What we actually do during the analysis
The analysis is not a "look at the code" — it is a systematic review across four dimensions: code, data, security, and business. Each dimension uses purpose-built tools plus human review.
1. Code and architecture
Tools like Claude Code, Semgrep, and OpenRewrite read the entire source. We identify modules, dependencies, dead code, and the actual connections between components. The output is a system map that, candidly, no-one in your company has likely had end-to-end before.
2. Data and database
Schema review, indexing, integrity constraints, and how the data is actually used. We frequently find tables nobody touches any more, or missing indexes that drag the whole system down.
3. Security
Automated and manual analysis of known vulnerabilities (OWASP Top 10), dependency risks, and weak configurations. Critical for systems that have been unpatched for years.
4. Business logic
The most important part. AI extracts the rules that have accreted over years and were never documented. Without this step, every rewrite becomes a re-creation — and almost guaranteed to lose meaningful detail.
What you get in the report
- An executive summary (1 page).
- Technical current-state assessment.
- Identified risks with severity.
- Recommended target stack with rationale.
- Phased rewrite plan (typically 3–5 phases).
- Full project cost estimate.
- Risk comparison: rewriting vs. keeping the legacy system.
- 5-year maintenance cost projection for both scenarios.