Skip to content

asharma157/java_migration

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Java Migration Agent

Autonomous AI-powered migration pipeline that upgrades Java Maven projects from Spring Boot 2 / Java 8 to Spring Boot 3.3.5 / Java 21.

Give it a GitHub URL or local repo path, and it will analyse, migrate, validate, and deliver the result as a GitHub Pull Request — ready for manual review.

What It Migrates

POM Dependencies

Component From To
Spring Boot Parent 2.x 3.3.5
Java Version 8 / 11 21
Hibernate 5.x (org.hibernate) 6.4.4.Final (org.hibernate.orm)
Apache CXF 3.x 4.0.4
SnakeYAML 1.x 2.2 (fixes CVE-2022-1471)
JUnit 4.x (junit:junit) 5.10.2 (org.junit.jupiter:junit-jupiter)
Mockito 4.x 5.11.0
Surefire Plugin 2.x 3.2.5
javax.* dependencies javax.servlet, javax.validation, javax.persistence, javax.ws.rs jakarta equivalents with pinned versions

Java Source Code

Pattern Before After
Servlet imports javax.servlet.* jakarta.servlet.*
Validation imports javax.validation.* jakarta.validation.*
Persistence imports javax.persistence.* jakarta.persistence.*
JAX-RS imports javax.ws.rs.* jakarta.ws.rs.*
Annotation imports javax.annotation.* jakarta.annotation.*
CDI imports javax.inject.*, javax.enterprise.* jakarta.inject.*, jakarta.enterprise.*
JAXB imports javax.xml.bind.* jakarta.xml.bind.*
Mail imports javax.mail.* jakarta.mail.*

11 javax package namespaces are migrated in total. Packages that remain in the java.* namespace (javax.crypto, javax.net, javax.swing, etc.) are not touched.

Test Files (JUnit 4 to JUnit 5)

Pattern Before After
Test annotation org.junit.Test org.junit.jupiter.api.Test
Setup/teardown @Before / @After @BeforeEach / @AfterEach
Class-level setup @BeforeClass / @AfterClass @BeforeAll / @AfterAll
Skip test @Ignore @Disabled
Runner model @RunWith(MockitoJUnitRunner.class) @ExtendWith(MockitoExtension.class)
Assertions org.junit.Assert.* org.junit.jupiter.api.Assertions.*
Spring 6 deprecation .getStatusCodeValue() .getStatusCode().value()

Security Scanning

Dependency CVE checks against a built-in database:

  • SnakeYAML (CVE-2022-1471), Log4Shell (CVE-2021-44228), Jackson (CVE-2020-36518)
  • Hibernate (CVE-2020-25638), Spring Web (CVE-2024-22243), CXF (CVE-2022-46364)
  • Deprecated javax.servlet and JUnit 4 (CVE-2020-15250)

Code pattern analysis (regex-based static analysis):

  • SQL injection, XXE vulnerabilities, hardcoded secrets
  • Insecure randomness, path traversal, unsafe deserialization
  • Weak cryptography (DES, RC4, MD5, SHA-1), CORS wildcard misconfig

Pipeline Architecture

The migration runs as a 5-stage sequential pipeline — each stage is an autonomous AI agent:

                        GitHub URL or local path
                                  │
                                  ▼
                ┌─────────────────────────────────┐
                │  1. PLANNER (read-only)         │
                │  Validates repo, parses POM,    │
                │  identifies migration tasks     │
                └────────────────┬────────────────┘
                                 │
                                 ▼
                ┌─────────────────────────────────┐
                │  2. MIGRATOR                    │
                │  POM updates, javax→jakarta,    │
                │  JUnit 4→5 transformations      │
                └────────────────┬────────────────┘
                                 │
                                 ▼
                ┌─────────────────────────────────┐
                │  3. SECURITY SCANNER            │
                │  CVE dependency check,          │
                │  code pattern analysis          │
                └────────────────┬────────────────┘
                                 │
                                 ▼
                ┌─────────────────────────────────┐
                │  4. VALIDATOR                   │
                │  mvn compile, mvn test,         │
                │  auto-fix cycle (up to 3x)      │
                └────────────────┬────────────────┘
                                 │
                                 ▼
                ┌─────────────────────────────────┐
                │  5. PACKAGER                    │
                │  Change report, then:           │
                │  GitHub PR (preferred) or       │
                │  ZIP archive (fallback)         │
                └─────────────────────────────────┘

