Inspiration
After years inside enterprise mainframe programs, the pattern is always the same: legacy modernization stalls not because COBOL is hard to read, but because the business rules are buried in code, the risky dependencies are invisible, and the SMEs who can confirm them are the bottleneck. That coordination work already happens in Slack. So we made Slack the operating surface for it.
What it does
Type /legacy assess claims-batch and Legacy Commander returns a business-readable modernization assessment for a COBOL claims-adjudication batch, right in Slack:
- Business purpose and migration risk
- Extracted business rules, each grounded in cited
.cblsource lines - Critical dependencies (DB2, fixed-width file contracts, scheduler, SME ownership)
- SME questions that block safe migration
- A recommended strangler migration path
- Draft work packages for human review
- An audited MCP tool-call trace
The assessment card is interactive — Mark reviewed, SME follow-up, Draft ticket, Show trace — and every SME decision updates a live App Home dashboard and reposts a traceability graph.
How we built it
- TypeScript + Node, Slack Bolt with Block Kit for the command-center card and App Home dashboard.
- A real Model Context Protocol server (
src/mcp/server.ts) exposing legacy-analysis tools, called throughMcpLegacyAnalysisClientoverStdioClientTransport. Every tool call is audited. - Claude (
claude-sonnet-4-6) proposes the assessment with source citations; the application validates it. @resvg/resvg-jsrenders the traceability graph to PNG server-side, so the demo is deterministic.- Three run modes: auto,
--agent(live Claude grounding),--fixture(deterministic, no API call) — the demo always works.
Core boundary: model proposes / application validates. The model can suggest rules and packages, but sme_validated is structurally unreachable by the model — enforced at the TypeScript type level and asserted by adversarial tests. Only the SME workflow can reach it.
Challenges we ran into
- Making SME validation impossible for the model to self-certify. Solved in the type system, not a prompt — so the guarantee holds regardless of model output.
- Verifying citations: proposed paragraph/line references are resolved against real source lines before a claim is allowed to stand as grounded. No catalog reference, no claim.
- Deterministic, reviewer-safe visuals via server-side PNG rendering.
- Scoping honestly — showing the workflow and boundary without pretending to do production-grade COBOL parsing.
Accomplishments that we're proud of
- A type-enforced validation boundary an agent literally cannot cross.
- A real MCP tool trace, not a simulated one.
- Rule extraction cited back to source lines instead of hand-waved.
- An enterprise-grade Slack experience that reads like a modernization command center, not a chatbot.
What we learned
- The hard part of modernization is coordination, not translation.
- For agentic AI in regulated work, auditability and hard boundaries matter more than cleverness.
- A type system is an underrated safety rail: it made "the model can't approve its own work" a compile-time fact.
What's next for Legacy Modernization Commander
- Connect the adapter boundary to a live code-analysis backend.
- Real ticket creation from approved work packages.
- An in-Slack SME approval workflow that flips
sme_validatedthrough a human action. - Support for more legacy environments: PL/I, RPG, Assembler, SAP ABAP.
Built With
- anthropic
- block-kit
- claude
- cobol
- mcp
- model-context-protocol
- node.js
- resvg
- slack
- slack-bolt
- socket-mode
- typescript
- zos
Log in or sign up for Devpost to join the conversation.