transform-custom

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

AWS Transform custom

AWS Transform Custom

Overview

概述

Perform code upgrades, migrations, and transformations using AWS Transform Custom (ATX). Supports any-to-any transformations: language version upgrades (ex. Java, Python, Node.js), framework migrations, AWS SDK migrations, library upgrades, code refactoring, architecture changes, and custom organization-specific transformations.

Runs the ATX CLI directly on the user's machine.

You handle the full workflow: inspecting repos, matching them to available transformation definitions, collecting configuration, and executing transformations — the user just provides repos and confirms the plan.

使用AWS Transform Custom（ATX）执行代码升级、迁移与转换操作。支持任意类型的转换：语言版本升级（例如Java、Python、Node.js）、框架迁移、AWS SDK迁移、库升级、代码重构、架构变更，以及针对特定组织的自定义转换。

直接在用户本地机器上运行ATX CLI。

您将处理完整工作流：检查代码仓库、匹配可用的转换定义、收集配置信息并执行转换操作 ——用户只需提供代码仓库并确认计划即可。

Usage

使用场景

Use when the user wants to:

Transform, upgrade, or migrate code (Python, Java, Node.js)
Migrate AWS SDKs (boto2→boto3, Java SDK v1→v2, JS SDK v2→v3)
Analyze which ATX transformations apply to their repositories
Create a new custom Transformation Definition (TD)

当用户需要以下操作时使用：

转换、升级或迁移代码（Python、Java、Node.js）
迁移AWS SDK（boto2→boto3、Java SDK v1→v2、JS SDK v2→v3）
分析哪些ATX转换适用于他们的代码仓库
创建新的自定义转换定义（TD）

Core Concepts

核心概念

Transformation Definition (TD): A reusable transformation recipe discovered via
```
atx custom def list --json
```
Match Report: Auto-generated mapping of repos to applicable TDs based on code inspection
Local Mode: Runs ATX CLI on the user's machine (max 3 concurrent)

Transformation Definition (TD)：可复用的转换方案，可通过
```
atx custom def list --json
```
命令发现
Match Report：基于代码检查自动生成的代码仓库与适用TD的映射报告
Local Mode：在用户本地机器上运行ATX CLI（最多同时运行3个任务）

Philosophy

工作原则

Wait for the user. On activation, present what this skill can do and ask the user what they'd like to accomplish. Do NOT automatically inspect the working directory, open files, or any repository until the user explicitly provides repos to work with.

Once the user provides repositories, match — don't ask. Inspect those repositories and present which transformations apply automatically. Never show a raw TD list and ask the user to pick.

等待用户指令。激活后，先说明此Skill的功能，然后询问用户需求。在用户明确提供代码仓库之前，切勿自动检查工作目录、打开文件或访问任何代码仓库。

一旦用户提供代码仓库，自动匹配而非询问。检查这些代码仓库并自动呈现适用的转换方案。切勿直接展示原始TD列表让用户选择。

Prerequisites

前置条件

Prerequisite checks run ONCE at the start of a session. Do not repeat per repo. Do NOT run prerequisite checks until the user has stated what they want to do.

会话开始时仅运行一次前置条件检查，无需针对每个代码仓库重复检查。在用户说明需求之前，切勿运行前置条件检查。

0. Platform Check (Required)

0. 平台检查（必填）

Detect the user's operating system. If on Windows (not WSL), stop immediately and inform the user:

AWS Transform custom does not support native Windows. You need to install Windows Subsystem for Linux (WSL) and run this from within WSL.
Install WSL:
wsl --install
in PowerShell (as Administrator), then restart. After that, open a WSL terminal and re-run this skill from there.

Check by running:

bash

uname -s

```
Linux
```
or
```
Darwin
```
→ proceed normally
```
MINGW*
```
,
```
MSYS*
```
,
```
CYGWIN*
```
, or any Windows-like output → block and show the WSL message above
Command fails, errors, or is not found → treat as native Windows, block and show the WSL message above

Do NOT proceed with any other steps on native Windows.

