00 · The thesis · domain‑first

Freeze the domain.
Everything else stays liquid.

Domain is everything.

Codefreeze is a domain‑first studio for fintech architecture. I keep the business model legible — at every layer, from a single Java method to the cloud subscription — while frameworks, AI agents and the regulator keep changing underneath it.

Email about an Architecture Review See how an engagement starts
or message me on LinkedIn
01 / market

What's broken right now

Four chronic patterns I keep meeting in fintech — plus one specific to the AI era.

02 / discipline

The domain‑first method

Four principles. One method, scaled across every layer — code, MCP, infra, AI.

03 / journey

Where the method took shape

Five engagements across employment, contract roles and personal R&D — ordered by methodological depth, from banking-grade origins to a complete instantiation.

04 / contractor

Behind Codefreeze

Codefreeze is a one-person studio. Here's the engineer you'll actually be working with.

1 client
at a time · focused engagement
Hands-on
architect + developer
15+
years of experience
8
enterprise clients
Full-stack exp
Java · React · Python · IaC · Agents
Author
domain‑first methodology · 10-vol rules
05 / fit

Is this the right fit?

A senior architect taking one client at a time has to filter early. Honest about both sides.

06 / engagement

How an engagement starts

Three shapes from low-commitment validation to hands-on delivery. Click for what each one delivers.

07 / faq

Questions before the first email

The questions a skeptical senior asks first — answered straight.

Isn't Domain‑first just DDD with a new name?

It's built on DDD — Evans's philosophy is the foundation, and I won't pretend otherwise. The difference is what I do with it. DDD leaves the encoding to you; Domain‑first makes it executable and enforced: the domain is a tree of versioned Java interfaces, every concrete class exists only as a leaf at the edge, dependency direction is a rule, not a preference. And it doesn't stop at the code model — the same discipline runs from a single Java method through Terraform modules and service orchestration to how an AI agent is allowed to touch the system. DDD describes the model; Domain‑first turns it into the contract everything else, the AI included, has to obey.

When should a project adopt Domain‑first?

The earlier you start, the more you get: Domain‑first defines the shape and meaning of your objects before the applications that depend on them, so the apps grow out of the domain instead of the model being bolted on later. On a greenfield it's almost free — you build the core of objects and relationships first and carry no retrofit cost. A large or existing application adopts it gradually, interface by interface, area by area, each refined as far as that area has matured — never a big-bang rewrite. AI-driven projects need it first of all: from day one the interfaces fix the expected shape and definition of every object the domain and the apps share, so agents build inside the model instead of eroding it.

What survives when the framework or the regulator changes?

The domain. The whole point is to keep the business model legible while everything around it stays liquid. Frameworks, ORMs, wire formats and cloud services live in adapters at the edge — swap them and the domain doesn't move. A new regulation usually means a new interface that extends an old one, so existing code keeps running while the new rule is added beside it, not retrofitted into it. You change the thing that changed; the core you depend on survives untouched.

How do you keep AI agents from corrupting the model?

I give the agent the role of a domain expert and impose the domain on it. The domain isn't a prompt — it's a set of Domain‑first Java interfaces, and each one is earned: the output of a deep analysis of that area of the system, conducted by applying my Domain‑first Rules. Their detail tracks how far each area has grown — mature areas expose precise contracts, young ones stay coarse. Those interfaces are at once the agent's knowledge and its permission surface — it reasons inside them and can't invent past them.

Execution is real, not a sandbox toy. OpenClaw, backed by Claude, runs in an isolated VLAN with full access to the infrastructure described as IaC. The agent can actually operate the system — read the domain graph, generate a leaf, deploy it — but it's contained two ways: the network isolates it, and the interfaces decide what is allowed to exist.

What makes a migration or a decommission cheap?

