Deep technical comparison
Comis vs OpenClaw
60 dimensions. Both codebases reviewed. Every claim verified by independent agents against the actual source code.
Both projects are open source. This comparison reflects the codebases as of April 2026.
Architecture & Code
Compile-time safety vs runtime flexibility.
Architecture
ComisOpenClaw
Monolith plus 82 extension packages. Plugin-driven with dynamic loader for runtime discovery.
Comis
Hexagonal (ports & adapters). 13-package monorepo with compile-time enforced dependency graph via TypeScript composite references.
Codebase organization
ComisOpenClaw
Single src/ directory (~3K source files) plus 82 extensions. Single tsconfig, pnpm workspace.
Comis
13 packages, ~478K source lines. Strict separation via package references and pnpm workspaces.
Error handling
ComisOpenClaw
Traditional throw/catch with custom error extractors. Runtime-checked.
Comis
Result<T, E> as primary return pattern with ok(), err(), tryCatch(), fromPromise(). Type-safe and compile-time checked.
Security
Defense in depth vs boundary enforcement.
Authentication
ComisOpenClaw
Token, password, Tailscale whois, and trusted-proxy auth. Configurable, can be set to none.
Comis
mTLS gateway and bearer token support. 32-character minimum token requirement. Optional in config.
Prompt injection
ComisOpenClaw
Explicitly out of scope per SECURITY.md. Focus on execution boundaries only.
Comis
68 patterns across 13 weighted categories with composite 0.0–1.0 scoring. Progressive rate limiting and reinforcement actions.
Memory safety
ComisOpenClaw
Single trust level with embedding-based search. No trust partitioning.
Comis
Trust-partitioned across three levels: system, learned, and external. Per-agent isolation with write validation.
Secrets management
ComisOpenClaw
${VAR_NAME} template references with SecretRef type (env/file/exec sources). No secret-specific lint rules.
Comis
SecretManager with frozen snapshots. ESLint-banned process.env access. 68 Pino redaction paths.
SSRF protection
ComisOpenClaw
SSRF policy in plugin-sdk with less granular controls.
Comis
DNS-pinned validation with cloud metadata IP blocklist and private range blocking.
Path traversal
TieOpenClaw
boundary-path.ts (861 lines) with symlink escape detection and Windows ACL support.
Comis
safePath() with null byte, URL-decode, and symlink detection. ESLint-banned path.join().
Audit trail
TieOpenClaw
SecurityAuditFinding[] with 114 checks across 4 audit modules and severity ratings.
Comis
AuditEvent with action classification (read/mutate/destructive). Fail-closed default.
Tool access control
ComisOpenClaw
Static config allowlist with owner-only gating. Optional Docker sandbox.
Comis
Per-agent tool policies, skill allowlists, budget guards, and circuit breakers.
Output scanning
ComisOpenClaw
No output scanning.
Comis
OutputGuardPort scans LLM responses for secret leaks, canary tokens, and prompt extraction attempts.
Process isolation
ComisOpenClaw
Optional Docker sandbox for tool execution. Heavier weight, requires Docker daemon.
Comis
Kernel-enforced exec sandbox wraps every shell command in a filesystem namespace (bubblewrap on Linux, sandbox-exec on macOS). Agents can only access their workspace, graph shared directory, and system binaries.
Extensibility
Typed ports vs plugin SDK breadth.
Channel extensibility
OpenClawOpenClaw
Implement ChannelPlugin (21 adapters). Register via extension package.json — auto-discovered.
Comis
Implement ChannelPort interface and wire in the composition root bootstrap.
Plugin system
OpenClawOpenClaw
Dynamic plugin loader with api.registerTool(), api.registerCli(). 219+ SDK exports.
Comis
PluginPort with lifecycle hooks, priority system, and config schema registration.
Tool integration
TieOpenClaw
api.registerTool() from plugins. Skills defined as markdown files.
Comis
Built-in tools in skills/builtin/ with MCP client for external tool integration.
Agent Capabilities
Fleet isolation, orchestration, and memory.
Agent fleet
ComisOpenClaw
Multi-agent via agents.list[] config. Per-agent config cascading from defaults. Shared infrastructure.
Comis
Per-agent isolated executors with dedicated model, memory, budget, skills, and workspace. Cost tracking per agent.
DAG pipelines
ComisOpenClaw
No DAG support. Relies on cron jobs and sequential subagent spawning.
Comis
Full DAG engine: ValidatedGraph (1–20 nodes), barrier modes (all/majority/best-effort), template interpolation, concurrency control.
Subagents
TieOpenClaw
spawnSubagentDirect() with run/session modes. Depth and children limits, thread binding.
Comis
SpawnPacket with context/objective/toolGroups. Depth limits, 3-level result condensation, narrative casting.