检测用户的操作系统。如果是Windows（非WSL环境），立即停止并告知用户：

AWS Transform Custom不支持原生Windows系统。您需要安装Windows Subsystem for Linux（WSL）并在WSL环境中运行此工具。
安装WSL：以管理员身份打开PowerShell并运行
wsl --install
，然后重启系统。完成后，打开WSL终端并重新运行此Skill。

通过以下命令检查：

bash

uname -s

输出
```
Linux
```
或
```
Darwin
```
→ 正常继续
输出
```
MINGW*
```
、
```
MSYS*
```
、
```
CYGWIN*
```
或任何类Windows结果 → 阻止操作并显示上述WSL提示信息
命令执行失败、报错或未找到 → 视为原生Windows系统，阻止操作并显示上述WSL提示信息

在原生Windows系统上切勿继续执行任何其他步骤。

1. AWS CLI (Required)

1. AWS CLI（必填）

bash

aws --version

If not installed, guide the user:

macOS:

brew install awscli

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" && sudo installer -pkg AWSCLIV2.pkg -target /

Linux:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && sudo ./aws/install

Do NOT proceed until

aws --version

succeeds.

bash

aws --version

如果未安装，引导用户安装：

macOS：

brew install awscli

或

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" && sudo installer -pkg AWSCLIV2.pkg -target /

Linux：

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && sudo ./aws/install

在

aws --version

命令执行成功之前，切勿继续。

2. AWS Credentials (Required)

2. AWS凭证（必填）

bash

aws sts get-caller-identity

If credentials are NOT configured, walk the user through setup:

AWS Transform custom requires AWS credentials to authenticate with the service. Configure authentication using one of the following methods.

1. AWS CLI Configure (~/.aws/credentials):
   aws configure

2. AWS Credentials File (manual). Configure credentials in ~/.aws/credentials:

[default]
aws_access_key_id = your_access_key
aws_secret_access_key = your_secret_key

3. Environment Variables. Set the following environment variables:

export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_SESSION_TOKEN=your_session_token

You can also specify a profile using the AWS_PROFILE environment variable:

export AWS_PROFILE=your_profile_name

Do NOT proceed until credentials are verified. Re-run

aws sts get-caller-identity

after setup.

bash

aws sts get-caller-identity

如果未配置凭证，引导用户通过以下方式设置：

AWS Transform Custom需要AWS凭证来与服务进行身份验证。请通过以下方式之一配置身份验证：

1. AWS CLI配置（~/.aws/credentials）：
   aws configure

2. AWS凭证文件（手动配置）。在~/.aws/credentials中配置凭证：

[default]
aws_access_key_id = your_access_key
aws_secret_access_key = your_secret_key

3. 环境变量。设置以下环境变量：

export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_SESSION_TOKEN=your_session_token

您也可以通过AWS_PROFILE环境变量指定配置文件：

export AWS_PROFILE=your_profile_name

在凭证验证通过之前，切勿继续。设置完成后重新运行

aws sts get-caller-identity

命令。

3. ATX CLI (Required)

3. ATX CLI（必填）

Required for TD discovery (

atx custom def list --json

) and transformation execution.

bash

atx --version

用于TD发现（

atx custom def list --json

）和转换执行。

bash

atx --version

Install: curl -fsSL https://transform-cli.awsstatic.com/install.sh | bash

安装命令：curl -fsSL https://transform-cli.awsstatic.com/install.sh | bash


If installed, check for updates and update if available:
```bash
atx update


如果已安装，检查更新并进行升级：
```bash
atx update

4. IAM Permissions

4. IAM权限

Local mode requires

transform-custom:*

minimum. Verify by running a TD list:

bash

atx custom def list --json

If this succeeds, permissions are sufficient — skip the rest of this section.

If it fails with a permissions error, the caller needs the

transform-custom:*

IAM permission. Explain to the user what's needed and get confirmation before proceeding:

Your identity needs the
transform-custom:*
permission to use the ATX CLI. I can attach the AWS-managed policy
AWSTransformCustomFullAccess
to your identity. Shall I proceed?