Nothing depends on anything except the domain interface above it. Adapters and application services never import each other, so retiring a database, a service or a wire format is a leaf swap, not a coordination project — you replace the implementation behind the interface and every consumer keeps compiling. Because the model is a graph, the cost is countable in advance: leaves to move, consumers to update, data to migrate. Migrations stop being multi-month unknowns and become a list you can estimate.

Will my team maintain it after you leave?

The domain map, architectural decisions with rationale (ADRs), refactor recipes and test scaffolding — all in your repo and your team's hands. Domain‑first is judged by what your senior engineers can maintain solo after the engagement ends. If they cannot, the engagement failed.

Is it really a one‑person studio?

Yes. One senior architect and developer, one client at a time — the person who scopes the work is the person who writes the code. No juniors to train on your codebase, no offshore handoff, no account manager between you and the work. The trade-off is honest: I take one or two engagements at a time, so availability is the constraint, not capacity. What you get for it is continuity — the model in your repo was reasoned and built by the same head, end to end.

How do you invoice, and in what currency?

JDG (Polish sole-trader) B2B invoicing, monthly. In your operating currency. Engagement scope agreed after the Architecture Review.

What if you're unavailable partway through?

Fair worry, and the method is built to answer it. I work so the engagement is handoff-ready at every step — there's no load-bearing knowledge trapped in my head. The domain understanding is researched and written into the documents; the model is reflected in the interfaces; the next slice of work is already laid out in the plan; and every change sits in git as a small, reversible leaf with its own decision record. So if I'm unavailable, your own seniors — or any competent engineer — pick it up by reading, not by archaeology. It's the same property that makes the work yours with no lock-in: it was never dependent on me being in the room.

08 / contact

Let's talk

Codefreeze takes one or two senior engagements at a time. Email is the fastest path.

Domain is everything.
Architecture is what holds it together.

Open for senior B2B engagements: domain‑first architecture, DDD adoption, legacy untangling, fintech platforms.

email[email protected]
linkedinlinkedin.com/in/adriankremblewski
basedCracow, PL · remote
★ / the 2026 problem

The fundamental gap most engineering teams haven't named yet.

Most LLM agents working on production code have no central ground truth. They infer the domain from filenames, recent commits, and Stack Overflow patterns. Result: hallucinated context, semantic drift, broken contracts.

Each AI-assisted commit silently shifts what Order or Position means in the codebase. Six months later, the agent is generating code that compiles, passes tests, and slowly corrupts the model. Onboarding new humans takes longer than before AI.

Codefreeze answer
A compilable, versionable, decomposable domain model — a code-backed ontology that fills the bidirectional understanding gap between humans and LLMs.
Key points
Further reading
01 / market pain

The most common pattern I find in legacy fintech codebases.

Business logic doesn't live in domain entities — it lives in transactional service classes that grow forever. Every new requirement adds another method to OrderService, another null check, another orchestration step.

The cost: nobody can read the business model from the code anymore. New developers can't reason about what the system actually does. Every change ripples through unpredictable surfaces. Test coverage looks healthy and yet production keeps surprising you.

Codefreeze answer
Aggregates own their invariants. Service classes shrink to thin orchestration over rich domain models. Business logic becomes legible again — to humans and to AI agents.
Further reading
02 / market pain

The 2026 version of the previous problem.

AI agents accelerate implementation but degrade the model. They generate code that compiles, passes tests, and slowly turns the domain into a bag of utilities — because the agent has no opinion about what belongs where.

The cost: velocity now, opaque codebase six months later. The domain stops being legible. Onboarding takes longer than before AI. The team starts to distrust merged code.

Codefreeze answer
Domain interfaces become the agent's read-only contract. If proposed code doesn't compose with existing aggregates, it doesn't merge. Architecture becomes the prompt — and the merge filter.
Further reading
03 / market pain

Every modernization proposal turns into a rewrite proposal.

The team wants to modernize. The estimate keeps coming back the same: "we'd have to rewrite the whole thing." Reasonable — because business logic is fused with framework code, transport, and persistence. You can't move one without moving all.

