For developers, maintainers & small teams

The codemod ran.Your app is still broken.

Official codemods handle the mechanical 70% of a framework migration, then leave TODO markers where they give up. This pack is built for the other 30% — six Codex skills that finish the upgrade and refactor the fallout, plus a real script that returns SHIP or HOLD with file-and-line proof.

Get the Pack — $99one-time · instant delivery · 30-day refund
Six skills · One runnable verifier
Framework Upgrade Navigator
Upgrade, finished
Dependency Deprecation Sweeper
Deps de-risked
Monolith Module Extractor
Seams, safely
Test Backfill Generator
Behavior pinned
Dead-Code Eliminator
Cut with proof
Migration Verifier
SHIP or HOLD
Works alongside
Codex · Claude Code · Cursor · Gemini CLI · Copilot
01.The Problem

Codemods stop where the real work starts.

Every official upgrade guide says the same quiet thing: run the codemod, and your app will likely be broken. The codemod rewrites the patterns it recognizes and inserts a TODO comment wherever it can’t reason about your code. Those TODOs are not a footnote — they are the part of the migration that ships bugs.

A sync cookies() call in Next.js 15 compiles fine and silently returns a Promise at runtime. A react@18 still pinned under next@15 passes install and breaks in production. “It compiles” doesn’t mean “it migrated.”

The 30%

The codemod does the mechanical 70%, then drops a TODO marker wherever it gives up. The remainder — the branches it couldn't reason about — is exactly where migrations actually go wrong.

Compiles ≠ migrated

A leftover sync cookies() or headers() call type-checks clean and returns a Promise at runtime. Static checks miss it; it only surfaces once it's serving real traffic.

Version skew

next@15 still pinned to react@18 installs without complaint and fails in production. The dependency half of a migration is the half nobody re-checks.

02.What This Is — And Isn't

Clear about the lane. No inflated promises.

What this is
  • Six production-grade SKILL.md skills with NEVER/ALWAYS guardrails and worked examples.
  • A real, runnable migration-verifier.py — stdlib Python, SHIP/HOLD, non-zero exit on HOLD for CI.
  • An AGENTS.md companion for repo-wide Codex migration discipline, every session.
  • Next.js 15 + React 19 rule sets, plus framework-agnostic refactor skills for any JS/TS codebase.
  • Cross-tool by the Agent Skills open standard: Codex, Claude Code, Cursor, Gemini CLI, Copilot.
What this isn't
  • Not a replacement for tsc or your test suite — it's the fast first pass they assume you already did.
  • Not a universal codemod — it runs the official ones and handles what they can't.
  • No auto-deletion or unattended rewrites — every destructive step is staged and approved.
  • No SaaS, no monthly fee, no RedHub server — your code never leaves your environment.
  • No fake benchmarks or invented before/after numbers. None on this page, by design.
03.The Six Skills

Six skills + a verifier that runs.

Finish the upgrade, refactor the fallout, prove it shipped. Every skill is single-purpose and composes with the others — tight skills beat one bloated mega-skill.

Upgrade, finished
Framework Upgrade Navigator
framework-upgrade-navigator
Triggers

“upgrade to Next 15,” “migrate to React 19,” “bump the framework”

Plans and runs an incremental version jump: green baseline, official codemod for the mechanical 70%, then resolves every TODO the codemod left, deps included. Never the all-or-nothing upgrade.

Deps de-risked
Dependency Deprecation Sweeper
dependency-deprecation-sweeper
Triggers

“check our dependencies,” “what's deprecated,” “audit packages”

Classifies dependencies from real npm outdated / audit / view output — vulnerable, deprecated, abandoned, or stale-but-fine — and sequences replacements one at a time, highest-risk first.

Seams, safely
Monolith Module Extractor
monolith-module-extractor
Triggers

“extract into a module,” “break up the monolith,” “decouple this”

Carves a cohesive domain out behind a narrow interface, slice by slice, tests green between each. Behavior-preserving by construction — adds coverage first if the code has none.

Behavior pinned
Test Backfill Generator
test-backfill-generator
Triggers

“add tests for this,” “backfill tests,” “safety net before refactor”

Writes characterization tests that pin what legacy code actually does — quirks included — so a migration can't silently change behavior. Captures reality, not the behavior you wish it had.

Cut with proof
Dead-Code Eliminator
dead-code-eliminator
Triggers

“remove dead code,” “find unused code,” “what can we delete”

Finds truly unused exports, files, and deps with tool evidence, then rules out dynamic references before deleting. Returns CONFIRMED DEAD vs. HOLD — never cuts on a guess.

SHIP or HOLD
Migration Verifier
migration-verifier
Triggers

“verify the migration,” “did the upgrade finish,” runs in CI

A real, runnable script that scans the repo and returns SHIP or HOLD with file-and-line proof. Exits non-zero on HOLD so it gates CI. The honesty spine made executable.