Memory storage
TieOpenClaw
SQLite + embeddings (OpenAI, Voyage, Gemini, Mistral, Ollama). Vector search with per-backend config.
Comis
SQLite + FTS5 + sqlite-vec. Hybrid search combining BM25 and vector via reciprocal rank fusion.
Memory trust
ComisOpenClaw
No trust levels.
Comis
Three trust levels (system/learned/external) with agent isolation and write validation.
Channel count
OpenClawOpenClaw
21 channels including Matrix, MS Teams, Google Chat, Feishu, Mattermost, Twitch, Nostr, Zalo, and more.
Comis
9 channels: Discord, Telegram, Slack, WhatsApp, Signal, iMessage, IRC, LINE, Email (IMAP/SMTP).
Media (STT/TTS)
ComisOpenClaw
Per-extension media with unified facade. Not typed port abstractions.
Comis
Separate typed ports: TranscriptionPort (OpenAI/Groq/Deepgram), TTSPort (OpenAI/ElevenLabs/Edge TTS), ImageAnalysisPort.
Model providers
TieOpenClaw
34+ providers with auth profile fallback chain, dynamic discovery, and per-profile cooldown.
Comis
22+ providers via pi-ai SDK: Anthropic, OpenAI, Google, AWS, Azure, Groq, Ollama, Together, Replicate, Mistral.
Model selection
TieOpenClaw
Per-agent model with profile-based fallback, round-robin auth, and failure classification.
Comis
Per-agent model plus model routes for task-specific overrides. Auth rotation and cost tracking.
Trust model
ComisOpenClaw
Single-user per gateway — explicit architectural choice per SECURITY.md.
Comis
Multi-tenant design with per-session routing and trust-partitioned memory.
Context Management
Built-in pipeline vs pluggable ecosystem.
Pipeline architecture
ComisOpenClaw
Pluggable context engine registry with 7-lifecycle-hook interface (bootstrap, maintain, ingest, ingestBatch, afterTurn, assemble, compact). Built-in LegacyContextEngine is a pass-through wrapper. Third-party lossless-claw plugin replaces entire pipeline with DAG-based hierarchical summarization. Extensions add compaction safeguard and context pruning.
Comis
Built-in 8-layer sequential pipeline (thinking cleaner, reasoning tag stripper, history window, dead content evictor, observation masker, LLM compaction, rehydration, objective reinforcement) with per-layer circuit breaker (3-failure threshold disables layer for session). Plus a DAG-mode alternative engine sharing the same transformContext hook.
Compaction strategy
ComisOpenClaw
Reactive on context overflow (~95% capacity) or provider 400 error. Up to 3 auto-compaction retry attempts. Stage-based chunking with adaptive chunk ratios (base 0.4, min 0.15, adjusted by avg message size). Compaction safeguard extension validates 5 required sections (Decisions, Open TODOs, Constraints, Pending user asks, Exact identifiers). 3-tier identifier preservation policy (strict/off/custom). Optional memory flush agentic turn before compaction lets agent write notes to MEMORY.md.
Comis
Proactive at 85% context utilization. 3-level fallback: (1) full LLM summarization with 9-section structured output and quality validation with retry, (2) filter oversized messages then summarize, (3) count-only note (guaranteed, no LLM). Configurable cooldown (default 5 turns). Optional cheaper model override (defaults to Haiku for 10-20x cost reduction).
Tool result handling
ComisOpenClaw
Tool result context guard runs before each LLM call via transformContext hook. 400K hard max per result. Head+tail truncation preserves error messages, JSON closings, and summary lines (~70% head, ~30% tail with middle-omitted marker). 75% context headroom ratio, 50% per-result cap. Bulk compaction replaces oldest tool results with placeholder when aggregate context exceeds budget. 2K char minimum kept.
Comis
Microcompaction guard intercepts at write time with per-tool thresholds: file_read 15K, MCP tools 15K, default 8K chars. Oversized results offloaded to disk as JSON, replaced with lightweight inline references. 100K hard cap with truncation before offload. Dead content evictor removes superseded file reads, re-run commands, stale errors, and old images with O(n) forward-index scanning.
Token budgeting
ComisOpenClaw
75% input headroom ratio on context window (CONTEXT_INPUT_HEADROOM_RATIO = 0.75). 50% per-tool-result context share cap. 1.2x safety margin on all token estimates. 4K summarization overhead reserve. Context window guard: 16K hard minimum, 32K warning threshold, 200K default. Per-agent contextTokens cap overrides model native window.
Comis
Formula: H = W - S - O - M - R. 25% context rot buffer (citing Chroma 2025 research on 13.9-85% degradation at limits), 5% safety margin with 2K floor, 8K output reserve. Dual-ratio token estimation (2x weighting for tool result chars). Pure function with zero side effects.
