Deep technical comparison
Comis vs OpenClaw
66 dimensions. Both codebases reviewed. Every claim verified by independent agents against the actual source code.
Both projects are open source. This comparison reflects the codebases as of June 2026.
Architecture & Code
Compile-time safety vs runtime flexibility.
Architecture
ComisOpenClaw
Real monorepo: ~21 internal workspace packages plus 130+ extension packages. Plugin-driven with a dynamic loader for runtime discovery.
Comis
Hexagonal (ports & adapters). 15-package monorepo with compile-time enforced dependency graph via TypeScript composite references.
Codebase organization
ComisOpenClaw
Structured src/ (~5K source files) plus 21 workspace packages and 130+ extensions. pnpm workspace.
Comis
15 packages in a large TypeScript monorepo. Strict separation via package references and pnpm workspaces.
Error handling
ComisOpenClaw
Traditional throw/catch with custom error extractors. Runtime-checked.
Comis
Result<T, E> as primary return pattern with ok(), err(), tryCatch(), fromPromise(). Type-safe and compile-time checked.
Security
Defense in depth vs boundary enforcement.
Authentication
ComisOpenClaw
Token, password, Tailscale whois, and trusted-proxy auth. Configurable, can be set to none.
Comis
mTLS gateway and bearer token support. 32-character minimum token requirement. Optional in config.
Prompt injection
ComisOpenClaw
Explicitly out of scope per SECURITY.md. Focus on execution boundaries only.
Comis
Defense in depth - layered runtime defenses, benchmarked, not a single guardrail - a weighted, multi-pattern content scanner with composite scoring, progressive rate limiting, and trust-partitioned memory, measured in public rather than asserted.
Memory safety
ComisOpenClaw
Single trust level with embedding-based search. No trust partitioning.
Comis
Trust-partitioned across three levels: system, learned, and external. Per-agent isolation with write validation.
Secrets management
ComisOpenClaw
${VAR_NAME} template references with SecretRef type (env/file/exec sources). No ESLint-banned process.env rule (relies on CodeQL/opengrep secret scanning in CI instead).
Comis
SecretManager with frozen snapshots. ESLint-banned process.env access. AES-256-GCM-ready encryption (HKDF-SHA256), a 18-rule skill content scanner (exec injection, exfiltration, XML breakout) plus Pino structured field redaction.
SSRF protection
TieOpenClaw
DNS-pinned validation with DNS-rebinding re-checks, a cloud-metadata IP blocklist, and IPv4/IPv6 private-range blocking (src/infra/net + net-policy package).
Comis
DNS-pinned validation with cloud metadata IP blocklist and private range blocking.
Path traversal
TieOpenClaw
Path safety via the @openclaw/fs-safe package (realpath + symlink-escape checks) plus Windows ACL inspection.
Comis
safePath() with null byte, URL-decode, and symlink detection. ESLint-banned path.join().
Audit trail
TieOpenClaw
SecurityAuditFinding[] across ~18 audit modules (140+ finding sites) with severity ratings.
Comis
AuditEvent with action classification (read/mutate/destructive). Fail-closed default.
Tool access control
ComisOpenClaw
Static config allowlist with owner-only gating. Optional Docker sandbox.
Comis
Per-agent tool policies, skill allowlists, budget guards, and circuit breakers.
Output scanning
ComisOpenClaw
No output scanning.
Comis
OutputGuardPort scans LLM responses for secret leaks, canary tokens, and prompt extraction attempts.
Process isolation
ComisOpenClaw
Optional sandbox backends (Docker, SSH, and a pluggable backend registry), off by default.
Comis
Exec sandboxing is configured by default, with kernel-backed filesystem isolation where the host supports it (bubblewrap on Linux, sandbox-exec on macOS). Agents can be limited to their workspace, graph shared directory, and approved system binaries.
Credentialed exec (keys never in sandbox)
ComisOpenClaw
Supports SecretRef sources and proxy-based credential patterns, but the exec sandbox is optional and not the default security floor.
Comis
Credential broker keeps the real key in the daemon and injects it at the TLS boundary. On supported Linux hosts, broker-only network mode prevents direct egress from credentialed sandboxes. Gate failures fail closed before upstream traffic is forwarded.
Local-model security floor & tuning
ComisOpenClaw
Local models are supported (Ollama, LM Studio, vLLM). No model-aware hardening or scaffolding - the same context and tool presentation regardless of the model, and the security posture does not change for a weaker model.
