Eduardo Arsand
Back to Notes

Vendor Lock-in Starts at Hello World

Architecture Programming
38

I treat “Hello World” as a serious architectural moment.

It looks trivial because the program does almost nothing, but that is exactly why it matters. The first example in a project usually defines the first dependency, the first deployment path, the first hosting assumption, and the first operational habit. Those choices arrive disguised as convenience. They are accepted before a system has enough weight to expose their long-term cost.

My view is that vendor lock-in rarely begins with an explicit commitment. It begins with a default. A platform provides a starter template, a managed database, a logging interface, a queue, a storage abstraction, and a deployment button. None of these decisions looks binding in isolation. Together they form a local gravity field.

Once the system grows around those interfaces, changing direction stops being a procurement problem and becomes a software rewrite.

The Mechanism is Usually Structural

I do not define lock-in only as a commercial dependency. I define it as a structural condition where the cost of leaving one environment is materially higher than the cost of staying, even when staying is no longer the best technical or economic decision.

That condition is often created before a team notices it.

The mechanism is straightforward. A project starts by calling one API. That API encourages one authentication model, one event format, one error vocabulary, one resource lifecycle, and one set of operational assumptions.

The code begins to reflect those assumptions. Test fixtures reflect them next. Deployment scripts follow. Monitoring, documentation, and mental models eventually align around the same boundaries.

At that point, the dependency is no longer located in a package manager entry. It is embedded in the shape of the system.

Convenience Has a Compounding Effect

Early convenience compounds faster than teams expect. The shortest path to a working demo often becomes the canonical path to production.

This is not because engineers lack discipline. It is because software rewards momentum. Once a default is proven functional, every adjacent decision tends to preserve it. New contributors learn the existing pattern. Business pressure favors reuse over redesign. The initial shortcut becomes institutional memory.

This is why lock-in often feels invisible while it is forming. Each individual step appears rational. The cumulative effect is what becomes expensive.

Migration later requires more than changing vendors. It requires recovering lost abstractions, separating concerns that were merged for speed, and rebuilding interfaces that were never designed to travel.

What I Look For Early

When I evaluate a new tool or platform, I pay attention to where it asks me to surrender control.

The issue is not whether a service is good. Many are good. The issue is whether the service becomes the language of the application instead of remaining an implementation detail.

  • I look at whether domain logic depends directly on vendor-specific SDKs.
  • I examine whether data models mirror a provider’s storage rules instead of the business model.
  • I check whether operational workflows require one dashboard, one CLI, or one deployment contract.
  • I assess whether exporting data, behavior, and observability is simple or artificially constrained.

These signals matter because lock-in is strongest when the business concept and the vendor concept become indistinguishable. Once that happens, replacement is interpreted as reinvention.

Optionality Is a Design Discipline

I do not believe in designing for total portability. That usually creates weak systems built around hypothetical migrations.

I believe in designing for selective optionality. The goal is not to avoid every dependency. The goal is to decide deliberately which dependencies are acceptable, which ones need insulation, and which ones should never define the core of the product.

In practice, I prefer a narrow set of durable rules. I keep domain logic separate from provider logic. I define internal interfaces around business needs rather than external SDK shapes. I keep data export realistic, not theoretical.

The Real Cost Appears Late

The cost of lock-in is rarely paid at adoption time. It is paid when priorities change.

A pricing model shifts, a compliance boundary appears, latency targets tighten, a region matters, an acquisition changes constraints, or a product expands beyond the assumptions of its first deployment. The team then discovers that the fastest early path was also a binding path.

That is why I take small beginnings seriously. “Hello World” is not harmless. It is the first draft of a dependency graph, an operations model, and a set of habits that may outlive the original decision-makers.

Vendor lock-in starts there, at the moment a system learns its first convenience and mistakes it for neutrality.

Comments ({{ modelContent.total_comments }})