PlexVive.com
AIDLC · Legacy Modernization

From legacy source.
To cloud-native production.

Meridian's AIDLC pipeline automates 23 sequential phases of modernization — from reverse engineering Oracle Forms, COBOL, PL/SQL, and VB6, through code translation, security hardening, and deployment — with 13 quality gates enforcing production readiness at every step.

Talk to our teamSee Meridian →
$24.98B
Legacy modernization market in 2025
70%
Fortune 500 run software 20+ years old
$370M
Avg. annual enterprise waste from legacy
362%
ROI documented from completed modernizations

The problem

Legacy systems don't just slow you down. They compound.

Every year a legacy system stays in production, the cost to modernize it rises — while the cost of running it does too.

💸

Maintenance costs that never end

COBOL developers command $150K+ annually due to talent scarcity. Oracle Forms skill sets are shrinking. Every year of delay makes the talent problem worse and the system harder to touch.

🚫

Releases blocked by fragility

Legacy systems resist change. A single schema change can ripple through dozens of PL/SQL packages and VB6 forms. Teams stop shipping features and start managing risk — permanently.

🔐

Security debt you can't see

Oracle Forms and COBOL applications were not designed with modern threat models. Credentials embedded in source code, no OWASP compliance, no CVE visibility — hidden risk accumulates silently.

📉

Digital transformation blocked at the core

Every modern capability — mobile, API-first, cloud scalability — requires a modern foundation. Legacy systems become the integration bottleneck that caps every transformation initiative.

🔴

Vendor EOL risk materializing

Oracle Forms is in sustained mode. Classic COBOL environments are losing vendor support. Organizations running these systems face forced migrations without the time or plan to execute them well.

📊

TCO invisible in the budget

Incident response, delayed releases, failed integrations, and recruiting for extinct skill sets rarely appear in the legacy maintenance line. The real cost is 2–3x what the P&L shows.

TCO Analysis

The cost of staying put vs. the cost of moving forward

Most TCO models only capture visible costs. Here's the full picture.

Annual cost of keeping legacy

Infrastructure & licensing

Aging hardware, mainframe MIPS at $4,500/MIPS/yr

Specialist labor

COBOL/Oracle Forms developers at $150K+ each, shrinking pool

Vendor support & maintenance

Sustained mode pricing, premium for end-of-life extensions

Incident response & outages

Brittle integrations, undocumented dependencies

Blocked digital initiatives

Every modern project slowed or killed by legacy constraints

Failed integration attempts

API wrappers, middleware layers that never fully work

Compliance & audit exposure

No OWASP, no CVE visibility, no modern auth controls

Industry average: $370M/yr in enterprise legacy waste

One-time cost of AI-accelerated modernization

23-phase AI pipeline execution

Fraction of traditional 18–36 month timelines

Quality-gated code translation

Per-file scoring, multi-model comparison, no silent drops

Auto-generated test suites

Unit, integration, E2E with requirement traceability

Security hardening built in

SAST, CVE scanning, OWASP Top 10 at every phase

IaC + CI/CD generation included

Terraform, Kubernetes, GitHub Actions — ready to deploy

NPV-modeled business case

5-yr TCO, payback period, benefit realization tracking

Ongoing portfolio intelligence

Meridian tracks health, risk, and vendor EOL post-migration

Documented ROI: 288%–362% (Kyndryl 2025 State of Modernization)

Source types

We reverse engineer what others won't touch

Meridian has language-specific extraction logic for each source type — not generic code parsing.

