feat(migration-to-aws): v2 with 6-phase workflow, AI workload detection, and billing discovery#85
feat(migration-to-aws): v2 with 6-phase workflow, AI workload detection, and billing discovery#85icarthick wants to merge 8 commits intoawslabs:mainfrom
Conversation
icarthick
requested review from
a team,
krokoko,
scottschreckengaust and
theagenticguy
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
There was a problem hiding this comment.
Semgrep OSS found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.
icarthick
force-pushed
the
migration-to-aws-v2
branch
2 times, most recently
from
dc47820 to
e4f3da0
Compare
…on, and billing discovery Rewrite the migration-to-aws plugin from a 4-phase to a 6-phase workflow (discover → clarify → design → estimate → generate → feedback) with three parallel discovery paths: infrastructure, application code, and billing. Key changes: Discover phase: - Add app-code discovery path scanning source for AI/ML frameworks (Gemini, Vertex AI, OpenAI, traditional ML like TensorFlow/PyTorch) - Add billing discovery path with GCP billing export analysis - Enhance IaC discovery with improved Terraform resource clustering using typed-edge strategy and classification rules Clarify phase: - Implement adaptive category-based questioning (global, compute, database, AI, AI-only) that activates based on discover findings - Skip categories when discover already provides sufficient signal Design phase (new): - Separate design from discover with dedicated design-infra, design-ai, and design-billing reference documents - Source-specific AI model mapping via ai-gemini-to-bedrock and ai-openai-to-bedrock reference tables Estimate phase: - Split into estimate-infra, estimate-ai, and estimate-billing - Add pricing-cache with validated rates and confidence levels - Use awspricing MCP server for real-time price validation Generate phase: - Produce Terraform configurations from templates (main.tf, variables.tf) - Generate AI provider adapter (provider_adapter.py) for SDK migration - Generate Bedrock setup scripts and comparison test harnesses - Add billing artifact generation and documentation artifacts - Structured artifact specs for infra, AI, billing, docs, and scripts Feedback phase (new): - Anonymized telemetry trace capturing phase timings, confidence scores, and migration complexity metrics - No PII or source code in traces Supporting changes: - Add JSON schemas for discover-ai, discover-billing, discover-iac, estimate-infra, and phase-status data structures - Update plugin.json version and README - Enhance design-refs with confidence levels, factual corrections, and improved service mapping tables Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
icarthick
force-pushed
the
migration-to-aws-v2
branch
from
e4f3da0 to
c66870d
Compare
Code reviewNo issues found. Checked for bugs and CLAUDE.md compliance. 🤖 Generated with Claude Code - If this code review was useful, please react with 👍. Otherwise, react with 👎. |
|
Now its done, but for subsequent PRs, it would be great to break it down in smaller ones :) 57 files, ~7,600 net additions. This PR bundles:
Each of these is independently shippable and reviewable. |
|
Question: pricing-cache.md is hardcoded with March 2026 rates. AI model pricing changes frequently (new models every few months, price cuts, deprecations). There is no:
|
|
Q: The PR adds schemas defined in markdown (schema-discover-ai.md, schema-discover-billing.md, schema-discover-iac.md, schema-estimate-infra.md, schema-phase-status.md) but these are prose descriptions, not machine-validatable JSON Schemas. The repo already has schemas/ with proper .schema.json files for plugins and marketplace. For a 6-phase workflow producing 10+ JSON artifacts, schema drift between phases is a real risk. Shoudl we have something like JSON Schemas in schemas/ with CI validation (like the existing mise run lint:manifests) ? |
|
Could you provide me with example inputs and expected outputs? Like 3-4 test scenarios: (1) Terraform-only, (2) AI-only, (3) billing-only, (4) all three. I would like to see the expected artifact tree for each. |
| When Terraform is present, billing data is supplementary — only service-level costs and AI signal detection are needed. Extract via a script to avoid reading the raw file into context. | ||
|
|
||
| 1. Use Bash to read only the **first line** of the billing file to identify column headers. | ||
| 2. Write a script to `$MIGRATION_DIR/_extract_billing.py` (or `.js` / shell — use whatever runtime is available) that: |
There was a problem hiding this comment.
