Domain Entity bound

[srodrigues37]

Domain entity is used outside the application layer on all implementations.
The goal of Hexagonal or Clean architure want to protect the domain to maintain it more easely.
But both don't ask how to protect the domain from code injection.
Ex: I create a UserFake extends User with setPassword(password){this.password="MyFakePassword"} i can send it from the adpaters into the domain and we failed to protect the domain.
In my opinion we have to use immutable DTOs on all ports to protect our domain from undesired extensions like UserPortRequest and UserPortResponse.

[Sairyss]

https://github.com/Sairyss/domain-driven-hexagon?tab=readme-ov-file#local-dtos

[srodrigues37]

I'm agree about controller, and also with Martin if it's just to not use an import domain, it's not usefull.

I also read about ACL Anti Corruption Layer that are used on controller/events adapter/etc. but never used at the port Level.
My purpose are not to reduce coupling between adapter and Domain, but reduce risk of implementing business rules outside the domain and to corrupt domain with extended domain entities.