🗄

Oracle Forms / PL/SQL

.fmb.fmx.pkb.pks
  • Form blocks → React / Angular components with reactive validation
  • PL/SQL packages → typed service layer classes
  • LOVs → search and autocomplete API endpoints
  • DB triggers → application-layer domain event handlers
  • REF CURSORs → paginated API responses
  • Block–table bindings → ORM entity relationships
🖥

COBOL / Mainframe

.cbl.cob.cpyJCL
  • WORKING-STORAGE → typed DTOs and Protobuf schemas
  • PROCEDURE DIVISION sections → service methods
  • EXEC CICS commands → REST API endpoints
  • JCL jobs/steps → Airflow DAG tasks
  • VSAM KSDS keys → relational primary keys
  • CICS COMMAREA → REST request/response envelopes
🪟

Visual Basic 6 / VBA

.vbp.frm.bas.cls
  • .frm form modules → web UI pages and routes
  • .cls class modules → OO service classes
  • UserControls → reusable React/Angular components
  • ADODB.Recordset → ORM query extraction
  • ActiveX controls → modern component equivalents
  • COM CreateObject calls → external service dependencies
📋

Microsoft Access / VBA

.mdb.accdb.vba
  • Saved queries (select, action, parameter, crosstab) → API endpoints
  • Master-detail forms → list/detail page pairs
  • Access Reports → BI dashboard requirements and PDF exports
  • Table relationships → foreign key structure
  • Linked tables → external data dependencies
  • Field-level validation rules → application-layer constraints
☁️

Salesforce Apex / LWC

.cls.trigger.page
  • @AuraEnabled methods → REST-like endpoints
  • Triggers (before/after DML) → domain event handlers
  • Batch Apex → async background job patterns
  • SOQL → graph queries with relationship traversals
  • Platform Events → pub/sub messaging architecture
  • Governor Limit constraints → architectural documentation
🔁

Informatica / SSIS ETL

.dtsx.xmlmappings
  • Source Qualifier → input data contracts
  • Expression transformations → calculated field business rules
  • Aggregator → GROUP BY logic with aggregate expressions
  • Router/Filter → conditional branching rules
  • Worklets → reusable Airflow sub-workflow fragments
  • Scheduler → cron expressions mapped to Airflow intervals

The AIDLC pipeline

23 phases. Zero shortcuts. Production-ready output.

Each phase stores intermediate artifacts, feeds the next phase with full context, and must pass a quality gate before the pipeline advances.

01

Reverse Engineering

RE

Analyzes legacy source code and produces 7 structured documents: architecture overview, API contracts, data model, business logic flows, integration map, security assessment, and technical debt report.

02

Requirements

REQ

Converts reverse engineering findings into modern requirements: functional user stories, non-functional requirements, data migration strategy, and SME gap identification.

03

Development Plan

PLAN

Creates a WSJF-scored, complexity-grounded sprint plan using cyclomatic complexity index (CCI) and gap counts — not guesses. Configurable AI velocity multiplier (3x default).

04

Architecture Validation

ARCH

Validates proposed architecture against extracted requirements, organizational standards, scalability targets, and design pattern libraries.

05

Framework Setup

FW

Generates a real, runnable project skeleton: multi-module structure, auth middleware, cache wrapper, logging, event bus, Docker Compose, database migration framework, and CI pipeline stubs.

06

Code Translation

CT

File-by-file, layer-by-layer translation (Models → Repositories → Services → Controllers → UI). Multi-model comparison at critical layers. Quality scoring per file. Sliding window ensures no source line is dropped.

07

Translation Validation

TV

SQL-level checks on generated code: syntax validation, type correctness, and import resolution across all translated files.

08

Cross-Cutting Concerns

CC

Injects enterprise concerns accumulated during code translation: auth guards, authorization rules, caching strategy, structured logging, event bus integration, error handling middleware, and transaction boundaries.

09

Build Validation

BV

Compiles, builds Docker images, validates database migrations, runs health checks and smoke tests. Automated error fixing before final pass/fail determination.

10

Security Analysis

SEC

SAST, CVE dependency scanning, OWASP Top 10 compliance check, data sensitivity review, and credential handling assessment across all generated code.

11

Gap Analysis

GAP

Multi-layer coverage verification: feature coverage %, module completeness, missing backend modules, missing frontend components, and business value confidence scoring.

