1 of 12

“A long time ago, in a repo far, far away… someone wrote a TODO.”

The Legacy App Strikes Back

No code was harmed in the making of this presentation.

1/12

It was already like this.

2 of 12

“ASAP” apparently means “archaeological someday.”

# TODO: MOVE TO STRONG_PARAMS ASAP

config.action_controller.permit_all_parameters = true

Strong Parameters? We don’t lock doors here. We trust vibes.

2/12

3 of 12

Fat controllers are the goal, right?!?

4,991 lines of code

For the sake of comparison, the full text of Hamlet is roughly 4,000 lines long…

3/12

4 of 12

The longest method is 217 lines.

def do_one_thing

# Act I

# Act II

# DLC expansion

# post-credit scene

end

A method should do one thing.

This one appears to have side quests.

4/12

5 of 12

Role checks by copy-paste incantation.

authorize_reseller_or_training_admin

authorize_admin_or_reseller_or_training_admin

authorize_admin_or_instructor_or_reseller_or_training_admin

Why not just add `authorize_literally_anyone_that_asks_nicely`?.

5/12

6 of 12

Naming things is hard

gobble_up_duplicate

assimilate # resistance is futile

deep_destroy

6/12

7 of 12

The un-Rails Way™: put the database novel in the controller.

@orgs = Organization.where("id IN (select id from (

select o.name, o.id,

(SELECT count(*) from users u ...) AS cnt

from organizations o

) a WHERE cnt = 0)").by_name

MVC: Mangle Views and Controllers.

7/12

8 of 12

The linter is installed.

✖ ParserErrors: false

✖ SelfClosingTag: false

✖ SpaceAroundErbTag: false

✖ FinalNewline: false

✖ TrailingWhitespace: false

EVERY. SINGLE. LINTER. DISABLED.

Smoke detectors, but the batteries are in a drawer labeled

“in case of emergency.”

8/12

As décor.

9 of 12

Ruby 2.6.9 is not deprecated. It is undead.

ruby "2.6.9"

At this point, deploys are just two developers holding up Ruby 2.6.9 and pretending it’s still alive.

9/12

10 of 12

The config literally says UNSAFE.

config.active_record.use_yaml_unsafe_load = true

10/12

11 of 12

The test that tests…nothing

visit "/public_safety_answering_points/#{psap.id}"

expect(page).to have_css("body")

11/12

12 of 12

Final Thoughts

12/12

AI helped to surface pain points that were largely being ignored

We got here one decision at a time, not all at once

This all matters, because it’s a real application

The real punchline is not “this codebase is bad.” That’s too easy, and honestly, not that useful.

What surprised me was that using AI in a slightly unexpected way helped surface things that clearly have not had human eyes on them in a long time. Not because nobody cared, but because production apps have gravity. The urgent stuff wins. The weird old stuff survives.

And we did not get here all at once. This app is not the result of one villain monologuing in a volcano lair. It is the result of years of individual decisions that probably made sense at the time: ship the feature, patch the bug, keep the customer happy, deal with the cleanup later.

And that matters, because this is not a toy app. This is a real Rails app that a real business depends on. Yes, parts of it are ugly as sin. But it works, it has survived, and now we are making incremental improvements. The legacy app may have struck back, but we’re slowly teaching it to reach for the Light Side of the Force.

Thank you