Production Readiness & Scope
mempill 0.2.0 is a correct, well-tested engine — bi-temporal fold, ACID writes, cross-adapter conformance, and append-only integrity, backed by 446 Rust tests. It is designed for embedded and early-stage use. Read this page before deploying it at scale: the limits below are operational and scale-related, not flaws in the engine’s correctness model.
Safe today for
Section titled “Safe today for”- Embedded, single-process, single-tenant use — for example the SQLite adapter or the MCP server.
- Local or private-network PostgreSQL at human scale — roughly ≤ ~1,000 agents, ≤ a few hundred claims per subject-line, and modest write rates. The correctness guarantees (temporally-correct belief, Contested surfacing, provenance firewall) hold fully within this envelope.
Current limits
Section titled “Current limits”Each item below has hardening planned — see the Changelog for the roadmap.
| Area | Limit today | Plan |
|---|---|---|
| Read cost | Belief is recomputed from the full claim history of a subject-line on every read (it is never stored — that is the correctness model). No snapshot/compaction yet, so a long-lived, high-churn subject-line gets slower over time. Comfortable at hundreds of claims per subject-line; not tuned for tens of thousands. | Snapshot/compaction (v0.3) |
| SQLite writes | All agents’ writes serialize through a single writer lock, and reads error while a write transaction is open on that agent’s file. | Use the PostgreSQL adapter for write concurrency across agents |
| PostgreSQL transport | NoTls only — do not expose the connection over an untrusted network. |
TLS (v0.3) |
| PostgreSQL pool | Connection pool size is fixed (20) and not yet configurable. | Configurable pool (v0.3) |
| Observability | No built-in tracing/metrics instrumentation — latency, error rates, and contention are not visible to an operator out of the box. |
Instrumentation (v0.3) |
| Benchmarks | No published load/stress benchmarks; all 446 tests are correctness tests. Performance at large scale is not yet characterized. | Criterion + stress suite |
Not recommended yet for
Section titled “Not recommended yet for”- Public-facing multi-tenant services (no built-in auth or observability).
- High-frequency automated write pipelines (read cost grows with history until snapshotting lands).
- Networked PostgreSQL with real credentials — until TLS is available.
- Very high agent cardinality — the per-agent advisory lock uses a 32-bit hash, so collisions become likely past tens of thousands of distinct agent IDs.
In short
Section titled “In short”If your use case is inside the safe envelope, mempill is dependable today. If it is outside, the engine is still a solid foundation — the gaps are operational, not algorithmic — but treat 0.2.0 as an early release and pin a specific version.