Note: Find more details about Capability-Centric Architecture in my article https://www.blogger.com/blog/post/edit/5119025/6960520952807955808.
INTRODUCTION
Capability-Centric Architecture represents a fundamental shift in how we design and structure software systems. Rather than organizing applications around technical layers or data models, this architectural approach structures systems around discrete business capabilities. Each capability encapsulates a specific business function with its own data, logic, and interfaces, creating a more modular and maintainable system.
The core philosophy behind Capability-Centric Architecture is that software should mirror the business domain it serves. When a business capability changes, the corresponding software capability should be the primary point of modification. This alignment reduces the cognitive load on developers and makes the system more adaptable to business evolution.
Understanding this architecture requires us to examine its fundamental building blocks, explore proven design patterns, and learn from common mistakes that teams make during implementation. This article provides a comprehensive guide to help you successfully adopt Capability-Centric Architecture in your projects.
FUNDAMENTAL CONSTITUENTS OF CAPABILITY-CENTRIC ARCHITECTURE
At the heart of Capability-Centric Architecture lies the concept of a capability itself. A capability represents a cohesive unit of business functionality that delivers value to users or other parts of the system. Unlike traditional layered architectures where functionality is scattered across presentation, business logic, and data access layers, a capability contains everything needed to fulfill its business purpose.
The first constituent is the Capability Interface. This defines how external consumers interact with the capability without exposing internal implementation details. The interface should be designed from the consumer's perspective, focusing on what the capability can do rather than how it does it.
Consider a simple example of an order processing capability. The interface might look like this:
public interface OrderProcessingCapability {
// Process a new customer order and return the order identifier
OrderResult processOrder(OrderRequest request);
// Retrieve the current status of an existing order
OrderStatus getOrderStatus(String orderId);
// Cancel an order if it hasn't been shipped yet
CancellationResult cancelOrder(String orderId, String reason);
}
Notice how this interface speaks in business terms. The method names describe business actions, not technical operations. The interface does not reveal whether orders are stored in a database, how they are validated, or what external systems might be involved. This encapsulation is crucial for maintaining flexibility.
The second constituent is the Capability Implementation. This contains all the business logic, rules, and workflows needed to fulfill the capability's purpose. The implementation should be cohesive, meaning all its parts work together toward the same business goal.
Here is a simplified implementation structure:
public class OrderProcessingCapabilityImpl implements OrderProcessingCapability {
private final OrderValidator validator;
private final InventoryService inventoryService;
private final PaymentService paymentService;
private final OrderRepository orderRepository;
public OrderProcessingCapabilityImpl(OrderValidator validator,
InventoryService inventoryService,
PaymentService paymentService,
OrderRepository orderRepository) {
this.validator = validator;
this.inventoryService = inventoryService;
this.paymentService = paymentService;
this.orderRepository = orderRepository;
}
@Override
public OrderResult processOrder(OrderRequest request) {
// Validate the order request against business rules
ValidationResult validationResult = validator.validate(request);
if (!validationResult.isValid()) {
return OrderResult.failure(validationResult.getErrors());
}
// Check inventory availability for all items
boolean itemsAvailable = inventoryService.checkAvailability(
request.getItems()
);
if (!itemsAvailable) {
return OrderResult.failure("Items not available");
}
// Process payment for the order
PaymentResult paymentResult = paymentService.processPayment(
request.getPaymentDetails(),
request.getTotalAmount()
);
if (!paymentResult.isSuccessful()) {
return OrderResult.failure("Payment failed");
}
// Create and persist the order
Order order = createOrderFromRequest(request, paymentResult);
Order savedOrder = orderRepository.save(order);
return OrderResult.success(savedOrder.getId());
}
// Additional methods omitted for brevity
}
This implementation demonstrates several important principles. First, dependencies are injected through the constructor, making the capability testable and flexible. Second, the business workflow is clearly expressed through sequential steps. Third, error conditions are handled explicitly and returned to the caller rather than using exceptions for control flow.
The third constituent is the Capability Data Model. Each capability owns its data and is responsible for maintaining its integrity. This data model should be designed to support the capability's specific needs rather than trying to serve multiple capabilities with a shared schema.
