A Kiro Power that bridges deep structural application assessment (CAST Imaging) with automated code transformation (AWS Transform Custom). It eliminates the manual handoff between knowing what's wrong and fixing it at scale.
This power operates in two phases:
-
Phase 1 — Assessment & TD Generation: Connects to CAST Imaging via MCP, performs a comprehensive structural assessment, asks data-driven probing questions, and generates a fully-structured Transformation Definition (TD) for Phase 2.
-
Phase 2 — Execution: The generated TD is executed via AWS Transform Custom CLI, with CAST Imaging MCP remaining connected for live caller verification, blast radius analysis, and violation resolution tracking.
No code changes happen in Phase 1 — it's purely analytical. Human review happens between phases.
| Category | Sub-Patterns |
|---|---|
| Technology Upgrade | Language version upgrade, framework version upgrade, framework migration |
| Security Remediation | CVE remediation, structural flaw fixes (CWE violations) |
| Code Refactoring | Dead code removal, complexity reduction, coupling fixes, idiom modernisation |
| Cloud Readiness | Cloud blocker resolution, state externalisation, containerisation |
| Combined | Any combination of the above in phased execution |
- Kiro IDE — kiro.dev
- CAST Imaging instance — With at least one application analysed
- CAST Imaging API key — For Imaging authentication
- CAST Imaging MCP Server — For MCP server authentication
- AWS CLI — Configured with
AWSTransformCustomFullAccessIAM policy (for Phase 2) - ATX CLI — AWS Transform Custom CLI installed (for Phase 2)
- Install this power in your Kiro workspace
- On first use, the power will prompt you for your CAST Imaging URL and API key
- Configure the MCP server (the power will guide you through this)
The power requires the CAST Imaging MCP server to be configured. Add this to your Kiro MCP configuration (.kiro/settings/mcp.json or ~/.kiro/settings/mcp.json):
{
"mcpServers": {
"cast-imaging": {
"type": "http",
"url": "<cast_imaging_mcp_url>",
"headers": {
"x-api-key": "${input:imaging-key}"
}
}
}
}The power will prompt you for these values if the MCP server is not already configured.
- Start a conversation with the power active
- The power verifies the CAST Imaging MCP connection (prompts for credentials if needed)
- Select an application from the CAST Imaging environment
- The power performs a deep assessment and presents quantified findings
- Answer data-driven probing questions to determine the modernisation path
- The power generates a complete Phase 2 Transformation Definition
- Review and edit the generated TD as needed
- Publish the TD:
atx custom def publish -n "my-transformation" --sd ./td/ - Execute with CAST Imaging MCP:
atx custom def exec \
-n "my-transformation" \
-p ./my-repo \
-x -t \
--mcp-config ./mcp.jsonThe --mcp-config flag gives the execution agent live access to CAST Imaging for verification during transformation.
├── POWER.md # Power metadata and capabilities documentation
├── power.json # Power configuration (name, version, keywords)
├── README.md # This file
├── transformation_definition.md # Phase 1 TD (the assessment workflow)
├── phase2_td_template.md # Reference structure for generated Phase 2 TDs
├── steering/
│ ├── getting-started.md # Main workflow guide (auto-included)
│ ├── application-analysis.md # Deep assessment guidance
│ ├── modernisation-paths.md # Pattern-specific data collection & TD generation
│ └── phase2-execution.md # Phase 2 review and execution guide
├── document_references/
│ ├── language-upgrade.md # Template: Language version upgrade
│ ├── framework-upgrade.md # Template: Framework version upgrade
│ ├── framework-migration.md # Template: Framework migration
│ ├── code-refactoring.md # Template: Code refactoring (all sub-patterns)
│ ├── security-remediation.md # Template: Security remediation
│ ├── cloud-migration.md # Template: Cloud readiness (all sub-patterns)
│ └── combined-multi-pattern.md # Template: Combined / multi-pattern wrapper
└── blog/
├── post.md # Blog post draft
└── figures/ # Diagram source files and SVGs
The power uses CAST Imaging MCP tools to gather:
- Architecture — Multi-level decomposition (layer, component, sub-component, technology)
- Quality — CVEs, structural flaws, ISO-5055 violations, cloud blockers
- Dependencies — External packages with versions and vulnerability status
- Transactions — API/UI endpoints and business flow complexity
- Data Flows — Entity interactions and database structure
- Advisors — Migration and modernisation rules with violation counts
- Code — Source snippets for representative objects
During execution, the transformation agent uses CAST Imaging MCP to:
- Check all callers before changing method signatures
- Quantify blast radius via transaction analysis on every modified object
- Verify violations are resolved after each fix
- Retrieve current implementation on-demand
- Prevent cross-layer coupling during refactoring
- Data drives decisions — Every recommendation backed by specific CAST Imaging findings
- Probing, not menus — Targeted questions referencing actual data, never generic option lists
- Specificity — "14 files using javax.servlet" not "deprecated APIs found"
- File paths are mandatory — The transformation engine needs exact locations
- MCP in both phases — Assessment and execution both use live structural intelligence
- Human oversight — User reviews the generated TD before any code is touched
- All violations accounted for — None skipped; repeated patterns grouped with counts
This project is licensed under the MIT License.
Contributions are welcome. Please open an issue or submit a pull request on the CAST-Extend/atx-cast repository.