← Back to all articles
Architecture · 14 min read

Clean Architecture: The Aggregate Root, Explained Without Hand-Waving

Some Entities cannot live alone. They only make sense inside a cluster, governed by a single 'super Entity' called the Aggregate Root. A practical, opinionated guide to consistency boundaries, invariants, and the rules that keep your domain from rotting.

A constellation of small geometric shapes orbiting a single larger central node, representing an aggregate cluster

In the previous article we drew the line between Entities and Value Objects. That line is the foundation, but it isn’t enough. As soon as your domain grows past two or three objects, a different question shows up:

“This OrderLine only makes sense inside an Order. Should the repository load it on its own? Can outside code hold a reference to it? Who validates that the total of lines matches the order total?”

If you’ve ever felt that uneasy itch, you’ve already discovered why Aggregates exist. This article is the long version of that answer.

The problem Aggregates solve

A domain is not a flat list of Entities. It’s a graph. And graphs have a nasty property: any node can change at any time, from any direction. Without rules, you end up with this kind of code:

const order = await orderRepository.findById(id);
const line  = await orderLineRepository.findById(lineId); // already a smell


line.quantity = 5;            // mutated in isolation
order.total = recalculate(order.lines); // hopefully someone remembers
await orderLineRepository.save(line);
await orderRepository.save(order);     // two transactions, two chances to fail

Three things just went wrong:

  1. Consistency leaked. OrderLine was changed without the Order knowing. The total invariant (“total equals sum of lines”) only holds if the developer remembers to recalculate.
  2. Persistence fragmented. Two repositories, two writes, no transactional guarantee. A crash between line 4 and line 5 leaves the database in a state the domain considers invalid.
  3. Encapsulation broke. Some other use case can findById(lineId) and modify a line behind the order’s back. The order can’t defend its own rules.

The Aggregate pattern exists precisely to plug these three holes at once.

The one-line definition

An Aggregate is a cluster of Entities and Value Objects treated as a single consistency unit. The Aggregate Root is the only Entity in that cluster the outside world is allowed to touch.

That’s the contract. Everything else — the rules, the repository shape, the invariants — falls out of it.

A few synonyms worth knowing: people call the root the “super Entity”, the “composition root of the domain”, or simply “the boundary”. They all mean the same thing: one door into the cluster, no side entrances.

Some Entities cannot live alone

This is the part most articles skip, and it’s the part that matters most in practice.

Not every Entity is independent. Some Entities only have meaning as part of something larger, and pulling them out is nonsense. A few examples to make this concrete:

  • An OrderLine outside an Order is meaningless. “A line of what?” There is no use case where a line exists on its own.
  • A Comment on a blog post — arguable. Sometimes a comment is just part of the post; sometimes it’s a first-class thing referenced by moderation, audits, notifications. Context decides.
  • A BookingSlot inside a Reservation — it cannot move to another reservation, it has no calendar of its own, it cannot exist before the reservation is created. It’s tethered.
  • A LineItem inside an Invoice, a Step inside a Workflow, a Question inside a Survey, a Track inside an Album. Same family of relationships.

These are inner Entities. They have identity (you can tell two lines apart inside one order), but their identity is local to the aggregate. Outside the aggregate, “line #3” doesn’t mean anything — line #3 of which order?

The signal is simple: if removing the parent makes the child meaningless, the child belongs inside an Aggregate. It does not get its own repository, it does not get a public reference, it does not get loaded independently. It is born, lives, and dies inside its root.

The rules of an Aggregate (the non-negotiable ones)

Pin these to the wall. Every team that gets aggregates wrong does so by violating one of these:

  1. Only the Aggregate Root has a globally unique identity. Inner Entities have identities that are only unique within the aggregate.
  2. Outside code can only hold references to the Root. Never to inner Entities. Ever.
  3. All mutations go through the Root. Inner Entities expose methods, but only the Root can be the caller.
  4. Repositories deal with Aggregates, not inner Entities. There is no OrderLineRepository. There is one OrderRepository, and it returns whole Order aggregates.
  5. One transaction = one Aggregate. If you find yourself updating two aggregates in one transaction, that’s a design smell, not a feature.
  6. Cross-Aggregate references are by id, not by object. An Order does not hold a Customer instance. It holds a CustomerId.

These rules look strict. They are. The whole reason Aggregates are valuable is that they are the only place in your architecture where you can guarantee invariants hold. Loosen any of these rules and the guarantee evaporates.

