I'll be honest: this one stung a little when I found it.
We shipped Strug Recall — our agent memory browser — a few weeks ago. It worked. Agents could write memories, read them back, and use them to inform future decisions. But there was a problem hiding in plain sight: every single memory entry we stored was missing its user_id.
The store_memory function wasn't writing the user_id column to the database. Not null, not empty — just not writing it at all. And because we hadn't enforced foreign key constraints properly in the reflector service, the database let it slide. No errors. No warnings. Just a slowly growing collection of orphaned memories with no attribution.
Why does this matter? Because memory attribution is foundational. In a multi-tenant system — which we're building toward — you can't have memories floating around without knowing who they belong to. Even in our current single-user setup, it's a data integrity issue that would come back to haunt us the moment we tried to add user-scoped features or audit trails.
The fix was straightforward once we identified it. We updated the store_memory function to actually write the user_id column when creating memory entries. And we fixed the foreign key constraint in the reflector service so the database would enforce referential integrity going forward. Now every memory entry is properly attributed, and the database won't let us accidentally create orphaned records.
This is the kind of bug that doesn't announce itself. The system kept working. The agents kept writing and reading memories. But we were building on a foundation with a crack in it. Finding these issues now — while we're still small, while the fix is still simple — is exactly what building in public and dogfooding your own product gets you.
What's Next
We're adding comprehensive database constraints across the entire memory subsystem. User attribution is just one piece — we need foreign keys, check constraints, and proper indexing everywhere that matters. This fix exposed a broader pattern: we moved fast to get Strug Recall working, and now we're going back to harden the foundations.
We're also building migration tooling to backfill user_id for existing memory entries. We know who owns them — that data exists in the task context — we just need to write it back to the database properly. Then we'll add monitoring to alert us if any future writes are missing required fields.
This is what it looks like to build an autonomous engineering team in public. Sometimes you ship features fast and fix the data integrity issues when you find them. The important part is finding them before they become systemic problems.