Stats
Actions
Tags
From verified-development
DDD for TypeScript: ubiquitous language, value objects, entities, aggregates, domain events.
How this skill is triggered — by the user, by Claude, or both
Slash command
/verified-development:domain-driven-designThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill applies only to projects that have opted in to DDD. Do not apply these patterns to projects that use a different approach.
This skill applies only to projects that have opted in to DDD. Do not apply these patterns to projects that use a different approach.
For hexagonal architecture (ports and adapters), load the hexagonal-architecture skill. DDD and hexagonal architecture are complementary but independent — a project may use one without the other.
If the folder-structure skill has been explicitly applied to this project, follow its protected-domain-core layout and lint/import-boundary rules for DDD/hex contexts. Do not introduce those physical folder or lint rules into projects that have not applied folder-structure; in that case, preserve the repo's existing structure while keeping domain logic isolated.
Deep-dive resources are in the resources/ directory. Load them on demand:
| Resource | Load when... |
|---|---|
aggregate-design.md | Designing or splitting aggregates, sizing questions, optimistic locking |
domain-services.md | Unsure if logic is a domain service vs use case, naming conventions |
domain-events.md | Cross-aggregate coordination, Decider pattern, event dispatch (outbox), process managers |
bounded-contexts.md | Drawing context boundaries, integrating with external systems (ACL), context mapping |
error-modeling.md | Deciding between result types and exceptions, error propagation |
testing-by-layer.md | Writing tests for DDD code, property-based testing for invariants |
For authoritative sources, see ../REFERENCES.md.
DDD adds value for complex domains with rich business rules. Not every project needs it.
Use DDD when:
Don't use DDD when:
Start simple and evolve: Begin with ubiquitous language (glossary) and value objects. Add aggregates, domain events, and bounded contexts only when the domain demands it. Your first model will be wrong — that's fine. The goal is to learn quickly and refactor toward deeper insight.
The code must speak the language of the domain. Every type, function, variable, and test name must use terms from the project's ubiquitous language (glossary). If a concept doesn't have a domain term, that's a modeling gap to discuss with stakeholders — not something to paper over with technical jargon.
Domain models evolve. The first model is never the final model. As understanding deepens through conversations with domain experts and building working software, the model should change — types get renamed, aggregates get split or merged, new concepts emerge. This is expected and ideal. A model that never changes is either perfect (unlikely) or stagnant (the team stopped learning). TDD and behavioral tests make this evolution safe — rename a concept, update the glossary, and the tests tell you what needs to change.
This is the most common decision in DDD. When unsure, use this framework:
The domain/ locations below are logical placement guidance. If folder-structure has been applied, prefer its context-first protected core shape, such as src/<bounded-context>/domain/ plus its lint boundary rules. If it has not been applied, adapt to the existing repo structure instead of reorganizing purely to match that layout.
| Question | If yes → | If no ↓ |
|---|---|---|
| Does it enforce a business rule or compute a business value? | domain/ (entity function, value object, or domain service) | ↓ |
| Does it orchestrate multiple domain operations without owning logic? | Use case / application service | ↓ |
| Does it format, transform, or prepare data for display? | lib/ or inline in the view | ↓ |
| Does it talk to an external system (DB, API, file system)? | Adapter (implements a port defined in domain) | ↓ |
| Is it framework-specific glue (route handler, middleware)? | Delivery layer (app/) | — |
The purity test is necessary but not sufficient. A pure function that formats a date for display does not belong in domain/ just because it's pure. The question is always: "Is this a business rule?"
// ❌ Pure but NOT domain — formats for human display
export const formatEventDate = (date: string | null) =>
date ? format(parseISO(date), "MMMM d, yyyy") : undefined;
// → Belongs in lib/format.ts
// ✅ Pure AND domain — business rule that affects behavior
export const isPastEvent = (eventDate: string | null, now: Date) =>
eventDate ? parseISO(eventDate) < now : false;
// → Belongs in domain/event/
// ✅ Pure AND domain — business calculation
export const calculateCommittedTotal = (items: readonly GiftItem[]) =>
items.filter(i => i.status !== "idea").reduce((sum, i) => sum + i.pricePence, 0);
// → Belongs in domain/budget/
Why placement matters: domain/ files typically have strict coverage requirements and zero infrastructure imports. Putting code in the wrong layer creates unnecessary testing obligations and architectural violations.