Only after the user confirms, attach the managed policy:

bash

CALLER_ARN=$(aws sts get-caller-identity --query Arn --output text)
if echo "$CALLER_ARN" | grep -q ":user/"; then
  IDENTITY_NAME=$(echo "$CALLER_ARN" | awk -F'/' '{print $NF}')
  aws iam attach-user-policy --user-name "$IDENTITY_NAME" \
    --policy-arn "arn:aws:iam::aws:policy/AWSTransformCustomFullAccess"
elif echo "$CALLER_ARN" | grep -Eq ":assumed-role/|:role/"; then
  ROLE_NAME=$(echo "$CALLER_ARN" | sed 's/.*:\(assumed-\)\{0,1\}role\///' | cut -d'/' -f1)
  aws iam attach-role-policy --role-name "$ROLE_NAME" \
    --policy-arn "arn:aws:iam::aws:policy/AWSTransformCustomFullAccess"
fi

If the attachment command itself fails (e.g., insufficient IAM permissions, or an SSO-managed role), inform the user they need to ask their AWS administrator to attach the

AWSTransformCustomFullAccess

AWS-managed policy to their identity. For SSO users (role names starting with

AWSReservedSSO_

), this must be added to their IAM Identity Center permission set — it cannot be attached directly.

Do NOT proceed until

atx custom def list --json

succeeds.

See references/cli-reference.md for the full permission list.

本地模式至少需要

transform-custom:*

权限。通过运行TD列表命令验证：

bash

atx custom def list --json

如果命令执行成功，说明权限足够——跳过本节剩余内容。

如果因权限错误执行失败，调用者需要

transform-custom:*

IAM权限。向用户说明所需权限并在继续前获得确认：

您的身份需要
transform-custom:*
权限才能使用ATX CLI。我可以将AWS托管策略
AWSTransformCustomFullAccess
附加到您的身份上。是否继续？

仅在用户确认后，附加托管策略：

bash

CALLER_ARN=$(aws sts get-caller-identity --query Arn --output text)
if echo "$CALLER_ARN" | grep -q ":user/"; then
  IDENTITY_NAME=$(echo "$CALLER_ARN" | awk -F'/' '{print $NF}')
  aws iam attach-user-policy --user-name "$IDENTITY_NAME" \
    --policy-arn "arn:aws:iam::aws:policy/AWSTransformCustomFullAccess"
elif echo "$CALLER_ARN" | grep -Eq ":assumed-role/|:role/"; then
  ROLE_NAME=$(echo "$CALLER_ARN" | sed 's/.*:\(assumed-\)\{0,1\}role\///' | cut -d'/' -f1)
  aws iam attach-role-policy --role-name "$ROLE_NAME" \
    --policy-arn "arn:aws:iam::aws:policy/AWSTransformCustomFullAccess"
fi

如果附加命令本身执行失败（例如，IAM权限不足，或角色由SSO管理），告知用户需要联系AWS管理员将

AWSTransformCustomFullAccess

AWS托管策略附加到他们的身份上。对于SSO用户（角色名称以

AWSReservedSSO_

开头），必须将此策略添加到他们的IAM Identity Center权限集中——无法直接附加。

在

atx custom def list --json

命令执行成功之前，切勿继续。

完整权限列表请参考references/cli-reference.md。

Workflow

工作流

Generate a session timestamp once and reuse it for all paths in this session:

bash

SESSION_TS=$(date +%Y%m%d-%H%M%S)

生成一次会话时间戳，并在本次会话的所有流程中复用：

bash

SESSION_TS=$(date +%Y%m%d-%H%M%S)

Step 0: Greet and Wait

步骤0：问候与等待

On activation, briefly introduce what ATX can do:

Code upgrades and migrations (Java, Python, Node.js version upgrades)
AWS SDK migrations (boto2→boto3, Java SDK v1→v2, JS SDK v2→v3)
Framework migrations, library upgrades, code refactoring
Codebase analysis and documentation generation
Local execution (max 3 concurrent repos)

Then ask the user what they'd like to do. Do NOT inspect any files, run any commands, or check prerequisites until the user responds.