Post-compaction recovery
ComisOpenClaw
No dedicated post-compaction recovery layer. Compaction summary persisted to JSONL session file. Hook system emits compact:before and compact:after events. Context engine afterTurn() lifecycle for background post-processing. Compaction safeguard appends configurable postCompactionSections from config. Memory flush before compaction gives agent a chance to persist notes to disk, partially mitigating information loss.
Comis
Rehydration layer injects AGENTS.md critical sections, up to 5 recently-accessed files (8K each, 30K total cap), resume instruction, and active state. Split injection for KV-cache stability (stable content at position 1, dynamic content at end). Overflow-aware: strips files first, then removes rehydration entirely if still over budget. Objective reinforcement re-injects subagent objectives.
History management
TieOpenClaw
Per-provider DM history limits with per-user overrides (channels.{provider}.dms.{userId}.historyLimit). Separate channel/group limits. History truncation counts user turns from the end via limitHistoryTurns(). Context pruning extension: cache-TTL based, prunes tool results in-memory only. Session transcript repair fixes orphaned tool_result messages.
Comis
Configurable history window (default 15 turns) with per-channel overrides (e.g., dm: 10, group: 5). Observation masker replaces old tool results beyond keep window (25) when context exceeds 120K chars, with protected tool exemptions (memory_search, file_read). Persistent write-back to session file enables stable prompt cache prefixes.
Context engine ecosystem
OpenClawOpenClaw
Growing plugin ecosystem: lossless-claw (DAG-based, scored 74.8 on OOLONG benchmark vs Claude Code's 70.3), MemOS Cloud (cross-session recall via external API), QuantClaw (C++ reimpl), 12-layer community architecture (lossless-claw + facts.db + LightRAG GraphRAG). ContextEngine slot API enables full pipeline replacement by third parties.
Comis
Built-in pipeline and DAG engines cover all use cases. No plugin marketplace needed. DAG mode uses SQLite with FTS5 for depth-aware hierarchical summarization (operational, session, phase, project memory levels). JSONL-to-DAG reconciliation for crash recovery.
Lossless context (DAG mode)
TieOpenClaw
Via lossless-claw plugin (third-party, requires separate install). SQLite + FTS5 storage. Leaf summaries: up to 20K tokens input, ~1.2K target, min fanout 8. Condensed nodes: ~2K target, min fanout 4. Triggers at 75% context window. Fresh tail: last 32 messages protected. Retrieval tools: lcm_grep (FTS5), lcm_describe (semantic), lcm_expand (decompress to source). Large file interception at 25K tokens with separate summarization.
Comis
Built-in DAG context engine (config: version: "dag"). 12-table SQLite schema (ctx_ prefix). Depth-aware summarization prompts per level. Three-tier escalation (normal, aggressive, sentence-boundary truncation). Leaf pass: min fanout 8, target 1.2K tokens. Condensed pass: min fanout 4. Integrity checking with auto-repair. DAG assembler with budget-aware selection and fresh tail protection.
Memory search
TieOpenClaw
SQLite + FTS5 + vector embeddings (OpenAI, Gemini, Voyage, Mistral, Ollama). Hybrid search with configurable weights (vector 0.7, text 0.3). MMR diversity reranking (lambda 0.7). Temporal decay with 30-day half-life. Batch API for providers that support it. Max 6 results, min score 0.35. Community 12-layer architecture adds facts.db (770+ facts with Hebbian activation/decay), file-vec index, and LightRAG GraphRAG (4,909 entities, 6,089 relations).
Comis
SQLite + FTS5 + sqlite-vec. Hybrid search via reciprocal rank fusion. Trust-partitioned (system/learned/external). RAG retriever injects memories with provenance annotations and trust-level tags. Budget-capped injection with per-query maxChars. Prompt injection sanitization on retrieved content.
Cache & Cost Optimization
Active cache optimization vs passive tracking. The fence, the feedback loop, and 81% cost reduction.
System prompt stability
ComisOpenClaw
Date/time excluded from system prompt. Plugin prepend/append system for prompt contributions. System prompt additions from context engine prepended (preserving prefix). No formal invalidation tracking.
Comis
Dual-prompt architecture: static system prompt + dynamic preamble in first user message. 15+ content types surgically relocated (RAG, canary tokens, hooks, skills, timestamps). SHA-256 digest detects mid-session invalidation.
Cache breakpoint placement
ComisOpenClaw
Single cache_control ephemeral injection on system message. Only for OpenRouter+Anthropic. No conversation-length awareness, no multi-zone strategy, no sub-agent thresholds.
Comis
3 custom breakpoints + 2 SDK-auto = up to 5 total. Zone-based placement: semi-stable (compaction summary), mid-point, second-to-last user message. Model-specific minimum thresholds. Sub-agents use lowered 512-token threshold.