When folder-structure has been applied, domain isolation should also be enforced mechanically with its import-boundary lint rules.
DDD projects must maintain a glossary file that defines all domain terms. This is the single source of truth for naming. The glossary evolves as the model evolves — when the team discovers a better name or splits a concept, update the glossary first and let the code follow.
For projects with multiple bounded contexts, organize by context. The same term may have different definitions in different contexts — this is correct, not a bug.
## Gifting Context
| Term | Definition | Examples |
|------|-----------|----------|
| Occasion | A gift-giving event (birthday, holiday) | "Mum's Birthday", "Christmas 2026" |
| Gift Idea | A potential gift for an occasion | "Cookbook", "Scarf" |
| Contribution | Money pledged toward a gift | "£25 from Dad" |
## Notifications Context
| Term | Definition | Examples |
|------|-----------|----------|
| Occasion | An upcoming event that may trigger reminders | (same events, different concern) |
| Recipient | The person being gifted — target of reminder scheduling | "Mum" |
type and interface names must use glossary terms// ✅ Uses domain language
type GiftIdea = {
readonly id: GiftIdeaId;
readonly description: string;
readonly occasion: OccasionId;
readonly estimatedCost: Money;
};
// ❌ Technical jargon
type Item = { readonly id: string; readonly text: string; readonly parentId: string; };
Immutable, identity-less, compared by their attributes (not by reference). Represent domain concepts defined by their attributes. Two Money values with the same amount and currency are equal — value objects have no identity.
type Currency = 'GBP' | 'USD' | 'EUR';
type Money = { readonly amount: number; readonly currency: Currency };
const createMoney = (amount: number, currency: Currency): Money => {
if (amount < 0) throw new Error('Money cannot be negative');
return { amount, currency };
};
// Factory throws = invariant violation (a bug in calling code).
// Schemas catch invalid user input at trust boundaries BEFORE
// the factory is called. If the factory throws, something
// bypassed the schema.
For value objects crossing trust boundaries (API input, form data), use Zod schemas. For domain-internal value objects, plain types + factory functions suffice. See the typescript-strict skill for schema-first patterns.
Zod-to-branded-type bridging — parse raw input into branded domain types at trust boundaries:
// Schema at trust boundary — parses raw strings into branded types
const PledgeInputSchema = z.object({
occasionId: z.string().min(1).transform(createOccasionId),
contributorId: z.string().min(1).transform(createContributorId),
amount: z.object({ amount: z.number().positive(), currency: CurrencySchema }),
});
// Reconstitution from persistence — same pattern, used in driven adapters
const toOccasion = (row: OccasionRow): Occasion => ({
id: createOccasionId(row.id),
name: row.name,
budget: createMoney(row.budgetAmount, parseCurrency(row.budgetCurrency)),
totalPledged: createMoney(row.pledgedAmount, parseCurrency(row.budgetCurrency)),
isFundingClosed: row.isFundingClosed,
});
Reconstitution (rebuilding domain objects from DB rows) uses the same factory functions as creation. The factory validates, so invalid persisted data is caught on read rather than silently corrupting the domain.
Prevent accidental swapping of primitives at compile time. Use for entity IDs and single-value value objects. Always provide a factory function — raw strings become branded types only through validation:
type OccasionId = string & { readonly __brand: 'OccasionId' };
type GiftIdeaId = string & { readonly __brand: 'GiftIdeaId' };
type EmailAddress = string & { readonly __brand: 'EmailAddress' };
// Factory functions — the only way to create branded values
const createOccasionId = (raw: string): OccasionId => {
if (!raw.trim()) throw new Error('OccasionId cannot be empty');
return raw as OccasionId; // justified: factory validates, then brands
};
const createEmailAddress = (raw: string): EmailAddress => {
if (!raw.includes('@')) throw new Error('Invalid email');
return raw as EmailAddress; // justified: factory validates, then brands
};
The as assertion is the one justified exception in branded type factories — the factory validates first, then brands. This is the standard TypeScript pattern for nominal typing. Everywhere else, the compiler prevents mixing up OccasionId and GiftIdeaId.
