Enforcing Architecture in Thousands of Repos, the Netflix Way
What Netflix shipped
Netflix's JVM Platform team runs a polyrepo strategy with tens of thousands of Java repositories. They've open-sourced Nebula ArchRules, a Gradle plugin that lets them ship ArchUnit-style architectural rules from a central library and have every repository pick up the latest version on its next build. The post walks through how they handle rule rollout, exemptions and graceful failure modes.
The polyrepo governance problem
If you've ever tried to enforce a coding standard across more than ~20 repos, you've felt this pain. Three common attempts and why each disappoints:
- **Linter config in every repo.** Drifts within a quarter. No two repos agree on which version of the rules they're running.
- **Centralised CI that all repos call.** Couples release cadence across the org and creates a bottleneck.
- **Shared library that repos import.** Works — but only if updates can be rolled out without breaking everyone simultaneously.
Netflix's approach is the third with the rollout problem actually solved: rules can land in "warning" mode first, get adopted gradually, then flip to "fail the build" once compliance is high enough.
Why this matters for KYAX clients
Most of our enterprise clients have between 50 and 500 active repos and zero working strategy for cross-repo enforcement of "don't reach across module boundaries" / "no direct DB access from the controller layer" / etc. Even if you're not on the JVM, the pattern transfers — pick an architecture-rule engine for your stack (ArchUnit / dependency-cruiser / similar), package the rules as a versioned library, ship them with a "warn-first, fail-later" rollout. The Nebula ArchRules post is worth reading for the rollout-mechanics design alone.
---
*Source: [Netflix Tech Blog](https://netflixtechblog.com/scaling-archunit-with-nebula-archrules-b4642c464c5a) — Netflix Technology Blog, 2026-05-08. Commentary is original to KYAX.*