Migration assurance
Supported scope and rule coverage
This is exactly what the scanner covers and what it deliberately does not. Deliberate exclusions are correct-by-design: flagging them would be a false positive.
What we never flag
Orders v0 operations outside the removal set (for example confirmShipment), listFinancialEventGroups, listTransactions and the Flat File V2 report type.
Active ruleset versions
Every scan snapshots these versions; the last-verified date states when the rule knowledge was checked.
| Module | Ruleset | Released | Last verified |
|---|---|---|---|
| Orders | amazon-orders-1.0.0-r1 | 2026-07-02 | 2026-07-02 |
| Settlement | amazon-settlement-1.0.0-r1 | 2026-07-02 | 2026-07-02 |
| Finances | amazon-finances-1.0.0-r1 | 2026-07-02 | 2026-07-02 |
Complete active rule matrix
All active rule IDs are listed below. Confidence describes the detector, not a guarantee that a migration is correct; limitations identify where runtime behavior can hide evidence.
| Rule ID | Module | Detection | Supported files | Confidence | Known limitation |
|---|---|---|---|---|---|
| AMZ-ORD-OPERATION-001 | Orders | Deprecated Orders v0 operation: Whole-word match on the in-scope operation names only. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-ENDPOINT-001 | Orders | Orders API v0 endpoint: Path pattern match. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-PARAM-001 | Orders | Renamed or semantically changed Orders parameter: Whole-word match against the known parameter map. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-PARAM-002 | Orders | Orders parameter with no replacement: Whole-word match against the no-replacement set. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-STATUS-001 | Orders | Order status needs remap: Whole-word match against the status map. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-FULFILL-001 | Orders | Fulfillment channel needs remap: Whole-word match against the fulfillment map. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-PROGRAM-001 | Orders | Boolean flag moves to programs[]: Whole-word match against the boolean-flag map. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-RDT-001 | Orders | Restricted Data Token workflow for Orders PII: RDT signal plus an Orders-PII signal in the same file (low confidence). | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Low — requires verification | Dynamic wrappers and generated code can require manual verification. |
| AMZ-ORD-PAGINATION-001 | Orders | Legacy NextToken pagination: NextToken match gated by an Orders context signal (low confidence). | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Low — requires verification | Custom pagination abstractions can hide control flow. |
| AMZ-SET-REPORT-001 | Settlement | Legacy settlement report type: Whole-word match against the deprecated report-type set. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-SET-XML-001 | Settlement | XML settlement workflow: XML report-type or XML-parse signal in a settlement context. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | High | Custom parser wrappers can hide XML usage. |
| AMZ-SET-COLUMN-001 | Settlement | Legacy settlement column assumption: Match against the legacy column-name map. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-SET-POSITIONAL-001 | Settlement | Positional column parsing: Positional/index parsing pattern in a settlement context. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | High | Generated parser code may be excluded as vendor output. |
| AMZ-SET-LOCALE-001 | Settlement | Locale-unsafe amount parsing: parseFloat/Number/float pattern gated by settlement amount context; absence of a locale helper is not used as blocker evidence. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | High | Dynamic wrappers and generated code can require manual verification. |
| AMZ-FIN-OP-001 | Finances | Deprecated Finances financial-event operation: Whole-word match that explicitly excludes listFinancialEventGroups. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-FIN-ENDPOINT-001 | Finances | Deprecated Finances v0 endpoint: Path pattern match on the v0 financialEvents endpoints. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Context-capped: direct runtime/config may be High; plain strings Medium; docs/comments Low | Dynamic wrappers and generated code can require manual verification. |
| AMZ-FIN-WINDOW-001 | Finances | Date window exceeds 180 days: Numeric window literal over 180 near a window/range keyword (low confidence). | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Low — requires verification | Runtime-generated dates can require manual verification. |
| AMZ-FIN-TIME-SAFETY-001 | Finances | Posted cutoff too close to request time: Request-time expression with no safe offset (medium confidence). | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Medium | Runtime-generated dates can require manual verification. |
| AMZ-FIN-COMPLETENESS-001 | Finances | Recent data treated as complete: Recent-48-hour assumption in a listTransactions context (low confidence). | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Low — requires verification | Dynamic serializers and generated clients can hide behavior. |
| AMZ-FIN-PAGINATION-001 | Finances | Stops on an empty page: Empty-list break/return in a nextToken context. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | High | Custom pagination abstractions can hide control flow. |
| AMZ-FIN-PAGINATION-ARGS-001 | Finances | Paginated request omits original arguments: Inspect listTransactions object arguments on token calls. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | High | Custom pagination abstractions can hide control flow. |
| AMZ-FIN-STATUS-001 | Finances | Incomplete transaction-status handling: Released-only status branch in a transaction context. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | High | Dynamic wrappers and generated code can require manual verification. |
| AMZ-FIN-IDENTIFIER-001 | Finances | Unsupported related identifier: Validate literal relatedIdentifierName values. | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | High | Dynamic wrappers and generated code can require manual verification. |
| AMZ-FIN-BREAKDOWN-001 | Finances | Flat-only breakdown parsing: Flat map/reduce/forEach in a listTransactions context (medium confidence). | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Medium | Custom recursive helpers can require manual verification. |
| AMZ-FIN-DEDUP-001 | Finances | Missing transaction-ID deduplication: Absence check scoped to multi-fetch listTransactions code (low confidence). | TS, JS, Python, Java, Kotlin, C#, Go, Ruby, PHP, config/text | Low — requires verification | Dynamic serializers and generated clients can hide behavior. |
Supported files
- Code: TypeScript, JavaScript, Python, Java, Kotlin, C#, Go, Ruby and PHP.
- Structured data: JSON, XML, YAML, CSV and TSV.
- Configuration: Terraform, .env variants, properties, INI and common config files.
- Markdown and text are scanned as documentation evidence at reduced severity.
Exact exclusions
| Module | Excluded item | Why |
|---|---|---|
| Orders | Orders v0 operations outside the removal set | Operations like confirmShipment are NOT flagged; they are not in this removal. |
| Finances | listFinancialEventGroups | Not removed in this migration and never flagged as a blocker. |
| Finances | listTransactions (v2024-06-19) | The replacement operation is treated as compliant, never flagged. |
| Settlement | Flat File V2 report type | The replacement report type is treated as compliant, never flagged. |
Global limitations
- Dynamic invocation, reflection and custom SDK wrappers can hide operations from static rules.
- Runtime-generated dates and pagination arguments can require verification.
- Vendor, dependency and generated build directories are excluded to reduce false positives.
- Unsupported and skipped files remain visible in scan coverage and are not treated as verified.
Official sources
Last reviewed: 2026-07-02.
Open the interactive scanner: /app#/supported-scope