Comis
The security posture belongs to the platform, not the model: sandboxed execution where supported, the credential broker, and the skill content scanner apply whether you run a frontier cloud model or a local one. Capability profiles also tune prompt-size budgets, focused tool sets, JSON repair, and self-correction to the model tier.
Extensibility
Typed ports vs plugin SDK breadth.
Channel extensibility
OpenClawOpenClaw
Implement ChannelPlugin (23+ channel adapters). Register via extension package.json - auto-discovered.
Comis
Implement ChannelPort interface and wire in the composition root bootstrap.
Plugin system
OpenClawOpenClaw
Dynamic plugin loader with api.registerTool(), api.registerCli(). 219+ SDK exports.
Comis
PluginPort with lifecycle hooks, priority system, and config schema registration.
Tool integration
TieOpenClaw
api.registerTool() from plugins. Skills defined as markdown files.
Comis
Built-in tools in skills/builtin/ with MCP client for external tool integration.
Agent Capabilities
Fleet isolation, orchestration, and memory.
Agent fleet
ComisOpenClaw
Multi-agent via agents.list[] config. Per-agent config cascading from defaults. Shared infrastructure.
Comis
Per-agent isolated executors with dedicated model, memory, budget, skills, and workspace. Cost tracking per agent.
DAG pipelines
ComisOpenClaw
No DAG support. Relies on cron jobs and sequential subagent spawning.
Comis
Full DAG engine: ValidatedGraph (1-20 nodes), barrier modes (all/majority/best-effort), template interpolation, concurrency control.
Subagents
TieOpenClaw
spawnSubagentDirect() with run/session modes. Depth and children limits, thread binding.
Comis
SpawnPacket with context/objective/toolGroups. Depth limits, 3-level result condensation, narrative casting.
Memory storage
TieOpenClaw
SQLite + embeddings (OpenAI, Voyage, Gemini, Mistral, Ollama). Vector search with per-backend config.
Comis
SQLite + FTS5 + sqlite-vec. Hybrid search combining BM25 and vector via reciprocal rank fusion.
Memory trust
ComisOpenClaw
No trust levels.
Comis
Three trust levels (system/learned/external) with agent isolation and write validation.
Channel count
OpenClawOpenClaw
23+ channels - the widest list in the field - including Matrix, MS Teams, Google Chat, Feishu, Mattermost, Twitch, Nostr, Zalo, and more.
Comis
9 channels: Telegram, Discord, Slack, WhatsApp, Signal, iMessage, LINE, IRC, Email (Email via IMAP/SMTP).
Media (STT/TTS)
ComisOpenClaw
Per-extension media with unified facade. Not typed port abstractions.
Comis
Separate typed ports: TranscriptionPort (OpenAI/Groq/Deepgram), TTSPort (OpenAI/ElevenLabs/Edge TTS), ImageAnalysisPort.
Model providers
TieOpenClaw
34+ providers with auth profile fallback chain, dynamic discovery, and per-profile cooldown.
Comis
35 catalog providers via pi-ai, local Ollama/LM Studio, and any OpenAI-compatible endpoint. Anthropic (incl. Bedrock/Vertex aliases), OpenAI (incl. Azure variants), Google, Mistral, Groq, OpenRouter, and more - all through one catalog with live validation, key rotation, and per-agent model routes.
Model selection
TieOpenClaw
Per-agent model with profile-based fallback, round-robin auth, and failure classification.
Comis
Per-agent model plus model routes for task-specific overrides. Auth rotation and cost tracking.
Trust model
ComisOpenClaw
Single-user per gateway - explicit architectural choice per SECURITY.md.
Comis
Multi-tenant design with per-session routing and trust-partitioned memory.
Context Management
Built-in pipeline vs pluggable ecosystem.
Pipeline architecture
ComisOpenClaw
Pluggable context engine registry with 7-lifecycle-hook interface (bootstrap, maintain, ingest, ingestBatch, afterTurn, assemble, compact). Built-in LegacyContextEngine is a pass-through wrapper. Third-party lossless-claw plugin replaces entire pipeline with DAG-based hierarchical summarization. Extensions add compaction safeguard and context pruning.
Comis
Built-in context pipeline (thinking cleaner, reasoning tag stripper, history window, dead content evictor, observation masker, LLM compaction, rehydration, objective reinforcement) with per-layer circuit breakers. DAG-backed recovery shares the same context transform path.
