Day 24: Tokens Are Money
Two big things happened today: a feature shipped and a potential pilot customer showed up.
RBAC Is Merged
41 commits. Role-based access control is in the main branch.
The big pieces: groups, agent visibility, user-group assignments, and an enterprise key that gates it all. You create groups like "Engineering" or "HR," assign users, then control which agents each group can see. Marketing talks to the marketing agent. Engineering talks to the code review agent. Nobody sees what they shouldn't.
Some things I'm particularly happy with:
The visibility model started with three values, then got simplified to two. Classic case of overengineering on the first pass. "Admin only" and "group-based" cover every real scenario. The third option was adding complexity without adding value.
Admins can only see their own personal agent, not everyone else's. Sounds obvious, but it took a dedicated fix. When you're the admin, it's tempting to just show everything. But personal agents are personal.
The agent list auto-refreshes with polling and focus-refetch. Create a group, assign an agent, switch tabs, and it's already there. No manual reload. Small thing, but it makes the whole system feel alive.
And the graceful degradation: when an enterprise key expires, all agents become accessible to all users. RBAC just stops applying. Nothing locks you out. Renew the key, permissions are back. No hostage situations.
Lunch With an Old Friend
Had lunch with a friend who runs a successful company. Turns out he already knew about Pinchy. His team has been running OpenClaw on a VPS, experimenting. Their verdict: works for one person, falls apart for a team. No permissions, no structure, no way to share context safely.
Sound familiar? I keep hearing the same story.
After lunch I sat down with his tech lead and we mapped out scenarios. The core use case: they have data scattered across multiple sources and want an agent that can connect the dots. Ask it a question, it pulls from different systems, synthesizes an answer. Not a chatbot. A research assistant that actually knows the business.
We're starting a pilot in a few days. I'm genuinely excited about this one.
The Cost Conversation
Here's something I keep hearing in every single customer conversation: agents get expensive fast.
It makes sense. You give an agent a big context, it thinks through a problem, calls some tools, processes the results. That's a lot of tokens. And tokens are money. Sonnet vs Opus is a 10x cost difference. Add embeddings, retrieval, multi-step reasoning, and you're looking at real numbers.
I've decided this needs to be a core part of Pinchy's DNA, not an afterthought. Token efficiency. Smart context management. Not burning money by stuffing everything into every prompt.
Concretely, that means: vector database with embeddings. Instead of dumping entire documents into the context window, retrieve only what's relevant. For the pilot, this is essential. The data volumes are too large to brute-force with raw context.
What I'm Building Next
Vector storage with embeddings needs to land before the pilot starts. That's the priority. The friend's team has real data, real questions, and real expectations. No room for "just paste everything into the prompt and hope for the best."
This is the part of building in public I enjoy most: a real use case driving the roadmap. Not features I think might be useful. Features someone actually needs, next week.