Cache fence (prefix protection)
ComisOpenClaw
No cache fence concept. Context engine layers operate blind to cache state. Any content modification (pruning, compaction) silently invalidates the cached prefix without detection.
Comis
cacheFenceIndex tracks the highest breakpoint position. All 4 content-modifying layers (thinking cleaner, reasoning tag stripper, dead-content evictor, observation masker) skip messages at or below the fence. Prevents context engine from invalidating the KV cache prefix. Production result: thinking blocks removed dropped from 9 to 0 per turn.
Fence persistence across turns
ComisOpenClaw
Cache TTL timestamps stored in session entries, but no breakpoint index or fence state persisted across turns. Each turn starts with no cache awareness.
Comis
Module-level Map keyed by session key persists the breakpoint index across execute() calls. onBreakpointsPlaced callback writes to both the CE object and the Map. Post-execution sync in finally block ensures consistency.
Index space translation
ComisOpenClaw
No index translation. No awareness that context processing changes the message array size between where breakpoints are placed and where the fence would be applied.
Comis
lastTrimOffset tracks messages removed by history-window. Breakpoint callback translates post-CE index to pre-CE space (idx + trimOffset). Next turn correctly adjusts: max(-1, storedFence - newTrimCount). Proven by logs: fence=52 survives 118-message trims.
Sub-agent spawn staggering
ComisOpenClaw
No spawn staggering. All concurrent sub-agents start simultaneously, each paying the full cache write cost for identical system prompts.
Comis
Concurrent sub-agents in a pipeline wave staggered by 4 seconds (configurable via deps). First agent writes shared cache prefix, siblings read at 10x lower cost. Guards prevent stale spawns if graph completes during delay. Production: 49K avg cache reads on sub-agent first turn.
Observation masking for cache
ComisOpenClaw
No observation masking system. Tool results handled via context pruning extension (cache-TTL based, in-memory only). No hysteresis or anti-oscillation.
Comis
Hysteresis band: 120K activation, 100K deactivation. Monotonic tracking (everMaskedIds) ensures once-masked content stays masked. Fence takes priority over everMaskedIds. Persistent write-back to disk. 25-result keep window.
Sub-agent cache economics
ComisOpenClaw
No sub-agent-specific cache strategy. Cache TTL tracking via session timestamps, but no per-sub-agent optimization or tiered retention.
Comis
CACHE-16: sub-agents use 5-minute TTL ($6.25/MTok write) vs 1-hour ($10/MTok) for parent. Saves $2.16 per pipeline run. All waves complete within 5 minutes so no cache miss penalty. Content-hash dedup across siblings.
Tool schema stability
ComisOpenClaw
Tool definitions loaded once per session. No explicit snapshotting or stub retention for disconnected tools.
Comis
Per-session snapshot captures tool schemas after deferral. Disappeared tools (MCP disconnect) retained as stubs. New tools appended. Static discover_tools prevents tool-array cache invalidation.
Embedding cache
TieOpenClaw
SQLite-backed persistent cache. Multi-provider composite key. Timestamp-based LRU pruning. Batch API support.
Comis
Two-tier: in-memory LRU (10K entries) + SQLite L2 persistent cache. Provider-identity-aware keys. Batch operation splits hits/misses. Survives restarts via L2.
Cache observability
ComisOpenClaw
6-stage diagnostic trace system. SHA-256 digests per message. Cache TTL session entries. Cache tokens normalized across providers. No fence or breakpoint observability (not implemented).
Comis
cacheFenceIndex logged on every CE pipeline run. onBreakpointsPlaced callback logged with highest index. Breakpoint placement/skip reasons logged. Seed and sync diagnostics. Per-execution cacheReadTokens, cacheWriteTokens, cacheSavedUsd.
Multi-provider cache awareness
ComisOpenClaw
Normalizes cache tokens across Anthropic, OpenAI, Kimi K2, Moonshot. Provider-specific pricing. Strips unsupported cache params for proxy endpoints. Broader provider coverage but no active optimization for any.
Comis
Anthropic: full (fence, breakpoints, staggering, tiered retention). OpenAI: passive (automatic server-side). Gemini: explicit caching via CachedContent API with SHA-256 content hashing, per-model minimum token thresholds (Flash 1,024 / Pro 4,096), concurrent dedup, and orphaned cache cleanup.
Memory safety bounds
ComisOpenClaw
WAL mode with 1s busy timeout. Configurable embedding cache max entries. No explicit WAL checkpoint. Session store cache with 45s TTL.
Comis
Duplicate detector: 500-entry FIFO. SQLite: explicit WAL checkpoint. Embedding cache: TTL + L2. Heartbeat cache: 50-entry cap. All unbounded structures have explicit bounds.