Compaction strategy
ComisOpenClaw
Reactive on context overflow (~95% capacity) or provider 400 error. Up to 3 auto-compaction retry attempts. Stage-based chunking with adaptive chunk ratios (base 0.4, min 0.15, adjusted by avg message size). Compaction safeguard extension validates 5 required sections (Decisions, Open TODOs, Constraints, Pending user asks, Exact identifiers). 3-tier identifier preservation policy (strict/off/custom). Optional memory flush agentic turn before compaction lets agent write notes to MEMORY.md.
Comis
Proactive at 85% context utilization. 3-level fallback: (1) full LLM summarization with 9-section structured output and quality validation with retry, (2) filter oversized messages then summarize, (3) count-only note (guaranteed, no LLM). Configurable cooldown (default 5 turns). Optional cheaper model override (defaults to Haiku for 10-20x cost reduction).
Tool result handling
ComisOpenClaw
Tool result context guard runs before each LLM call via transformContext hook. 400K hard max per result. Head+tail truncation preserves error messages, JSON closings, and summary lines (~70% head, ~30% tail with middle-omitted marker). 75% context headroom ratio, 50% per-result cap. Bulk compaction replaces oldest tool results with placeholder when aggregate context exceeds budget. 2K char minimum kept.
Comis
Microcompaction guard intercepts at write time with per-tool thresholds: file_read 15K, MCP tools 15K, default 8K chars. Oversized results offloaded to disk as JSON, replaced with lightweight inline references. 100K hard cap with truncation before offload. Dead content evictor removes superseded file reads, re-run commands, stale errors, and old images with O(n) forward-index scanning.
Token budgeting
ComisOpenClaw
75% input headroom ratio on context window (CONTEXT_INPUT_HEADROOM_RATIO = 0.75). 50% per-tool-result context share cap. 1.2x safety margin on all token estimates. 4K summarization overhead reserve. Context window guard: 16K hard minimum, 32K warning threshold, 200K default. Per-agent contextTokens cap overrides model native window.
Comis
Formula: H = W - S - O - M - R - P (window minus system, output reserve, safety margin, recall, and fresh-tail preamble). 25% context rot buffer (citing Chroma 2025 research on 13.9-85% degradation at limits), 5% safety margin with 2K floor, 8K output reserve. Dual-ratio token estimation (2x weighting for tool result chars). Pure function with zero side effects.
Post-compaction recovery
ComisOpenClaw
No dedicated post-compaction recovery layer. Compaction summary persisted to JSONL session file. Hook system emits compact:before and compact:after events. Context engine afterTurn() lifecycle for background post-processing. Compaction safeguard appends configurable postCompactionSections from config. Memory flush before compaction gives agent a chance to persist notes to disk, partially mitigating information loss.
Comis
Rehydration layer injects AGENTS.md critical sections, up to 5 recently-accessed files (8K each, 30K total cap), resume instruction, and active state. Split injection for KV-cache stability (stable content at position 1, dynamic content at end). Overflow-aware: strips files first, then removes rehydration entirely if still over budget. Objective reinforcement re-injects subagent objectives.
History management
TieOpenClaw
Per-provider DM history limits with per-user overrides (channels.{provider}.dms.{userId}.historyLimit). Separate channel/group limits. History truncation counts user turns from the end via limitHistoryTurns(). Context pruning extension: cache-TTL based, prunes tool results in-memory only. Session transcript repair fixes orphaned tool_result messages.
Comis
Configurable history window (default 15 turns) with per-channel overrides (e.g., dm: 10, group: 5). Observation masker replaces old tool results beyond keep window (25) when context exceeds 120K chars, with protected tool exemptions (memory_search, file_read). Persistent write-back to session file enables stable prompt cache prefixes.
Context engine ecosystem
OpenClawOpenClaw
Growing plugin ecosystem: lossless-claw (DAG-based, scored 74.8 on OOLONG benchmark vs Claude Code's 70.3), MemOS Cloud (cross-session recall via external API), QuantClaw (C++ reimpl), 12-layer community architecture (lossless-claw + facts.db + LightRAG GraphRAG). ContextEngine slot API enables full pipeline replacement by third parties.
Comis
Built-in pipeline and DAG engines cover Comis's core context needs without a plugin marketplace. DAG mode uses SQLite with FTS5 for depth-aware hierarchical summarization and JSONL-to-DAG reconciliation for crash recovery.