A simple data model for our order processing capability might include:
public class Order {
private String orderId;
private String customerId;
private LocalDateTime orderDate;
private OrderStatus status;
private List<OrderItem> items;
private Money totalAmount;
private PaymentInformation paymentInfo;
// Constructor ensures an order is always created in a valid state
public Order(String customerId, List<OrderItem> items,
PaymentInformation paymentInfo) {
this.orderId = generateOrderId();
this.customerId = requireNonNull(customerId);
this.orderDate = LocalDateTime.now();
this.status = OrderStatus.PENDING;
this.items = new ArrayList<>(requireNonNull(items));
this.paymentInfo = requireNonNull(paymentInfo);
this.totalAmount = calculateTotal(items);
}
// State transitions are controlled through methods
public void markAsPaid() {
if (this.status != OrderStatus.PENDING) {
throw new IllegalStateException(
"Only pending orders can be marked as paid"
);
}
this.status = OrderStatus.PAID;
}
// Private helper to calculate order total
private Money calculateTotal(List<OrderItem> items) {
return items.stream()
.map(OrderItem::getLineTotal)
.reduce(Money.ZERO, Money::add);
}
// Getters provide read access without exposing mutability
public String getOrderId() { return orderId; }
public OrderStatus getStatus() { return status; }
// Additional getters omitted for brevity
}
The data model encapsulates business rules within the domain objects themselves. The Order class ensures that orders are always created in a valid state and that state transitions follow business rules. This is a key principle of domain-driven design that aligns well with Capability-Centric Architecture.
The fourth constituent is the Capability Configuration. Each capability should be independently configurable, allowing different deployment scenarios without code changes. Configuration might include database connections, external service endpoints, timeout values, and feature flags.
A configuration class might look like this:
public class OrderProcessingConfiguration {
private final String databaseUrl;
private final int maxRetryAttempts;
private final Duration paymentTimeout;
private final boolean enableInventoryCheck;
// Configuration is immutable once created
public OrderProcessingConfiguration(String databaseUrl,
int maxRetryAttempts,
Duration paymentTimeout,
boolean enableInventoryCheck) {
this.databaseUrl = requireNonNull(databaseUrl);
this.maxRetryAttempts = validateRetryAttempts(maxRetryAttempts);
this.paymentTimeout = requireNonNull(paymentTimeout);
this.enableInventoryCheck = enableInventoryCheck;
}
private int validateRetryAttempts(int attempts) {
if (attempts < 0 || attempts > 10) {
throw new IllegalArgumentException(
"Retry attempts must be between 0 and 10"
);
}
return attempts;
}
public String getDatabaseUrl() { return databaseUrl; }
public int getMaxRetryAttempts() { return maxRetryAttempts; }
public Duration getPaymentTimeout() { return paymentTimeout; }
public boolean isInventoryCheckEnabled() { return enableInventoryCheck; }
}
Configuration objects should be immutable and validate their values during construction. This prevents invalid configurations from propagating through the system and causing runtime errors.
DESIGN PRINCIPLES FOR CAPABILITY-CENTRIC ARCHITECTURE
The first principle is Capability Autonomy. Each capability should be as self-contained as possible, minimizing dependencies on other capabilities. When a capability needs functionality from another capability, it should interact through well-defined interfaces rather than accessing internal implementation details.
This principle is illustrated in how our order processing capability interacts with inventory:
public interface InventoryService {
// Check if requested items are available in sufficient quantities
boolean checkAvailability(List<OrderItem> items);
// Reserve items for an order, preventing other orders from claiming them
ReservationResult reserveItems(List<OrderItem> items, String orderId);
// Release previously reserved items if an order is cancelled
void releaseReservation(String orderId);
}
The order processing capability does not know how inventory is stored, tracked, or managed. It only knows the contract defined by the interface. This allows the inventory capability to evolve independently as long as it maintains the contract.
The second principle is Single Responsibility at the Capability Level. Each capability should have one clear business purpose. When a capability starts handling multiple unrelated concerns, it becomes harder to understand, test, and modify. The boundaries between capabilities should follow natural business domain boundaries.
Consider the difference between a well-focused capability and an overly broad one. A focused capability might be called Customer Registration and handle only the process of creating new customer accounts. An overly broad capability might be called Customer Management and try to handle registration, profile updates, password resets, preference management, and customer support tickets. The latter violates single responsibility and should be split into multiple focused capabilities.
The third principle is Explicit Capability Contracts. The interface between capabilities should be explicitly defined and versioned. Changes to these contracts should be managed carefully to avoid breaking consumers. This is especially important in distributed systems where capabilities might be deployed independently.
A versioned interface might include version information in its design:
public interface OrderProcessingCapabilityV2 {
// Version 2 adds support for partial order fulfillment
OrderResult processOrder(OrderRequest request,
FulfillmentOptions options);
// Existing methods maintained for backward compatibility
OrderResult processOrder(OrderRequest request);
OrderStatus getOrderStatus(String orderId);
CancellationResult cancelOrder(String orderId, String reason);
}
When introducing breaking changes, consider maintaining both old and new versions of the interface temporarily to give consumers time to migrate. This is preferable to forcing all consumers to upgrade simultaneously.
The fourth principle is Capability Composability. Complex business processes often require multiple capabilities working together. The architecture should make it easy to compose capabilities into higher-level workflows without creating tight coupling.