Production cost impact
ComisOpenClaw
Cache read tokens tracked and reported. No published cache hit rate metrics, no systematic invalidation tracking, no measured pipeline cost reduction.
Comis
Measured 16.9x cache read/write ratio. 94% of input tokens served from cache. $5.02 for 5.2M tokens (vs $26.42 uncached) = 81% savings. 8-agent trading pipeline: $2.11 total with 70% graph cache effectiveness.
Agent Autonomy
How independently agents operate.
Proactive behavior
TieOpenClaw
Cron-based heartbeat delivery. Isolated agent cron execution. Platform-specific polling.
Comis
Heartbeat polling with quiet hours and critical bypass. BOOT.md executes on session start. Wake event coalescing for immediate triggers.
Self-evolution
ComisOpenClaw
Configuration-driven personality. No self-modification of behavior or identity files. Changes require external intervention.
Comis
Agents maintain 8 workspace files (SOUL.md, IDENTITY.md, USER.md, etc.) autonomously. Git-tracked personality changes via identity-updater. Memory maintenance during heartbeats.
Task extraction
ComisOpenClaw
No conversation-to-task extraction. Scheduling requires manual configuration.
Comis
LLM extracts tasks from conversations with confidence scoring. Persisted to TaskStore with priority and due dates.
Session continuity
TieOpenClaw
QMD transcript persistence. Session key system with memory integration. Session reaper for cleanup.
Comis
BOOT.md runs on session start. Workspace files anchor personality across restarts. RAG injects relevant memories automatically.
Group chat intelligence
ComisOpenClaw
Two config modes (mention/always) with LLM-driven filtering in always mode. System prompt guides agents to "mostly lurk" and respond only when helpful. Silent reply token mechanism.
Comis
Structured heuristics in workspace templates: when to speak, when to stay silent, reaction guidance (minimal/extensive), triple-tap avoidance, "human rule" for natural presence.
Self-onboarding
ComisOpenClaw
User-guided CLI wizard requiring human input at every step. No autonomous initialization.
Comis
Agent-driven BOOTSTRAP.md conversation flow. Discovers its own name, personality, and values. Writes identity files and deletes bootstrap when complete.
Test Infrastructure
Volume, tooling, and automation.
Test volume
OpenClawOpenClaw
2,242 test files (1,914 in src/, 270 extensions, 46 UI, 11 harness). Coverage thresholds enforced: 70% lines/functions, 55% branches.
Comis
847 unit + 122 integration test files (~969 total). No coverage tooling configured.
Test utilities
ComisOpenClaw
40+ utility files: temp HOME isolation, stub channel plugins, fetch mocks, frozen time helpers, contract dispatch. Standard mocking patterns.
Comis
20 specialized helpers: daemon harness with port detection, ChaosEchoAdapter for fault injection (configurable fail rates, latency, rate limiting), EventAwaiter for typed event promises, structured log validation with known-pattern allowlist.
Live model testing
OpenClawOpenClaw
15 dedicated .live.test.ts files calling real LLM APIs. Gated by OPENCLAW_LIVE_TEST env var. Separate vitest.live.config.ts with sequential execution.
Comis
Provider-gated via TEST_PROVIDER_MODE=mock. Tests skip LLM calls if API keys missing. 14 provider keys detected from ~/.comis/.env.
E2E & containerized testing
OpenClawOpenClaw
33 E2E test files, 7 Docker-based suites (live models, gateway, onboarding, plugins), 46 browser tests via Playwright + headless Chromium.
Comis
15+ E2E test files with real daemon. Sequential forked execution. No Docker or browser testing.
CI & coverage
OpenClawOpenClaw
GitHub Actions CI with parallel lane splitting (unit-fast, unit-isolated, extensions, gateway, channels, e2e, live). Performance budget enforcement. Multi-platform (Linux, macOS, Windows).
Comis
Local validation only: pnpm build && pnpm test && pnpm lint:security. No GitHub Actions, no coverage reports.
Infrastructure & DX
Build speed and observability.
Build system
OpenClawOpenClaw
tsdown (esbuild-based) plus tsc for types. Single compilation unit. Faster incremental builds.
Comis
tsc per package with composite references. Compile-time enforced dependency graph.
Logging
ComisOpenClaw
Pino with redaction patterns and custom per-module fields.
Comis
Pino with canonical field dictionary. Required hint and errorKind on ERROR/WARN. Structured levels.
Observability
ComisOpenClaw
System events, diagnostic flags, channel health monitor.
Comis
Token tracker, latency recorder, circuit breaker metrics, distributed tracing via AsyncLocalStorage.