04.The Verifier, Live

The verifier actually runs. Here’s real output.

This is migration-verifier.py against a half-finished Next.js 15 migration — not a screenshot of a promise. It found four blocking issues, exited non-zero, and refused to bless the upgrade. That’s the honesty spine, executable.

skills/migration-verifier/scripts/migration-verifier.py
stdlib · no install
$ python scripts/migration-verifier.py . --target next15

  HOLD    target=next15  files=2  critical=4  warning=2
------------------------------------------------------------------------

BLOCKING (must fix before ship) (4)
  • [sync-cookies] app/dashboard/page.tsx:5
      cookies() used without await — Next.js 15 made it async.
      › const token = cookies().get('token')
  • [sync-headers] app/dashboard/page.tsx:6
      headers() used without await — async in Next.js 15.
  • [codemod-todo] app/dashboard/page.tsx:7
      Codemod left a TODO/manual-review marker — could not finish here.
  • [version-skew-next-react] package.json
      next@15.x expects React 19 but react@18.x is pinned.

WARNINGS (review, non-blocking) (2)
  • [params-not-awaited] app/dashboard/page.tsx:4
  • [types-react-stale] package.json

Verdict: HOLD. Resolve the blocking items above, then re-run.
$ echo $?
1

Stdlib-only Python, no install. Targets next15, react19, and generic. JSON mode for CI pipelines. Rules are documented and extensible.

05.Built Codex-Native

Two formats Codex reads — skills and AGENTS.md.

Codex skill support has been GA since December 2025. This pack ships in both formats Codex reads, so the discipline applies whether you invoke a skill or just open the repo.

SKILL.md skills

Drop the folders in your Codex skills directory. Codex discovers them by description and loads the full instructions on demand, or you invoke one explicitly with /skills. The verifier's scripts/ folder runs natively.

AGENTS.md companion

Drop the included AGENTS.md in your repo root and Codex follows migration discipline on every session — codemod-preview-first, verify-before-done, matched react/react-dom majors — with no re-prompting.

06.Composition

The skills chain into complete jobs.

A generic AI tool is a one-shot. A skill is a step in a workflow. Here’s how the six run together across the three migrations dev teams actually do.

Composition 01 · The full framework migration

Navigator runs the codemod and resolves the manual remainder; verifier scans and returns SHIP/HOLD. You don't merge until the scan is green — the two skills are the whole upgrade, start to proof.

framework-upgrade-navigator

Establishes a green baseline, runs the official codemod for the mechanical 70%, then resolves every TODO it left behind — async request APIs, dependency bumps, the branches it couldn't reason about.

migration-verifier

Scans the repo and returns SHIP or HOLD with file-and-line proof, exiting non-zero on HOLD. The merge gate: no green scan, no merge.

Composition 02 · Safe extraction

Behavior preserved because it's observable — pin reality first, then carve.

test-backfill-generator

Writes characterization tests that pin what the legacy code actually does — quirks and all — so any change that alters behavior shows up red.

monolith-module-extractor

Carves the module out behind a narrow interface with those tests as the safety net, slice by slice, staying green between each step.

Composition 03 · The pre-release cleanup

A leaner, current, shippable repo — with a green scan to prove it.

dependency-deprecation-sweeper

Triages the dependency tree from real npm output and sequences replacements highest-risk-first, one at a time.

dead-code-eliminator

Prunes the proven-dead exports, files, and deps — ruling out dynamic references before any deletion, HOLDing on anything ambiguous.

migration-verifier

Final scan confirms nothing migration-related slipped through the cleanup. Green, and proven green.

07.Composes With Your RedHub Stack

This pack moves the codebase forward. Two siblings cover the rest.

Exactly what you get for $99, and what you don’t: six skills and a verifier that finish migrations and prove it — not a tool that hardens what you shipped or designs your agent patterns. Those are the jobs of the two products below.

08.Common Questions

The questions developers actually ask before installing.

Codemods do the mechanical 70% — they rewrite the obvious patterns and then insert TODO comments or typecasts wherever they give up. The official Next.js and React guides say it plainly: after the codemod runs, your app is usually still broken. This pack is built for that remaining 30%: the sync cookies() call the codemod missed, the dependency it never bumped, the branch it couldn't reason about. The framework-upgrade-navigator runs the codemod for you, then resolves what it left behind, and the migration-verifier proves the job is actually finished.

6 skills · runnable verifier · CI gate · $99

Finish the migration.
Then prove it.

Run the verifier against a repo you’ve already “finished” upgrading. If it’s clean, you lost nothing. If it finds something, the pack just paid for itself. Thirty-day refund either way.

Sold by RedHub AI LLC · Secured by Stripe · redhub.ai