decisions (as described below)
Duration: 2-3 days
Activities:
⚠️ NEW: Spike-Driven ADR Process for High-Risk Decisions (per Recommendation 2)
Framework Upgrade Planning
Dependency Strategy
Architecture Decisions
Outputs:
With Existing Plan:
Quality Gate: All major decisions documented in ADRs, migration plan approved
Active Agents: Coder Agent (multiple if parallel), Tester Agent, Migration Coordinator
Input Handling:
IF PLAN.md EXISTS:
✅ Use defined module migration order
✅ Follow parallel execution strategy
✅ Use task breakdown from plan
More accurate timeline
ELSE:
⚠️ Determine migration order on-the-fly
More conservative timeline
Activities:
Framework Upgrade
Dependency Updates
Continuous Testing (BLOCKING)
Parallel Execution Strategy:
Migration Coordinator
↓
├─ Coder Agent #1 (Module A) → Tester Agent validates
├─ Coder Agent #2 (Module B) → Tester Agent validates
└─ Coder Agent #3 (Module C) → Tester Agent validates
Outputs:
Quality Gate:
Active Agents: Coder Agent, Tester Agent, Architect Agent
Activities:
Replace Obsolete APIs
Code Quality Improvements
Test Enhancement
Outputs:
Quality Gate:
Active Agents: Coder Agent, Tester Agent, Architect Agent
Activities:
Performance Profiling
Optimization Implementation
Validation
Outputs:
Quality Gate:
Active Agents: Documentation Agent (lead), Migration Coordinator
Activities:
CHANGELOG Creation
Migration Guide
Final Documentation
Outputs:
Quality Gate: All documentation complete, reviewed, and accurate
Active Agents: Tester Agent (lead), Security Agent, Migration Coordinator
Activities:
Complete Test Suite
Final Security Scan
Release Preparation
Outputs:
Quality Gate (GO/NO-GO Decision):
Option 1: Full Team Orchestration
User: /modernize-project
User: I have a .NET 6 project I need to upgrade to .NET 9, modernize dependencies, fix security issues, and improve test coverage.
Claude: I'll coordinate a team of specialist agents to modernize your project. Let me start with Phase 0: Discovery & Assessment...
[Migration Coordinator activates]
Phase 0: Discovery & Assessment
- Analyzing project structure...
- Running security scan...
- Creating upgrade roadmap...
[Security Agent activates]
Security Baseline:
- Current score: 23/100
- CRITICAL: 3 vulnerabilities
- HIGH: 12 vulnerabilities
⚠️ BLOCKING: Must fix CRITICAL/HIGH before proceeding
[Architect Agent activates]
Technology Assessment:
- Current: .NET 6.0
- Target: .NET 9.0
- Breaking changes identified: 47
- ADR needed for: [list of decisions]
...
Option 2: Phase-by-Phase
User: /modernize-project
User: Start with Phase 0 only - just assess my project
Claude: Running Phase 0: Discovery & Assessment...
[Detailed assessment output]
Option 3: Specific Agent Focus
User: /modernize-project
User: Focus on security remediation only (Phase 1)
Claude: [Security Agent + Coder Agent + Tester Agent activate]
The Migration Coordinator maintains a progress dashboard:
## Modernization Progress
### Overall Status: Phase 3 - Framework Modernization (60% complete)
| Phase | Status | Duration | Quality Gate |
|-------|--------|----------|--------------|
| 0. Discovery | ✅ Complete | 1.5 days | ✅ Passed |
| 1. Security | ✅ Complete | 3 days | ✅ Score: 52/100 |
| 2. Architecture | ✅ Complete | 2 days | ✅ ADRs: 5 |
| 3. Framework | 🔄 In Progress | 4/7 days | ⏳ Pending |
| 4. API Modernization | ⏳ Pending | - | - |
| 5. Performance | ⏳ Pending | - | - |
| 6. Documentation | ⏳ Pending | - | - |
| 7. Final Validation | ⏳ Pending | - | - |
### Current Phase Details
- **Active Agents**: Coder #1, Coder #2, Tester
- **Module A**: ✅ Complete (.NET 9 migration done)
- **Module B**: 🔄 In Progress (fixing build errors)
- **Module C**: ⏳ Queued
- **Test Pass Rate**: 96.2% (6 failures, P2 severity)
Migration Coordinator
↓
Security Agent (Phase 1) → GATE → Must pass before Phase 2
↓
Architect Agent (Phase 2) → GATE → ADRs must be complete
↓
Coder Agent (Phase 3) → Tester Agent → GATE → 100% pass rate
↓
Coder Agent (Phase 4) → Tester Agent → GATE → 100% pass rate
↓
Documentation Agent (Phase 6)
↓
Tester + Security (Phase 7) → FINAL GATE → GO/NO-GO
Migration Coordinator
↓
Security Agent (Phase 1) → GATE
↓
Architect Agent (Phase 2) → GATE
↓
├─ Coder #1 (Module A) → Tester → ✅
├─ Coder #2 (Module B) → Tester → ✅
└─ Coder #3 (Module C) → Tester → ✅
↓
Documentation Agent → Final Validation
Coder Agent makes changes
↓
Tester Agent runs tests
↓ (failures found)
Tester Agent documents failures (P0/P1/P2/P3)
↓
Coder Agent fixes issues
↓
Tester Agent re-runs tests
↓
[Repeat until 100% pass rate achieved]
MANDATORY: All agents must log to HISTORY.md using ./scripts/append-to-history.sh
When to Log:
Example Entry:
## 2025-10-25 14:30 - Phase 1: Security Remediation Complete
**Agent**: Security Agent + Coder Agent
**Phase**: 1 - Security Remediation
### What Changed
- Fixed 3 CRITICAL vulnerabilities (CVE-2024-1234, CVE-2024-5678, CVE-2024-9012)
- Fixed 12 HIGH vulnerabilities
- Updated 15 dependencies to latest secure versions
- Improved security score from 23/100 → 52/100
### Why Changed
- CRITICAL vulnerabilities blocked progression (Phase 0 quality gate)
- Required to achieve minimum security score ≥45
- Multiple packages had known exploits in production
### Impact
- Security score: 23/100 → 52/100 (+29 points)
- CRITICAL vulnerabilities: 3 → 0 (✅ resolved)
- HIGH vulnerabilities: 12 → 0 (✅ resolved)
- MEDIUM vulnerabilities: 8 → 5 (-3)
- Dependencies updated: 15 packages
- Test pass rate: 100% (no regressions introduced)
### Outcome
✅ **Quality Gate PASSED** - Ready for Phase 2: Architecture & Design
- Security score ≥45: ✅ (52/100)
- Zero CRITICAL: ✅
- Zero HIGH: ✅
- Tests passing: ✅ (100%)
**Next Phase**: Phase 2 - Architecture & Design (2-3 days estimated)
✅ Security
✅ Quality
✅ Modernization
✅ Documentation
Note: Time estimates are based on typical human execution times and may vary significantly based on project complexity, team experience, and AI assistance capabilities.
| Phase | Duration | Can Parallelize |
|---|---|---|
| 0. Discovery & Assessment | 1-2 days | No |
| 1. Security Remediation | 2-5 days | Partial (by vulnerability) |
| 2. Architecture & Design | 2-3 days | No |
| 3. Framework Modernization | 5-10 days | Yes (by module) |
| 4. API Modernization | 3-7 days | Yes (by area) |
| 5. Performance Optimization | 2-4 days | Partial |
| 6. Documentation | 2-3 days | Partial (by doc type) |
| 7. Final Validation | 1-2 days | No |
Total: 18-36 days (depends on project size and parallelization)
Small Project (<10k LOC): ~18-22 days Medium Project (10k-50k LOC): ~25-30 days Large Project (>50k LOC): ~30-36 days
User: /modernize-project
User: Upgrade my .NET Framework 4.8 project to .NET 9, fix all security issues, and ensure 95%+ test coverage
Claude: I'll coordinate the modernization team:
Phase 0: Discovery & Assessment
- Current: .NET Framework 4.8
- Target: .NET 9.0
- Security Score: 18/100 ⚠️
- Test Coverage: 42% ⚠️
[Detailed execution across all 7 phases]
User: /modernize-project
User: My Node.js 14 app needs to go to Node.js 22, fix CVEs, and add proper testing
Claude: Modernization Plan:
- Phase 0: Assess Node.js 14 → 22 migration path
- Phase 1: Fix 47 vulnerabilities (Security Agent priority)
- Phase 2: Plan ESM migration, update patterns (Architect)
- Phase 3-4: Upgrade dependencies, modernize code (Coder)
- Phase 5: Performance validation
- Phase 6-7: Documentation and final validation
User: /modernize-project
User: Legacy Python 2.7 codebase → Python 3.12, modernize dependencies, add type hints
Claude: This is a major migration requiring all agents:
[Systematic execution with extra focus on syntax changes, dependency compatibility]
Security Gate Failed
❌ Security score: 38/100 (required ≥45)
→ Action: Security Agent + Coder Agent continue Phase 1
→ Cannot proceed to Phase 2 until resolved
Testing Gate Failed
❌ Test pass rate: 87% (required 100%)
→ Action: Tester Agent documents failures
→ Coder Agent fixes issues
→ Re-run fix-and-retest cycle
Performance Gate Failed
❌ Performance regression: -23% (threshold -10%)
→ Action: Roll back change
→ Architect Agent reviews approach
→ Coder Agent implements optimized solution
❌ Skipping security phase - "We'll fix it later" ❌ Accepting <100% test pass rates - "Good enough for now" ❌ Batching all changes - "One big PR at the end" ❌ Skipping documentation - "We'll document after release" ❌ Ignoring quality gates - "We're on a deadline" ❌ Solo agent execution - "Just the Coder Agent is fine" ❌ No progress tracking - "Trust the process"
Document Owner: Migration Coordinator Protocol Version: 1.0 Last Updated: 2025-10-25 Applicability: Universal - All software projects requiring modernization
Remember: Systematic agent coordination = Production-ready modernization ✅