Code quality
TieOpenClaw
Oxlint type-aware, Oxfmt, knip/ts-prune dead code detection, jscpd duplication check.
Comis
ESLint security rules with banned patterns. Zod for all domain types. Dead code audits with 0 dead exports.
Key takeaways
Where Comis leads
- Security (7–0–2): Prompt injection detection, trust-partitioned memory, output scanning, SSRF DNS pinning, and ESLint-enforced secret hygiene. OpenClaw explicitly scopes prompt injection out of their security model.
- DAG pipelines: Full graph execution engine with barrier modes, template interpolation, and per-node timeouts. OpenClaw has no DAG support.
- Context management (5–1–3): Built-in 8-layer pipeline with per-layer circuit breakers, proactive compaction at 85% with 3-level fallback, write-time microcompaction with disk offloading, post-compaction rehydration, and 25% context rot buffer. OpenClaw counters with a pluggable ContextEngine slot API and a growing ecosystem - lossless-claw scored 74.8 on OOLONG (vs Claude Code's 70.3) and the community 12-layer architecture adds facts.db, LightRAG, and vector search on top.
- Cache & cost optimization (7–2–1): 20 prompt cache optimizations including TTL monotonicity enforcement, adaptive cold-start retention, 3-zone breakpoint placement with model-specific thresholds, observation masker hysteresis to prevent cache thrashing, tool schema snapshotting, and subagent short-TTL economics. Measured 81.5% cache hit rate in production. OpenClaw counters with persistent SQLite embedding cache and broader multi-provider cache awareness.
- Agent isolation: Isolated executors, budget guards, cost trackers, and skill registries per agent vs shared infrastructure with config cascading.
- Agent autonomy (4–0–2): Self-evolving personality via workspace files, task extraction from conversations, nuanced group chat intelligence, and self-onboarding - agents bootstrap themselves without human hand-holding.
Where OpenClaw leads
- Extensibility DX: The plugin SDK with 219+ exports and dynamic loader makes adding channels and tools lower friction. 40 extension packages demonstrate ecosystem maturity.
- Channel coverage: 20 messaging platforms vs 9. Beyond the shared set, OpenClaw adds Matrix, MS Teams, Google Chat, Feishu, Mattermost, Twitch, Nostr, and more.
- Build speed: tsdown (esbuild-based) is significantly faster for incremental builds than tsc-per-package with composite references.
- Context engine ecosystem: The pluggable ContextEngine slot API lets third parties replace the entire context pipeline. lossless-claw, MemOS Cloud, and the community 12-layer architecture demonstrate real ecosystem traction.
- Test infrastructure (4–1–0): 2,242 test files, 13 dedicated live-model tests, 7 Docker E2E suites, 46 browser tests via Playwright, and full GitHub Actions CI with parallel lane splitting. Comis counters with ChaosEchoAdapter fault injection and structured log validation.
Different philosophies
Comis
Design principle: Correctness first - ports, Result types, compile-time safety.
Security stance: Defense in depth - 7+ security layers, ESLint enforcement, fail-closed defaults.
Extension model: Implement typed interfaces, wire in composition root.
Trust model: Multi-tenant ready with trust-partitioned memory and per-session routing.
OpenClaw
Design principle: Velocity first - plugins, dynamic loading, convention over configuration.
Security stance: Boundary enforcement - sandbox, approval gates, explicit trust model.
Extension model: Drop a package in extensions/, implement plugin interface, auto-discovered.
Trust model: Single-user per gateway - an explicit architectural choice.
All 60 dimensions
The full picture at a glance.