The cost: cloud migrations that change deployment but not architecture. Year-long projects that ship the same monolith on Kubernetes. Sunk costs that grow with every quarter.

Codefreeze answer
Hexagonal architecture, applied as a retrofit. Ports for what the domain needs, adapters for the concrete tech. Replace one leaf at a time. Decommissioning-safe — retire a 10-year-old service without rewriting consumers.
Further reading
04 / market pain

Microservices that all break together.

The team split a monolith into microservices, but kept shared databases, synchronous calls, and entity-level coupling. Result: more services, same coupling, more failure modes. Deploys still need orchestration. A bug in service A still rolls back service B. Latency got worse.

The cost: all the operational tax of microservices, none of the autonomy. Teams end up afraid of their own architecture.

Codefreeze answer
Bounded contexts as the unit of separation — not entities. Events as the integration protocol. Each service owns its data and its part of the model. Real autonomy, not nominal microservices.
Further reading
01 / methodology

Not folder names. The architecture of the business model itself.

Most "DDD codebases" I've inherited had folders named domain, application, infrastructure — and inside domain, anemic POJOs with getters, setters and Spring annotations.

I do it differently. Interfaces in the tree, classes at the edges. The domain is a tree of pure Java interfaces — no annotations, no frameworks, no transport concerns. Each leaf has exactly one implementation in exactly one infrastructure module.

Key points
02 / methodology

Ports for what the domain needs. Adapters for the concrete tech.

The domain at the center. Ports are interfaces it declares — "I need to load an Asset by ID", "I need to emit an EligibilityDecided event". Adapters are implementations: Cosmos DB, Event Hubs, REST, gRPC, file system.

The practical payoff: decommissioning-safe leaf swaps. Retire a 10-year-old service without rewriting consumers.

Key points
03 / methodology

Events as domain facts. Not transport details.

An event is something that happened in the business. OrderPlaced. AssetMarkedIneligible. PaymentSettled. Immutable, named in the language the business uses.

The transport — Azure Event Hubs, Kafka, RabbitMQ — is an adapter. Manual checkpointing, optimistic concurrency, idempotent handlers, retry with backoff via Resilience4j. These are operational concerns; the event itself doesn't know any of this.

Key points
04 / methodology

Domain‑first is what makes AI safe. Architecture is the contract that constrains the agent.

I work with AI agents daily. I treat them like a fast junior who needs structure: clear domain boundaries, explicit interfaces, recipes for common moves. Give them those, and they accelerate everything. Skip them, and they generate plausible code that quietly corrupts the model.

Domain‑first is what makes AI work safely. When every plane of the system — Terraform structures, interface compositions, microservice orchestration, even the way a single network connection is opened — explicitly expresses the domain it sits in, the agent can't drift. There's nowhere to drift to. The model is the map.

Even the "technical" code is a domain. If the work is conversion, the domain is conversion — and around it sits a small cluster of value objects, validators, mappers that encapsulate logic and responsibility. That's the antidote to service-first: business logic doesn't pile up in one fat orchestrator, because every concern has its own little domain.

Key points
05 / signature method

One DDD method, applied from physical infrastructure to a single method body.

The same encapsulation discipline scales. Each layer hides its internals and exposes only what the layer above actually consumes. Refactor inside any layer without breaking its consumers.

Design direction: Domain → Relationships → Needs → API. Understand the domain at the given layer. Map its relationships. From relationships, derive what is needed. Only then define the minimal API surface. Never the reverse.