Lossless context (DAG mode)
TieOpenClaw
Via lossless-claw plugin (third-party, requires separate install). SQLite + FTS5 storage. Leaf summaries: up to 20K tokens input, ~1.2K target, min fanout 8. Condensed nodes: ~2K target, min fanout 4. Triggers at 75% context window. Fresh tail: last 32 messages protected. Retrieval tools: lcm_grep (FTS5), lcm_describe (semantic), lcm_expand (decompress to source). Large file interception at 25K tokens with separate summarization.
Comis
DAG-backed context engine (config: version: "dag"). 6-table SQLite schema (lcd_ prefix). Depth-aware summarization prompts per level. Three-tier escalation, integrity checking with auto-repair, and a budget-aware assembler with fresh-tail protection.
Memory search
TieOpenClaw
SQLite + FTS5 + vector embeddings (OpenAI, Gemini, Voyage, Mistral, Ollama). Hybrid search with configurable weights (vector 0.7, text 0.3). MMR diversity reranking (lambda 0.7). Temporal decay with 30-day half-life. Batch API for providers that support it. Max 6 results, min score 0.35. Community 12-layer architecture adds facts.db (770+ facts with Hebbian activation/decay), file-vec index, and LightRAG GraphRAG (4,909 entities, 6,089 relations).
Comis
Memory that learns, not just remembers: SQLite + FTS5 + sqlite-vec, hybrid search via reciprocal rank fusion, optional on-device reranking, trust-first recall, proof-accruing observations, and an opt-in feedback loop that learns from which memories are actually used.
Cache & Cost Optimization
Active cache optimization vs passive tracking. The fence, the feedback loop, and 81% cost reduction.
System prompt stability
ComisOpenClaw
Date/time excluded from system prompt. Plugin prepend/append system for prompt contributions. System prompt additions from context engine prepended (preserving prefix). No formal invalidation tracking.
Comis
Prompt caching is a target architecture, not an afterthought: a cache-fence index keeps the cached prefix byte-stable while the context engine edits everything after it, with adaptive TTL escalation, two-phase cache-break detection, and sub-agent spawn staggering - 15+ shipped optimizations. Beyond the cache-fence index, 15+ content types (RAG, canary tokens, hooks, skills, timestamps) are surgically relocated so the cached prefix never shifts, and a SHA-256 digest detects mid-session invalidation.
Cache breakpoint placement
ComisOpenClaw
Single cache_control ephemeral injection on system message. Only for OpenRouter+Anthropic. No conversation-length awareness, no multi-zone strategy, no sub-agent thresholds.
Comis
3 custom breakpoints + 2 SDK-auto = up to 5 total. Zone-based placement: semi-stable (compaction summary), mid-point, second-to-last user message. Model-specific minimum thresholds. Sub-agents use lowered 512-token threshold.
Cache fence (prefix protection)
ComisOpenClaw
No cache fence concept. Context engine layers operate blind to cache state. Any content modification (pruning, compaction) silently invalidates the cached prefix without detection.
Comis
cacheFenceIndex tracks the highest breakpoint position. All 4 content-modifying layers (thinking cleaner, reasoning tag stripper, dead-content evictor, observation masker) skip messages at or below the fence. Prevents context engine from invalidating the KV cache prefix. Production result: thinking blocks removed dropped from 9 to 0 per turn.
Fence persistence across turns
ComisOpenClaw
Cache TTL timestamps stored in session entries, but no breakpoint index or fence state persisted across turns. Each turn starts with no cache awareness.
Comis
Module-level Map keyed by session key persists the breakpoint index across execute() calls. onBreakpointsPlaced callback writes to both the CE object and the Map. Post-execution sync in finally block ensures consistency.
Index space translation
ComisOpenClaw
No index translation. No awareness that context processing changes the message array size between where breakpoints are placed and where the fence would be applied.
Comis
lastTrimOffset tracks messages removed by history-window. Breakpoint callback translates post-CE index to pre-CE space (idx + trimOffset). Next turn correctly adjusts: max(-1, storedFence - newTrimCount). Proven by logs: fence=52 survives 118-message trims.
Sub-agent spawn staggering
ComisOpenClaw
No spawn staggering. All concurrent sub-agents start simultaneously, each paying the full cache write cost for identical system prompts.
