The best advice I ever received about code was to never get attached to it, because eventually it will need to change. Things always change; and a robust system must be able to respond to these changes to survive and grow. You might be able to manage the small changes along the way, but eventually as your application gets older, there will come a day where you're going to have to make a big change -- a change so big that you're not just changing a piece of the system anymore, you're rewriting it. The scariest thing about a rewrite is that usually the old system is very complicated and its behavior isn't completely documented, so it's hard to be sure that any new system you create replaces the functionality of the old system completely. This might be good enough for certain rewrites -- it might even be a good opportunity to rethink some behavior -- but there are other cases where you can't afford to be unsure about the correctness of the system you're replacing because it's too important. At GitHub, we found ourselves at a point where we needed to rewrite the system that models our permissions in order to be able to build new features and improve performance. This talk will cover the strategies we developed to rewrite this critical piece of the app side-by-side with the existing code, specifically how we used our open-source science and analysis libraries to rewrite small pieces at a time and ensure that everything worked when we finally flipped the switch.