A workflow coordinator might compose multiple capabilities:
public class OrderFulfillmentWorkflow {
private final OrderProcessingCapability orderCapability;
private final InventoryService inventoryService;
private final ShippingCapability shippingCapability;
private final NotificationCapability notificationCapability;
public OrderFulfillmentWorkflow(OrderProcessingCapability orderCapability,
InventoryService inventoryService,
ShippingCapability shippingCapability,
NotificationCapability notificationCapability) {
this.orderCapability = orderCapability;
this.inventoryService = inventoryService;
this.shippingCapability = shippingCapability;
this.notificationCapability = notificationCapability;
}
public FulfillmentResult fulfillOrder(OrderRequest request) {
// Step 1: Process the order
OrderResult orderResult = orderCapability.processOrder(request);
if (!orderResult.isSuccessful()) {
return FulfillmentResult.failure(
"Order processing failed: " + orderResult.getErrorMessage()
);
}
String orderId = orderResult.getOrderId();
// Step 2: Reserve inventory
ReservationResult reservation = inventoryService.reserveItems(
request.getItems(),
orderId
);
if (!reservation.isSuccessful()) {
orderCapability.cancelOrder(orderId, "Inventory unavailable");
return FulfillmentResult.failure("Inventory reservation failed");
}
// Step 3: Arrange shipping
ShippingResult shipping = shippingCapability.scheduleShipment(
orderId,
request.getShippingAddress()
);
if (!shipping.isSuccessful()) {
inventoryService.releaseReservation(orderId);
orderCapability.cancelOrder(orderId, "Shipping unavailable");
return FulfillmentResult.failure("Shipping arrangement failed");
}
// Step 4: Notify customer
notificationCapability.sendOrderConfirmation(
request.getCustomerId(),
orderId,
shipping.getTrackingNumber()
);
return FulfillmentResult.success(orderId, shipping.getTrackingNumber());
}
}
This workflow coordinates multiple capabilities but does not contain business logic itself. It orchestrates the sequence of operations and handles the coordination concerns like error recovery and compensation. Each capability remains focused on its own business purpose.
BEST PRACTICES FOR IMPLEMENTATION
One of the most important best practices is to design capability boundaries based on business domain analysis rather than technical considerations. Spend time understanding the business domain and identifying natural seams where capabilities can be separated. Engage with domain experts to understand which business functions are cohesive and which are independent.
When implementing capabilities, use dependency injection consistently. This makes capabilities testable and allows different implementations to be swapped based on context. For example, during testing you might use an in-memory implementation of a repository, while in production you use a database-backed implementation.
Here is an example of how dependency injection enables testing:
public class OrderProcessingCapabilityTest {
private OrderProcessingCapability capability;
private MockOrderRepository mockRepository;
private MockPaymentService mockPaymentService;
@Before
public void setup() {
// Create mock implementations for testing
mockRepository = new MockOrderRepository();
mockPaymentService = new MockPaymentService();
OrderValidator validator = new OrderValidator();
MockInventoryService mockInventory = new MockInventoryService();
// Inject mocks into the capability under test
capability = new OrderProcessingCapabilityImpl(
validator,
mockInventory,
mockPaymentService,
mockRepository
);
}
@Test
public void shouldCreateOrderWhenAllValidationsPass() {
// Arrange: Set up test data
OrderRequest request = createValidOrderRequest();
mockPaymentService.setNextResult(PaymentResult.success("PAY123"));
// Act: Execute the capability
OrderResult result = capability.processOrder(request);
// Assert: Verify the outcome
assertTrue(result.isSuccessful());
assertNotNull(result.getOrderId());
assertEquals(1, mockRepository.getSavedOrders().size());
}
@Test
public void shouldRejectOrderWhenPaymentFails() {
// Arrange: Configure payment to fail
OrderRequest request = createValidOrderRequest();
mockPaymentService.setNextResult(
PaymentResult.failure("Insufficient funds")
);
// Act: Execute the capability
OrderResult result = capability.processOrder(request);
// Assert: Verify failure handling
assertFalse(result.isSuccessful());
assertEquals("Payment failed", result.getErrorMessage());
assertEquals(0, mockRepository.getSavedOrders().size());
}
}
The test demonstrates how dependency injection allows us to substitute mock implementations that give us control over the test environment. We can simulate various scenarios including success cases and failure cases without requiring actual payment processing or database access.
Another best practice is to implement comprehensive error handling within capabilities. Errors should be handled at the appropriate level and communicated clearly to consumers. Avoid letting implementation details leak through error messages.
