--- id: wiki-2026-0508-software-maintenance title: Software Maintenance category: 10_Wiki/Topics status: verified canonical_id: self aliases: [SW Maintenance, Software Sustainment] duplicate_of: none source_trust_level: A confidence_score: 0.9 verification_status: applied tags: [maintenance, refactoring, lifecycle, ai-augmented] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: multi framework: ide/ci/ai-tools --- # Software Maintenance ## 매 한 줄 > **"매 software maintenance 의 corrective + adaptive + perfective + preventive 의 4 categories (ISO/IEC 14764)"**. 매 lifecycle cost 의 60-80% 의 maintenance — 매 dev 의 minority 의 only feature 의 build. 매 2026 의 game-changer 의 AI-aided refactor / debug (Claude Opus 4.7, Cursor, Sourcegraph Cody) + automated dep update (Renovate / Dependabot). ## 매 핵심 ### 매 4 categories (ISO/IEC 14764) - **Corrective**: 매 bug fix — 매 reactive. - **Adaptive**: 매 환경 변화 (OS, runtime, API breaking change). - **Perfective**: 매 performance / readability / structure 의 improve. - **Preventive**: 매 future fault 의 anticipate (refactor, test, doc). ### 매 Maintenance 의 challenges - **Knowledge erosion**: 매 original author 의 leave → 매 dark code. - **Dep rot**: 매 transitive CVE / EOL. - **Code rot**: 매 entropy 의 increase. - **Test fragility**: 매 flaky 의 trust 의 erode. ### 매 Modern (2026) techniques - **AI refactor / explain**: Claude / Cursor 의 large diff 의 understand. - **Automated dep**: Renovate, Dependabot — 매 PR 의 auto + test 의 auto-merge. - **Continuous profiling**: pprof / Pyroscope / Parca 의 perf regression. - **Code archaeology**: git-blame + AI 의 historical context. - **Automated migration**: codemod (jscodeshift, Bowler), Ruff fix, OpenRewrite (Java). ### 매 응용 1. CVE patching pipeline. 2. Major version migration (Python 3.11 → 3.13, React 18 → 19). 3. Dead-code / dep prune. 4. Test backfill (untested legacy). ## 💻 패턴 ### Renovate config (auto dep update) ```json { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": ["config:recommended", ":dependencyDashboard"], "schedule": ["before 6am on Monday"], "automerge": true, "automergeType": "pr", "packageRules": [ { "matchUpdateTypes": ["major"], "automerge": false }, { "matchPackagePatterns": ["^@types/"], "automerge": true, "groupName": "types" } ], "vulnerabilityAlerts": { "labels": ["security"], "automerge": false } } ``` ### AI-assisted refactor (Claude Code) ```bash # 매 large legacy file 의 refactor — 매 small steps + tests claude refactor src/legacy.py \ --strategy "extract pure functions, add type hints, preserve behavior" \ --test "pytest tests/test_legacy.py" ``` ### Codemod (jscodeshift, callback → async) ```javascript // transform.js module.exports = function(file, api) { const j = api.jscodeshift; return j(file.source) .find(j.CallExpression, { callee: { name: "fs.readFile" } }) .replaceWith(p => { const [path, cb] = p.node.arguments; return j.awaitExpression( j.callExpression(j.memberExpression(j.identifier("fs"), j.identifier("promises.readFile")), [path]) ); }) .toSource(); }; // jscodeshift -t transform.js src/ ``` ### OpenRewrite recipe (Java migration) ```yaml # rewrite.yml type: specs.openrewrite.org/v1beta/recipe name: com.acme.UpgradeJava21 recipeList: - org.openrewrite.java.migrate.UpgradeToJava21 - org.openrewrite.java.migrate.UpgradeBuildToJava21 - org.openrewrite.java.format.AutoFormat ``` ### Continuous profiling (Pyroscope) ```python import pyroscope pyroscope.configure( application_name="payment-svc", server_address="http://pyroscope:4040", tags={"env": "prod", "version": "1.4.2"}, ) # 매 deploy 의 pre / post flame graph 의 diff 의 perf regression 의 catch ``` ### CVE patching pipeline ```yaml # .github/workflows/cve.yml name: cve-patch on: { schedule: [{ cron: "0 6 * * 1" }] } jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: trivy fs --severity HIGH,CRITICAL --exit-code 1 . - run: | gh issue create --title "CVE scan failures $(date -I)" \ --body-file trivy-report.txt \ --label security ``` ### Dead-code detection (knip / unimported) ```bash # 매 JS/TS 의 dead module / export npx knip # 매 Python vulture src/ --min-confidence 80 # 매 Java jdeps --print-module-deps build/libs/*.jar ``` ### Mutation testing (perfective) ```bash # 매 Python: mutmut, 매 JS: stryker # 매 test 의 actually catch 의 measure mutmut run --paths-to-mutate=src/ mutmut html # 매 score < 70% 의 의 test gap. ``` ### AI-explain (legacy code archaeology) ```python import anthropic client = anthropic.Anthropic() def explain(file_path: str): src = open(file_path).read() blame = subprocess.check_output(["git", "log", "-p", file_path]).decode()[:30000] msg = client.messages.create( model="claude-opus-4-7", max_tokens=2000, system="You are a senior engineer explaining legacy code. Cover: purpose, key invariants, hazards, refactor priorities.", messages=[{"role": "user", "content": f"FILE:\n{src}\n\nGIT LOG:\n{blame}"}], ) return msg.content[0].text ``` ## 매 결정 기준 | 상황 | Action | |---|---| | Active CVE | Renovate auto-PR + emergency merge | | Major version | OpenRewrite / codemod + staged rollout | | Slow function | Continuous profiling + targeted fix | | Untested legacy | Characterization tests first, refactor after | | Dark code | AI-explain + pair with original author log | **기본값**: Renovate + Trivy + Pyroscope + AI-assist as standard stack. ## 🔗 Graph - 부모: [[SDLC]] - 변형: [[Refactoring_Best_Practices|Refactoring]] · [[Technical_Debt|Technical-Debt]] - Adjacent: [[Renovate]] ## 🤖 LLM 활용 **언제**: legacy explain, refactor proposal, doc generate, codemod 의 draft. **언제 X**: prod hot-fix without test (always test first), security patch 의 unattended merge. ## ❌ 안티패턴 - **Big-bang refactor**: 매 small steps + green test 의 always. - **No characterization test**: 매 refactor 의 silent break. - **Manual dep update**: 매 Renovate / Dependabot 의 always. - **Hot-fix to main without rollback**: 매 PR + test + tag 의 keep. ## 🧪 검증 / 중복 - Verified (ISO/IEC 14764, Renovate, OpenRewrite, Pyroscope docs). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — full categories + AI-aided modern stack |