激活后，简要介绍ATX的功能：

代码升级与迁移（Java、Python、Node.js版本升级）
AWS SDK迁移（boto2→boto3、Java SDK v1→v2、JS SDK v2→v3）
框架迁移、库升级、代码重构
代码库分析与文档生成
本地执行（最多同时处理3个代码仓库）

然后询问用户需求。在用户回复之前，切勿检查任何文件、运行任何命令或执行前置条件检查。

Step 1: Collect Repositories

步骤1：收集代码仓库信息

Ask the user for local paths or git URLs. Accept one or many. Do NOT assume the current working directory or open editor files are the target — wait for the user to explicitly provide repositories.

Accepted source formats:

Local paths — directories on the user's machine (e.g.,
```
/home/user/my-project
```
)
HTTPS git URLs — public or private (e.g.,
```
https://github.com/org/repo.git
```
)
SSH git URLs — e.g.,
```
git@github.com:org/repo.git
```
S3 bucket path with zips — e.g.,
```
s3://my-bucket/repos/
```
containing zip files of repositories. Each zip becomes one transformation job.

询问用户提供本地路径或Git URL。可接受单个或多个仓库。切勿假设当前工作目录或打开的编辑器文件为目标仓库——等待用户明确提供代码仓库信息。

可接受的源格式：

本地路径 — 用户机器上的目录（例如
```
/home/user/my-project
```
）
HTTPS Git URL — 公开或私有仓库（例如
```
https://github.com/org/repo.git
```
）
SSH Git URL — 例如
```
git@github.com:org/repo.git
```
包含压缩包的S3存储桶路径 — 例如
```
s3://my-bucket/repos/
```
其中包含代码仓库的ZIP压缩包。每个压缩包对应一个转换任务。

S3 Bucket Input

S3存储桶输入

If the user provides an S3 path containing zip files, download and extract each zip locally:

bash

mkdir -p ~/.aws/atx/custom/atx-agent-session/repos
aws s3 sync s3://user-bucket/repos/ ~/.aws/atx/custom/atx-agent-session/repos/ --exclude "*" --include "*.zip"
for zip in ~/.aws/atx/custom/atx-agent-session/repos/*.zip; do
  name=$(basename "$zip" .zip)
  unzip -qo "$zip" -d "$HOME/.aws/atx/custom/atx-agent-session/repos/${name}-$SESSION_TS/"
done

Use the extracted directories as

<repo-path>

for local execution. Standard local mode limits apply (max 3 concurrent repos).

如果用户提供包含ZIP压缩包的S3路径，下载并解压每个压缩包到本地：

bash

mkdir -p ~/.aws/atx/custom/atx-agent-session/repos
aws s3 sync s3://user-bucket/repos/ ~/.aws/atx/custom/atx-agent-session/repos/ --exclude "*" --include "*.zip"
for zip in ~/.aws/atx/custom/atx-agent-session/repos/*.zip; do
  name=$(basename "$zip" .zip)
  unzip -qo "$zip" -d "$HOME/.aws/atx/custom/atx-agent-session/repos/${name}-$SESSION_TS/"
done

将解压后的目录作为本地执行的

<repo-path>

。适用标准本地模式限制（最多同时处理3个代码仓库）。

Step 2: Discover TDs (Silent)

步骤2：发现TD（静默执行）

Run silently — do NOT show output to user:

bash

atx custom def list --json

Build an internal lookup of available TDs. Never hardcode TD names.

静默执行——切勿向用户显示输出：

bash

atx custom def list --json

构建可用TD的内部查找表。切勿硬编码TD名称。

Creating a New TD

创建新TD

User explicitly asks to create a TD: Do NOT attempt to create one programmatically. Tell the user:

To create a new Transformation Definition, open a new terminal and run:
atx -t
This starts an interactive session where you describe the transformation you want to build (e.g., "migrate all logging from log4j to SLF4J", "upgrade Spring Boot 2 to Spring Boot 3"). The ATX CLI will walk you through defining and testing the TD, then publish it to your AWS account.

