Sign in Subscribe
DevOps

How One Enterprise DevOps Team Migrated a Legacy Monolith to an Agentic Architecture Without Rewriting a Single Line of Core Business Logic

Scott Miller

8 min read

Search results are limited today, but my expertise in this space is more than sufficient to deliver a rich, accurate, and deeply technical post. Here it is: ---

When the engineering leadership at a mid-sized financial services firm (which we'll call Meridian Financial for confidentiality) first floated the idea of wrapping their 14-year-old monolithic policy engine in an agentic architecture, the room went quiet. Not the excited kind of quiet. The kind where senior engineers start mentally updating their resumes.

The codebase in question was a Java-based monolith: roughly 2.3 million lines of code, responsible for processing insurance policy validations, underwriting decisions, and compliance checks across six product lines. It worked. It had always worked. And that was precisely the problem. Nobody wanted to touch it, which meant nobody could extend it, either.

By early 2026, the pressure to integrate AI-driven automation into their core workflows had become unavoidable. Competitors were shipping agentic pipelines that could autonomously triage claims, generate compliance summaries, and route edge cases to human reviewers, all in real time. Meridian needed to catch up, and fast. But a full rewrite was off the table: too risky, too expensive, and frankly, too much institutional knowledge was baked into that legacy code to safely recreate it from scratch.

What followed was an 11-month migration journey that the team describes as "the most instructive thing we've ever done as engineers." This is their story, their architecture, and the hard-won lessons they wish they'd had on day one.

The Starting Point: Understanding What "Agentic" Actually Meant for Their Use Case

Before writing a single line of new code, the team spent three weeks doing something most DevOps teams skip entirely: defining what "agentic architecture" actually meant in the context of their specific domain. This sounds obvious. It almost never happens.

In the popular discourse of 2026, "agentic" has become one of those words that means everything and nothing simultaneously. For some teams, it means deploying a multi-agent LLM framework. For others, it means event-driven microservices with autonomous retry logic. For Meridian's team, it came to mean something precise and bounded: a system in which discrete AI agents could observe state, make decisions, invoke tools (including the legacy engine), and hand off context to other agents or humans, without any single agent needing to own the full workflow.

That definition did three important things. First, it positioned the legacy monolith not as a liability to be replaced but as a tool to be invoked. Second, it gave the team a clear boundary for what needed to be built new versus what could be wrapped. Third, it kept the scope honest.

The Architecture: Wrapping, Not Replacing

The core architectural decision was deceptively simple: treat the legacy monolith as a black-box tool in a broader agentic graph. Here is how the layers broke down in practice.

Layer 1: The Legacy Core (Untouched)

The Java monolith remained exactly as it was. No refactoring, no dependency upgrades, no "while we're in here" improvements. The team enforced this discipline with a hard rule: any engineer who opened a legacy source file for reasons other than reading documentation had to present the change to the full architecture review board. This rule was invoked exactly twice in 11 months. Both times, the proposed change was deferred.

Layer 2: The Capability Adapter Layer

A thin REST and gRPC adapter layer was built around the monolith, exposing its core functions as discrete, versioned API endpoints. Think of this as the "tool definition" layer in agentic terms. Each endpoint was documented with structured schemas that described inputs, outputs, expected latency, and failure modes. This documentation was not written for human engineers. It was written to be consumed by an LLM-based orchestration layer.

Key endpoints exposed included:

  • Policy Validation Service: Accepts a structured policy object, returns a validation result with error codes.
  • Underwriting Decision Engine: Accepts applicant data and product type, returns a risk tier and recommended premium range.
  • Compliance Check Runner: Accepts a transaction payload, returns a pass/fail result with regulatory citation references.
  • Audit Trail Writer: Accepts an event payload, appends to the immutable audit log.

Critically, the adapter layer introduced no new business logic. It was purely structural. If the monolith returned an error, the adapter returned that error verbatim. No silent swallowing of exceptions. No "helpful" transformations.

Layer 3: The Agent Orchestration Layer

This is where the genuinely new work lived. The team built a multi-agent orchestration system using a graph-based framework (they evaluated LangGraph, Temporal, and a custom-built state machine before settling on a hybrid of Temporal for durability and a lightweight in-house agent router for LLM coordination). Each agent was scoped to a single domain responsibility:

  • Intake Agent: Parses incoming claim or application data from unstructured sources (emails, PDFs, web forms), normalizes it into a structured schema, and routes it to the appropriate downstream agent.
  • Validation Agent: Calls the Policy Validation Service via the adapter layer, interprets results, and either proceeds or flags for human review with a plain-language explanation of the failure.
  • Underwriting Agent: Calls the Underwriting Decision Engine, enriches the result with external data (credit bureau APIs, property data feeds), and generates a recommendation summary for human underwriters.
  • Compliance Agent: Runs the Compliance Check Runner, cross-references results against a live regulatory knowledge base, and drafts a compliance memo if required.
  • Escalation Agent: Monitors confidence scores across all agents and routes low-confidence decisions to a human review queue with full context attached.

Layer 4: The Human-in-the-Loop Interface

No agentic architecture in a regulated industry survives contact with compliance without a robust human-in-the-loop layer. Meridian built a review dashboard that presented human reviewers not just with a decision to approve or reject, but with the full agent reasoning trace: which agents ran, which tools were called, what data was passed, and why the system flagged the item for human attention. This transparency was not an afterthought. It was a regulatory requirement, and building it early saved significant rework later.

The Migration Strategy: Strangler Fig, But for Agents

The team adapted the classic Strangler Fig pattern, originally described by Martin Fowler for microservices migrations, to their agentic context. Rather than migrating entire workflows at once, they identified the smallest possible unit of work that could be routed through the new agentic layer while the monolith continued handling everything else.

Phase 1 (months 1 to 3) routed only new policy applications for a single product line (renters insurance) through the agentic layer. The legacy monolith still processed everything; the agents simply observed the flow, ran in shadow mode, and logged their outputs alongside the legacy outputs for comparison.

Phase 2 (months 4 to 6) activated the Intake Agent and Validation Agent for that same product line in production, while keeping the legacy monolith as the system of record. If the agents and the legacy engine disagreed, the legacy engine won, and the discrepancy was logged for analysis.

Phase 3 (months 7 to 9) expanded to three additional product lines and activated the Underwriting and Compliance agents. By this point, the team had accumulated enough discrepancy data to tune the agents' prompts and tool-call logic with high confidence.

Phase 4 (months 10 to 11) completed the transition for all six product lines. The legacy monolith remained running, but was now purely a tool called by agents rather than the primary orchestrator of workflows. The monolith's own UI and direct-access integrations were deprecated in favor of the new agent-driven interfaces.

The Numbers: What Actually Changed

After 11 months, the results were measurable and, in some areas, surprising:

  • Straight-through processing rate for new policy applications increased from 41% to 79%. The agents handled the majority of routine cases without human intervention.
  • Average time-to-decision for underwriting dropped from 3.2 business days to 4.1 hours for standard-risk applications.
  • Compliance review preparation time dropped by 68%, as the Compliance Agent automated the drafting of regulatory memos.
  • Zero regressions in core business logic. Because the monolith's logic was never modified, every calculation, validation rule, and compliance check continued to produce identical results to the pre-migration baseline.
  • Incident rate in the new agentic layer during the first 90 days post-launch: 7 incidents, all in the orchestration layer, none in the legacy core.

What They Wish They'd Known Before Starting

This is the part the team was most eager to share. Not the wins, but the friction. Here are the six lessons they would give to any enterprise DevOps team considering a similar path.

1. "Agentic" Is an Orchestration Problem, Not an AI Problem

The team's early instinct was to spend most of their energy on prompt engineering and model selection. In retrospect, they estimate that 70% of their actual engineering effort went into orchestration: state management, retry logic, timeout handling, context window budgeting, and agent handoff protocols. The AI parts were, relatively speaking, the easy parts. Teams that treat agentic migrations as primarily an AI project will be blindsided by the infrastructure complexity.