Guardrails at every stage:

  • validate_repo() prevents placeholder or invalid paths from propagating
  • check_pipeline_state() lets agents halt the pipeline on critical errors
  • Each agent verifies the previous stage succeeded before proceeding

Prerequisites

Requirement Purpose Required?
Python 3.11+ Runtime Yes
Git Clone repos, create branches, push Yes
GitHub CLI (gh) Create pull requests Yes (for PR delivery)
Maven (mvn) Compile and test validation Optional (validation is skipped if missing)
Java 21 Required by Maven for compilation Optional (only if Maven is used)

GitHub CLI Setup

# Install
brew install gh          # macOS
# or: apt install gh     # Debian/Ubuntu
# or: winget install GitHub.cli  # Windows

# Authenticate
gh auth login
gh auth status           # verify

Installation

cd java_migration
pip install -e .

This installs the jmigrate CLI command.

Usage

CLI

# Migrate from a GitHub URL (clones, migrates, raises PR)
jmigrate run https://github.com/owner/repo

# Migrate a local repo (migrates in place, creates ZIP)
jmigrate run /path/to/your/java-project

# Check migration status
jmigrate status /path/to/your/java-project

ADK Web UI

cd java_migration
adk web .

Then in the web UI, send:

Migrate https://github.com/owner/repo

How Delivery Works

GitHub URL Input (PR delivery)

  1. The repo is cloned from the default branch (main or master)
  2. A feature branch migration/spring-boot-3-java-21 is created
  3. The migration pipeline runs on the feature branch
  4. Changes are committed, the branch is pushed, and a PR is created
  5. The PR is not merged — it's ready for manual review

The PR body contains the full migration change report.

Local Path Input (ZIP delivery)

  1. The migration pipeline runs in place
  2. A ZIP archive of all changed files is created in the repo directory
  3. The ZIP includes the change report and change log

Output

Change Report

Every migration generates .migration/REPORT.md with categorized changes:

  • POM changes — dependency version updates, groupId swaps
  • javax-to-jakarta — import namespace migrations per file
  • junit-migration — test framework upgrades per file
  • security-cve — dependency vulnerability findings
  • security-code — code pattern analysis findings

Change Log

Detailed JSON log at .migration/changes.json used by the packager to track every individual modification.

Project Structure

java_migration/
├── pyproject.toml                    # Package config, CLI entrypoint
├── java_migration/
│   ├── main.py                       # CLI (jmigrate command)
│   ├── agent.py                      # Root SequentialAgent
│   ├── agents/
│   │   ├── planner.py                # Stage 1: Analysis
│   │   ├── migrator.py               # Stage 2: Code transforms
│   │   ├── security_scanner.py       # Stage 3: CVE + code scan
│   │   ├── validator.py              # Stage 4: Build + test
│   │   └── packager.py               # Stage 5: Report + deliver
│   └── tools/
│       ├── github_tools.py           # Clone, branch, commit, push, PR
│       ├── migration_tools.py        # POM, javax→jakarta, JUnit 4→5
│       ├── analysis_tools.py         # POM parsing, file scanning
│       ├── security_tools.py         # CVE DB + code pattern scanner
│       ├── validation_tools.py       # Maven compile/test + auto-fix
│       ├── packaging_tools.py        # ZIP + delivery mode detection
│       └── guardrails.py             # Repo validation, pipeline state

Tech Stack

  • Google ADK — Agent orchestration (SequentialAgent)
  • LiteLLM — LLM abstraction (supports Ollama, Gemini, etc.)
  • lxml — XML/POM parsing for dependency analysis
  • Typer + Rich — CLI interface
  • NetworkX — Dependency graph analysis

Limitations

  • Only supports Maven projects (pom.xml). Gradle is not supported.
  • Migration transforms are deterministic regex/string replacements — complex refactoring (e.g., custom Spring Security config rewrite) requires manual work.
  • Security scanning uses a built-in CVE database (8 entries), not a live feed. For comprehensive scanning, integrate Snyk or SonarQube.
  • Validation requires Maven and Java 21 installed locally. If unavailable, validation is skipped (the PR is still created).
  • The LLM is used for orchestration and error diagnosis, not for code generation — all code transforms are in deterministic Python tools.

License

Private — internal use only.

About

Migrate Java version from 8 to 21

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages