Domain‑First studio · Cracow, PL
00 · The thesis · Domain‑First
Freeze the domain .
Everything else stays liquid.
Domain is everything.
Codefreeze is a Domain‑First studio — architecture for fintech.
I keep the business model legible — at every layer, from a single Java method to the cloud subscription —
while frameworks, AI agents and the regulator keep changing underneath it.
or message me on LinkedIn →
★ the 2026 problem
AI without domain grounding
Agents working blind. No compilable map, no versioned truth. The domain drifts silently with every AI-assisted commit.
Business logic scattered, models anemic.
02
AI corrupting the domain
Agents producing plausible drift.
Every refactor turns into a rewrite.
Microservices that all break together.
02 / discipline
The Domain‑First method
Four principles. One method, scaled across every layer — code, MCP, infra, AI.
Interfaces in the tree. Classes at the edges.
02
Hexagonal Architecture
Ports and adapters. Leaf swaps over rewrites.
Events are facts. Not transport details.
Architecture is the agent's contract.
05 / signature method
Layered Domain Encapsulation
Same DDD discipline applied at every zoom level — from physical infrastructure to a single method body.
L0 Physical machines, network topology
L1 Software Infra VMs, storage volumes
L2 Infra-as-Code compositions and modules
L3 Runtime Agents service mesh, secrets
L4 Services business capabilities
L5 Domain Artifacts aggregates, value objects
L6 Methods a single domain operation
03 / journey
Where the method took shape
Five engagements across employment, contract roles and personal R&D — ordered by methodological depth, from banking-grade origins to a complete instantiation.
★ complete instantiation
the-world· pet project· live
Domain‑First, at every layer.
A versioned central domain that birthed Domain‑First Rules . Domain-segregated MCP. Layer ↔ tree hygiene. Business-native metric placement; hot-spot detection in key domain nodes. Technical metrics support domain metrics, never lead them.
Terragrunt Terraform Proxmox Vault Nomad Consul MCP Domain‑First Rules
04 / production at scale
ACES· UBS· 37 mo
In flight, every day.
Event-driven asset eligibility on Azure — the method, live, in industrial use.
Java 25 Spring Boot Azure Cosmos DB
02 / adoption inside legacy
RTM· Capital Group· 31 mo
Promoting DDD in a monolith.
Refactor, migrate, teach. Where the method earned its political muscles.
Spring Hibernate Oracle Angular
01 / banking-grade origins
OKAPI / PolishAPI· Intive· 6 mo
When the regulator is in the room.
Architect for a PSD2 platform serving banks and payment providers (PayU, PayPal). Where "domain" stopped being a folder name.
Spring REST K8s Docker Azure
03 / pure-interface laboratory
Ethereum Analyzer· pet project· reactive
Interfaces as the only contract.
Where the technique was honed in isolation — multi-module DDD, reactive pipeline, zero framework leaks into the domain.
Java 25 WebFlux Reactor Neo4j Web3j
The contractor
Adrian Kremblewski
Domain-First architecture for fintech · making DDD executable & AI-safe · Author of the Domain-First Rules. 15+ years on event-driven systems in investment banking, wealth management, payment APIs and digital identity.
Track record
How the methodology was born
UBS
HSBC
Capital Group
Sabre
TomTom
Crif
CoreLogic
A+E
1 client
at a time · focused engagement
Hands-on
architect + developer
Full-stack exp
Java · React · Python · IaC · Agents
Author
Domain‑First methodology · 10-vol rules
Plan
Design
Implement
Build
Test
Secure
Ship
Run
Observe
★ Augment
Any context where the surrounding domain shapes the work. Teams willing to map before they build.
Shallow or ephemeral domains. Delivery mandates with no room for discovery. In-house employee roles.
A short, free mutual-fit conversation. I take one or two clients at a time, so we check it is a real fit before anything paid. Leads to a Sprint or Review if it is.
shape 0
Domain Hypothesis Sprint
One to two weeks. Pre-work, workshop, written brief. For teams testing whether Domain‑First applies before committing to a full Review.
shape 1
Architecture Review
Two to three weeks. I read the codebase, the domain, the team's working reality. You receive a written assessment and a decommissioning-safe path forward.
shape 2
Implementation Engagement
Hands-on architect and senior developer, one client at a time. Three to twelve months typical. Scope and duration agreed after the Architecture Review.
What if you're unavailable partway through?
Fair worry, and the method is built to answer it. I work so the engagement is handoff-ready at every step — there's no load-bearing knowledge trapped in my head. The domain understanding is researched and written into the documents; the model is reflected in the interfaces; the next slice of work is already laid out in the plan; and every change sits in git as a small, reversible leaf with its own decision record. So if I'm unavailable, your own seniors — or any competent engineer — pick it up by reading, not by archaeology. It's the same property that makes the work yours with no lock-in: it was never dependent on me being in the room.
Isn't Domain‑First just DDD with a new name?
It's built on DDD — Evans's philosophy is the foundation, and I won't pretend otherwise. The difference is what I do with it. DDD leaves the encoding to you; Domain‑First makes it executable and enforced: the domain is a tree of versioned Java interfaces, every concrete class exists only as a leaf at the edge, dependency direction is a rule, not a preference. And it doesn't stop at the code model — the same discipline runs from a single Java method through Terraform modules and service orchestration to how an AI agent is allowed to touch the system. DDD describes the model; Domain‑First turns it into the contract everything else, the AI included, has to obey.
When should a project adopt Domain‑First?
The earlier you start, the more you get: Domain‑First defines the shape and meaning of your objects before the applications that depend on them, so the apps grow out of the domain instead of the model being bolted on later. On a greenfield it's almost free — you build the core of objects and relationships first and carry no retrofit cost. A large or existing application adopts it gradually, interface by interface, area by area, each refined as far as that area has matured — never a big-bang rewrite. AI-driven projects need it first of all: from day one the interfaces fix the expected shape and definition of every object the domain and the apps share, so agents build inside the model instead of eroding it.
What survives when the framework or the regulator changes?
The domain. The whole point is to keep the business model legible while everything around it stays liquid. Frameworks, ORMs, wire formats and cloud services live in adapters at the edge — swap them and the domain doesn't move. A new regulation usually means a new interface that extends an old one, so existing code keeps running while the new rule is added beside it, not retrofitted into it. You change the thing that changed; the core you depend on survives untouched.
How do you keep AI agents from corrupting the model?
I give the agent the role of a domain expert and impose the domain on it. The domain isn't a prompt — it's a set of Domain‑First Java interfaces, and each one is earned: the output of a deep analysis of that area of the system, conducted by applying my Domain‑First Rules. Their detail tracks how far each area has grown — mature areas expose precise contracts, young ones stay coarse. Those interfaces are at once the agent's knowledge and its permission surface — it reasons inside them and can't invent past them.
Execution is real, not a sandbox toy. OpenClaw, backed by Claude, runs in an isolated VLAN with full access to the infrastructure described as IaC. The agent can actually operate the system — read the domain graph, generate a leaf, deploy it — but it's contained two ways: the network isolates it, and the interfaces decide what is allowed to exist.
What makes a migration or a decommission cheap ?
Nothing depends on anything except the domain interface above it. Adapters and application services never import each other, so retiring a database, a service or a wire format is a leaf swap, not a coordination project — you replace the implementation behind the interface and every consumer keeps compiling. Because the model is a graph, the cost is countable in advance: leaves to move, consumers to update, data to migrate. Migrations stop being multi-month unknowns and become a list you can estimate.
Will my team maintain it after you leave?
The domain map, architectural decisions with rationale (ADRs), refactor recipes and test scaffolding — all in your repo and your team's hands. Domain‑First is judged by what your senior engineers can maintain solo after the engagement ends. If they cannot, the engagement failed.
Is it really a one‑person studio?
Yes. One senior architect and developer, one client at a time — the person who scopes the work is the person who writes the code. No juniors to train on your codebase, no offshore handoff, no account manager between you and the work. The trade-off is honest: I take one or two engagements at a time, so availability is the constraint, not capacity. What you get for it is continuity — the model in your repo was reasoned and built by the same head, end to end.
How do you invoice, and in what currency?
JDG (Polish sole-trader) B2B invoicing, monthly. In your operating currency. Engagement scope agreed after the Architecture Review.
Book a Fit Call
On this page
★ / the 2026 problem
AI without domain grounding The fundamental gap most engineering teams haven't named yet.
Most LLM agents working on production code have no central ground truth . They infer the domain from filenames, recent commits, and Stack Overflow patterns. Result: hallucinated context, semantic drift, broken contracts.
Each AI-assisted commit silently shifts what Order or Position means in the codebase. Six months later, the agent is generating code that compiles, passes tests, and slowly corrupts the model. Onboarding new humans takes longer than before AI.
Codefreeze answer
A compilable, versionable, decomposable domain model — a code-backed ontology that fills the bidirectional understanding gap between humans and LLMs.
Key points
Compilable — the type system catches semantic drift at compile time; impossible states don't compileVersionable — agents target a stable, git-tagged schema; rollback is a git revertDecomposable — composability is the industry baseline; decomposability is what's rare. Because every implementation sits behind a pure interface in its own leaf module, you can split an aggregate or refactor an implementation into smaller pieces without breaking the application layer . Consumers see no change. The Maven module tree absorbs the complexity, the domain interface stays still.
This is exactly the kind of coupling a fit call surfaces — in your codebase, not in the abstract.
Book a Fit Call →
01 / market pain
Service layer rot The most common pattern I find in legacy fintech codebases.
Business logic doesn't live in domain entities — it lives in transactional service classes that grow forever. Every new requirement adds another method to OrderService, another null check, another orchestration step.
The cost: nobody can read the business model from the code anymore. New developers can't reason about what the system actually does. Every change ripples through unpredictable surfaces. Test coverage looks healthy and yet production keeps surprising you.
Codefreeze answer
Aggregates own their invariants. Service classes shrink to thin orchestration over rich domain models. Business logic becomes legible again — to humans and to AI agents.
This is exactly the kind of coupling a fit call surfaces — in your codebase, not in the abstract.
Book a Fit Call →
02 / market pain
AI corrupting the domain The 2026 version of the previous problem.
AI agents accelerate implementation but degrade the model. They generate code that compiles, passes tests, and slowly turns the domain into a bag of utilities — because the agent has no opinion about what belongs where.
The cost: velocity now, opaque codebase six months later. The domain stops being legible. Onboarding takes longer than before AI. The team starts to distrust merged code.
Codefreeze answer
Domain interfaces become the agent's read-only contract. If proposed code doesn't compose with existing aggregates, it doesn't merge. Architecture becomes the prompt — and the merge filter.
This is exactly the kind of coupling a fit call surfaces — in your codebase, not in the abstract.
Book a Fit Call →
03 / market pain
Legacy paralysis Every modernization proposal turns into a rewrite proposal.
The team wants to modernize. The estimate keeps coming back the same: "we'd have to rewrite the whole thing." Reasonable — because business logic is fused with framework code, transport, and persistence. You can't move one without moving all.
The cost: cloud migrations that change deployment but not architecture. Year-long projects that ship the same monolith on Kubernetes. Sunk costs that grow with every quarter.
Codefreeze answer
Hexagonal architecture, applied as a retrofit. Ports for what the domain needs, adapters for the concrete tech. Replace one leaf at a time. Decommissioning-safe — retire a 10-year-old service without rewriting consumers.
This is exactly the kind of coupling a fit call surfaces — in your codebase, not in the abstract.
Book a Fit Call →
04 / market pain
Distributed monoliths Microservices that all break together.
The team split a monolith into microservices, but kept shared databases, synchronous calls, and entity-level coupling. Result: more services, same coupling, more failure modes. Deploys still need orchestration. A bug in service A still rolls back service B. Latency got worse.
The cost: all the operational tax of microservices, none of the autonomy. Teams end up afraid of their own architecture.
Codefreeze answer
Bounded contexts as the unit of separation — not entities. Events as the integration protocol. Each service owns its data and its part of the model. Real autonomy, not nominal microservices.
This is exactly the kind of coupling a fit call surfaces — in your codebase, not in the abstract.
Book a Fit Call →
01 / methodology
Domain-Driven Design Not folder names. The architecture of the business model itself.
Most "DDD codebases" I've inherited had folders named domain, application, infrastructure — and inside domain, anemic POJOs with getters, setters and Spring annotations.
I do it differently. Interfaces in the tree, classes at the edges. The domain is a tree of pure Java interfaces — no annotations, no frameworks, no transport concerns. Each leaf has exactly one implementation in exactly one infrastructure module.
Key points
Aggregate = consistency boundary, owns its invariants, exposes intent not stateValue Object = identity by value; Money, Quantity, IdentifierDomain Event = something that happened, named in business languageRepository / Store = a domain port; persistence lives in adapters, never in domain
Curious how this would land in your domain?
Book a Fit Call →
02 / methodology
Hexagonal Architecture Ports for what the domain needs. Adapters for the concrete tech.
The domain at the center. Ports are interfaces it declares — "I need to load an Asset by ID", "I need to emit an EligibilityDecided event". Adapters are implementations: Cosmos DB, Event Hubs, REST, gRPC, file system.
The practical payoff: decommissioning-safe leaf swaps . Retire a 10-year-old service without rewriting consumers.
Key points
Inbound ports define what the domain offers Outbound ports define what the domain requires No framework annotations in the domain — ever Composition root assembles the hexagon at startup
Curious how this would land in your domain?
Book a Fit Call →
03 / methodology
Event-Driven Systems Events as domain facts. Not transport details.
An event is something that happened in the business. OrderPlaced. AssetMarkedIneligible. PaymentSettled. Immutable, named in the language the business uses.
The transport — Azure Event Hubs, Kafka, RabbitMQ — is an adapter. Manual checkpointing, optimistic concurrency, idempotent handlers, retry with backoff via Resilience4j. These are operational concerns; the event itself doesn't know any of this.
Key points
Event Hubs with manual checkpointing for at-least-once + replay control Cosmos DB with optimistic concurrency for distributed state without locks Spring Cloud Stream as the binding layer; domain stays clean Blob Storage for streaming payloads and distributed locking
Curious how this would land in your domain?
Book a Fit Call →
04 / methodology
AI-Supervised Development Domain‑First is what makes AI safe. Architecture is the contract that constrains the agent.
I work with AI agents daily. I treat them like a fast junior who needs structure: clear domain boundaries, explicit interfaces, recipes for common moves. Give them those, and they accelerate everything. Skip them, and they generate plausible code that quietly corrupts the model.
Domain‑First is what makes AI work safely. When every plane of the system — Terraform structures, interface compositions, microservice orchestration, even the way a single network connection is opened — explicitly expresses the domain it sits in, the agent can't drift. There's nowhere to drift to . The model is the map.
Even the "technical" code is a domain. If the work is conversion, the domain is conversion — and around it sits a small cluster of value objects, validators, mappers that encapsulate logic and responsibility. That's the antidote to service-first: business logic doesn't pile up in one fat orchestrator, because every concern has its own little domain.
Key points
Every plane is a domain — Terraform modules, interface compositions, orchestration, network handling — all treated as domains with their own value objects and invariantsNo service-first leakage — even mappers and converters sit inside their own domain, with the surrounding objects that encapsulate logic and responsibilityDomain interfaces as the agent's read-only reference — the architecture itself is the prompt Refactor recipes documented as agent-readable specifications Diff review framed against the domain tree, not the file system Same workflow for solo work and team handoff
Curious how this would land in your domain?
Book a Fit Call →
05 / signature method
Layered Domain Encapsulation One DDD method, applied from physical infrastructure to a single method body.
The same encapsulation discipline scales. Each layer hides its internals and exposes only what the layer above actually consumes. Refactor inside any layer without breaking its consumers.
Design direction: Domain → Relationships → Needs → API . Understand the domain at the given layer. Map its relationships. From relationships, derive what is needed. Only then define the minimal API surface. Never the reverse.
Per-layer encapsulation contract
L0
Physical Infrastructure
Domain: machines + network topology. Exposes IP ranges, connectivity, capacity. Hides cabling, hardware specifics.
L1
Software Infrastructure
Domain: VMs + storage. Exposes identity, mount points, resource limits. Hides hypervisor config.
L2
Infra-as-Code
Domain: environment compositions. Exposes outputs dictated by consumers. Hides provider API calls.
L3
Runtime Agents
Domain: service mesh + secrets + scheduling. Exposes discovery, secret paths, job placement.
L4
Services
Domain: business capabilities. Exposes API endpoints, health, domain events.
L5
Domain Artifacts
Domain: aggregates, value objects, graphs. Exposes domain behaviors, queries.
L6
Methods
Domain: a single operation. Exposes result or effect. Hides algorithm.
Curious how this would land in your domain?
Book a Fit Call →
01 / banking-grade origins
OKAPI / PolishAPI — PSD2 platform Intive · Architect · 2018, 6 mo
The European PSD2 directive forced banks to expose public APIs. Our platform provided security, monitoring, load balancing and scalability for banks and payment providers like PayU and PayPal.
I was the architect — technology decisions, technical support during sales meetings, product presentations to the business. A short engagement, but a foundational one for understanding what "domain" actually means when the regulator is in the room.
Looking back: if I had then the awareness I have now, I would have designed the infrastructure and the service split very differently . With a properly maintained domain, the value compounds at every boundary — defining microservice responsibilities, locating business-critical atomic operations, choosing the right unit of scaling. Each layer is itself a domain: a Java method, a microservice call, a K8s pod inside a cluster, inside a VM, inside a cloud subscription at a financial provider, funded from a project in a department in a company operating in a regulated domain area.
Domain is everything
Every boundary is a domain. Java method → microservice → pod → cluster → VM → subscription → provider → project → team → business unit → regulated industry. Encode that recursion from day one and the infrastructure pain you ship to production goes asymptotic toward zero.
Key points
Architect role — technology decisions and architectural direction Technical support during sales meetings; product presentations to business stakeholders Banking-grade non-functional requirements: security, monitoring, scalability Multi-tenancy from day one — banks and fintechs sharing the platform Tech
J2EE Spring (Core, WebServices, Data, Security) REST Tomcat Jenkins K8s Docker Azure
Want a result like this in your own codebase?
Book a Fit Call →
02 / adoption inside legacy
RTM — asset ratings platform Capital Group via Luxoft · Senior Software Engineer · 2020 – 2023, 31 mo
A platform for asset ratings management at one of the world's largest asset managers. I joined as a senior engineer with one explicit mandate: promote DDD inside a working monolith .
The challenge was political as much as technical. Anemic JPA entities. Stored-procedure logic. Service classes that grew unbounded. Every refactor proposal had to make sense to a team that had shipped the system to production for years. This is where the method earned its political muscles — knowing when to refactor in place, when to extract, when to leave well enough alone.
Personally, RTM was also where exposure to reactive programming became a breakthrough moment in my understanding of DDD and encapsulation. Streams, backpressure, and the discipline of treating data flow as a first-class concern revealed how shallow my prior model was. Aggregates aren't just state — they're behavior, time and flow. That shift later became the foundation for the reactive pipeline in Ethereum Analyzer.
Key points
Monolith → microservices migration : design, analysis, incremental rolloutDDD adoption — aggregates, value objects, bounded contexts — inside an established teamCI/CD modernization : analysis of Bamboo limitations; promoting Jenkins as alternativeCustom API cache design and implementation; per-release performance optimization API design exposed to UI and other backend components Daily collaboration with business and supporting teams; release and production support Tech
Spring Hibernate Oracle Angular Jenkins REST
Want a result like this in your own codebase?
Book a Fit Call →
03 / pure-interface laboratory
Ethereum Blockchain Analyzer Pet project · Architect, Developer · Reactive pipeline
A blockchain analyzer where the pure domain module defines only behavioral interfaces — every infrastructure module implements them independently, with its own technology concerns. Strict downward-only dependencies. The domain doesn't know about Neo4j, Web3j or REST.
This is where the technique was honed in isolation, without legacy constraints or political negotiation. A laboratory for the interface-first idea that later got applied at production scale in ACES.
Key points
Rich aggregate model with self-persistence, strategy-based transaction classification, factory-pattern creation Chain-agnostic parent library — universal blockchain interfaces; eth-node is one chain-specific implementation Reactive pipeline with backpressure: live blockchain subscription → batch graph persistence → streaming REST API Modules with single concerns: domain · graph persistence · blockchain integration · REST · composition root Tech
Java 25 Spring Boot Spring WebFlux Project Reactor Neo4j Web3j Maven
Want a result like this in your own codebase?
Book a Fit Call →
04 / production at scale
ACES — financial asset eligibility UBS via Caspian One · Senior Software Engineer · 2023 – 2026, 37 mo
A platform coordinating asset eligibility decisions across multiple business domains using event-driven microservices on Azure. Distributed state, strict auditability, multiple counterparties.
ACES is where I first adapted Domain‑First thinking to the modeling of service domains — not just inside a class hierarchy, but across event flows, store abstractions and workflow orchestration that cross several bounded contexts. The laboratory ideas from Ethereum Analyzer, applied at production scale inside an investment bank. Domain‑First stopped being a personal preference and started being a load-bearing element of someone else's revenue.
Key points
Domain‑First hexagonal architecture with generic store abstractions and workflow orchestration driven by aggregatesAzure integration : Event Hubs with manual checkpointing, Cosmos DB with optimistic concurrency, Blob Storage for streaming and distributed lockingSecure API communication : OAuth2 per provider, mTLS where requiredTerraform IaC for all Azure resources; GitLab CI/CD with SonarQube and Fortify scansMulti-layer testing : Spock unit, Cucumber BDD acceptance, WireMock, Spring Cloud ContractTech
Java 17–25 Spring Boot 3.4 Spring Cloud Stream Azure Event Hubs Cosmos DB Blob Storage Terraform GitLab CI Spock Cucumber Docker Kubernetes
Want a result like this in your own codebase?
Book a Fit Call →
★ / complete instantiation
the-world Pet project · Architect, Developer · Live, evolving.
A single-node Proxmox homelab managed end-to-end with Terragrunt and Terraform, structured in three IaC layers — but the headline is not the tech stack. The headline is that the-world is a complete instantiation of Domain‑First thinking at every layer of the stack : code, model, MCP, infrastructure, observability, deployment.
The methodology and its scaffolding evolve together. As Domain‑First Rules matures, the-world refactors to match. As the-world reveals new edge cases, Domain‑First Rules grows new chapters. Each is the proof of the other.
Key points
Versioned central domain — the domain tree is a first-class artifact; Domain‑First Rules was birthed directly from it and grows with itDomain-segregated MCP — agents read a scoped, versioned ontology, not the whole repository. The domain decides what the agent seesLayer ↔ domain-tree hygiene — application layers (L0–L4) and the domain tree (L5–L6) stay clearly separated. No cross-leak, everBusiness-native metric placement — metrics live at domain nodes (not scattered in infrastructure), so the business sees what it cares about first Hot-spot detection in key domain nodes — performance and growth observed where it matters in business terms, not where the framework happens to expose countersDomain-driven scaling — technical metrics support domain metrics. The domain tells the infrastructure what to do, never the reverseTech
Terragrunt Terraform Proxmox VE Vault Consul Nomad Traefik MinIO Cloud-init ZFS MCP Domain‑First Rules
Want a result like this in your own codebase?
Book a Fit Call →
The contractor behind Codefreeze
Adrian Kremblewski 15+ years architecting and shipping systems where the domain has to stay legible.
Domain-First Solution Architect, based in Cracow. 15+ years of commercial work shipping production systems, most of it in financial services: investment banking on UBS ACES, wealth management on the Capital Group RTM platform, digital identity on HSBC DIVA, credit verification at Crif, and payment APIs on the PolishAPI / PSD2 platform at Intive. Domains where being wrong has consequences.
The constant across every project: the systems where the domain stayed visible kept paying off. The ones where business logic scattered into a service layer rotted. That's the thesis behind Codefreeze.
Key points
AGH University of Science and Technology — Applied Computer Science Active practitioner — currently shipping Java 25, Spring Boot 4.0.6, Azure, Terraform Personal R&D: the-world homelab + Domain‑First Rules manifesto Languages: Polish (native), English (B2, fluent in technical writing and meetings)
Wondering whether this fits your team?
Track record
How the methodology was born Different domains, same architectural problem.
Each engagement taught me a different angle of the same problem: how to keep the business model legible in code, even when the team turns over and the technology underneath shifts.
Key points
UBS / Caspian One — Senior Software Engineer · ACES, Azure event-driven (2023 – 2026, 37 mo)Capital Group / Luxoft — Senior Software Engineer · RTM ratings platform (2020 – 2023, 31 mo)HSBC / Vertex — Software Engineer · DIVA digital identity (2020, 3 mo)Sabre / Intive — Team Lead · AVRO revenue optimization (2019 – 2020, 8 mo)Crif / Intive — Delivery Manager / Team Lead · bONE financial verification (2018 – 2019, 10 mo)Intive — Architect / Team Lead · OKAPI / PolishAPI PSD2 platform (2018, 6 mo)TomTom / Intive — Scrum Master, Developer · regression testing, ground truth, API shims (2016 – 2018, 18 mo)UBS AG / Luxoft — Software Engineer · wealth management data, trading platform (2015 – 2016, 17 mo)Software Mind / CoreLogic — Developer · OneWorkflow, OneView, R3 (2011 – 2015, 45 mo)
Wondering whether this fits your team?
Book a Fit Call →
Toolbox
Stack, current Opinionated. Chosen for the same reason every time: it serves the domain. Nine SDLC stages plus one cross-cutting AI layer.
01 / PLAN
Discover the language. Distill the domain.