Comis
Concurrent sub-agents in a pipeline wave staggered by 4 seconds (configurable via deps). First agent writes shared cache prefix, siblings read at 10x lower cost. Guards prevent stale spawns if graph completes during delay. Production: 49K avg cache reads on sub-agent first turn.
Observation masking for cache
ComisOpenClaw
No observation masking system. Tool results handled via context pruning extension (cache-TTL based, in-memory only). No hysteresis or anti-oscillation.
Comis
Hysteresis band: 120K activation, 80K deactivation. Monotonic tracking (everMaskedIds) ensures once-masked content stays masked. Fence takes priority over everMaskedIds. Persistent write-back to disk. 25-result keep window.
Sub-agent cache economics
ComisOpenClaw
No sub-agent-specific cache strategy. Cache TTL tracking via session timestamps, but no per-sub-agent optimization or tiered retention.
Comis
CACHE-16: sub-agents use 5-minute TTL ($6.25/MTok write) vs 1-hour ($10/MTok) for parent. Saves $2.16 per pipeline run. All waves complete within 5 minutes so no cache miss penalty. Content-hash dedup across siblings.
Tool schema stability
ComisOpenClaw
Tool definitions loaded once per session. No explicit snapshotting or stub retention for disconnected tools.
Comis
Per-session snapshot captures tool schemas after deferral. Disappeared tools (MCP disconnect) retained as stubs. New tools appended. Static discover_tools prevents tool-array cache invalidation.
Embedding cache
TieOpenClaw
SQLite-backed persistent cache. Multi-provider composite key. Timestamp-based LRU pruning. Batch API support.
Comis
Two-tier: in-memory LRU (10K entries) + SQLite L2 persistent cache. Provider-identity-aware keys. Batch operation splits hits/misses. Survives restarts via L2.
Cache observability
ComisOpenClaw
6-stage diagnostic trace system. SHA-256 digests per message. Cache TTL session entries. Cache tokens normalized across providers. No fence or breakpoint observability (not implemented).
Comis
cacheFenceIndex logged on every CE pipeline run. onBreakpointsPlaced callback logged with highest index. Breakpoint placement/skip reasons logged. Seed and sync diagnostics. Per-execution cacheReadTokens, cacheWriteTokens, cacheSavedUsd.
Multi-provider cache awareness
ComisOpenClaw
Normalizes cache tokens across Anthropic, OpenAI, Kimi K2, Moonshot. Provider-specific pricing. Strips unsupported cache params for proxy endpoints. Broader provider coverage but no active optimization for any.
Comis
Anthropic: full (fence, breakpoints, staggering, tiered retention). OpenAI: passive (automatic server-side). Gemini: explicit caching via CachedContent API with SHA-256 content hashing, per-model minimum token thresholds (Flash 1,024 / Pro 4,096), concurrent dedup, and orphaned cache cleanup.
Memory safety bounds
ComisOpenClaw
WAL mode with 1s busy timeout. Configurable embedding cache max entries. No explicit WAL checkpoint. Session store cache with 45s TTL.
Comis
Duplicate detector: 500-entry FIFO. SQLite: explicit WAL checkpoint. Embedding cache: TTL + L2. Heartbeat cache: 50-entry cap. All unbounded structures have explicit bounds.
Production cost impact
ComisOpenClaw
Cache read tokens tracked and reported. No published cache hit rate metrics, no systematic invalidation tracking, no measured pipeline cost reduction.
Comis
Measured 16.9x cache read/write ratio. 94% of input tokens served from cache. $5.02 for 5.2M tokens (vs $26.42 uncached) = 81% savings. 8-agent trading pipeline: $2.11 total with 70% graph cache effectiveness.
Agent Autonomy
How independently agents operate.
Proactive behavior
TieOpenClaw
Cron-based heartbeat delivery. Isolated agent cron execution. Platform-specific polling.
Comis
Heartbeat polling with quiet hours and critical bypass. BOOT.md executes on session start. Wake event coalescing for immediate triggers.
Self-evolution
ComisOpenClaw
Configuration-driven personality. No self-modification of behavior or identity files. Changes require external intervention.
Comis
Agents maintain 9 workspace files (SOUL.md, IDENTITY.md, USER.md, etc.) autonomously. Git-tracked personality changes via identity-updater. Memory maintenance during heartbeats.
Task extraction
ComisOpenClaw
No conversation-to-task extraction. Scheduling requires manual configuration.
