Cadogy Blog

Blog

  • Why Modular Monoliths Are Winning in an AI-Driven World

    Why Modular Monoliths Are Winning in an AI-Driven World

    Modern software teams face a hard question:
    How do you build systems that move fast today, scale tomorrow, and don’t collapse under their own complexity?

    For years, the default answer was microservices. In practice, that approach often creates more overhead than value—especially for small and mid-size teams. At the same time, AI agents, automation, and code-assisted workflows are reshaping how software gets built.

    This is where modular monolith architecture shines.

    In this article, we’ll explain what a modular monolith is, why it outperforms microservices for most teams, and how it pairs naturally with AI agents, tasks, and bots to create a future-ready software stack.

    What Is a Modular Monolith?

    A modular monolith is a single application that’s internally divided into clearly defined, isolated modules. Each module owns its own logic, data models, and responsibilities.

    You deploy one system—but you build it like many.

    The key difference from a traditional monolith is intentional structure. Modules don’t freely reach into each other’s code or data. They communicate through clear interfaces and enforced boundaries.

    This keeps the system organized, testable, and scalable without the operational cost of distributed services.

    Modular Monolith vs Microservices

    Microservices aren’t wrong—but they’re often premature.

    For many teams, microservices introduce:

    • Service sprawl
    • Complex deployments
    • Network latency
    • Debugging across multiple systems
    • Higher cloud and DevOps costs

    A modular monolith avoids these problems while keeping most of the benefits.

    You get:

    • One deployment pipeline
    • Faster local development
    • Easier debugging
    • Lower infrastructure overhead
    • Clear domain separation

    Most importantly, you retain the option to extract modules into microservices later—if and when it actually makes sense.

    Why Modular Monoliths Work Better With AI

    AI agents don’t perform well in messy systems.

    They thrive on:

    • Clear boundaries
    • Narrow scope
    • Predictable side effects
    • Well-defined interfaces

    Modular monoliths provide exactly that.

    Instead of pointing an AI agent at an entire codebase, you can assign it to a single module—authentication, payments, search, or support. The agent can refactor, test, optimize, or extend functionality without risking unintended changes elsewhere.

    This dramatically improves safety, accuracy, and speed when using AI in real production systems.

    Using AI Agents at the Module Level

    In a modular monolith, AI becomes a teammate—not a liability.

    Examples:

    • An auth agent improves login flows and security logic
    • A billing agent handles pricing rules and invoicing logic
    • A search agent optimizes indexing and query performance
    • A support agent powers internal tools or user-facing bots

    Each agent operates within a defined domain. No cross-system chaos. No accidental side effects.

    This structure also makes AI-assisted refactoring practical. You can modernize one module at a time instead of rewriting everything.

    AI Tasks and Bots Inside the Application

    Modular monoliths also simplify AI-powered background work.

    Common AI tasks include:

    • Data cleanup and enrichment
    • Report generation
    • Search indexing
    • Fraud detection
    • Pricing optimization

    Because everything lives in one system, these tasks don’t need complex service orchestration or fragile APIs. They run where the data already lives.

    AI bots follow the same pattern. A support bot touches the support module. An analytics bot reads reporting models only. This keeps automation predictable and secure.

    Why This Architecture Is Built for the Future

    Technology shifts fast. Architecture shouldn’t fight that.

    Modular monoliths age well because they:

    • Scale with your team
    • Support incremental change
    • Work with modern frameworks
    • Adapt to AI-driven development

    If you ever need microservices, modular boundaries make extraction straightforward. If you don’t, you avoid years of unnecessary complexity.

    This approach also fits well with serverless, edge deployments, and hybrid infrastructure. Fewer services mean fewer cold starts, fewer network hops, and better performance.

    Real-World Use Cases

    Modular monolith architecture works especially well for:

    SaaS platforms

    • Auth
    • Billing
    • Admin
    • Search
    • Messaging

    Marketplaces

    • Listings
    • Orders
    • Payments
    • Sellers
    • Buyers
    • Promotions

    Internal tools

    • Dashboards
    • Reporting
    • Automation systems
    • Admin panels

    In all cases, teams move faster with fewer people and fewer operational headaches.

    Common Mistakes to Avoid

    Not every “modular” app is actually modular.

    Avoid these traps:

    • Treating folders as architecture
    • Allowing cross-module imports
    • Sharing database models across domains
    • Skipping dependency enforcement

    Modules need rules. Without enforcement, boundaries erode—and AI safety disappears with them.