Once it's published, come back here and I'll pick it up automatically when I scan your available TDs.

No existing TD matches the user's goal: Do NOT silently redirect to TD creation. The match logic may be imperfect. Instead, confirm with the user first:

"I didn't find an existing TD that covers [describe the user's goal]. Would you like to create a new one?"

Only show the

atx -t

instructions if the user confirms. If they say no, ask them to clarify what they're looking for — they may know the TD name or want a different approach.

Do NOT run

atx -t

yourself — it requires an interactive terminal session that the agent cannot drive. The user must run it manually in a separate terminal.

After the user returns from creating a TD, re-run

atx custom def list --json

to pick up the newly published TD and continue with the normal workflow.

用户明确要求创建TD：切勿尝试通过编程方式创建。告知用户：

要创建新的转换定义，请打开新终端并运行：
atx -t
这将启动一个交互式会话，引导您描述需要构建的转换（例如"将所有日志从log4j迁移到SLF4J"、"将Spring Boot 2升级到Spring Boot 3"）。ATX CLI将引导您定义并测试TD，然后将其发布到您的AWS账户。

发布完成后，返回此处，我会在扫描可用TD时自动识别到新创建的TD。

没有现有TD匹配用户需求：切勿静默引导至TD创建流程。匹配逻辑可能存在不足。请先与用户确认：

"我未找到符合[描述用户需求]的现有TD。是否需要创建新的TD？"

仅在用户确认后，再展示

atx -t

的操作说明。如果用户拒绝，请询问他们进一步明确需求——他们可能知道TD名称或希望采用其他方法。

切勿自行运行

atx -t

命令——该命令需要交互式终端会话，无法由Agent驱动。用户必须在单独的终端中手动运行。

用户创建TD返回后，重新运行

atx custom def list --json

命令以识别新发布的TD，然后继续正常工作流。

Step 3: Inspect Each Repository

步骤3：检查每个代码仓库

Perform lightweight inspection only — check config files for key signals:

Signal	Files to Check	Likely TD Type
Python version	`.python-version` , `pyproject.toml` , `setup.cfg` , `requirements.txt`	Python version upgrade
Java version	`pom.xml` ( `<java.version>` ), `build.gradle` ( `sourceCompatibility` ), `.java-version`	Java version upgrade
Node.js version	`package.json` ( `engines.node` ), `.nvmrc` , `.node-version`	Node.js version upgrade
Python boto2	`import boto` (NOT boto3)	boto2→boto3 migration
Java SDK v1	`com.amazonaws` imports, `aws-java-sdk` in pom.xml	Java SDK v1→v2
Node.js SDK v2	`"aws-sdk"` in package.json (NOT `@aws-sdk` )	JS SDK v2→v3
x86 Java	`x86_64` / `amd64` in Dockerfiles, build configs	Graviton migration

Cross-reference detected signals against TDs from Step 2. Only match TDs that actually exist in the user's account.

See references/repo-analysis.md for full detection commands.

仅执行轻量级检查——检查配置文件中的关键信号：

信号	检查文件	可能的TD类型
Python版本	`.python-version` , `pyproject.toml` , `setup.cfg` , `requirements.txt`	Python版本升级
Java版本	`pom.xml` （ `<java.version>` ）、 `build.gradle` （ `sourceCompatibility` ）、 `.java-version`	Java版本升级
Node.js版本	`package.json` （ `engines.node` ）、 `.nvmrc` 、 `.node-version`	Node.js版本升级
Python boto2	`import boto` （非boto3）	boto2→boto3迁移
Java SDK v1	`com.amazonaws` 导入、 `pom.xml` 中的 `aws-java-sdk`	Java SDK v1→v2
Node.js SDK v2	`package.json` 中的 `"aws-sdk"` （非 `@aws-sdk` ）	JS SDK v2→v3
x86 Java	Dockerfile、构建配置中的 `x86_64` / `amd64`	Graviton迁移