Comis
LLM extracts tasks from conversations with confidence scoring. Persisted to TaskStore with priority and due dates.
Session continuity
TieOpenClaw
QMD transcript persistence. Session key system with memory integration. Session reaper for cleanup.
Comis
BOOT.md runs on session start. Workspace files anchor personality across restarts. RAG injects relevant memories automatically.
Group chat intelligence
ComisOpenClaw
Two config modes (mention/always) with LLM-driven filtering in always mode. System prompt guides agents to "mostly lurk" and respond only when helpful. Silent reply token mechanism.
Comis
Structured heuristics in workspace templates: when to speak, when to stay silent, reaction guidance (minimal/extensive), triple-tap avoidance, "human rule" for natural presence.
Self-onboarding
ComisOpenClaw
User-guided CLI wizard requiring human input at every step. No autonomous initialization.
Comis
Agent-driven BOOTSTRAP.md conversation flow. Discovers its own name, personality, and values. Writes identity files and deletes bootstrap when complete.
Test Infrastructure
Volume, tooling, and automation.
Test volume
OpenClawOpenClaw
6,000+ test files (~3,600 in src/, ~2,000 in extensions, ~100 in packages). Coverage thresholds enforced: 70% lines/functions, 55% branches.
Comis
~1,650 unit + ~175 integration test files. Coverage enforced via Vitest with 14 per-package floor thresholds (e.g. infra 95% lines / 100% functions), gated in CI.
Test utilities
ComisOpenClaw
40+ utility files: temp HOME isolation, stub channel plugins, fetch mocks, frozen time helpers, contract dispatch. Standard mocking patterns.
Comis
20 specialized helpers: daemon harness with port detection, ChaosEchoAdapter for fault injection (configurable fail rates, latency, rate limiting), EventAwaiter for typed event promises, structured log validation with known-pattern allowlist.
Live model testing
OpenClawOpenClaw
60+ dedicated .live.test.ts files calling real LLM APIs. Gated by OPENCLAW_LIVE_TEST env var. Separate vitest.live.config.ts with sequential execution.
Comis
Provider-gated via TEST_PROVIDER_MODE=mock. Tests skip LLM calls if API keys missing. 14 provider keys detected from ~/.comis/.env.
E2E & containerized testing
OpenClawOpenClaw
70+ E2E test files, Docker-based suites (live models, gateway, onboarding, plugins), plus browser tests via Playwright + headless Chromium.
Comis
15+ E2E test files with real daemon. Sequential forked execution. No Docker or browser testing.
CI & coverage
TieOpenClaw
GitHub Actions CI with parallel lane splitting (unit-fast, unit-isolated, extensions, gateway, channels, e2e, live). Performance budget enforcement. Multi-platform (Linux, macOS, Windows).
Comis
GitHub Actions CI (ci.yml) runs `pnpm validate` on every push: clean build, madge + project-reference cycle checks, security lint, docs compile, and `test:coverage` with 14 per-package floors - plus an E2E flow-matrix gate. The same gates run locally via a pre-push hook.
Infrastructure & DX
Build speed and observability.
Build system
OpenClawOpenClaw
tsdown (esbuild-based) plus tsc for types. Single compilation unit. Faster incremental builds.
Comis
tsc per package with composite references. Compile-time enforced dependency graph.
Logging
ComisOpenClaw
Pino with redaction patterns and custom per-module fields.
Comis
Pino with canonical field dictionary. Required hint and errorKind on ERROR/WARN. Structured levels.
Observability
ComisOpenClaw
System events, diagnostic flags, channel health monitor.
Comis
Token tracker, latency recorder, circuit breaker metrics, distributed tracing via AsyncLocalStorage.
Code quality
TieOpenClaw
Oxlint type-aware, Oxfmt, knip/ts-prune dead code detection, jscpd duplication check.
Comis
ESLint security rules with banned patterns. Zod for all domain types. Dead code audits with 0 dead exports.
Key takeaways
Where Comis leads
- Security (7-0-2): Prompt injection detection, trust-partitioned memory, output scanning, SSRF DNS pinning, and ESLint-enforced secret hygiene. OpenClaw explicitly scopes prompt injection out of their security model.
- DAG pipelines: Full graph execution engine with barrier modes, template interpolation, and per-node timeouts. OpenClaw has no DAG support.