| OpenClaw | Comis | Winner | |
|---|---|---|---|
| Architecture | Monolith plus 82 extension packages. | Hexagonal (ports & adapters). | Comis |
| Codebase organization | Single src/ directory (~3K source files) plus 82 extensions. | 13 packages, ~478K source lines. | Comis |
| Error handling | Traditional throw/catch with custom error extractors. | Result<T, E> as primary return pattern with ok(), err(), tryCatch(), fromPromise(). | Comis |
| Authentication | Token, password, Tailscale whois, and trusted-proxy auth. | mTLS gateway and bearer token support. | Comis |
| Prompt injection | Explicitly out of scope per SECURITY. | 68 patterns across 13 weighted categories with composite 0. | Comis |
| Memory safety | Single trust level with embedding-based search. | Trust-partitioned across three levels: system, learned, and external. | Comis |
| Secrets management | ${VAR_NAME} template references with SecretRef type (env/file/exec sources). | SecretManager with frozen snapshots. | Comis |
| SSRF protection | SSRF policy in plugin-sdk with less granular controls. | DNS-pinned validation with cloud metadata IP blocklist and private range blocking. | Comis |
| Path traversal | boundary-path. | safePath() with null byte, URL-decode, and symlink detection. | Tie |
| Audit trail | SecurityAuditFinding[] with 114 checks across 4 audit modules and severity ratings. | AuditEvent with action classification (read/mutate/destructive). | Tie |
| Tool access control | Static config allowlist with owner-only gating. | Per-agent tool policies, skill allowlists, budget guards, and circuit breakers. | Comis |
| Output scanning | No output scanning. | OutputGuardPort scans LLM responses for secret leaks, canary tokens, and prompt extraction attempts. | Comis |
| Process isolation | Optional Docker sandbox for tool execution. | Kernel-enforced exec sandbox wraps every shell command in a filesystem namespace (bubblewrap on Linux, sandbox-exec on macOS). | Comis |
| Channel extensibility | Implement ChannelPlugin (21 adapters). | Implement ChannelPort interface and wire in the composition root bootstrap. | OpenClaw |
| Plugin system | Dynamic plugin loader with api. | PluginPort with lifecycle hooks, priority system, and config schema registration. | OpenClaw |
| Tool integration | api. | Built-in tools in skills/builtin/ with MCP client for external tool integration. | Tie |
| Agent fleet | Multi-agent via agents. | Per-agent isolated executors with dedicated model, memory, budget, skills, and workspace. | Comis |
| DAG pipelines | No DAG support. | Full DAG engine: ValidatedGraph (1–20 nodes), barrier modes (all/majority/best-effort), template interpolation, concurrency control. | Comis |
| Subagents | spawnSubagentDirect() with run/session modes. | SpawnPacket with context/objective/toolGroups. | Tie |
| Memory storage | SQLite + embeddings (OpenAI, Voyage, Gemini, Mistral, Ollama). | SQLite + FTS5 + sqlite-vec. | Tie |
| Memory trust | No trust levels. | Three trust levels (system/learned/external) with agent isolation and write validation. | Comis |
| Channel count | 21 channels including Matrix, MS Teams, Google Chat, Feishu, Mattermost, Twitch, Nostr, Zalo, and more. | 9 channels: Discord, Telegram, Slack, WhatsApp, Signal, iMessage, IRC, LINE, Email (IMAP/SMTP). | OpenClaw |
| Media (STT/TTS) | Per-extension media with unified facade. | Separate typed ports: TranscriptionPort (OpenAI/Groq/Deepgram), TTSPort (OpenAI/ElevenLabs/Edge TTS), ImageAnalysisPort. | Comis |
| Model providers | 34+ providers with auth profile fallback chain, dynamic discovery, and per-profile cooldown. | 22+ providers via pi-ai SDK: Anthropic, OpenAI, Google, AWS, Azure, Groq, Ollama, Together, Replicate, Mistral. | Tie |
| Model selection | Per-agent model with profile-based fallback, round-robin auth, and failure classification. | Per-agent model plus model routes for task-specific overrides. | Tie |
| Trust model | Single-user per gateway — explicit architectural choice per SECURITY. | Multi-tenant design with per-session routing and trust-partitioned memory. | Comis |
| Pipeline architecture | Pluggable context engine registry with 7-lifecycle-hook interface (bootstrap, maintain, ingest, ingestBatch, afterTurn, assemble, compact). | Built-in 8-layer sequential pipeline (thinking cleaner, reasoning tag stripper, history window, dead content evictor, observation masker, LLM compaction, rehydration, objective reinforcement) with per-layer circuit breaker (3-failure threshold disables layer for session). | Comis |
| Compaction strategy | Reactive on context overflow (~95% capacity) or provider 400 error. | Proactive at 85% context utilization. | Comis |
| Tool result handling | Tool result context guard runs before each LLM call via transformContext hook. | Microcompaction guard intercepts at write time with per-tool thresholds: file_read 15K, MCP tools 15K, default 8K chars. | Comis |
| Token budgeting | 75% input headroom ratio on context window (CONTEXT_INPUT_HEADROOM_RATIO = 0. | Formula: H = W - S - O - M - R. | Comis |
| Post-compaction recovery | No dedicated post-compaction recovery layer. | Rehydration layer injects AGENTS. | Comis |
| History management | Per-provider DM history limits with per-user overrides (channels. | Configurable history window (default 15 turns) with per-channel overrides (e. | Tie |