What an Aggregate Root looks like in code

Let’s make the Order example concrete, using the same patterns this codebase already follows (private constructor, static create, Entity<T> and ValueObject<T> base classes).

src/domain/orders/entities/Order.ts
import { Entity } from '@shared/domain/Entity';


import { CustomerId } from '@domain/orders/value-objects/CustomerId';
import { Money } from '@domain/orders/value-objects/Money';
import { OrderLine } from '@domain/orders/entities/OrderLine';


interface OrderInternalProps {
  id: string;
  customerId: CustomerId;
  status: 'pending' | 'paid' | 'shipped' | 'cancelled';
  lines: OrderLine[];
  total: Money;
}


export class Order extends Entity<OrderInternalProps> {
  public readonly customerId: CustomerId;
  public readonly status: OrderInternalProps['status'];


  private constructor(props: OrderInternalProps) {
    super(props.id);
    this.customerId = props.customerId;
    this.status = props.status;
  }


  public static create(data: OrderData): Order {
    if (data.lines.length === 0) {
      throw new Error('Order must have at least one line');
    }
    const lines = data.lines.map((l) => OrderLine.create(l));
    const total = lines.reduce((acc, l) => acc.add(l.subtotal), Money.zero(data.currency));
    return new Order({
      id: data.id,
      customerId: CustomerId.create(data.customerId),
      status: 'pending',
      lines,
      total,
    });
  }


  public addLine(lineData: OrderLineData): void {
    if (this.status !== 'pending') {
      throw new Error('Cannot modify a non-pending order');
    }
    const line = OrderLine.create(lineData);
    this.props.lines.push(line);
    this.props.total = this.props.total.add(line.subtotal);
  }


  public removeLine(lineId: string): void {
    if (this.status !== 'pending') {
      throw new Error('Cannot modify a non-pending order');
    }
    const line = this.props.lines.find((l) => l.id === lineId);
    if (!line) throw new Error(`Line ${lineId} not found in order ${this.id}`);
    this.props.lines = this.props.lines.filter((l) => l.id !== lineId);
    this.props.total = this.props.total.subtract(line.subtotal);
  }


  public get lines(): readonly OrderLine[] {
    return this.props.lines;
  }
}

Read that carefully, because every line is doing real architectural work:

  • The constructor is private. Outside code cannot bypass create, which means it cannot bypass invariant validation.
  • addLine and removeLine are the only ways to modify the line collection. There is no setter, no getLinesMutable, no shortcut.
  • Both methods recalculate total in the same call that mutates lines. The invariant total === sum(lines) is impossible to break from outside. That’s the whole point.
  • The lines getter returns readonly OrderLine[]. Even if a caller could see the lines, they cannot push, splice, or replace.
  • OrderLine.create(...) is called by Order, never by a use case. The Root owns the construction of its inner Entities.

Now compare this to the broken example at the top of the article. The broken version cannot protect the invariant; this version cannot fail to.

Inner Entities: identity, but local

OrderLine is itself an Entity — two lines for the same product can coexist (different discounts, different timestamps), so equality by attributes is wrong. But the line’s id is only meaningful inside its parent order. Two different orders may both have a “line #1”.

src/domain/orders/entities/OrderLine.ts
export class OrderLine extends Entity<OrderLineInternalProps> {
  public readonly productId: ProductId;
  public readonly quantity: number;
  public readonly subtotal: Money;


  private constructor(props: OrderLineInternalProps) {
    super(props.id);
    this.productId = props.productId;
    this.quantity = props.quantity;
    this.subtotal = props.unitPrice.multiply(props.quantity);
  }


  public static create(data: OrderLineData): OrderLine {
    if (data.quantity <= 0) throw new Error('OrderLine.quantity must be positive');
    return new OrderLine({
      id: data.id,
      productId: ProductId.create(data.productId),
      quantity: data.quantity,
      unitPrice: Money.create(data.unitPrice, data.currency),
    });
  }
}

Note what’s missing:

  • No OrderLineRepository.
  • No findById for lines.
  • No public mutation methods. The line is created once, by its parent, and lives as long as the parent allows.

If you ever need to “find a line by id”, that’s a code smell pointing back to the order: load the order, then ask it for the line. Lines do not exist on their own.

Cross-Aggregate references: by id, never by object

This is the rule that confuses people the most, and the one that pays the highest dividends.

An Order is not the same Aggregate as a Customer. They have separate lifecycles, separate repositories, separate invariants. So Order does NOT hold a Customer instance:

// ❌ Wrong — two Aggregates in one object graph
interface OrderInternalProps {
  customer: Customer;
}


// ✅ Right — reference by id
interface OrderInternalProps {
  customerId: CustomerId;
}

Why?