Consider this error handling approach:
public class OrderValidator {
public ValidationResult validate(OrderRequest request) {
List<String> errors = new ArrayList<>();
// Validate customer identifier
if (request.getCustomerId() == null ||
request.getCustomerId().trim().isEmpty()) {
errors.add("Customer identifier is required");
}
// Validate order items
if (request.getItems() == null || request.getItems().isEmpty()) {
errors.add("Order must contain at least one item");
} else {
for (int i = 0; i < request.getItems().size(); i++) {
OrderItem item = request.getItems().get(i);
if (item.getQuantity() <= 0) {
errors.add(
"Item at position " + i +
" has invalid quantity: " + item.getQuantity()
);
}
if (item.getUnitPrice().isNegative()) {
errors.add(
"Item at position " + i + " has negative price"
);
}
}
}
// Validate payment information
if (request.getPaymentDetails() == null) {
errors.add("Payment details are required");
}
// Return consolidated validation result
if (errors.isEmpty()) {
return ValidationResult.valid();
} else {
return ValidationResult.invalid(errors);
}
}
}
This validator collects all validation errors rather than failing on the first error. This provides better feedback to the consumer and reduces the number of round trips needed to correct all problems.
A third best practice is to maintain clear separation between the capability's public interface and its internal implementation. The public interface should remain stable while the internal implementation can evolve. This is achieved through careful design of data transfer objects and avoiding exposure of internal domain objects.
Here is an example of proper separation:
// Public interface uses DTOs (Data Transfer Objects)
public class OrderRequest {
private final String customerId;
private final List<OrderItemDTO> items;
private final PaymentDetailsDTO paymentDetails;
private final ShippingAddressDTO shippingAddress;
// Constructor and getters ensure immutability
public OrderRequest(String customerId,
List<OrderItemDTO> items,
PaymentDetailsDTO paymentDetails,
ShippingAddressDTO shippingAddress) {
this.customerId = customerId;
this.items = Collections.unmodifiableList(new ArrayList<>(items));
this.paymentDetails = paymentDetails;
this.shippingAddress = shippingAddress;
}
public String getCustomerId() { return customerId; }
public List<OrderItemDTO> getItems() { return items; }
public PaymentDetailsDTO getPaymentDetails() { return paymentDetails; }
public ShippingAddressDTO getShippingAddress() { return shippingAddress; }
}
The DTO objects used in the public interface are separate from the internal domain objects. This allows the internal domain model to evolve without affecting consumers. The conversion between DTOs and domain objects happens within the capability implementation.
A fourth best practice is implementing proper logging and observability within capabilities. Each capability should log significant business events and technical operations to support troubleshooting and monitoring.
Consider this logging approach:
public class OrderProcessingCapabilityImpl implements OrderProcessingCapability {
private static final Logger logger =
LoggerFactory.getLogger(OrderProcessingCapabilityImpl.class);
// Dependencies injected as before
@Override
public OrderResult processOrder(OrderRequest request) {
String customerId = request.getCustomerId();
logger.info("Processing order for customer: {}", customerId);
ValidationResult validationResult = validator.validate(request);
if (!validationResult.isValid()) {
logger.warn(
"Order validation failed for customer {}: {}",
customerId,
validationResult.getErrors()
);
return OrderResult.failure(validationResult.getErrors());
}
logger.debug(
"Checking inventory availability for {} items",
request.getItems().size()
);
boolean itemsAvailable = inventoryService.checkAvailability(
request.getItems()
);
if (!itemsAvailable) {
logger.warn(
"Inventory check failed for customer {}",
customerId
);
return OrderResult.failure("Items not available");
}
logger.debug("Processing payment for customer {}", customerId);
PaymentResult paymentResult = paymentService.processPayment(
request.getPaymentDetails(),
request.getTotalAmount()
);
if (!paymentResult.isSuccessful()) {
logger.error(
"Payment processing failed for customer {}: {}",
customerId,
paymentResult.getErrorMessage()
);
return OrderResult.failure("Payment failed");
}
Order order = createOrderFromRequest(request, paymentResult);
Order savedOrder = orderRepository.save(order);
logger.info(
"Successfully created order {} for customer {}",
savedOrder.getId(),
customerId
);
return OrderResult.success(savedOrder.getId());
}
}
The logging provides visibility into the capability's operation at different levels. Info level logs capture significant business events, warn level logs capture expected error conditions, and error level logs capture unexpected failures. Debug level logs provide detailed information useful during development and troubleshooting.
COMMON PITFALLS AND HOW TO AVOID THEM
The first major pitfall is creating capabilities that are too granular. When capabilities become too small, the system becomes fragmented and the overhead of managing interactions between capabilities outweighs the benefits of modularity. A capability should represent a meaningful business function, not just a single operation.
For example, splitting order processing into separate capabilities for validation, inventory checking, payment processing, and persistence would be too granular. These operations are all part of the cohesive process of creating an order and should remain together within the order processing capability.
The second pitfall is allowing capabilities to share data models directly. When multiple capabilities access the same database tables or share domain objects, they become tightly coupled. Changes to the data model affect multiple capabilities, making the system rigid and difficult to evolve.