- Context management (5-1-3): Built-in 8-layer pipeline with per-layer circuit breakers, proactive compaction at 85% with 3-level fallback, write-time microcompaction with disk offloading, post-compaction rehydration, and 25% context rot buffer. OpenClaw counters with a pluggable ContextEngine slot API and a growing ecosystem - lossless-claw scored 74.8 on OOLONG (vs Claude Code's 70.3) and the community 12-layer architecture adds facts.db, LightRAG, and vector search on top.
- Cache & cost optimization (7-2-1): 15+ prompt cache optimizations including TTL monotonicity enforcement, adaptive cold-start retention, 3-zone breakpoint placement with model-specific thresholds, observation masker hysteresis to prevent cache thrashing, tool schema snapshotting, and subagent short-TTL economics. Measured 94% cache hit rate (16.9x read/write ratio) in production. OpenClaw counters with persistent SQLite embedding cache and broader multi-provider cache awareness.
- Agent isolation: Isolated executors, budget guards, cost trackers, and skill registries per agent vs shared infrastructure with config cascading.
- Agent autonomy (4-0-2): Self-evolving personality via workspace files, task extraction from conversations, nuanced group chat intelligence, and self-onboarding - agents bootstrap themselves without human hand-holding.
Where OpenClaw leads
- Extensibility DX: The plugin SDK with 219+ exports and dynamic loader makes adding channels and tools lower friction. 130+ extensions demonstrate real ecosystem maturity.
- Channel coverage: 23+ channels vs Comis's 9 - the widest list in the field. Beyond the shared set, OpenClaw adds Matrix, MS Teams, Google Chat, Feishu, Mattermost, Twitch, Nostr, and more.
- Native apps, voice & Canvas: OpenClaw ships native mobile & desktop apps, voice wake, and a Canvas surface - a personal-assistant experience Comis doesn't try to match.
- Build speed: tsdown (esbuild-based) is significantly faster for incremental builds than tsc-per-package with composite references.
- Context engine ecosystem: The pluggable ContextEngine slot API lets third parties replace the entire context pipeline. lossless-claw, MemOS Cloud, and the community 12-layer architecture demonstrate real ecosystem traction.
- Test infrastructure (3-1-1): 6,000+ test files, 60+ dedicated live-model tests, Docker E2E suites, and browser tests via Playwright. Comis counters with ChaosEchoAdapter fault injection, structured log validation, and its own GitHub Actions CI running the full validate gate.
Different philosophies
Comis
Design principle: Correctness first - ports, Result types, compile-time safety.
Security stance: Defense in depth - 7+ security layers, ESLint enforcement, fail-closed defaults.
Extension model: Implement typed interfaces, wire in composition root.
Trust model: Multi-tenant ready with trust-partitioned memory and per-session routing.
OpenClaw
Design principle: Velocity first - plugins, dynamic loading, convention over configuration.
Security stance: Boundary enforcement - sandbox, approval gates, explicit trust model.
Extension model: Drop a package in extensions/, implement plugin interface, auto-discovered.
Trust model: Single-user per gateway - an explicit architectural choice.
OpenClaw, in their own words
A "personal assistant" (one trusted operator, potentially many agents), not a "shared multi-tenant bus." The exec sandbox is opt-in and off by default, and prompt injection is out of scope absent a boundary bypass.
- OpenClaw SECURITY.md. Honest
engineering, and a different design center from Comis - not a knock on
either project.
All 66 dimensions
The full picture at a glance.