| Context engine ecosystem | Growing plugin ecosystem: lossless-claw (DAG-based, scored 74. | Built-in pipeline and DAG engines cover all use cases. | OpenClaw |
| Lossless context (DAG mode) | Via lossless-claw plugin (third-party, requires separate install). | Built-in DAG context engine (config: version: "dag"). | Tie |
| Memory search | SQLite + FTS5 + vector embeddings (OpenAI, Gemini, Voyage, Mistral, Ollama). | SQLite + FTS5 + sqlite-vec. | Tie |
| System prompt stability | Date/time excluded from system prompt. | Dual-prompt architecture: static system prompt + dynamic preamble in first user message. | Comis |
| Cache breakpoint placement | Single cache_control ephemeral injection on system message. | 3 custom breakpoints + 2 SDK-auto = up to 5 total. | Comis |
| Cache fence (prefix protection) | No cache fence concept. | cacheFenceIndex tracks the highest breakpoint position. | Comis |
| Fence persistence across turns | Cache TTL timestamps stored in session entries, but no breakpoint index or fence state persisted across turns. | Module-level Map keyed by session key persists the breakpoint index across execute() calls. | Comis |
| Index space translation | No index translation. | lastTrimOffset tracks messages removed by history-window. | Comis |
| Sub-agent spawn staggering | No spawn staggering. | Concurrent sub-agents in a pipeline wave staggered by 4 seconds (configurable via deps). | Comis |
| Observation masking for cache | No observation masking system. | Hysteresis band: 120K activation, 100K deactivation. | Comis |
| Sub-agent cache economics | No sub-agent-specific cache strategy. | CACHE-16: sub-agents use 5-minute TTL ($6. | Comis |
| Tool schema stability | Tool definitions loaded once per session. | Per-session snapshot captures tool schemas after deferral. | Comis |
| Embedding cache | SQLite-backed persistent cache. | Two-tier: in-memory LRU (10K entries) + SQLite L2 persistent cache. | Tie |
| Cache observability | 6-stage diagnostic trace system. | cacheFenceIndex logged on every CE pipeline run. | Comis |
| Multi-provider cache awareness | Normalizes cache tokens across Anthropic, OpenAI, Kimi K2, Moonshot. | Anthropic: full (fence, breakpoints, staggering, tiered retention). | Comis |
| Memory safety bounds | WAL mode with 1s busy timeout. | Duplicate detector: 500-entry FIFO. | Comis |
| Production cost impact | Cache read tokens tracked and reported. | Measured 16. | Comis |
| Proactive behavior | Cron-based heartbeat delivery. | Heartbeat polling with quiet hours and critical bypass. | Tie |
| Self-evolution | Configuration-driven personality. | Agents maintain 8 workspace files (SOUL. | Comis |
| Task extraction | No conversation-to-task extraction. | LLM extracts tasks from conversations with confidence scoring. | Comis |
| Session continuity | QMD transcript persistence. | BOOT. | Tie |
| Group chat intelligence | Two config modes (mention/always) with LLM-driven filtering in always mode. | Structured heuristics in workspace templates: when to speak, when to stay silent, reaction guidance (minimal/extensive), triple-tap avoidance, "human rule" for natural presence. | Comis |
| Self-onboarding | User-guided CLI wizard requiring human input at every step. | Agent-driven BOOTSTRAP. | Comis |
| Test volume | 2,242 test files (1,914 in src/, 270 extensions, 46 UI, 11 harness). | 847 unit + 122 integration test files (~969 total). | OpenClaw |
| Test utilities | 40+ utility files: temp HOME isolation, stub channel plugins, fetch mocks, frozen time helpers, contract dispatch. | 20 specialized helpers: daemon harness with port detection, ChaosEchoAdapter for fault injection (configurable fail rates, latency, rate limiting), EventAwaiter for typed event promises, structured log validation with known-pattern allowlist. | Comis |
| Live model testing | 15 dedicated . | Provider-gated via TEST_PROVIDER_MODE=mock. | OpenClaw |
| E2E & containerized testing | 33 E2E test files, 7 Docker-based suites (live models, gateway, onboarding, plugins), 46 browser tests via Playwright + headless Chromium. | 15+ E2E test files with real daemon. | OpenClaw |
| CI & coverage | GitHub Actions CI with parallel lane splitting (unit-fast, unit-isolated, extensions, gateway, channels, e2e, live). | Local validation only: pnpm build && pnpm test && pnpm lint:security. | OpenClaw |
| Build system | tsdown (esbuild-based) plus tsc for types. | tsc per package with composite references. | OpenClaw |
| Logging | Pino with redaction patterns and custom per-module fields. | Pino with canonical field dictionary. | Comis |
| Observability | System events, diagnostic flags, channel health monitor. | Token tracker, latency recorder, circuit breaker metrics, distributed tracing via AsyncLocalStorage. | Comis |
| Code quality | Oxlint type-aware, Oxfmt, knip/ts-prune dead code detection, jscpd duplication check. | ESLint security rules with banned patterns. | Tie |
This comparison was created by parallel deep-dive analysis of both codebases and verified by 6 independent agents that checked 64 claims (32 per codebase) against the actual source code. All corrections have been applied.
Ready to try Comis?
Free, open source, and takes four commands to set up.