Have identity and a lifecycle. Always valid after construction or state transition.
type Occasion = {
readonly id: OccasionId;
readonly name: string;
readonly date: Date;
readonly giftIdeas: ReadonlyArray<GiftIdea>;
readonly budget: Money;
};
// Immutable update — returns new valid state
const renameOccasion = (occasion: Occasion, newName: string): Occasion => ({
...occasion,
name: newName,
});
Always-valid principle: An entity must satisfy its invariants at all times. Validate on construction (factory functions or schema parsing) and on every state transition. Never allow an entity to exist in an invalid state, even temporarily.
Use the type system to make invalid states impossible. Replace boolean flags and optional fields with discriminated unions where each variant carries only the data valid for that state:
// WRONG — boolean + optional allows { isVerified: true, verifiedAt: undefined }
type User = { readonly isVerified: boolean; readonly verifiedAt?: Date };
// RIGHT — impossible to be verified without a date
type User =
| { readonly status: 'unverified' }
| { readonly status: 'verified'; readonly verifiedAt: Date };
Apply the same principle to entity lifecycles:
type Order =
| { readonly status: 'draft'; readonly items: ReadonlyArray<OrderItem> }
| { readonly status: 'placed'; readonly items: ReadonlyArray<OrderItem>; readonly placedAt: Date }
| { readonly status: 'shipped'; readonly items: ReadonlyArray<OrderItem>; readonly placedAt: Date; readonly shippedAt: Date; readonly trackingNumber: string };
Always handle all variants exhaustively. The never type ensures the compiler catches unhandled states when you add a new variant:
const describeOrder = (order: Order): string => {
switch (order.status) {
case 'draft': return `Draft with ${order.items.length} items`;
case 'placed': return `Placed at ${order.placedAt.toISOString()}`;
case 'shipped': return `Shipped: ${order.trackingNumber}`;
default: { const _exhaustive: never = order; return _exhaustive; }
}
};
Clusters of entities and value objects with a single root. All modifications go through the root.
For detailed aggregate design guidance, see resources/aggregate-design.md.
Complex business rules for filtering, eligibility, or validation are expressed as predicate functions in the domain layer. Evans calls these "specifications."
// Specification: "can this contributor pledge to this occasion?"
const canPledge = (occasion: Occasion, contributor: Contributor, amount: Money): boolean =>
!occasion.isFundingClosed &&
amount.amount <= contributor.walletBalance.amount &&
amount.currency === occasion.budget.currency;
// Compose specifications for complex eligibility
const isGiftReady = (occasion: Occasion): boolean =>
occasion.totalPledged.amount >= occasion.budget.amount &&
occasion.giftIdeas.some(idea => idea.status === 'selected');
Specifications are pure predicate functions — they return boolean and have no side effects. Use them in domain services, use cases, and query filters. Name them with is, can, or has prefixes.
Domain events represent something meaningful that happened in the domain ("OrderPlaced", "ContributionPledged"). They coordinate side effects across aggregates and bounded contexts.
Domain events earn their complexity when:
Don't add domain events when:
For most projects, start without domain events and add them when the domain demands coordination. See resources/domain-events.md for the Decider pattern and detailed guidance.
When business logic doesn't belong to a single entity, it belongs in a domain service — a stateless function in the domain layer that operates across multiple entities or aggregates.
// ❌ WRONG — cramming cross-entity logic into one entity
const addContribution = (occasion: Occasion, contribution: Contribution): Occasion => {
// This needs to check the contributor's wallet balance — wrong aggregate!
};
// ✅ CORRECT — domain service operates across aggregates
const pledgeContribution = (
occasion: Occasion,
contributor: Contributor,
amount: Money,
): PledgeResult => {
if (amount.amount > contributor.walletBalance.amount) {
return { success: false, reason: 'insufficient-balance' };
}
return {
success: true,
occasion: addContribution(occasion, { contributorId: contributor.id, amount }),
contributor: deductBalance(contributor, amount),
};
};
Domain service vs use case (application service):
| Domain Service | Use Case | |
|---|---|---|
| Contains business logic? | Yes | No — orchestration only |
| Lives in | domain/ | domain/ — identifiable by taking ports as params |
| Depends on | Domain types only | Repositories, ports, domain services |
| Example | pledgeContribution(occasion, contributor, amount) | handlePledge(repo, dto) — loads, calls domain service, saves |
For detailed guidance, see resources/domain-services.md.