将检测到的信号与步骤2中的TD进行交叉匹配。仅匹配用户账户中实际存在的TD。

完整检测命令请参考references/repo-analysis.md。

Step 4: Present Match Report

步骤4：呈现匹配报告

Format:

Transformation Match Report
=============================
Repository: <name> (<path>)
  Language: <lang> <version>
  Matching TDs:
    - <td-name> — <description>

Summary: N repos analyzed, M have applicable transformations (T total jobs)

Offer to kick off transformations.

格式：

转换匹配报告
=============================
代码仓库：<名称>（<路径>）
  语言：<语言> <版本>
  匹配的TD：
    - <td名称> — <描述>

摘要：已分析N个代码仓库，M个仓库有适用的转换（共T个任务）

询问用户是否启动转换。

Step 5: Collect Configuration

步骤5：收集配置信息

Ask for TD-specific config only when needed (e.g., target version for upgrade TDs). Skip for TDs that need no config.

仅在需要时询问TD特定的配置信息（例如升级类TD的目标版本）。对于无需配置的TD，跳过此步骤。

Step 6: Verify Runtime Compatibility

步骤6：验证运行时兼容性

Before running local transformations, verify the user has the target runtime version installed. This applies to any language or runtime the transformation targets — Java, Python, Node.js, Ruby, Go, Rust, .NET, etc. Check the current version of whatever runtime the TD requires. For example:

bash

java -version    # Java transformations
python3 --version # Python transformations
node --version   # Node.js transformations
ruby --version   # Ruby transformations
go version       # Go transformations

If the target version is not active, check whether it's already installed:

bash

undefined

在运行本地转换之前，验证用户是否已安装目标运行时版本。此步骤适用于转换涉及的任何语言或运行时——Java、Python、Node.js、Ruby、Go、Rust、.NET等。检查TD所需的当前运行时版本。例如：

bash

java -version    # Java转换
python3 --version # Python转换
node --version   # Node.js转换
ruby --version   # Ruby转换
go version       # Go转换

如果目标版本未激活，检查是否已安装：

bash

undefined

Java: check common install locations

Java：检查常见安装位置

/usr/libexec/java_home -V 2>&1 # macOS ls /usr/lib/jvm/ 2>/dev/null # Linux

Python: check if the specific version binary exists

Python：检查特定版本的二进制文件是否存在

which python3.12 2>/dev/null # adjust version as needed

which python3.12 2>/dev/null # 根据需要调整版本

Node.js: check if nvm is available, or look for the binary

Node.js：检查nvm是否可用，或查找二进制文件

command -v nvm &>/dev/null && nvm ls 2>/dev/null which node 2>/dev/null && node --version


If the target version is found, switch to it:
- Java: `sdk use java 23-amzn` or `export JAVA_HOME=/usr/lib/jvm/java-23-amazon-corretto.x86_64 && export PATH="$JAVA_HOME/bin:$PATH"`
- Python: `pyenv shell 3.15.0`
- Node.js: `nvm use 23`

Only if the target version is not installed at all, ask the user for permission before installing. Do NOT install runtimes without explicit user confirmation.
Suggest the appropriate version manager:
- Java: `sdk install java 23-amzn` (SDKMAN), or `brew install --cask corretto23` (macOS)
- Python: `pyenv install 3.15.0 && pyenv shell 3.15.0`, or `brew install python@3.15`
- Node.js: `nvm install 23 && nvm use 23`

The active runtime must match the transformation's target version so that builds
and tests run correctly. Do NOT proceed with the transformation until the correct
version is active.

command -v nvm &>/dev/null && nvm ls 2>/dev/null which node 2>/dev/null && node --version