This path triggers when both Terraform files and billing files are present. I have some concerns here since the python script is LLM-generated. The skill instructions tell the LLM to write a script that parses the billing file. The exact code varies per invocation, it depends on:
- The column headers the LLM reads from line 1
- Which runtime the LLM decides to use (Python, Node, shell)
- The LLM's interpretation of the instructions
This means there's no fixed, reviewable, testable artifact. Two runs of the same skill on the same billing file could produce different scripts. If the script has a bug (e.g., wrong column index, float parsing error), there's no way to reproduce it because the script is deleted in step 5.
The LLM reads the first line of the CSV (column headers) and uses those headers to write the script. If the billing file has unusual or adversarial column names, the LLM might generate a script that behaves unexpectedly.
Step 3 says: "try python3 first. If not found, try python. If neither available, delete the script and fall back to loading discover-billing.md." This means the skill might generate Python code, fail to execute it, then fall back to having the LLM read the file directly (the thing it was trying to avoid). The fallback silently changes the behavior and context cost.
Ans as hinted above: Step 5 says "Delete the script file after successful execution." This means:
- If the output is wrong, you can't inspect what script produced it
- If there's a security incident, the executed code is gone
- You can't diff the script between runs to understand behavioral changes
I would have either:
- have a versioned fixed extraction script, for instance: Add a tools/extract-billing.py (or similar) to the repo. It takes a billing CSV path as input, outputs the billing-profile.json schema to stdout. The skill instructions say "run tools/extract-billing.py " instead of "write a script." This is reviewable, testable, and deterministic.
- or a simpler heuristic without code generation
There was a problem hiding this comment.
Yes I agree a script here would work well as opposed to instructions. For complex billing data, LLM automatically resorts to python script generation, regardless of whether i have instructions to create python script or not. Billing data invariably requires some kind of math, which i feel simple instructions might not be able to capture
This was my initial thought, but then i chose md files only because of portability. Kiro Power for example cannot deal with json files. Having it in md allows me to use the same files across kiro power and claude plugin |
We intend to create an mcp server which will handle the staleness (fetching real time prices). This can be done in upcoming releases |
|
PR #85 Review Results: Top critical findings across both tools:
The code-review skill posted a "No issues found" comment on the PR (its confidence threshold of 80 filtered out all findings), while the pr-review-toolkit agents identified the issues above at lower confidence but with |
There was a problem hiding this comment.
Please update this based on semantic versioning.
Just to be clear. The plugin can work off of three different kinds of source artifacts
The presence of each one of those artifacts will produce any combination of these files (i might have missed a few more)
Additionally it also generates terraform/scripts that represent migration artifacts needed for aws migration generation-infra.json |
- C1: Delete stale output-schema.md (v1 artifact with wrong schemas) - C2: Fix estimation.json reference → estimation-*.json in SKILL.md - C3: Fix "plan execution" → "generate migration artifacts" in frontmatter - C4: Document AWS_REGION env var as MCP default; pass target region per-query - C5: Add mandatory pricing accuracy disclosure in all estimate summaries - C6: Distinguish pricing sources: cached, live, cached_fallback, unavailable - C7: Replace circular GCP baseline (AWS×1.25) with user prompt - C8: Add feedback auto-close to state machine table after generate_done Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Breaking changes from v1: new phase-status schema, renamed output files (preferences.json, estimation-*.json, generation-*.json), added generate and feedback phases. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@scottschreckengaust All the critical issues and version bump have been addressed |
Code reviewFound 2 issues:
🤖 Generated with Claude Code - If this code review was useful, please react with 👍. Otherwise, react with 👎. |
…example Fix generate-infra.md Step 4 cross-reference (should be Step 1) and update discover-billing.md output example to match the source-of-truth schema in schema-discover-billing.md. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@scottschreckengaust Both the issues have been addressed |
3 participants
Summary
Rewrites the migration-to-aws plugin from a 4-phase to a 6-phase workflow with three parallel discovery paths.
Changes
plugins/migration-to-aws/How to test
Build status
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.
🤖 Generated with Claude Code