Back to Systems

ColdTrack Claims Intelligence Platform

A supply-chain claims intelligence platform that turns rejected cold-chain shipments into traceable evidence, deterministic diagnosis, and claim workflows.

June 13, 2026
Domain Driven DesignModular MonolithSupply ChainEvidence ModelingSpring Boot

The Problem

Shipment rejections create costly disputes because custody, sensor observations, SLA rules, inspection results, and financial impact are scattered across different systems.

The Solution

ColdTrack models the rejection workflow as bounded contexts for custody, contracts, observations, data quality, diagnosis, evidence, and claims so each verdict can be reproduced from explicit facts.

What It Solves

  • Converts shipment disputes into structured evidence packages.
  • Links responsibility to custody windows, SLA snapshots, and observation facts.
  • Keeps AI out of fault assignment so decisions remain deterministic and auditable.

Architecture

  • Java 17 and Spring Boot modular monolith with clean domain modules.
  • PostgreSQL-backed modules with outbox events and command idempotency.
  • Shared query contracts protect module boundaries without cross-module database access.

Trade-Offs

  • Modular monolith preserves domain boundaries without distributed-service overhead.
  • Deterministic diagnosis is less flexible than AI scoring but more defensible.
  • Evidence versioning adds storage and process cost but protects audit replay.

Problem Evidence

From rejected shipment to defensible claim

ColdTrack is shaped around dispute failure modes, not generic shipment tracking screens.

Failure

Rejected shipments become arguments

Teams debate responsibility without shared facts

Response

Evidence package

Failure

Custody is not legally explicit

Responsibility windows are unclear

Response

Custody chain

Failure

Temperature logs arrive as raw files

Signals are hard to trust or interpret

Response

Observation timeline

Failure

SLA rules change over time

Audits cannot replay the original contract

Response

Contract snapshot

Failure

Claims need defensible attribution

Financial resolution stalls

Response

Deterministic diagnosis

Workflow Design

The diagnostic chain

A rejection only becomes actionable after the system connects parties, custody, observations, rules, and claim state.

Network

Retailer, supplier, and carrier are registered with visibility rules.

Shipment

A shipment is commissioned and every custody window is recorded.

Observations

CSV, manual, or API facts become an immutable observation stream.

Diagnosis

Rules, custody, observations, and data quality produce a verdict.

Claim

The claim is opened with reproducible evidence and loss context.

Domain Boundary

Bounded contexts map to dispute evidence

Network & Trust

Participants, roles, visibility

Shipment & Custody

State machine and possession windows

Contracts & Compliance

Frozen SLA rules per shipment

Observations & Inspections

Append-only facts and QA records

Data Quality & Trust

Confidence score and anomaly detection

Diagnosis

Verdict, trace, responsibility attribution

Evidence

Immutable package and manifest hash

Claims Workflow

Human dispute and resolution process

Architecture Evidence

Traceable decisions

Deterministic fault model

DiagnosisPolicyV1 cannot invent responsibility; attribution must reference observations, inspections, or remain Unknown.

Reproducible evidence

Evidence packages store a manifest, version, checksum, and references to the diagnostic input used for the verdict.

Module boundary discipline

The backend separates domain modules and uses shared query contracts instead of cross-module database access.

Operational reliability

Outbox events, idempotency records, and integration tests protect command processing and event relay behavior.

Every verdict is designed to be explainable, versioned, and tied back to evidence instead of guessed.
AI can summarize or assist later, but the fault decision belongs to deterministic domain rules.

The Problem In One Sentence

Cold-chain disputes are not only about tracking where a shipment went. The hard problem is proving what happened, who had custody, which rule applied, whether the data can be trusted, and what evidence supports the claim.

That makes ColdTrack a claims intelligence system, not a fleet tracking dashboard.

Evidence Of The Workflow Problem

The visual model above shows the core product argument: rejected shipments create disputes when operational facts are fragmented.

ColdTrack responds by turning each disputed fact into a domain surface:

| Disputed fact | System response | | --- | --- | | Who held the goods? | Custody chain with non-overlapping windows | | Which rules applied? | Immutable contract snapshot per shipment | | What happened in transit? | Observation timeline from manual, CSV, API, or IoT inputs | | Can the data be trusted? | Data quality assessment and anomaly detection | | Who is responsible? | Deterministic diagnosis with decision trace | | What should be sent to the counterparty? | Versioned evidence package and claim workflow |

Design Decision

ColdTrack separates shipment movement from claim responsibility.