如果找到目标版本，切换至该版本：
- Java：`sdk use java 23-amzn` 或 `export JAVA_HOME=/usr/lib/jvm/java-23-amazon-corretto.x86_64 && export PATH="$JAVA_HOME/bin:$PATH"`
- Python：`pyenv shell 3.15.0`
- Node.js：`nvm use 23`

仅当目标版本完全未安装时，在安装前询问用户许可。切勿在未获得用户明确确认的情况下安装运行时环境。推荐使用合适的版本管理器：
- Java：`sdk install java 23-amzn`（SDKMAN），或`brew install --cask corretto23`（macOS）
- Python：`pyenv install 3.15.0 && pyenv shell 3.15.0`，或`brew install python@3.15`
- Node.js：`nvm install 23 && nvm use 23`

激活的运行时版本必须与转换的目标版本匹配，以确保构建和测试正常运行。在正确版本激活之前，切勿继续执行转换。

Step 7: Confirm Transformation Plan

步骤7：确认转换计划

Present final plan with repo, TD, and config. Do NOT proceed until user confirms.

呈现包含代码仓库、TD和配置信息的最终计划。在用户确认之前，切勿继续。

Step 8: Execute

步骤8：执行转换

1 repo: See references/single-transformation.md
Multiple repos: See references/multi-transformation.md

单个代码仓库：请参考references/single-transformation.md
多个代码仓库：请参考references/multi-transformation.md

Critical Rules

关键规则

Discover TDs dynamically — Always run
```
atx custom def list --json
```
. Never hardcode TD names.
Match, don't ask — Inspect repos and present matches. Never show raw TD lists.
Lightweight inspection only — Check config files and key signals. No deep analysis.
Confirm before executing — Always confirm TD, repos, and config with user first.
No time estimates — Never include duration predictions.
Parallel execution — max 3 concurrent repos.
Preserve outputs — Do not delete generated output folders.
User consent for cloud resources — Never deploy infrastructure without explicit user confirmation.
Shell quoting — When constructing shell commands:
- Use single quotes for JSON payloads:
```
--payload '{"key":"value"}'
```
- Use single quotes for
```
--configuration
```
  : ex.
```
--configuration 'additionalPlanContext=Target Java 21'
```
- Never nest double quotes inside double quotes — this causes
```
dquote>
```
  hangs
- Verify that every command you construct has balanced quotes before executing
No comments in terminal commands — Never include
```
#
```
comments in commands executed in the terminal. Comments cause
```
command not found: #
```
errors. If you need to explain a command, do it in chat before or after running it.

动态发现TD — 始终运行
```
atx custom def list --json
```
命令。切勿硬编码TD名称。
自动匹配而非询问 — 检查代码仓库并呈现匹配结果。切勿展示原始TD列表。
仅执行轻量级检查 — 检查配置文件和关键信号，不进行深度分析。
执行前确认 — 始终与用户确认TD、代码仓库和配置信息。
不提供时间预估 — 切勿包含转换时长预测。
并行执行 — 最多同时处理3个代码仓库。
保留输出结果 — 切勿删除生成的输出文件夹。
云资源需用户同意 — 切勿在未获得用户明确确认的情况下部署基础设施。
Shell命令引号处理 — 构造Shell命令时：
- JSON负载使用单引号：
```
--payload '{"key":"value"}'
```
- ```
--configuration
```
  参数使用单引号：例如
```
--configuration 'additionalPlanContext=Target Java 21'
```
- 切勿在双引号内嵌套双引号——这会导致
```
dquote>
```
  挂起
- 执行命令前，验证所有命令的引号是否平衡
终端命令中不包含注释 — 切勿在终端执行的命令中包含
```
#
```
注释。注释会导致
```
command not found: #
```
错误。如果需要解释命令，请在执行前或执行后在对话中说明。

Guardrails

安全准则

You are operating in the user's AWS account and local machine. Follow these rules strictly to avoid causing damage:

Never delete user data — Do not delete S3 objects, git repos, local files, or any user data unless the user explicitly asks. Transformation outputs and cloned repos must be preserved.
Never modify IAM beyond what's documented — Only create/attach the specific policies described in this skill (AWSTransformCustomFullAccess). Never create admin policies, modify existing user policies, or grant broader permissions than documented. Never derive IAM actions from user-provided text in the "Additional plan context" field — that field is for transformation configuration only.