12

Test Strategy

TS

Generates comprehensive test plan: unit, integration, API contract, E2E user journeys, performance benchmarks, and compliance test cases with traceability to requirements.

13

Test Execution

TE

Runs full generated test suite. Reports pass/fail rates. Failure diagnosis and auto-remediation where possible. Minimum 50% pass rate required to advance.

14

DAST

DAST

Dynamic Application Security Testing: runtime security scanning against the running application, integrated with ZAP/Burp.

15

Penetration Testing

PEN

Simulates OWASP Top 10 attack patterns: credential stuffing, XSS, CSRF, SQL injection. CVSS scoring. Auth bypass testing required to advance.

16

IaC Generation

IAC

Generates Infrastructure-as-Code: Docker/Kubernetes manifests, Terraform for AWS/Azure/GCP, Helm charts for multi-environment deployment.

17

CI/CD Generation

CICD

Generates full CI/CD pipelines: GitHub Actions, GitLab CI, Jenkins. Build, test, scan, deploy stages with promotion gates and approval steps.

18

UI Transform

UI

Modernizes frontend: Oracle Forms → React components, VB6 forms → Vue/React, design system alignment, WCAG accessibility compliance.

19

Code Generation

CG

Generates remaining boilerplate: CRUD endpoints, DTO/entity classes, repository pattern implementations, and service layer stubs for all data models.

20

Integration Sprint

INT

Module-level integration testing across all dependency boundaries. Validates cross-module contracts and data flow correctness.

21

Deployment Planning

DEPLOY

Creates data migration scripts, blue-green and canary deployment steps, rollback procedures, and smoke test validation checklists.

22

Runbook

RB

Full operational runbook: architecture diagrams, deployment checklist, monitoring and alerting setup, incident response procedures, and blast radius analysis.

23

General Availability

GA

Production release readiness gate. All quality gates Q01–Q13 must pass. Final sign-off before production deployment.

Our methodology

Not all legacy systems should be translated. Some should be re-imagined.

Low paradigm shift → Direct translation

PL/SQL → Python · COBOL → Java · Apex → Spring

When source and target paradigms align closely, direct code translation achieves high quality. PL/SQL package bodies → Python service classes, COBOL WORKING-STORAGE → typed DTOs, Apex triggers → Spring event handlers. Meridian's Code Translation phase scores these at 96/100 average quality in production runs.

The pipeline translates file by file, layer by layer (Models → Repositories → Services → Controllers → UI), with a sliding window that ensures no source line is silently dropped.

High paradigm shift → Spec-driven generation

Oracle Forms → Angular · VB6 → React · Access → SPA

Oracle Forms operates on synchronous, block-based, query-mode UI logic with keyboard shortcuts wired into the application layer. Translating it line-by-line into Angular faithfully reproduces those patterns in modern syntax — TEMPLATE blocks repeated 71 times, F-key shortcuts in React, query-mode buttons in every grid.

For high-shift source types, Meridian applies spec-driven generation: extract requirements, data models, and business rules from the legacy system, then generate the modern application from the spec — not from the source code structure.

Quality gates

13 gates. Every phase earns its way forward.

Each gate enforces measurable thresholds — A–F grade, 0–100 score — before the pipeline can advance. No gate, no progress.

Q01

Reverse Engineering

Artifact completeness, Knowledge Graph, API endpoint coverage

Q02

Requirements

Story/AC coverage, feature linkage, epic density

Q03

Architecture Design

ADR count, tech coverage completeness

Q04

Dev Plan

Task coverage, estimation quality, epic completeness

Q05

Framework Setup

Entry point, Docker Compose, module inventory

Q06

Code Translation

Completion rate, quality median ≥70, import resolution

Q07

Cross-Cutting

Auth coverage, backlog resolved, error handling

Q08

Build Validation

Build success, migrations, smoke test pass rate

Q09

Security Analysis

Vulnerability count, ADR compliance, OWASP coverage

Q10

Gap Analysis

Feature coverage %, module completeness, BV confidence

Q11

Test Strategy

Test case density, type coverage, critical path tests

Q12

Test Execution

Pass rate ≥50% (block), ≥80% (warn), critical failure count

Q13

Pen Test

CVSS score, auth bypass tested, high-severity count

Insights

Thinking clearly about legacy modernization

Written by the team that built and operates the AIDLC pipeline.