Per-layer encapsulation contract
L0
Physical Infrastructure
Domain: machines + network topology. Exposes IP ranges, connectivity, capacity. Hides cabling, hardware specifics.
L1
Software Infrastructure
Domain: VMs + storage. Exposes identity, mount points, resource limits. Hides hypervisor config.
L2
Infra-as-Code
Domain: environment compositions. Exposes outputs dictated by consumers. Hides provider API calls.
L3
Runtime Agents
Domain: service mesh + secrets + scheduling. Exposes discovery, secret paths, job placement.
L4
Services
Domain: business capabilities. Exposes API endpoints, health, domain events.
L5
Domain Artifacts
Domain: aggregates, value objects, graphs. Exposes domain behaviors, queries.
L6
Methods
Domain: a single operation. Exposes result or effect. Hides algorithm.
01 / banking-grade origins

Intive · Architect · 2018, 6 mo

The European PSD2 directive forced banks to expose public APIs. Our platform provided security, monitoring, load balancing and scalability for banks and payment providers like PayU and PayPal.

I was the architect — technology decisions, technical support during sales meetings, product presentations to the business. A short engagement, but a foundational one for understanding what "domain" actually means when the regulator is in the room.

Looking back: if I had then the awareness I have now, I would have designed the infrastructure and the service split very differently. With a properly maintained domain, the value compounds at every boundary — defining microservice responsibilities, locating business-critical atomic operations, choosing the right unit of scaling. Each layer is itself a domain: a Java method, a microservice call, a K8s pod inside a cluster, inside a VM, inside a cloud subscription at a financial provider, funded from a project in a department in a company operating in a regulated domain area.

Domain is everything
Every boundary is a domain. Java method → microservice → pod → cluster → VM → subscription → provider → project → team → business unit → regulated industry. Encode that recursion from day one and the infrastructure pain you ship to production goes asymptotic toward zero.
Key points
Tech
J2EESpring (Core, WebServices, Data, Security)RESTTomcatJenkinsK8sDockerAzure
02 / adoption inside legacy

Capital Group via Luxoft · Senior Software Engineer · 2020 – 2023, 31 mo

A platform for asset ratings management at one of the world's largest asset managers. I joined as a senior engineer with one explicit mandate: promote DDD inside a working monolith.

The challenge was political as much as technical. Anemic JPA entities. Stored-procedure logic. Service classes that grew unbounded. Every refactor proposal had to make sense to a team that had shipped the system to production for years. This is where the method earned its political muscles — knowing when to refactor in place, when to extract, when to leave well enough alone.

Personally, RTM was also where exposure to reactive programming became a breakthrough moment in my understanding of DDD and encapsulation. Streams, backpressure, and the discipline of treating data flow as a first-class concern revealed how shallow my prior model was. Aggregates aren't just state — they're behavior, time and flow. That shift later became the foundation for the reactive pipeline in Ethereum Analyzer.

Key points
Tech
SpringHibernateOracleAngularJenkinsREST
03 / pure-interface laboratory

Pet project · Architect, Developer · Reactive pipeline

A blockchain analyzer where the pure domain module defines only behavioral interfaces — every infrastructure module implements them independently, with its own technology concerns. Strict downward-only dependencies. The domain doesn't know about Neo4j, Web3j or REST.

This is where the technique was honed in isolation, without legacy constraints or political negotiation. A laboratory for the interface-first idea that later got applied at production scale in ACES.

Key points
Tech
Java 25Spring BootSpring WebFluxProject ReactorNeo4jWeb3jMaven
04 / production at scale

UBS via Caspian One · Senior Software Engineer · 2023 – 2026, 37 mo

A platform coordinating asset eligibility decisions across multiple business domains using event-driven microservices on Azure. Distributed state, strict auditability, multiple counterparties.

ACES is where I first adapted domain‑first thinking to the modeling of service domains — not just inside a class hierarchy, but across event flows, store abstractions and workflow orchestration that cross several bounded contexts. The laboratory ideas from Ethereum Analyzer, applied at production scale inside an investment bank. Domain‑first stopped being a personal preference and started being a load-bearing element of someone else's revenue.