Use discriminated union result types for expected business outcomes. Reserve exceptions for programmer mistakes and infrastructure failures.
type PledgeResult =
| { readonly success: true; readonly occasion: Occasion; readonly contributor: Contributor }
| { readonly success: false; readonly reason: 'insufficient-balance' | 'funding-closed' | 'not-found' };
The test: Could a user's action legitimately cause this outcome? If yes → result type. If no (it would mean a bug) → exception.
For detailed error modeling patterns and how errors propagate through layers, see resources/error-modeling.md.
Repositories provide collection-like access to aggregates. Interfaces in the domain layer, implementations in the adapter layer. Repositories use interface (not type) because they define behavior contracts — this aligns with the TypeScript strict rule "reserve interface for behavior contracts." Name methods using domain language.
// Port (domain layer) — interface because it's a behavior contract
interface OccasionRepository {
readonly findById: (id: OccasionId) => Promise<Occasion | undefined>;
readonly save: (occasion: Occasion) => Promise<void>;
}
// Adapter (infrastructure layer) — see hexagonal-architecture skill
Repositories handle writes and single-aggregate reads. For reads that need to JOIN across aggregates (dashboard views, detail pages combining data from multiple entities), repositories are the wrong tool — they enforce aggregate boundaries that reads need to cross. Use query functions that JOIN freely instead. This is the CQRS-lite pattern: writes go through repositories (consistency), reads go through query functions (flexibility). See the hexagonal-architecture skill's CQRS-lite section and resources/cqrs-lite.md for details.
For simple domains where reads map cleanly to a single aggregate, repository reads are fine. Don't separate prematurely.
tests/
occasions/
create-occasion.test.ts # Behavior: creating occasions
add-gift-idea.test.ts # Behavior: managing gift ideas
occasion-budget.test.ts # Behavior: budget constraints
Test by calling use cases with driven ports replaced by in-memory fakes (not mocks). This exercises domain entities, domain services, and orchestration together — proving the feature works as a whole.
Domain unit tests complement use case tests for complex pure business rules. They don't replace them.
| Priority | Boundary | What it proves |
|---|---|---|
| Primary | Use case (faked driven ports) | Feature works end-to-end within the hexagon |
| Complement | Domain pure functions directly | Complex business rules in isolation |
| Secondary | Driven adapters (real DB/MSW) | Adapter translates correctly |
| Verification | E2E (full stack) | User experience works |
For detailed testing guidance, see resources/testing-by-layer.md. For a complete worked example showing one feature through every layer with tests, see the hexagonal-architecture skill's resources/worked-example.md.
const getTestOccasion = (overrides?: Partial<Occasion>): Occasion =>
OccasionSchema.parse({
id: createOccasionId('occasion-1'),
name: "Mum's Birthday",
giftIdeas: [],
budget: createMoney(100, 'GBP'),
...overrides,
});
A bounded context is a linguistic boundary within which a particular domain model and glossary apply. The same word (e.g., "User") can mean different things in different contexts — and that's correct.
User in billing differs from User in shippingFor context mapping patterns, monorepo structure, and ACL examples, see resources/bounded-contexts.md.
Entities are data bags with no behavior. All logic in "services." Fix: put behavior as pure functions next to the types they operate on.
Using Item, Entity, Record, Data, Info instead of domain terms. Always use the glossary.
Display formatting does not belong in domain/. The test: "make this look right for a human" = presentation (lib/). "Enforce a business rule" = domain. Purity is not sufficient — a pure formatting function is still presentation.
Business logic in route handlers, database queries, or adapters. Keep it in domain/.
Not every project needs aggregates, domain events, or bounded contexts. Start with:
Treating the initial model as sacred — refusing to rename types, split aggregates, or restructure bounded contexts as understanding deepens. The model should evolve continuously. If a refactoring reveals that "Occasion" should really be "GiftEvent" and "SavingsGoal", do it. The glossary changes, the types change, the tests guide the migration. Evans calls these "breakthroughs" — moments where the model fundamentally improves because the team learned something new about the domain.
folder-structure has been applied, protected-domain-core lint/import rules are present and passingnpx claudepluginhub mikemyl/verified-development --plugin verified-developmentProvides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.