Instead, each capability should own its data and expose it to other capabilities only through well-defined interfaces. If multiple capabilities need similar information, they should maintain their own copies and synchronize through events or API calls.
Here is an example of the wrong approach:
// WRONG: Capabilities sharing database access
public class OrderCapability {
private final Database sharedDatabase;
public void processOrder(OrderRequest request) {
// Directly accessing customer table owned by another capability
Customer customer = sharedDatabase.query(
"SELECT * FROM customers WHERE id = ?",
request.getCustomerId()
);
// This creates tight coupling to customer capability's data model
}
}
Here is the correct approach:
// CORRECT: Capabilities interact through interfaces
public class OrderCapability {
private final CustomerCapability customerCapability;
public void processOrder(OrderRequest request) {
// Request customer information through the capability interface
CustomerInfo customer = customerCapability.getCustomerInfo(
request.getCustomerId()
);
// The customer capability controls its data model
}
}
The correct approach maintains loose coupling. The order capability does not know how customer information is stored or managed. It only knows the contract for retrieving customer information.
The third pitfall is creating circular dependencies between capabilities. When capability A depends on capability B, and capability B depends on capability A, you have created a circular dependency that makes the system difficult to understand, test, and deploy.
Circular dependencies often indicate that capability boundaries are not well-defined. The solution is to refactor the capabilities to break the cycle. This might involve extracting shared functionality into a new capability, reversing one of the dependencies, or using events to decouple the capabilities.
Consider this problematic design:
// PROBLEMATIC: Circular dependency
public class OrderCapability {
private final ShippingCapability shippingCapability;
public void processOrder(OrderRequest request) {
// Order capability calls shipping capability
shippingCapability.arrangeShipment(request);
}
}
public class ShippingCapability {
private final OrderCapability orderCapability;
public void updateShipmentStatus(String shipmentId, String status) {
// Shipping capability calls back to order capability
orderCapability.updateOrderStatus(shipmentId, status);
}
}
This can be resolved using events:
// BETTER: Using events to break circular dependency
public class OrderCapability {
private final ShippingCapability shippingCapability;
private final EventBus eventBus;
public void processOrder(OrderRequest request) {
// Order capability calls shipping capability
shippingCapability.arrangeShipment(request);
// Subscribe to shipping events instead of being called directly
eventBus.subscribe(ShipmentStatusChanged.class, this::handleShipmentStatusChanged);
}
private void handleShipmentStatusChanged(ShipmentStatusChanged event) {
// Update order status based on shipping event
updateOrderStatus(event.getOrderId(), event.getNewStatus());
}
}
public class ShippingCapability {
private final EventBus eventBus;
public void updateShipmentStatus(String shipmentId, String status) {
// Publish event instead of calling order capability directly
eventBus.publish(new ShipmentStatusChanged(shipmentId, status));
}
}
The event-based approach breaks the circular dependency. The shipping capability publishes events about status changes without knowing who will consume them. The order capability subscribes to these events and updates itself accordingly.
The fourth pitfall is neglecting to version capability interfaces. When you change a capability's interface without versioning, you risk breaking all consumers. This is especially problematic in distributed systems where capabilities and their consumers might be deployed independently.
A versioning strategy should be established from the beginning:
// Version 1 of the interface
public interface PaymentCapabilityV1 {
PaymentResult processPayment(String customerId, Money amount);
}
// Version 2 adds support for multiple payment methods
public interface PaymentCapabilityV2 {
PaymentResult processPayment(String customerId,
Money amount,
PaymentMethod method);
// Maintain V1 method for backward compatibility
default PaymentResult processPayment(String customerId, Money amount) {
return processPayment(customerId, amount, PaymentMethod.DEFAULT);
}
}
By maintaining both versions of the interface, you give consumers time to migrate to the new version without forcing immediate changes.
The fifth pitfall is implementing business logic in workflow coordinators. Coordinators should orchestrate capabilities but should not contain business rules themselves. Business logic belongs within capabilities where it can be properly tested and maintained.
Here is an example of the wrong approach:
// WRONG: Business logic in coordinator
public class OrderWorkflow {
public void processOrder(OrderRequest request) {
// Coordinator contains business rule about discounts
if (request.getTotalAmount().isGreaterThan(Money.of(100))) {
Money discount = request.getTotalAmount().multiply(0.1);
request.applyDiscount(discount);
}
orderCapability.processOrder(request);
}
}
Here is the correct approach:
// CORRECT: Business logic in capability
public class OrderCapability {
private final DiscountPolicy discountPolicy;
public OrderResult processOrder(OrderRequest request) {
// Capability applies business rules
Money discount = discountPolicy.calculateDiscount(request);
OrderRequest discountedRequest = request.withDiscount(discount);
// Continue with order processing
return processOrderInternal(discountedRequest);
}
}
public class OrderWorkflow {
public void processOrder(OrderRequest request) {
// Coordinator just orchestrates
orderCapability.processOrder(request);
}
}
The business rule about discounts is now properly encapsulated within the order capability where it can be tested and modified independently of the workflow coordination logic.