Key points
Tech
Java 17–25Spring Boot 3.4Spring Cloud StreamAzure Event HubsCosmos DBBlob StorageTerraformGitLab CISpockCucumberDockerKubernetes
★ / complete instantiation

Pet project · Architect, Developer · Live, evolving.

A single-node Proxmox homelab managed end-to-end with Terragrunt and Terraform, structured in three IaC layers — but the headline is not the tech stack. The headline is that the-world is a complete instantiation of domain‑first thinking at every layer of the stack: code, model, MCP, infrastructure, observability, deployment.

The methodology and its scaffolding evolve together. As Domain‑first Rules matures, the-world refactors to match. As the-world reveals new edge cases, Domain‑first Rules grows new chapters. Each is the proof of the other.

Key points
Tech
TerragruntTerraformProxmox VEVaultConsulNomadTraefikMinIOCloud-initZFSMCPDomain‑first Rules
The contractor behind Codefreeze

15+ years architecting and shipping systems where the domain has to stay legible.

Senior platform architect, based in Cracow. 15+ years of commercial work shipping production systems, most of it in financial services: investment banking on UBS ACES, wealth management on the Capital Group RTM platform, digital identity on HSBC DIVA, credit verification at Crif, and payment APIs on the PolishAPI / PSD2 platform at Intive. Domains where being wrong has consequences.

The constant across every project: the systems where the domain stayed visible kept paying off. The ones where business logic scattered into a service layer rotted. That's the thesis behind Codefreeze.

Key points
Track record

Different domains, same architectural problem.

Each engagement taught me a different angle of the same problem: how to keep the business model legible in code, even when the team turns over and the technology underneath shifts.

Key points
Toolbox

Opinionated. Chosen for the same reason every time: it serves the domain. Nine SDLC stages plus one cross-cutting AI layer.

01 / PLAN
Discover the language. Distill the domain.
Domain Distillation · Event Storming · Bounded Contexts · Ubiquitous Language · Scrum · Kanban
02 / DESIGN
Model the verbs. Hide the framework.
draw.io · C4 · UML · Ant Design 6
03 / IMPLEMENT
Realize the model. Wire the libraries.
Java 25 · Spring Boot 4.0.6 · Python · TypeScript · React 19 · Spring Data · Hibernate · Project Reactor · Resilience4j
04 / BUILD
Build the artifact. Replay the recipe.
Maven · Hatch · Vite
05 / TEST
Prove the model. Probe the platform.
Spock 2.4 · Cucumber BDD · TestContainers · WireMock · Spring Cloud Contract · REST Assured · Playwright E2E · JUnit · Mockito
06 / SECURE
Sign every artifact. Scope every secret.
Spring Security · Vault · Keycloak · mTLS · OAuth2 · PKI · OIDC · NVD · SAST · SonarQube · Fortify
07 / SHIP
Promote the build. Roll back the failure.
GitLab CI · Jenkins · Terraform · Terragrunt · Helm · Kubernetes · Docker
08 / RUN
Run the domain. Herd the infrastructure.
Azure · AWS · Proxmox · Nomad · Consul · Traefik · REST · gRPC · Kafka · Azure Event Hubs · Spring Cloud Stream · Cosmos DB · PostgreSQL · TimescaleDB · Oracle · MongoDB · Neo4j · MinIO · Web3j · EVM
09 / OBSERVE
Track the outcomes. Trace the system.
LGTM Stack (Loki/Grafana/Tempo/Mimir) · Alloy · App Insights · AppDynamics · Splunk · Dynatrace
AUGMENT
Augment the architect. Constrain the agent.
Claude Code · OpenClaw · MCP · Skills · Cowork · Anthropic API
good fit / qualification

Anywhere the surrounding domain actually shapes the work — not just fintech.

Domain‑first is not specific to a tech stack or a vertical. The discriminator is whether your context has enough coupling — between systems, regulations, market structure, organisational boundaries — that getting the model right is the leverage point.

The patterns below are recurring signals that it is.

