The Computing Series
Technology Leadership The Language of Architecture Decisions

The Language of Architecture Decisions

Introduction

Two engineers argue for forty minutes about whether to use a message queue for the notification service. One insists the queue is necessary. The other insists it is over-engineering. Neither is wrong — they are each optimising for a different unnamed value. The engineer arguing for the queue is weighting resilience and decoupling. The engineer arguing against it is weighting simplicity and operational overhead. The argument cannot resolve because no one has named the tradeoff.

This pattern is not rare. It is the dominant form of technical disagreement in engineering organisations. The surface argument is about the solution. The underlying disagreement is about which costs are acceptable. Until someone names the tradeoff — until someone says “this is a choice between AT10 and AT6” — the argument proceeds as a debate about correctness when it is actually a debate about preference.

Architecture decisions have a vocabulary. Learning it does not make decisions easier, but it makes disagreements shorter and decisions more durable.

The Decision

Every architecture review, every design document, every engineering disagreement contains implicit tradeoffs. The decision in this chapter is whether to name them.

Making the tradeoff explicit changes the character of the conversation. It moves from “you are wrong” to “you prefer a different tradeoff than I do.” That shift is not just rhetorical — it changes what evidence is relevant, what questions are useful, and what a good resolution looks like. An Architecture Decision Record (ADR) that names the tradeoff is a document that ages well. One that does not is a document that confuses its readers within eighteen months.

What the Frameworks Say

F4 (Tradeoffs) is the primary framework. Every architectural decision is a choice between two named values — AT1 through AT10 — and any decision can be described by which of those values it prioritises. The value of this vocabulary is not that it adds precision to decisions already made. It is that it forces precision on decisions being made. Teams that use AT vocabulary name their choices before they build them, which means they can reason about whether the choice is right for the context.

F7 (Architecture Diagrams) explains why the same tradeoff needs different vocabulary for different audiences. An engineer reviewing a design decision needs the technical tradeoff: AT5 (Centralization vs Distribution) — we are centralising the auth service because distributed auth creates consistency surface area we cannot instrument. A product manager needs a constraint statement: this means all features that require authentication go through a single service; if that service has an outage, authentication is unavailable across all products. An executive needs a risk statement: the centralised architecture reduces complexity cost but creates a single availability dependency; mitigation is redundancy in the auth tier.

The decision is the same in all three cases. The vocabulary changes to match the audience’s decision-making surface. F7 is not translation — it is selecting the abstraction that makes the decision actionable for the person receiving it.

F8 (Infrastructure Components) enables F4 to be used at organisational scale. When AT5 means the same thing to every engineer in the organisation, a design document that names AT5 carries immediate shared meaning. The coordination cost of rebuilding shared understanding in every review drops to near zero. The value of F8 is not individual precision — it is organisational efficiency.

The Forces at Play

The force working against named tradeoffs is the illusion of correctness. If a decision can be framed as “right” or “wrong” rather than “this tradeoff vs that tradeoff,” then disagreement is resolvable by analysis rather than preference. This is comfortable but false. Most architectural decisions are not right or wrong — they are appropriate or inappropriate for a context. The context includes the team’s capabilities, the expected scale, the operational environment, and a dozen other factors that change over time.

There is also organisational pressure to appear decisive. Naming a tradeoff means acknowledging that the other option had merit. Leaders who are measured on certainty rather than quality of reasoning avoid named tradeoffs because named tradeoffs admit that the decision was not obvious. This is a cultural failure that produces brittle decisions: decisions that cannot be revisited because revisiting them requires admitting the tradeoff was wrong.

The Options and Tradeoffs

An ADR has two failure modes at the structural level. The first is too short: it names the decision without naming the tradeoff or the context that made this tradeoff appropriate. This ADR is technically a record but not analytically useful — it tells you what was decided but not when you should revisit it. AT6 (Generality vs Specialisation) applies: a terse ADR is simple to write and read, but it creates future rigidity because the reasoning is invisible.

The second failure mode is too long: a document that rehearses every alternative in exhaustive detail and names so many tradeoffs that the decision disappears into hedging. This is the opposite failure — the reader cannot extract what was decided or why.

The correct structure names: what was decided, which tradeoff was accepted (using AT vocabulary), what condition would change this decision, and who made it and when. Four fields. The fourth field matters more than it appears — decisions without owners are not revisited.

The ADR Lifecycle

Architecture diagram

The ADR lifecycle is a state machine where accepted decisions accumulate as the system’s geological record. Each layer constrains what the next layer can do. A superseded ADR that does not link to its replacement creates a gap in the record — engineers who find the original without the supersession will build on a foundation that no longer exists. The failure path is the most common: an ADR written after the decision was already implemented, with no tradeoff discussion and no reversal condition, relitigated every quarter.

An ADR that lacks a reversal condition is not a decision record — it is an announcement. The lifecycle matters because accepted decisions accumulate as the system’s geological record: each layer constrains what the next layer can do. A superseded ADR that does not link to its replacement creates a gap in the record, and engineers who find the original ADR without the supersession will build on a foundation that no longer exists.

What Great CTOs Do

Technical leaders who use tradeoff language well do something specific in design conversations: they wait for the moment when two engineers are talking past each other, name the tradeoff both are implicitly optimising for, and ask which tradeoff is right for this context. That intervention — naming, not judging — resets the conversation from argument to analysis.