Domain Distillation · Event Storming · Bounded Contexts · Ubiquitous Language · Scrum · Kanban
02 / DESIGN
Model the verbs. Hide the framework.
draw.io · C4 · UML · Ant Design 6
03 / IMPLEMENT
Realize the model. Wire the libraries.
Java 25 · Spring Boot 4.0.6 · Python · TypeScript · React 19 · Spring Data · Hibernate · Project Reactor · Resilience4j
04 / BUILD
Build the artifact. Replay the recipe.
Maven · Hatch · Vite
05 / TEST
Prove the model. Probe the platform.
Spock 2.4 · Cucumber BDD · TestContainers · WireMock · Spring Cloud Contract · REST Assured · Playwright E2E · JUnit · Mockito
06 / SECURE
Sign every artifact. Scope every secret.
Spring Security · Vault · Keycloak · mTLS · OAuth2 · PKI · OIDC · NVD · SAST · SonarQube · Fortify
07 / SHIP
Promote the build. Roll back the failure.
GitLab CI · Jenkins · Terraform · Terragrunt · Helm · Kubernetes · Docker
08 / RUN
Run the domain. Herd the infrastructure.
Azure · AWS · Proxmox · Nomad · Consul · Traefik · REST · gRPC · Kafka · Azure Event Hubs · Spring Cloud Stream · Cosmos DB · PostgreSQL · TimescaleDB · Oracle · MongoDB · Neo4j · MinIO · Web3j · EVM
09 / OBSERVE
Track the outcomes. Trace the system.
LGTM Stack (Loki/Grafana/Tempo/Mimir) · Alloy · App Insights · AppDynamics · Splunk · Dynatrace
★ AUGMENT
Augment the architect. Constrain the agent.
Claude Code · OpenClaw · MCP · Skills · Cowork · Anthropic API
Wondering whether this fits your team?
Book a Fit Call →
good fit / qualification
When Domain‑First pays off Anywhere the surrounding domain actually shapes the work — not just fintech.
Domain‑First is not specific to a tech stack or a vertical. The discriminator is whether your context has enough coupling — between systems, regulations, market structure, organisational boundaries — that getting the model right is the leverage point.
The patterns below are recurring signals that it is.
Key points
A context with real coupling — across systems, regulations, market relationships or organisational boundaries — where getting the model right pays off A team or stakeholder willing to spend the first phase mapping the domain instead of jumping straight to implementation A legacy codebase or platform where the model has decayed and needs to be made legible again before any change is safe AI-augmented work where agents need a versioned, scoped context to act on — and someone has to define it first
Sounds like your situation? Let's confirm the fit.
Book a Fit Call →
poor fit / qualification
When Domain‑First adds weight Where upfront domain modeling costs more than it returns.
The same discipline that pays off in complex domains adds friction to simple ones. If the surrounding context is shallow, ephemeral, or already understood by everyone involved, the upfront mapping work costs more than it returns.
Better to recognise that early than to discover it after three months.
Key points
A domain shallow or short-lived enough that explicit modeling adds more weight than it removes A delivery mandate with no room for upfront discovery — "just ship, we will model it later" Short agency overflow or pure execution support with no architectural say In-house employee roles None of these is a hard "no". If your team is open to testing the assumption — whether the domain really is shallow, whether the delivery mandate really has no room for discovery — Shape 0 (Domain Hypothesis Sprint ) is the low-commitment way to find out. The brief stays with your team either way.
Not sure where you land? Send a quick note — I'll be honest about fit.
Send a note →
start here / fit check
Fit Call A short, free conversation to check we are a real fit — not a sales call.
I take one or two engagements at a time, so before anything paid we both check that Domain‑First is actually your leverage point. Fifteen to twenty minutes, no pitch.
You answer a few short questions first; they tell me whether your domain has the kind of coupling where getting the model right pays off. If it does, we talk; if it does not, you still leave with an honest read.
What it is
A mutual-fit gate, not a free consultation. "Not a fit" is a perfectly good, useful outcome for both of us.
How it works
Answer a few qualifying questions, then book a slot We talk through your domain, the coupling, and where the model is drifting If it fits, it leads into a Hypothesis Sprint or an Architecture Review Leads to → a Hypothesis Sprint or Architecture Review, if we are a fit.
Book a Fit Call →
shape 0 / hypothesis testing
Domain Hypothesis Sprint One to two weeks · ~5–10 MD. A low-commitment way to find out whether Domain‑First is your leverage point — before you spend more.