2. Your Legacy System's Error Messages Are Not Agent-Friendly

The monolith's error codes were written for human developers who had context. Error code UW-4412 meant something specific to a senior engineer who had been around for eight years. It meant nothing to an LLM. The team had to build a comprehensive error code translation layer, mapping every legacy error to a structured, plain-language description that agents could reason about. This took two full sprints and was not on anyone's original project plan.

3. Shadow Mode Is Non-Negotiable, Not Optional

Several engineers pushed to skip the shadow-mode phase in Phase 1, arguing it was "just adding latency to the timeline." The team lead held the line. During shadow mode, they discovered that the Intake Agent was misclassifying approximately 12% of commercial property applications as residential, due to ambiguous phrasing in a subset of broker-submitted forms. Catching this in shadow mode cost one sprint to fix. Catching it in production would have cost regulatory exposure and customer trust.

4. The Human-in-the-Loop Layer Will Be Underestimated Every Time

The initial estimate for building the human review interface was two weeks. It took eleven. Regulators, compliance officers, and senior underwriters all had specific requirements for how agent reasoning needed to be displayed, audited, and stored. Building this layer well is not a UI problem. It is a data architecture, audit logging, and stakeholder alignment problem wearing a UI problem's clothing.

5. Treat Agent Prompts as Production Code

Early in the project, agent prompts lived in a shared Notion document. No versioning, no review process, no rollback capability. After a prompt change caused the Compliance Agent to start omitting a required regulatory citation from its memos (a change that went undetected for six days), the team moved all prompts into their main Git repository, subject to the same pull request and review process as any other production code. Prompt drift is a real operational risk. Treat it as one.

6. Define "Done" for Each Agent Before You Build It

The team built the Escalation Agent last, and it showed. Because the definition of "low confidence" had never been formally specified, the agent's escalation threshold was tuned and re-tuned seven times over the course of the project. Each re-tuning required re-validating downstream workflows. Had they written a formal acceptance specification for the agent before building it, including specific confidence score thresholds, escalation rate targets, and test cases, they estimate they would have saved three weeks of rework.

The Broader Lesson: Legacy Code Is Infrastructure, Not Debt

Perhaps the most counterintuitive insight from Meridian's journey is a reframing of how enterprise teams should think about legacy systems in an agentic world. For years, the dominant narrative in software engineering has positioned legacy codebases as technical debt to be paid down, refactored away, or replaced. The agentic architecture paradigm offers a different mental model: legacy systems are tools, and tools do not need to be rewritten to be useful.

A 14-year-old policy engine that has processed millions of transactions and survived dozens of regulatory audits carries something that no new system can replicate on day one: proven correctness. That correctness is enormously valuable. The job of a modern agentic layer is not to replace that correctness but to amplify it, to wrap it in intelligence, context, and automation that makes it accessible to new workflows and new users without ever touching the thing that makes it trustworthy.

That is a fundamentally different relationship with legacy code, and it is one that more enterprise teams need to consider as the pressure to "go agentic" intensifies through 2026 and beyond.

Final Thoughts: Is This Approach Right for Your Team?

The Meridian approach will not work for every organization. It requires a legacy system that is stable, well-understood at the API boundary (even if opaque internally), and capable of being exposed via a thin adapter without major security or performance concerns. It also requires organizational discipline: the willingness to leave working code alone even when every instinct says to "clean it up while you're in there."

But for teams sitting on top of complex, battle-tested business logic that they cannot afford to risk rewriting, the agentic wrapper pattern is one of the most compelling architectural strategies available right now. It lets you ship intelligence without gambling on correctness. And in a regulated, high-stakes domain, that trade-off is not just practical. It is the only responsible choice.

Have you attempted a similar migration? The patterns, pitfalls, and tooling choices in this space are evolving rapidly. Drop your experience in the comments below or reach out directly. The best case studies in this space are still being written.

Sign up for more like this.

Enter your email
Subscribe