Hexagonal and Clean Architecture

Alistair Cockburn introduced hexagonal architecture in 2005 under the subtitle "Ports and Adapters." The visual metaphor is a hexagon representing the application core, with ports on every face and adapters plugging into those ports from outside. The hexagon has no special meaning; Cockburn used it to signal that no side is privileged - there is no "top" (presentation) and no "bottom" (database).

The pattern divides the world into two sides. The left side contains driving adapters: components that initiate interaction with the application. An HTTP REST controller is a driving adapter. A command-line tool is a driving adapter. A test suite is a driving adapter. All of them call the application through the same driving port interface. The right side contains driven adapters: components the application calls out to. A PostgreSQL repository is a driven adapter. A Kafka publisher is a driven adapter. A Twilio SMS sender is a driven adapter.

A port is an interface, not a framework. Driving ports are interfaces the application exposes for callers. Driven ports are interfaces the application defines for infrastructure. The critical point is ownership: driven ports are defined in the application layer, not in the infrastructure layer. The application says "I need something that can save an account" and definesAccountRepository. PostgreSQL implements it in an adapter.

Robert C. Martin published Clean Architecture in 2017, synthesising hexagonal architecture (Cockburn, 2005), Onion Architecture (Jeffrey Palermo, 2008), and Screaming Architecture into a unified model with four concentric rings and one overriding rule: the Dependency Rule.

The four rings, from innermost to outermost, are: Enterprise Business Rules (entities - pure domain objects), Application Business Rules (use cases -- application-specific orchestration), Interface Adapters (controllers, presenters, gateways), and Frameworks and Drivers (HTTP frameworks, databases, message brokers, UI frameworks). The innermost ring is the most stable; the outermost is the most volatile.

The Dependency Rule is absolute: source code dependencies can only point inward. Nothing in an inner ring imports from an outer ring. An entity never imports a controller. A use case never imports a database library. An interface adapter imports use cases, but use cases do not import adapters. This means the domain model and use cases can be compiled and tested without any framework present.

Following the dependency rule through a concrete example clarifies how each ring behaves. Consider a funds transfer use case in the Monzo banking domain. TheAccount entity in the innermost ring holds the balance and enforces the invariant that an account cannot go below its overdraft limit. It imports nothing except the Java standard library.

The TransferFundsUseCase in the Application Business Rules ring orchestrates the transfer: it calls AccountRepository (a driven port interface it owns) to load both accounts, calls Account.debit()and Account.credit(), then calls AccountRepository.save(). The use case imports the entity and the port interface. It imports no database library, no HTTP library, no framework annotation.

The JdbcAccountRepository in the Interface Adapters ring implementsAccountRepository using Spring JDBC. It imports Spring, JDBC, and the domain interface. The dependency arrow points inward: the adapter depends on the port interface, the port interface does not depend on the adapter. If Monzo decides to replace JDBC with jOOQ, only the adapter changes. The use case and entity are untouched.

Understanding port direction is the most important concept in hexagonal architecture. Driving ports (also called primary or inbound) are interfaces the application exposes for external callers to invoke. The application defines what it offers; callers adapt to that contract. A TransferFundsPort is a driving port. An HTTP controller, a CLI command, and a test case all call it.

Driven ports (also called secondary or outbound) are interfaces the application defines for infrastructure it needs. The application says what it requires from the outside world. AccountRepository, FraudChecker, and NotificationSender are driven ports. PostgreSQL, an external fraud API, and Twilio are driven adapters implementing those ports. The application owns the interface contract; infrastructure conforms to it.

This ownership distinction is what makes driven ports different from ordinary dependency injection. In a traditional layered application, the business logic imports PostgresAccountRepository from the data access layer. The data access layer owns the interface. In hexagonal architecture, the application defines AccountRepository in its own package. The data access layer implements it. The arrow of ownership is reversed.

Primary adapters translate external input into domain calls. An HTTP REST controller receives a JSON payload, validates it, translates it into aTransferFundsCommand value object, and calls the driving port. A CLI adapter parses command-line arguments and calls the same port. A gRPC adapter does the same over a binary protocol. All three are interchangeable because they all call through the same port interface.

Secondary adapters implement driven ports using specific technologies. AJdbcAccountRepository implements AccountRepositoryusing SQL. A RedisAccountCache implements a read variant of the same port. A KafkaEventPublisher implementsDomainEventPublisher by writing to a Kafka topic. Swapping a secondary adapter requires only that the new implementation satisfies the port interface contract.

The test doubles pattern exploits secondary adapters directly. AnInMemoryAccountRepository implements AccountRepositorywith a plain HashMap. It satisfies the interface contract and can be used in place of the PostgreSQL adapter in unit tests. This is not mocking; it is a genuine secondary adapter that happens to store data in memory rather than a database. Monzo's CI pipeline uses in-memory adapters exclusively for unit tests, reserving integration tests for production adapters.

The most immediate practical benefit of hexagonal architecture is test speed. When domain logic has no infrastructure dependencies, unit tests need no database container, no HTTP server, no external API sandbox. A test for a funds transfer rule that once required a running PostgreSQL instance now passes an in-memory repository and runs in 8 milliseconds. A test suite of 500 such tests runs in under 10 seconds versus 25 minutes with database-coupled code.

The second benefit is isolation. When a test fails because of a domain rule violation, there is no ambiguity about whether the failure is in the business logic or the database adapter. The in-memory adapter is simple enough to be visually verified. Domain logic bugs are not obscured by infrastructure noise.

The third benefit is changeability. When the Monzo team replaced Twilio with their own notification service in 2018, the change was confined entirely to the secondary adapter implementing NotificationSender. The use case code calling notificationSender.send() was unchanged. The test suite continued to pass against the same in-memory adapter. The migration took one sprint instead of the three-year ordeal in the fintech case study from the Applied modules.