    When a Modular Monolith Makes Sense

    This approach works best if:

    • Your team is small or mid-sized
    • You want fast iteration without rewrites
    • You plan to use AI agents in development
    • You care about cloud costs
    • You want long-term flexibility

    For most modern products, this is the smartest default.

    How Cadogy Builds Modular, AI-Ready Systems

    At Cadogy, we design software for real growth, not theoretical scale.

    We start with domain modeling, enforce module boundaries, and layer in AI-assisted workflows where they add value. The result is software that stays clean, adaptable, and easy to evolve—without overengineering.

  • How to Use Cloudflare to Protect Your Website (And Why You Should)

    How to Use Cloudflare to Protect Your Website (And Why You Should)

    A safe and reliable Internet visibility depends on the ability to shield any web applications from malicious traffic or intrusion attempts. One of the main advantages of using WAF by Cloudflare is that it comes with Managed Rules for protecting your web applications. In this article, I’ll break down Cloudflare’s Managed Rules and discuss every single detail.

    What are Managed Rules?

    Managed Rules are predefined rulesets that help you protect your web applications from common threats, such as SQL injection, cross-site scripting (XSS), and other security vulnerabilities. Cloudflare offers a range of Managed Rulesets to address various security concerns, which can be easily applied to your WAF configuration. WAF Managed Rules allow you to deploy pre-configured managed rulesets that provide immediate protection against:

    Zero-day vulnerabilities
    Top-10 attack techniques
    Use of stolen/exposed credentials
    Extraction of sensitive data

    Key Benefits

    • Effective Protection: Moreover, with Managed Rules you can build strong barriers that prevent both well-known and newly appearing dangers from being successful, so you don’t need to create unique rules for every application.
      Easy Deployment: With a user-friendly dashboard by Cloudflare, you can apply, customize as well as manage managed rules on your web application.
      Continuous Updates: To cater for fresh threats and vulnerabilities, Cloudflare continuously updates its managed rules to keep your application secure.
      Customization: On the positive side, Managed Rules deliver a complete security solution that is scalable as it adapts itself well to particular customer’s application preferences.
      Diverse Rulesets: Cloudflare provides with its Managed Rulesets several options to address various vulnerabilities in order to be able to create a personalized protection for your application.
    Cloudflare WAF: Managed Rules

    Certainly, let’s dive into each point mentioned in Cloudflare’s documentation about Managed Rules for Web Application Firewall (WAF) in detail.

    Managed Rulesets

    Cloudflare provides a range of Managed Rulesets, each designed to address particular security concerns. Some of the notable Managed Rulesets include:

    • OWASP Core Ruleset: This ruleset is based on the Open Web Application Security Project’s recommendations and helps protect against common web application vulnerabilities such as SQL injection, XSS, and more.
    • Cloudflare Specials Ruleset: This ruleset addresses specific Cloudflare-related threats, such as bypassing security checks or exploiting Cloudflare features. It ensures that Cloudflare’s own infrastructure is secure.
    • WordPress Ruleset: Tailored for WordPress websites, this ruleset offers protection against common WordPress-related vulnerabilities and attacks.
    • Magento Ruleset: Similarly, the Magento Ruleset focuses on protecting Magento-based e-commerce websites from known threats.
    • Bot Fight Mode: This ruleset is designed to identify and block malicious bot traffic, helping to prevent web scraping, brute force attacks, and other automated threats.

    Rule Customization

    While Managed Rules provide excellent out-of-the-box protection, Cloudflare also offers the ability to customize these rules. You can adjust the severity of rules, whitelist or blacklist specific IP addresses or user agents, and even create custom firewall rules to complement the Managed Rules.

    Deploy Types

    When it comes to deploying Managed Rules with Cloudflare’s WAF, you have several options to choose from:

    • Fast and Secure: This is the default deployment type, and it is designed to provide immediate security benefits with minimal configuration. It’s a quick way to enable Managed Rules for your web application without much manual intervention.
    • Sensational: The Sensational deployment type is recommended for advanced users who want fine-grained control over their WAF rules. It allows you to selectively enable specific Managed Rulesets based on your application’s needs. This approach is more hands-on and requires a good understanding of web application security.
    • High-Security: This deployment type focuses on a higher level of security and is suitable for applications with stringent security requirements. It enables a comprehensive set of Managed Rules to provide robust protection against various types of attacks.
    • Paranoid: The Paranoid deployment type is the most stringent and is designed for applications that are under constant, high-level security threats. It enforces the strictest security posture with an even more extensive set of Managed Rules.