Key points
poor fit / qualification

Where upfront domain modeling costs more than it returns.

The same discipline that pays off in complex domains adds friction to simple ones. If the surrounding context is shallow, ephemeral, or already understood by everyone involved, the upfront mapping work costs more than it returns.

Better to recognise that early than to discover it after three months.

Key points
None of these is a hard "no". If your team is open to testing the assumption — whether the domain really is shallow, whether the delivery mandate really has no room for discovery — Shape 0 (Domain Hypothesis Sprint) is the low-commitment way to find out. The brief stays with your team either way.
shape 0 / hypothesis testing

One to two weeks · ~5–10 person-days. A low-commitment way to find out whether domain‑first is your leverage point — before you spend more.

The shortest entry. Before committing to an Architecture Review, some teams need to validate whether domain‑first is the leverage point at all. The Sprint is built for exactly that decision.

The output is a written brief — short enough to read in one sitting, concrete enough to act on. Even a "domain modeling is not where your leverage is" verdict leaves you with mapped assumptions and a clearer picture of where it is.

The promise
You walk away with a written hypothesis and an honest go/no‑go — "not a fit" is a valid, useful answer.
How it runs
What's in the brief
01
Problem & hypothesis
a solution-agnostic problem statement and where domain‑first would apply first, with a metric
02
Domain sketch
candidate bounded contexts and the shared language captured
03
Drift evidence
two to three hotspots, each tied to what it is costing you
04
Recommendation
Review / not-yet / not-a-fit, with reasoning
What I need from you: read access to the code · 2–3 domain experts for ~3 hours total · a named owner to make the go/no-go. · Leads to → Architecture Review, if the hypothesis holds.
shape 1 / discrete entry

Two to three weeks · ~10–15 person-days. A written deliverable, not a deck.

I read the codebase, the domain, and the team's working reality. The deliverable is a written report — so the analysis survives the meeting and gets re-read months later.

Low commitment for both sides. If we go no further, you still walk away with a ranked, costed, reversible path you can hand to anyone.

The focus
Hotspots ranked by business cost; three to five leaf swaps as an options appraisal — including the cost of doing nothing.
How it runs
What's in the report
01
Executive summary
state of the model → recommended path → the ask
02
Current domain map
aggregates, value objects and bounded contexts as they exist today
03
Hotspots, ranked by business cost
what each is costing you now
04
Recommended path
3–5 leaf swaps as an options appraisal, including a do-nothing baseline
05
Decision records
a short ADR per recommendation — the why survives
06
Business case
cost of inaction vs recommended vs do-nothing; refactor return / decommissioning cost
07
Risks & assumptions
a RAID list with owners
08
If we proceed
scope baseline, staged leaf-by-leaf plan with go/no-go gates, ownership by area
What I need from you: read access to code + infra + ADRs · your domain experts and 1–2 seniors · the budget envelope. · Leads to → Implementation, scoped from this report — never blind.
shape 2 / follow-on

Hands-on architect and senior developer. One client at a time · three to twelve months; effort sized per leaf after the Review.

Scope and duration are agreed after the Architecture Review — never blind. The work proceeds leaf-by-leaf, so every change is reversible and reviewable, and you steer it at every gate.

Domain interfaces become the agent's read-only contract; aggregates own their invariants; service classes shrink to thin orchestration over rich domain models.

The focus
Reversible at every step, governed at every gate, owned by your team at the end — no big-bang, no lock-in.
How it runs
What you own afterwards
The domain map & interfaces
the model, in your repo
Decision records (ADRs)
the why behind every significant change
Refactor recipes
reusable procedures your team repeats without me
Tests & runbooks
including safe-cutover runbooks for anything irreversible
Maintain-solo sign-off
the success bar: your seniors extend it without me
What I need from you: the signed-off Review + an agreed contract · scoped write access + a staging environment · a named sponsor and a domain owner per area. · This is the hands-on engagement — everything above leads here.