The shipment module owns status and legal possession. The diagnosis module does not mutate shipment state; it reads finalized facts from custody, contracts, observations, inspections, and data quality.

That separation matters because a rejected shipment should not automatically imply fault. Fault only becomes meaningful after rules and evidence are evaluated against the custody chain.

Architecture Decision

The backend is shaped as a modular monolith instead of early microservices.

That choice fits the current product stage because the domain is broad but the workflows are tightly connected. The architecture still keeps boundaries explicit through modules such as:

  • shipmentcustody
  • contractscompliance
  • observationsinspections
  • dataqualitytrust
  • diagnosis
  • evidence
  • claimsworkflow

The important engineering signal is that the modules are not just folder names. The codebase includes public query contracts, outbox events, command idempotency, integration tests, and architecture rules to protect the boundaries.

Diagnosis Is A Reproducible Process

The diagnosis lifecycle has a clear dependency chain:

sequenceDiagram
    autonumber
    participant QA as QA inspector
    participant Shipment as Shipment custody
    participant Contract as Contract snapshot
    participant Obs as Observations
    participant Quality as Data quality
    participant Diagnosis as Diagnosis engine
    participant Evidence as Evidence package
    participant Claim as Claims workflow
 
    QA->>Shipment: Reject shipment after delivery
    Shipment->>Diagnosis: Trigger diagnostic run with finalized custody chain
    Diagnosis->>Contract: Load immutable SLA rules for shipment
    Diagnosis->>Obs: Load observations and inspection records
    Diagnosis->>Quality: Load confidence score and anomalies
    Diagnosis->>Diagnosis: Evaluate rules inside custody windows
    alt Evidence supports attribution
        Diagnosis->>Evidence: Publish verdict, party attribution, decision trace
        Evidence->>Claim: Attach reproducible package to claim
    else Evidence is incomplete
        Diagnosis->>Evidence: Publish Unknown attribution with missing-evidence reasons
        Evidence->>Claim: Open review with evidence gaps
    end

This is the difference between a dashboard and a decision system. A dashboard shows data. ColdTrack is designed to explain why the data leads to a specific claim action.

Responsibility Is Not Guessed

A key rule in the project is that responsibility cannot be invented.

If evidence proves the carrier was responsible during a custody window, the verdict can attribute responsibility to that party. If the evidence is incomplete, the remaining attribution belongs to Unknown.

That design is valuable because it prevents the system from pretending certainty. It also creates a clean future boundary for AI: AI can summarize evidence, highlight missing documents, or draft claim language, but the actual fault decision remains deterministic.

Evidence Package Design

The evidence package is the audit artifact.

It is designed to include the shipment summary, product and batch references, network participants, custody timeline, observations, inspection records, contract rules, data quality warnings, diagnostic verdict, responsibility attribution, loss estimate, claim status, and package checksum.

That turns ColdTrack into a platform for reproducible business decisions rather than a set of CRUD screens.

Trade-Offs

Modular monolith first

The domain has many contexts, but the product does not need distributed infrastructure yet. A modular monolith keeps transaction and deployment complexity lower while still preserving boundaries.

Deterministic rules before AI

AI would be attractive for summarization, but using it to assign fault would weaken auditability. ColdTrack keeps the diagnostic engine deterministic so every verdict can be explained.

Evidence versioning

Immutable evidence packages create more persistence work, but they make audits, disputes, and claim revisions safer. If facts change, the system creates a new evidence version instead of rewriting the old one.

What This Case Study Demonstrates

ColdTrack demonstrates system architecture around business truth:

  • modeling custody as a legal possession timeline;
  • freezing contract rules for later audit replay;
  • separating observations from data quality;
  • generating deterministic verdicts with decision traces;
  • preserving evidence as immutable, versioned packages;
  • using module boundaries to keep a large domain understandable.

The engineering point is that the system does not merely store shipment data. It structures the facts needed to defend a claim.