Launch week · 3 of 5

Modernize legacy code
without changing what it does

Yesterday: a held-out oracle catches what your tests miss. Today: point that same idea at the scariest code you own — the legacy module everyone is afraid to touch.

Lane Thompson · 2026-07-08 · 7 min

Every engineering org has one. A file — a promise machine, a billing engine, a permissions layer — that is two thousand lines long, has no meaningful tests, and is maintained by nobody because the person who understood it left in 2021. It works. You are terrified of it. Every quarter someone proposes rewriting it, estimates the risk, and quietly backs away.

The reason a rewrite is terrifying isn't the writing. It's that you have no way to prove the new version behaves like the old one. The old behavior isn't written down anywhere except in the code itself — including the accidental behavior, the bug some downstream system now depends on, the edge case nobody remembers.

The original is the specification

So don't write the spec. Run it. The legacy module, exactly as it is, is a perfect and complete description of its own behavior — bugs, quirks, and all. rederive's brownfield mode keeps the original running as a live oracle: you propose a clean refactoring, and every candidate unit is checked against the retained original on generated inputs it never saw.

The move

Cut the tangle into firewall-clean units. Reconstruct each one clean. Then prove the reconstruction reproduces the original's exact output — not on the examples you thought of, but on a held-out flood of generated scenarios. Modernize the source; hold the behavior fixed and proven fixed.

This is the inverse of a normal rewrite. A normal rewrite trusts that you understood the old code. This trusts nothing — it executes both and compares. Where they diverge is either a bug you're choosing to fix (documented) or a behavior you have to preserve (now captured). Either way you find out, mechanically, instead of finding out in production.

Yes — even the parts you think are unverifiable

"But my legacy code isn't a pure function. It has timers, callbacks, concurrency, network calls." Good — those are exactly where the fear lives, and they're handled:

These aren't hypotheticals. The method is validated on real modules — a promise library, a redirect state machine proven across 256/256 generated-and-held-out scenarios, a concurrency-limiter proven across its whole interleaving space for small inputs. The hard cases are the point; anyone can verify a pure function.

Why this is the highest-leverage thing we do

Bug-finding (yesterday) is valuable. Verified dependencies are valuable. But "modernize the code you're afraid of, and mathematically prove you didn't break it" is the thing enterprises can't buy anywhere else. It turns a rewrite from a risk you avoid into a procedure you run. The clean code you've wanted for years, without the quarter-long held breath.

Honest status

The method is validated and running today on real modules. rdv normalize as a one-command workflow is what we're building next — not yet a shipping command. When something isn't a button yet, we say so; that honesty is the whole brand.

Tomorrow flips the question. Brownfield works because the original exists to run. But what about code with no original — something brand new, that has never existed before?

Lane Thompson — Founder, rederive · GitHub · rederive.ai