They also write ADRs that include the condition for reversal. Not “we chose AT5” but “we chose AT5 because team size and operational overhead of distributed auth exceeded the availability benefit at our current scale; if availability SLO drops below 99.9% or team doubles, revisit.” The reversibility condition makes the ADR a living decision rather than a historical artifact.

The best technical leaders use F8 vocabulary publicly. When they name AT5 in an all-hands or a review, they are teaching the vocabulary by modelling it, not by training. Within six months, the engineers around them start using the vocabulary in their own design documents.

What Goes Wrong

The most common failure is ADRs as post-hoc justification. The decision was made in a conversation, and the ADR was written afterward to document the outcome. These ADRs are accurate records of what was decided, but they do not contain the reasoning — because the reasoning happened before anyone sat down to write. They look like analysis but function as announcements.

FM8 (Contract Violation) is the downstream failure. When the tradeoff is not documented, teams downstream of a decision do not know what they are depending on. They observe the behaviour of the system and infer guarantees that were never made. When the system changes and the inferred guarantee breaks, they experience it as a contract violation. The violation was actually a communication failure — the contract was never stated, so it could not be transmitted.

FM4 (Data Consistency) has an analogous pattern at the organisational level: when different teams have different understandings of the same decision, they build on conflicting foundations. The inconsistency compounds until a project hits a boundary where the two foundations are expected to integrate.

Example: ADR for Choosing a Message Queue

The four-field structure described above is easy to agree with in principle. In practice, teams struggle with the right level of detail — too terse and the reasoning disappears; too verbose and the decision disappears. Here is a populated ADR that demonstrates the target level of precision.

ADR-0047: Adopt Apache Kafka for Inter-Service Communication

Context: The current system uses synchronous REST calls between services. During peak load (Black Friday, flash sales), downstream service latency spikes propagate upstream through the call chain, producing cascading failures (FM2). Three incidents in the past quarter were caused by the payment service slowing under load, which blocked the order service, which blocked the API gateway, which returned 503s to users. The synchronous coupling means every service is as slow as the slowest service in its call chain.

Decision: Replace synchronous REST calls between services with asynchronous communication through Apache Kafka. Services publish events to Kafka topics; consuming services read from those topics independently. The order service publishes order.created events; the payment, inventory, and notification services each consume from that topic with independent consumer groups. Delivery guarantee: at-least-once with idempotent consumers. The tradeoff accepted is AT1 (Consistency vs Availability) — we move from strong consistency (synchronous request-response confirms the downstream operation completed) to eventual consistency (the downstream operation will complete, but not necessarily before the API response). We also accept AT10 (Operational Simplicity vs Resilience) — Kafka adds operational complexity (cluster management, partition rebalancing, offset tracking) in exchange for eliminating the cascading failure surface.

Consequences: Services are decoupled in time — a slow payment service no longer blocks order creation. Kafka’s retention enables event replay, which allows new consumers to be added without re-publishing historical events. The system becomes eventually consistent: a user who places an order will not see payment confirmation in the same response. The team must learn Kafka operations (broker management, consumer lag monitoring, partition strategy). Idempotency in every consumer is now a hard requirement, not a nice-to-have.

Status: Accepted. Owner: Platform Team (J. Patel). Date: 2025-11-14. Reversal condition: If Kafka operational overhead exceeds 20% of platform team capacity, or if eventual consistency produces user-facing confusion that degrades NPS below threshold, revisit with a managed queue service (SQS) or reintroduce synchronous calls for latency-sensitive paths only.

The ADR names both the tradeoff being accepted (AT1, AT10) and the condition under which the decision should be revisited. An engineer reading this eighteen months later knows not just what was decided, but why — and when to reopen the conversation.

Concept: The Language of Architecture Decisions

Thread: T12 (Tradeoffs) ← implicit tradeoff → named, documented, reversible

Core Idea: Technical disagreements are almost always disagreements about unnamed tradeoffs; naming the tradeoff changes the conversation from correctness to context-appropriateness.

Tradeoff: AT6 — ADR completeness vs simplicity; the useful ADR names the tradeoff and the reversal condition

Failure Mode: FM8 — contract violation; downstream teams infer guarantees from undocumented decisions and break when the system changes

Signal: When the same design decision gets relitigated more than once — the original decision did not name its tradeoff; write the ADR now

Maps to: Book 0, Framework 4

Reflection Questions

These questions are most useful when answered in writing before a team discussion, or when used as a retrospective prompt after a decision has been made.

  1. Pull the last three significant architecture decisions your team made. Do any of them have named tradeoffs? If not, what are the tradeoffs?
  2. When did a technical disagreement in your organisation last resolve by naming the tradeoff rather than arguing the merits? What changed?
  3. Where in your system would an engineer discover an implicit guarantee that was never documented?
  4. If you had to explain your team’s most consequential architecture decision to a board member in two sentences, what is the tradeoff you would name?

Design: Audit the last six months of architecture decisions in your organisation. For each significant decision: write the ADR that should have been written — naming the AT tradeoff accepted, the alternative rejected and why, and the condition under which the decision should be revisited. Identify which decisions have no owner recorded and assign one.

Read in the book →