The shortest entry. Before committing to an Architecture Review, some teams need to validate whether Domain‑First is the leverage point at all. The Sprint is built for exactly that decision.
The output is a written brief — short enough to read in one sitting, concrete enough to act on. Even a "domain modeling is not where your leverage is" verdict leaves you with mapped assumptions and a clearer picture of where it is.
The promise
You walk away with a written hypothesis and an honest go/no‑go — "not a fit" is a valid, useful answer.
How it runs
Pre-work — read access to the codebase, architecture docs and ADRs; you line up 2–3 people who can speak the business Discovery — one to two focused 60–90 min sessions: surface the shared language and candidate domain boundaries; name the assumptions out loud Evidence — map two to three places where the model is drifting, each tied to a business cost; form the hypothesis Readout — one decision-grade conversation with leadership What's in the brief
01
Problem & hypothesis
a solution-agnostic problem statement and where Domain‑First would apply first, with a metric
02
Domain sketch
candidate bounded contexts and the shared language captured
03
Drift evidence
two to three hotspots, each tied to what it is costing you
04
Recommendation
Review / not-yet / not-a-fit, with reasoning
What I need from you: read access to the code · 2–3 domain experts for ~3 hours total · a named owner to make the go/no-go. · Leads to → Architecture Review, if the hypothesis holds.
Email about a Hypothesis Sprint →
shape 1 / discrete entry
Architecture Review Two to three weeks · ~10–15 MD. A written deliverable, not a deck.
I read the codebase, the domain, and the team's working reality. The deliverable is a written report — so the analysis survives the meeting and gets re-read months later.
Low commitment for both sides. If we go no further, you still walk away with a ranked, costed, reversible path you can hand to anyone.
The focus
Hotspots ranked by business cost; three to five leaf swaps as an options appraisal — including the cost of doing nothing.
How it runs
Read three layers — the code & infra (the model as it is, coupling and rot), the domain (knowledge-crunching with your experts), and how work actually flows Analyse & rank — current domain map, hotspots ranked by business cost, 3–5 reversible leaf swaps ordered by risk and value Write & present — the report, plus one decision-grade conversation with leadership What's in the report
01
Executive summary
state of the model → recommended path → the ask
02
Current domain map
aggregates, value objects and bounded contexts as they exist today
03
Hotspots, ranked by business cost
what each is costing you now
04
Recommended path
3–5 leaf swaps as an options appraisal, including a do-nothing baseline
05
Decision records
a short ADR per recommendation — the why survives
06
Business case
cost of inaction vs recommended vs do-nothing; refactor return / decommissioning cost
07
Risks & assumptions
a RAID list with owners
08
If we proceed
scope baseline, staged leaf-by-leaf plan with go/no-go gates, ownership by area
What I need from you: read access to code + infra + ADRs · your domain experts and 1–2 seniors · the budget envelope. · Leads to → Implementation, scoped from this report — never blind.
Email about an Architecture Review →
shape 2 / follow-on
Implementation Engagement Hands-on architect and senior developer. One client at a time · three to twelve months; effort sized per leaf after the Review.
Scope and duration are agreed after the Architecture Review — never blind. The work proceeds leaf-by-leaf, so every change is reversible and reviewable, and you steer it at every gate.
Domain interfaces become the agent's read-only contract; aggregates own their invariants; service classes shrink to thin orchestration over rich domain models.
The focus
Reversible at every step, governed at every gate, owned by your team at the end — no big-bang, no lock-in.
How it runs
Contract & setup — an SOW under an MSA: scope (in and out), acceptance criteria, pricing model, change-order; governance, gates, tolerances, RACI Leaf-by-leaf delivery — each leaf: ready → built behind the interface → verified (tests, reviewable diff) → promoted (safe cutover) → reported Gates — at each milestone: continue / adjust scope / stop, with the business case re-checked Close & handoff — the model lands in your repo; we confirm your seniors can maintain it solo What you own afterwards
→
The domain map & interfaces
the model, in your repo
→
Decision records (ADRs)
the why behind every significant change
→
Refactor recipes
reusable procedures your team repeats without me
→
Tests & runbooks
including safe-cutover runbooks for anything irreversible
→
Maintain-solo sign-off
the success bar: your seniors extend it without me
What I need from you: the signed-off Review + an agreed contract · scoped write access + a staging environment · a named sponsor and a domain owner per area. · This is the hands-on engagement — everything above leads here.
Email about an Implementation Engagement →