    Selecting the appropriate deployment type depends on your application’s specific security needs and your familiarity with web security configurations. You can deploy and configure managed rulesets for a zone in Security > WAF > Managed rules.

    Deploy and configure managed rulesets for a zone in Security > WAF > Managed rules.

    You can enable and configure managed rulesets for an account in Account Home > WAF > Managed rulesets.

    Deploy a managed ruleset in your account or zone using Rulesets API.

    To the http_request_firewall_managed phase deploy WAF managed rulesets. The other managed rule sets, such as DDoS Attack Protection managed rule sets should be deployed at another phase. Details are provided in specialized managed ruleset documentation.

    The IDs of the various WAF managed rulesets are found in the WAF Managed Rules page. When deploying rule sets using APIs, you will need to have information about this.

    To deploy a managed ruleset using the API, refer to Deploy a managed ruleset.

    Ruleset Reference

    Cloudflare provides several Managed Rulesets, and each is tailored to address specific security concerns. It’s essential to understand these rulesets and how they can benefit your application:

    • OWASP Core Ruleset: This ruleset, based on the Open Web Application Security Project (OWASP) recommendations, is a fundamental security layer. It protects against common web application vulnerabilities such as SQL injection, cross-site scripting (XSS), and more.
    • Cloudflare Specials Ruleset: This ruleset is tailored for threats specific to Cloudflare’s infrastructure. It ensures that Cloudflare’s services remain secure and that attackers cannot exploit Cloudflare features.
    • WordPress Ruleset: Designed for WordPress websites, this ruleset provides protection against common WordPress-related vulnerabilities and attacks. It’s particularly useful for WordPress site owners.
    • Magento Ruleset: The Magento Ruleset focuses on safeguarding Magento-based e-commerce websites from known threats. It’s crucial for online store owners using the Magento platform.
    • Bot Fight Mode: This ruleset is used to identify and block malicious bot traffic. It’s essential for preventing web scraping, brute force attacks, and other automated threats. It helps to maintain the integrity of your site’s data and resources.

    Understanding these rulesets allows you to select the ones that best fit your application’s needs and vulnerabilities.

    Create WAF Exceptions

    While Managed Rules provide robust security, there may be situations where certain requests or behaviors are mistakenly flagged as malicious. In such cases, you can create exceptions or bypass rules for specific requests or IP addresses. Here’s how you can create WAF exceptions:

    • Rate Limiting: You can set exceptions for specific IP addresses or client identification information (e.g., cookies) to avoid being rate-limited.
    • Rule-Level Bypass: On a per-rule basis, you can define exceptions for requests that trigger specific rules. This can help in handling false positives, discussed later.
    • IP Firewall: If you have specific IP addresses or ranges that need to bypass the WAF entirely, you can create IP Firewall rules to allow or block traffic as needed.

    Creating exceptions allows you to balance security and accessibility, ensuring that legitimate requests are not unnecessarily blocked.

    Log the Payload of Matched Rules

    To investigate and analyze potential security threats and false positives, you may want to log the payloads of matched rules. This means recording the content of the requests that triggered WAF rules. Here’s how you can set up payload logging:

    • Firewall Events: In your Cloudflare dashboard, you can enable Firewall Events to log the payloads of requests that trigger specific WAF rules. This helps you gain insights into the nature of the requests that are being blocked.

    Payload logging is particularly useful when you need to understand the exact nature of attacks and adjust your security configurations accordingly.

    Command Line Operations

    Cloudflare also provides a command-line tool called cloudflared to facilitate various WAF operations. This tool is especially helpful for managing Cloudflare services directly from the command line. Some of the operations you can perform include:

    • Manage Tunnel Configuration: You can use cloudflared to configure and manage tunnels, which are used to connect your server to Cloudflare.
    • Manage Access Control Policies: With cloudflared, you can configure and manage access control policies, ensuring that only authorized users or entities can access your web application.
    • Access WAF Logs: The tool allows you to access logs and analytics data related to your WAF settings and security events.

    Using cloudflared offers a more flexible and programmatic way to interact with Cloudflare’s WAF and related services.