  • Loading. If Order held a Customer, every findById(orderId) would have to also load the customer (and the customer’s addresses, and their saved cards…). The fetch graph explodes.
  • Consistency. A Customer may be updated independently. If the Order cached an old copy, the order would have a stale customer attached.
  • Transactions. If you can hold a Customer from inside an Order, sooner or later someone will mutate it. Now you’ve broken rule #5: one transaction, one aggregate.

When the use case actually needs both, it loads them separately:

src/domain/orders/use-cases/PlaceOrder.ts
const customer = await this.customers.findById(data.customerId);
if (!customer.isActive()) throw new Error('Inactive customer cannot place orders');


const order = Order.create({ ...data });
await this.orders.save(order);

The use case orchestrates. The aggregates stay isolated.

The Repository operates on the Aggregate, not its parts

A repository is the persistence boundary of one aggregate. It loads the root and reconstitutes the entire cluster. It saves the root and persists the entire cluster. There is no other repository for inner Entities.

src/domain/orders/repositories/OrderRepository.ts
export abstract class OrderRepository {
  abstract findById(id: string): Promise<Order | null>;
  abstract save(order: Order): Promise<void>;
  abstract findByCustomer(customerId: CustomerId): Promise<Order[]>;
}

What you will not find on this interface:

  • findLineById(lineId)
  • saveLine(line)
  • addLineTo(orderId, line)

Every one of those would be a backdoor into the aggregate that bypasses the root’s invariants. The data layer can absolutely write to multiple tables (an orders table and an order_lines table) — but it does so in one operation, behind the save(order) method, with one transaction. The domain doesn’t care; the data layer takes the order in, takes the lines apart, and writes them atomically.

How to size an Aggregate

The most common mistake when first learning aggregates is making them too big. A junior team draws “the customer aggregate” and shoves orders, addresses, payment methods, support tickets, and invoices inside one Root. Six months later every save is a 12-table transaction.

The opposite mistake is also common: making them too small. A Money aggregate. An Address aggregate. A Comment aggregate that should have been part of the post. Now your domain is a flat soup of micro-aggregates with cross-references everywhere, and you’ve recreated the broken example we started with.

A few heuristics that tend to give the right answer:

  1. Invariants define the boundary. Whatever rule must always hold — “order total equals sum of line subtotals”, “workflow has at most one active step”, “survey questions are ordered without gaps” — that rule defines a single aggregate. Things inside the boundary, outside don’t.
  2. Pretend you have to lock the database row. Would you lock the whole order to add a line? Yes. Would you lock the whole customer to add an order? No — that’s two aggregates.
  3. Size for the average operation, not the worst case. If 99% of mutations touch a single small cluster, that’s your aggregate. The rare cross-aggregate operation belongs to a use case, not to the aggregate boundary.
  4. When in doubt, split. Smaller aggregates are easier to load, easier to save, easier to reason about. The cost of splitting two aggregates that should have been one is much lower than the cost of merging two that shouldn’t have been.

The smells that tell you the boundary is wrong

A short field guide:

  • “I have a repository for OrderLine.” Your aggregate boundary is too small. Lines belong inside the order.
  • “My Order.save() is a 14-table transaction.” Your aggregate is too big. Something inside it is its own aggregate.
  • “I keep mutating an inner Entity from a use case.” The Root is leaking — add a method on the Root that performs the mutation properly.
  • “I’m holding two aggregates and updating both in one transaction.” That’s a use case crossing aggregates. Split into two operations or use eventual consistency.
  • “I had to add a setter to the Root just to fix a bug.” A new method, named after a domain action, almost always replaces the setter you were tempted to add.
  • “My validation is duplicated in three use cases.” That validation is an invariant. Move it inside the aggregate.

Why this is worth the discipline

Junior engineers sometimes ask: “isn’t all this overhead? Why not just expose the lines and let the use case mutate them?”

The answer is the one most architectural answers eventually reduce to: without enforced boundaries, every developer who touches the code is implicitly trusted not to break the invariants. That works for a week. It does not work for a year, across five engineers, with a deadline.

The Aggregate Root is how you encode the invariants in the type system itself. After this article you should be able to look at a domain and answer:

  • “If I delete this thing, does that other thing become meaningless?” (Then they belong in one aggregate.)
  • “If two callers mutate this in parallel, what could go wrong?” (That’s the invariant you need to lock behind a Root method.)
  • “If a junior dev tried to fix a bug here, what’s the worst they could do?” (A well-shaped aggregate makes “the worst” survivable.)

Entities give you identity. Value Objects give you safety. Aggregates give you consistency boundaries — and consistency boundaries are the only reason any of the rest of Clean Architecture pays off in the first place. Get them right and the system defends itself. Get them wrong and you’ll be patching the same class of bug for years.

Reading progress0%