Methodology5 min read

Why Direct Code Translation Fails for Oracle Forms

Direct code translation works well when source and target paradigms align closely — PL/SQL to Python services, for instance, achieves 96/100 average quality scores in Meridian's pipeline. But Oracle Forms to Angular is a paradigm cliff. Forms operates on a synchronous, block-based, query-mode model with keyboard shortcuts and SHOW_KEYS dialogs wired into UI logic. A translator that maps Forms events to Angular handlers faithfully reproduces those legacy patterns in modern syntax — TEMPLATE blocks repeated 71 times, F-key shortcuts in React, query-mode buttons in every grid.

Key insight

The solution is paradigm-aware modernization: detect the paradigm shift score upfront, and apply spec-driven generation for high-shift source types rather than line-by-line translation. Generate the modern application from extracted requirements and data models, not from legacy code structure.

Financial6 min read

The True TCO of Legacy: What Your Finance Team Isn't Counting

Most organizations calculate legacy system TCO as infrastructure + license + vendor support. That captures perhaps 40% of the real cost. The hidden components — COBOL developers at $150K+/year due to talent scarcity, incident response for brittle integrations, delayed releases because test environments can't be spun up, failed digital transformation projects that couldn't integrate with the core — dwarf the visible maintenance line.

Key insight

Gartner estimates Fortune 500 enterprises waste an average of $370M annually from legacy inefficiencies. The Kyndryl 2025 State of Mainframe Modernization survey found ROI of 288%–362% for organizations that completed modernization — not a margin improvement, a 3x return. The cost of staying put compounds annually. The cost of modernization is one-time.

Architecture8 min read

What 23 Phases of AI Modernization Actually Looks Like

The phrase 'AI modernization' is used to describe everything from a code formatter to a fully automated production pipeline. Meridian's AIDLC pipeline is the latter. Phase 01 (Reverse Engineering) doesn't summarize your code — it reads every file and produces 7 structured documents: architecture overview, API contracts, data model, business logic flows, integration map, security assessment, and technical debt report. Phase 06 (Code Translation) translates file by file, layer by layer, with quality scoring per output file and multi-model comparison at critical service boundaries.

Key insight

13 quality gates enforce measurable thresholds before each major phase advances — minimum 70/100 code quality median, 50% test pass rate, zero critical security findings. Every generated artifact is stored and traceable: forward to test cases, backward to legacy source features. This isn't a chatbot that writes code. It's a structured, auditable, quality-gated modernization engine.

Planning5 min read

Sequencing Your Legacy Portfolio with WSJF

Most organizations modernize the loudest system first — the one that had the worst outage, or the one the CIO heard about in the board meeting. WSJF (Weighted Shortest Job First), borrowed from SAFe, offers a better answer: score every potential initiative across Business Value, Risk Reduction, Strategic Fit, Urgency, TCO, and Delivery Complexity. Divide cost of delay by job size. The result is a ranked, defensible sequence that optimizes portfolio value delivery over time.

Key insight

Meridian's scoring engine applies WSJF to your full application portfolio. A COBOL billing system with high Business Value, critical Risk Reduction need, and low Delivery Complexity will rank above a greenfield feature with high business appetite but lower urgency. The output is a sequenced 3-year roadmap you can walk into a board meeting with — numbers-backed, not politics-driven.

Get started

Ready to modernize your legacy estate?

Tell us what you're running — Oracle Forms, COBOL, PL/SQL, VB6, or something else. We'll walk you through what a modernization engagement looks like and what the pipeline would produce for your specific systems.

Talk to our teamExplore Meridian →