    Handle False Positives

    False positives occur when legitimate traffic is incorrectly flagged as malicious by the WAF rules. Handling false positives is crucial to maintain the accessibility of your web application. Here’s how to deal with them:

    • Rule-Level Bypass: As indicated at the beginning, exceptions may be made on a rule by rule approach. For any specific rules that give a lot of false positives, these can be skipped knowing that there is clean traffic for them.
    • Monitoring and Adjustment: Check Your WAF Logs And Adjust Your Rule Configurations Regularly. Depending on pattern observation of false positives, it is possible to fine tune rules settings, adjust severity level, or generate exemptions when necessary.
    • Anomaly Detection: Cloudflare provides tools for anomaly detection, which can help you identify unusual or unexpected patterns in your traffic. This can be useful for detecting and addressing false positives.

    Finally, Managed Rules by Cloudflare are a great option for protecting your web applications. This will enable you gain knowledge in the various deployment types, rulesets, customization options, exception handling, payload logging, as well as command line operations that may help you configure your WAF for maximum protection and at the same time retain usability. It’s important to note that Web Application Firewall is not a one-time measure and the security of your applications should be constantly reviewed.

    Reference link to know more in detail: https://developers.cloudflare.com/waf/managed-rules/

    Thanks for reading! I hope you found this blog informative and insightful. For more technology-related content, don’t forget to follow us on LinkedIn.

  • Can Piracy Be Stopped? Lessons from Real-World Anti-Piracy Efforts

    Can Piracy Be Stopped? Lessons from Real-World Anti-Piracy Efforts

    Over the years, working with companies who host downloadable content marketplaces for games such as MinecraftRobloxUnity, and Unreal Engine, I’ve seen piracy from all angles.

    One of the most important questions we need to ask is: Why does piracy happen in the first place? It’s not just about outsmarting pirates with technology—it’s about understanding the deeper reasons behind it and finding ways to reduce its impact.

    Is Fingerprinting Digital Content Enough?

    One of the biggest breakthroughs we had was figuring out how to embed unique identifiers into different types of files. At first, we were just placing static markers in every download, but it didn’t take long for pirates to figure out how to strip them out or bypass them entirely.

    So, we took things up a notch by embedding these identifiers in a much less obvious way—tweaking small details like file structure or metadata that wouldn’t impact the file’s performance but would still let us trace it back to the original source if it got pirated. To make it even more secure, we encoded or obfuscated these identifiers using proprietary algorithms, which allowed us to decrypt them later and reveal the exact user who distributed the pirated content. It’s a pretty neat system.

    Embedding in Text Files

    One of the more interesting approaches we used was embedding identifiers into text-based content like YML, XML, HTML, and PHP files. We could modify content word order, add invisible spaces, or insert custom tags or modify code in ways that wouldn’t affect how the file worked but would still leave a unique fingerprint. Every file could be tracked live, and when a pirated version appeared online, we’d match it to the original user using the embedded, encoded identifiers in our database.

    Embedding unique audio cues or modifying sonic frequencies allow companies to accurately log information from user-downloaded content.

    What Would It Take to Stop Piracy?

    After years of working on anti-piracy solutions, I’ve come to realize the key isn’t in more restrictions or harsher legal action. It’s about addressing the core issues that lead to piracy: access and affordability.

    More Flexible Pricing Models

    In one project, we experimented with tiered pricing based on regional economies. By matching the general incomes from different regions, we saw something interesting: users in lower-income areas were far more likely to purchase content when the price was adjusted to be affordable for them. Instead of sticking to one general price for everyone, we adapted our pricing to fit each region’s purchasing power.

    The result? Piracy dropped significantly in those areas. We realized that for many users, piracy wasn’t always a first choice—they turned to it because the general price of content was simply out of reach. By making the content affordable according to local economic conditions, users preferred to buy the legitimate version rather than resorting to piracy.

    Solution: Price digital content based on local economies. When it’s affordable, people are far more likely to pay, reducing the incentive to pirate.

    Final Thoughts

    Piracy isn’t just a technical challenge; it’s a social and economic issue. If we want to reduce it, we need to create a system that works for both creators and consumers.

    • Flexible pricing models that reflect local economies
    • Global access and direct support systems for creators

    These steps might not end piracy overnight, but they’ll help shift the balance. The real solution lies in building a better, more inclusive digital ecosystem—one that benefits both creators and users.