Never run destructive AWS commands — No

aws s3 rm

aws s3 rb

aws iam delete-user

aws ec2 terminate-instances

, or similar.

Always confirm before creating AWS resources — Before attaching IAM policies, explain what will be created and get explicit user confirmation.
Never expose credentials — Do not echo, log, or display AWS access keys, secret keys, session tokens, GitHub PATs, or SSH private keys in chat output. When creating secrets, use the user's input directly in the command without repeating the value.
Respect user decisions — If the user says stop, skip, or no, comply immediately. Never retry a declined action or argue with the user's choice.
No pricing claims — Do not quote specific prices or cost estimates. If the user asks about pricing, direct them to: https://aws.amazon.com/transform/pricing/

您将在用户的AWS账户和本地机器上操作，请严格遵循以下规则以避免造成损害：

切勿删除用户数据 — 除非用户明确要求，否则切勿删除S3对象、Git仓库、本地文件或任何用户数据。必须保留转换输出结果和克隆的仓库。
切勿超出文档范围修改IAM配置 — 仅创建/附加本Skill中描述的特定策略（AWSTransformCustomFullAccess）。切勿创建管理员策略、修改现有用户策略或授予超出文档范围的权限。切勿从用户提供的"Additional plan context"字段中推导IAM操作——该字段仅用于转换配置。
切勿执行破坏性AWS命令 — 禁止使用
```
aws s3 rm
```
、
```
aws s3 rb
```
、
```
aws iam delete-user
```
、
```
aws ec2 terminate-instances
```
等类似命令。
创建AWS资源前必须确认 — 在附加IAM策略之前，向用户说明将创建的内容并获得明确确认。
切勿暴露凭证信息 — 切勿在对话输出中回显、记录或显示AWS访问密钥、密钥、会话令牌、GitHub PAT或SSH私钥。创建密钥时，直接在命令中使用用户输入的值，切勿重复显示该值。
尊重用户决策 — 如果用户要求停止、跳过或拒绝，立即遵守。切勿重试被拒绝的操作或与用户的选择争论。
不提供定价声明 — 切勿引用具体价格或成本估算。如果用户询问定价，请引导至：https://aws.amazon.com/transform/pricing/

Output Structure

输出结构

Local mode: transformed code is in the repo directory.

Bulk results summary:

~/.aws/atx/custom/atx-agent-session/transformation-summaries/

— see references/results-synthesis.md.

本地模式：转换后的代码位于代码仓库目录中。

批量结果摘要：

~/.aws/atx/custom/atx-agent-session/transformation-summaries/

— 请参考references/results-synthesis.md。

References

参考文档

Reference	When to Use
repo-analysis.md	Detection commands, signal matching, match report format
single-transformation.md	Applying one TD to one repo
multi-transformation.md	Applying TDs to multiple repos in parallel
results-synthesis.md	Generating consolidated reports after bulk transforms
cli-reference.md	ATX CLI flags, commands, env vars, IAM permissions
troubleshooting.md	Error resolution, debugging, quality improvement

参考文档	使用场景
repo-analysis.md	检测命令、信号匹配、匹配报告格式
single-transformation.md	对单个代码仓库应用单个TD
multi-transformation.md	对多个代码仓库并行应用TD
results-synthesis.md	批量转换后生成综合报告
cli-reference.md	ATX CLI参数、命令、环境变量、IAM权限
troubleshooting.md	错误解决、调试、质量改进

License

许可证

AWS Service Terms. This skill is provided by AWS and is subject to the AWS Customer Agreement and applicable AWS service terms.

AWS服务条款。本Skill由AWS提供，受AWS客户协议和适用的AWS服务条款约束。

Issues

问题反馈

https://github.com/aws-samples/aws-transform-custom-samples/issues