Day 10: Context Belongs to People, Not Agents
A data model that felt right at 2 agents broke at 5. Plus: the audit trail gets honest about tool usage.
The design that didn't scale
Every agent in Pinchy has a workspace — a directory of files that define how it behaves. One of those files is USER.md: context about the person using the agent. Their role, their projects, their preferences.
Until yesterday, USER.md lived inside each agent's settings. You'd create an agent, go to the Context tab, and write who you are. Agent by agent.
With 2 agents, this is fine. With 5, it's annoying. With 20 — which is where enterprise deployments go — it's unsustainable. Same information, copied to 20 places, maintained nowhere.
The fix wasn't a feature. It was a data model change.
Two kinds of context
PR #2 introduces a clean split:
- Personal context — stored on your user profile. Synced to all your personal agents. "I'm a backend developer working on a fintech product. I prefer TypeScript."
- Organization context — stored in admin settings. Synced to all shared agents. "We're a 50-person startup. Our stack is Next.js, PostgreSQL, and AWS. Our coding standards are documented in /docs/standards."
When you create a personal agent, it gets your personal context. When an admin creates a shared agent, it gets the org context. Both are written to USER.md in the agent's workspace — the file OpenClaw expects — but the source of truth is the database, not the file.
Six commits. 31 files changed. 1,844 lines added. No new buttons visible to the user. Just one tab that moved from agent settings to general settings.
Why this matters architecturally
This is the kind of change that separates a prototype from a product. In a prototype, you store data where it's convenient. In a product, you store it where it belongs.
Context belongs to people and organizations. Not to individual agents. An agent is a tool. Your identity shouldn't be scattered across your tools.
The implementation required a new internal function — writeWorkspaceFileInternal — that bypasses the user-facing file API. Because USER.md is no longer editable per-agent. It's synced. Change your personal context once, and every personal agent picks it up on the next restart.
New API endpoints:
GET/PUT /api/users/me/context— personal context, available to all usersGET/PUT /api/settings/context— org context, admin only
Both trigger an OpenClaw restart when saved, so agents pick up the changes immediately.
The audit trail gap
Parallel to the context refactor, I found a gap in the audit trail: tool usage wasn't being logged.
Pinchy logs every message, every agent creation, every settings change. But when an agent uses a tool — reads a file, searches the web, executes a command — that wasn't showing up in the audit log.
For a personal project, this doesn't matter. For an enterprise deployment where a CTO needs to answer "what did the AI agent do with our data?" — it matters a lot.
This fix is still in progress. The branch exists, the approach is clear: intercept tool calls at the WebSocket bridge level and log them with the same HMAC-signed, immutable format as everything else. No tool call happens without a record.
Build in Public reality check
Not every day produces 31 commits. Yesterday was a travel day — trains, no reliable internet, limited coding time. The context refactor was designed and partially implemented in the gaps between train stations.
That's the honest reality of building a product while freelancing. Some days are 12-hour marathons. Some days you get 90 minutes. The skill isn't coding fast. It's knowing which 90 minutes matter most.
Yesterday, those minutes went into a data model change that will save every future Pinchy user from maintaining duplicate context across agents. No commits to show off. Just the right decision at the right time.
What's next
Merge PR #2. Finish the audit trail fix. And then: turning my attention to the security questions that Balthasar Biedermann raised on LinkedIn — prompt injection mitigations and agent permissions. The kind of features that nobody sees in a demo but everyone asks about in a security review.
Follow the build: github.com/heypinchy/pinchy