ADVANCED CONSIDERATIONS
As systems grow, you may need to consider how capabilities communicate in distributed environments. When capabilities are deployed as separate services, synchronous communication through direct method calls is no longer possible. You need to choose between synchronous communication through HTTP APIs and asynchronous communication through message queues or event streams.
Synchronous communication is simpler to implement and reason about but creates temporal coupling. The calling capability must wait for the called capability to respond, and if the called capability is unavailable, the operation fails immediately.
Here is an example of synchronous communication:
public class OrderCapabilityClient implements OrderCapability {
private final HttpClient httpClient;
private final String orderServiceUrl;
public OrderCapabilityClient(HttpClient httpClient, String orderServiceUrl) {
this.httpClient = httpClient;
this.orderServiceUrl = orderServiceUrl;
}
@Override
public OrderResult processOrder(OrderRequest request) {
try {
// Convert request to JSON
String requestJson = toJson(request);
// Make HTTP POST request to order service
HttpResponse response = httpClient.post(
orderServiceUrl + "/orders",
requestJson,
"application/json"
);
// Parse response
if (response.getStatusCode() == 200) {
OrderResult result = fromJson(response.getBody(), OrderResult.class);
return result;
} else {
return OrderResult.failure(
"Service returned status: " + response.getStatusCode()
);
}
} catch (IOException e) {
// Handle communication failure
return OrderResult.failure(
"Failed to communicate with order service: " + e.getMessage()
);
}
}
}
This client implementation allows other capabilities to interact with the order capability through HTTP even when they are deployed separately. The interface remains the same, but the implementation uses HTTP instead of direct method calls.
Asynchronous communication through events provides better decoupling but introduces complexity in tracking the state of operations and handling failures. Events are particularly useful for notifying multiple capabilities about something that has happened without creating direct dependencies.
Here is an example of event-based communication:
public class OrderCapability {
private final EventPublisher eventPublisher;
public OrderResult processOrder(OrderRequest request) {
// Process the order
Order order = createAndSaveOrder(request);
// Publish event to notify interested parties
OrderCreatedEvent event = new OrderCreatedEvent(
order.getId(),
order.getCustomerId(),
order.getTotalAmount(),
order.getOrderDate()
);
eventPublisher.publish(event);
return OrderResult.success(order.getId());
}
}
public class InventoryCapability {
// Subscribe to order events
@EventHandler
public void handleOrderCreated(OrderCreatedEvent event) {
// Reserve inventory when an order is created
reserveInventoryForOrder(event.getOrderId());
}
}
public class NotificationCapability {
// Also subscribe to the same event
@EventHandler
public void handleOrderCreated(OrderCreatedEvent event) {
// Send confirmation email when an order is created
sendOrderConfirmation(event.getCustomerId(), event.getOrderId());
}
}
The event-based approach allows the order capability to notify multiple other capabilities without knowing who they are or what they will do with the information. This provides excellent decoupling but requires infrastructure for reliable event delivery and handling.
Another advanced consideration is how to handle transactions that span multiple capabilities. In a monolithic application, you might use database transactions to ensure consistency. In a distributed system with multiple capabilities, distributed transactions are often impractical due to their complexity and performance impact.
The solution is to use the Saga pattern, where a long-running transaction is broken into a series of local transactions, each with a compensating transaction that can undo its effects if something goes wrong later.
Here is a simplified saga implementation:
public class OrderFulfillmentSaga {
private final OrderCapability orderCapability;
private final InventoryCapability inventoryCapability;
private final PaymentCapability paymentCapability;
public SagaResult execute(OrderRequest request) {
String orderId = null;
String reservationId = null;
String paymentId = null;
try {
// Step 1: Create order
OrderResult orderResult = orderCapability.createOrder(request);
if (!orderResult.isSuccessful()) {
return SagaResult.failure("Order creation failed");
}
orderId = orderResult.getOrderId();
// Step 2: Reserve inventory
ReservationResult reservation = inventoryCapability.reserveItems(
request.getItems(),
orderId
);
if (!reservation.isSuccessful()) {
// Compensate: Cancel the order
orderCapability.cancelOrder(orderId);
return SagaResult.failure("Inventory reservation failed");
}
reservationId = reservation.getReservationId();
// Step 3: Process payment
PaymentResult payment = paymentCapability.processPayment(
request.getCustomerId(),
request.getTotalAmount()
);
if (!payment.isSuccessful()) {
// Compensate: Release inventory and cancel order
inventoryCapability.releaseReservation(reservationId);
orderCapability.cancelOrder(orderId);
return SagaResult.failure("Payment processing failed");
}
paymentId = payment.getPaymentId();
// All steps successful
orderCapability.confirmOrder(orderId);
return SagaResult.success(orderId);
} catch (Exception e) {
// Compensate for any unexpected failures
if (paymentId != null) {
paymentCapability.refundPayment(paymentId);
}
if (reservationId != null) {
inventoryCapability.releaseReservation(reservationId);
}
if (orderId != null) {
orderCapability.cancelOrder(orderId);
}
return SagaResult.failure("Unexpected error: " + e.getMessage());
}
}
}
The saga coordinates multiple capabilities and ensures that if any step fails, previous steps are compensated. This maintains consistency without requiring distributed transactions.
