Day 21: The Calls That Shaped the Roadmap
Some days you write code. Some days you listen. Today was a listening day, and it changed everything about where Pinchy goes next.
What Happened
Multiple calls today. Every single one went well. But more importantly, every single one taught me something I wouldn't have figured out alone.
An enterprise from Dubai gave me the most valuable feedback so far. Not about what Pinchy does, but about what it doesn't do yet. Channel integrations are critical: WhatsApp, Telegram, Slack, Email. Not as nice-to-haves, but as table stakes. When your team communicates across channels, your agents need to live there too. Public agents were another theme: the ability for external users to interact with an agent without needing a Pinchy account. And token usage budgets: knowing exactly how much each agent costs per month.
I also had a call with an AI company that's interested in a potential collaboration around Pinchy. Too early to share details, but the conversation confirmed something I've been suspecting: the market for self-hosted, auditable AI agent platforms isn't theoretical. People are actively looking for this.
The Roadmap Took Shape
After the calls, I turned every piece of feedback into a GitHub issue. Not a vague "we should think about channels someday" note in a doc. Proper issues with descriptions and context:
- RBAC with Groups — Role-based access control beyond just admin/user
- Channel Integration — Telegram, WhatsApp, Slack, Email
- Public Agents — External users without Pinchy accounts
- Usage & Cost Dashboard — See what each agent costs
- Cost Budgets per Agent — Set spending limits
- Enterprise Licensing — The open-core model takes shape
This is how a roadmap should be built. Not in a strategy meeting, but from real conversations with real people who want to use the thing you're building.
RBAC: The First Enterprise Feature
Of all the feedback, one theme came up in every single call: permissions need to be more granular. Admin and user isn't enough. Teams need groups, roles, scoped access.
So I started building it. Same day. PR #40 is already at 22 commits, 80 files changed, 5,760 lines added. Groups, agent visibility modes (admin-only, all users, specific groups), a full Settings UI for managing groups and access, audit logging for every group change, and group assignment during user invite.
RBAC is the first feature that will become part of the open-core enterprise tier. Gated behind a PINCHY_ENTERPRISE_KEY env var. Without it, everything works exactly as before. With it, you get groups and granular access control.
This isn't about locking features behind a paywall. It's about building a sustainable business around an open-source project. The audit trail stays open. Agent permissions stay open. The features that make Pinchy useful for a 5-person team stay free forever.
One More Thing
Tomorrow evening I'm giving a lightning talk about Pinchy at the Vienna AI Engineering Meetup. 280 people. OpenClaw & Codex Lightning Talks Night. Peter Steinberger joining via livestream from SF.
7 minutes to show 280 people why AI agents need a security layer. No pressure.