TESTING STRATEGIES FOR CAPABILITY-CENTRIC ARCHITECTURE
Testing capabilities requires a multi-layered approach. Unit tests verify individual components within a capability. Integration tests verify that the capability works correctly with its dependencies. Contract tests verify that the capability's interface meets consumer expectations.
Unit tests should focus on business logic and use mock implementations of dependencies:
public class OrderValidatorTest {
private OrderValidator validator;
@Before
public void setup() {
validator = new OrderValidator();
}
@Test
public void shouldAcceptValidOrder() {
OrderRequest request = OrderRequest.builder()
.customerId("CUST123")
.addItem(new OrderItemDTO("PROD1", 2, Money.of(10)))
.paymentDetails(createValidPaymentDetails())
.build();
ValidationResult result = validator.validate(request);
assertTrue(result.isValid());
assertTrue(result.getErrors().isEmpty());
}
@Test
public void shouldRejectOrderWithoutCustomerId() {
OrderRequest request = OrderRequest.builder()
.customerId(null)
.addItem(new OrderItemDTO("PROD1", 2, Money.of(10)))
.paymentDetails(createValidPaymentDetails())
.build();
ValidationResult result = validator.validate(request);
assertFalse(result.isValid());
assertTrue(result.getErrors().contains("Customer identifier is required"));
}
@Test
public void shouldRejectOrderWithNegativeQuantity() {
OrderRequest request = OrderRequest.builder()
.customerId("CUST123")
.addItem(new OrderItemDTO("PROD1", -1, Money.of(10)))
.paymentDetails(createValidPaymentDetails())
.build();
ValidationResult result = validator.validate(request);
assertFalse(result.isValid());
assertTrue(result.getErrors().stream()
.anyMatch(error -> error.contains("invalid quantity")));
}
}
Integration tests verify that the capability works correctly with real implementations of its dependencies:
public class OrderCapabilityIntegrationTest {
private OrderCapability capability;
private TestDatabase database;
@Before
public void setup() {
// Use a real database for integration testing
database = new TestDatabase();
database.initialize();
OrderRepository repository = new DatabaseOrderRepository(database);
OrderValidator validator = new OrderValidator();
InventoryService inventory = new RealInventoryService(database);
PaymentService payment = new RealPaymentService();
capability = new OrderProcessingCapabilityImpl(
validator,
inventory,
payment,
repository
);
}
@After
public void teardown() {
database.cleanup();
}
@Test
public void shouldPersistOrderToDatabase() {
OrderRequest request = createValidOrderRequest();
OrderResult result = capability.processOrder(request);
assertTrue(result.isSuccessful());
// Verify order was persisted
Order savedOrder = database.queryOrder(result.getOrderId());
assertNotNull(savedOrder);
assertEquals(request.getCustomerId(), savedOrder.getCustomerId());
}
}
Contract tests verify that the capability's interface meets the expectations of its consumers. These tests are particularly important when capabilities are developed by different teams:
public class OrderCapabilityContractTest {
private OrderCapability capability;
@Before
public void setup() {
capability = createCapabilityUnderTest();
}
@Test
public void contractShouldReturnOrderIdOnSuccess() {
OrderRequest request = createValidOrderRequest();
OrderResult result = capability.processOrder(request);
// Contract: Successful result must include order ID
assertTrue(result.isSuccessful());
assertNotNull(result.getOrderId());
assertFalse(result.getOrderId().isEmpty());
}
@Test
public void contractShouldReturnErrorMessageOnFailure() {
OrderRequest request = createInvalidOrderRequest();
OrderResult result = capability.processOrder(request);
// Contract: Failed result must include error message
assertFalse(result.isSuccessful());
assertNotNull(result.getErrorMessage());
assertFalse(result.getErrorMessage().isEmpty());
}
@Test
public void contractShouldHandleNullRequestGracefully() {
// Contract: Capability should not throw exception for null input
try {
OrderResult result = capability.processOrder(null);
assertFalse(result.isSuccessful());
} catch (Exception e) {
fail("Capability should handle null request without throwing exception");
}
}
}
These contract tests define the expected behavior of the capability's interface. They serve as documentation of the contract and ensure that changes to the implementation do not violate consumer expectations.
MONITORING AND OBSERVABILITY
Effective monitoring is essential for operating capability-centric systems. Each capability should expose metrics about its operation, including request rates, error rates, latency, and business-specific metrics.
Here is an example of instrumented capability code:
public class OrderProcessingCapabilityImpl implements OrderProcessingCapability {
private static final Logger logger =
LoggerFactory.getLogger(OrderProcessingCapabilityImpl.class);
private final MetricsCollector metrics;
@Override
public OrderResult processOrder(OrderRequest request) {
long startTime = System.currentTimeMillis();
try {
// Increment request counter
metrics.incrementCounter("order.processing.requests");
// Process the order
OrderResult result = processOrderInternal(request);
// Record metrics based on outcome
if (result.isSuccessful()) {
metrics.incrementCounter("order.processing.success");
metrics.recordValue(
"order.amount",
request.getTotalAmount().getValue()
);
} else {
metrics.incrementCounter("order.processing.failure");
metrics.incrementCounter(
"order.processing.failure." + result.getFailureReason()
);
}
return result;
} finally {
// Record processing duration
long duration = System.currentTimeMillis() - startTime;
metrics.recordDuration("order.processing.duration", duration);
}
}
}
The metrics provide visibility into the capability's behavior in production. You can track how many orders are being processed, how many succeed or fail, what the common failure reasons are, and how long processing takes.
Health checks are another important aspect of observability. Each capability should expose a health check endpoint that indicates whether it is functioning correctly:
public class OrderCapabilityHealthCheck implements HealthCheck {
private final OrderRepository repository;
private final PaymentService paymentService;
@Override
public HealthStatus check() {
List<String> issues = new ArrayList<>();
// Check database connectivity
try {
repository.healthCheck();
} catch (Exception e) {
issues.add("Database connectivity issue: " + e.getMessage());
}
// Check payment service availability
try {
paymentService.healthCheck();
} catch (Exception e) {
issues.add("Payment service unavailable: " + e.getMessage());
}
// Return health status
if (issues.isEmpty()) {
return HealthStatus.healthy();
} else {
return HealthStatus.unhealthy(issues);
}
}
}
Health checks allow monitoring systems to detect when a capability is not functioning correctly and alert operators or automatically take corrective action.
MIGRATION STRATEGIES
Migrating an existing system to Capability-Centric Architecture is a significant undertaking that should be approached incrementally. The strangler fig pattern is an effective strategy where you gradually replace parts of the old system with new capabilities while keeping the system operational.
Start by identifying a capability that is relatively independent and has clear boundaries. Implement this capability in the new architecture while keeping the rest of the system unchanged. Use an adapter to integrate the new capability with the existing system:
public class OrderProcessingAdapter {
private final OrderCapability newCapability;
private final LegacyOrderSystem legacySystem;
private final FeatureToggle featureToggle;
public OrderResult processOrder(OrderRequest request) {
// Use feature toggle to gradually migrate traffic
if (featureToggle.isEnabled("use-new-order-capability")) {
return newCapability.processOrder(request);
} else {
return legacySystem.processOrder(request);
}
}
}
The adapter allows you to route some traffic to the new capability while keeping the legacy system as a fallback. You can gradually increase the percentage of traffic going to the new capability as you gain confidence in its correctness.
Once the first capability is successfully migrated, repeat the process for other capabilities. Over time, the legacy system shrinks until it can be completely retired.
CONCLUSION
Capability-Centric Architecture offers significant benefits for building maintainable and evolvable software systems. By organizing code around business capabilities rather than technical layers, you create a system that is easier to understand, modify, and scale.
The key to success is careful design of capability boundaries based on business domain analysis. Each capability should have a single clear purpose, a well-defined interface, and ownership of its data. Capabilities should be autonomous but composable, allowing complex workflows to be built from simpler building blocks.
Common pitfalls include creating capabilities that are too granular, allowing capabilities to share data models, creating circular dependencies, and neglecting to version interfaces. These can be avoided through careful design and adherence to principles of loose coupling and high cohesion.
Testing, monitoring, and observability are essential for operating capability-centric systems successfully. Each capability should be thoroughly tested at multiple levels and instrumented to provide visibility into its operation.
Migration to Capability-Centric Architecture should be approached incrementally using patterns like the strangler fig. This allows you to gain the benefits of the new architecture while managing risk and maintaining system stability.
By following the best practices and avoiding the pitfalls described in this article, you can successfully implement Capability-Centric Architecture and create software systems that are more aligned with business needs and more adaptable to change.