| OpenClaw | Comis | Winner | |
|---|---|---|---|
| Architecture | Real monorepo: ~21 internal workspace packages plus 130+ extension packages. | Hexagonal (ports & adapters). | Comis |
| Codebase organization | Structured src/ (~5K source files) plus 21 workspace packages and 130+ extensions. | 15 packages in a large TypeScript monorepo. | Comis |
| Error handling | Traditional throw/catch with custom error extractors. | Result<T, E> as primary return pattern with ok(), err(), tryCatch(), fromPromise(). | Comis |
| Authentication | Token, password, Tailscale whois, and trusted-proxy auth. | mTLS gateway and bearer token support. | Comis |
| Prompt injection | Explicitly out of scope per SECURITY. | Defense in depth - layered runtime defenses, benchmarked, not a single guardrail - a weighted, multi-pattern content scanner with composite scoring, progressive rate limiting, and trust-partitioned memory, measured in public rather than asserted. | Comis |
| Memory safety | Single trust level with embedding-based search. | Trust-partitioned across three levels: system, learned, and external. | Comis |
| Secrets management | ${VAR_NAME} template references with SecretRef type (env/file/exec sources). | SecretManager with frozen snapshots. | Comis |
| SSRF protection | DNS-pinned validation with DNS-rebinding re-checks, a cloud-metadata IP blocklist, and IPv4/IPv6 private-range blocking (src/infra/net + net-policy package). | DNS-pinned validation with cloud metadata IP blocklist and private range blocking. | Tie |
| Path traversal | Path safety via the @openclaw/fs-safe package (realpath + symlink-escape checks) plus Windows ACL inspection. | safePath() with null byte, URL-decode, and symlink detection. | Tie |
| Audit trail | SecurityAuditFinding[] across ~18 audit modules (140+ finding sites) with severity ratings. | AuditEvent with action classification (read/mutate/destructive). | Tie |
| Tool access control | Static config allowlist with owner-only gating. | Per-agent tool policies, skill allowlists, budget guards, and circuit breakers. | Comis |
| Output scanning | No output scanning. | OutputGuardPort scans LLM responses for secret leaks, canary tokens, and prompt extraction attempts. | Comis |
| Process isolation | Optional sandbox backends (Docker, SSH, and a pluggable backend registry), off by default. | Exec sandboxing is configured by default, with kernel-backed filesystem isolation where the host supports it (bubblewrap on Linux, sandbox-exec on macOS). | Comis |
| Credentialed exec (keys never in sandbox) | Supports SecretRef sources and proxy-based credential patterns, but the exec sandbox is optional and not the default security floor. | Credential broker keeps the real key in the daemon and injects it at the TLS boundary. | Comis |
| Local-model security floor & tuning | Local models are supported (Ollama, LM Studio, vLLM). | The security posture belongs to the platform, not the model: sandboxed execution where supported, the credential broker, and the skill content scanner apply whether you run a frontier cloud model or a local one. | Comis |
| Channel extensibility | Implement ChannelPlugin (23+ channel adapters). | Implement ChannelPort interface and wire in the composition root bootstrap. | OpenClaw |
| Plugin system | Dynamic plugin loader with api. | PluginPort with lifecycle hooks, priority system, and config schema registration. | OpenClaw |
| Tool integration | api. | Built-in tools in skills/builtin/ with MCP client for external tool integration. | Tie |
| Agent fleet | Multi-agent via agents. | Per-agent isolated executors with dedicated model, memory, budget, skills, and workspace. | Comis |
| DAG pipelines | No DAG support. | Full DAG engine: ValidatedGraph (1-20 nodes), barrier modes (all/majority/best-effort), template interpolation, concurrency control. | Comis |
| Subagents | spawnSubagentDirect() with run/session modes. | SpawnPacket with context/objective/toolGroups. | Tie |
| Memory storage | SQLite + embeddings (OpenAI, Voyage, Gemini, Mistral, Ollama). | SQLite + FTS5 + sqlite-vec. | Tie |
| Memory trust | No trust levels. | Three trust levels (system/learned/external) with agent isolation and write validation. | Comis |
| Channel count | 23+ channels - the widest list in the field - including Matrix, MS Teams, Google Chat, Feishu, Mattermost, Twitch, Nostr, Zalo, and more. | 9 channels: Telegram, Discord, Slack, WhatsApp, Signal, iMessage, LINE, IRC, Email (Email via IMAP/SMTP). | OpenClaw |
| Media (STT/TTS) | Per-extension media with unified facade. | Separate typed ports: TranscriptionPort (OpenAI/Groq/Deepgram), TTSPort (OpenAI/ElevenLabs/Edge TTS), ImageAnalysisPort. | Comis |
| Model providers | 34+ providers with auth profile fallback chain, dynamic discovery, and per-profile cooldown. | 35 catalog providers via pi-ai, local Ollama/LM Studio, and any OpenAI-compatible endpoint. | Tie |
| Model selection | Per-agent model with profile-based fallback, round-robin auth, and failure classification. | Per-agent model plus model routes for task-specific overrides. | Tie |
| Trust model | Single-user per gateway - explicit architectural choice per SECURITY. | Multi-tenant design with per-session routing and trust-partitioned memory. | Comis |
| Pipeline architecture | Pluggable context engine registry with 7-lifecycle-hook interface (bootstrap, maintain, ingest, ingestBatch, afterTurn, assemble, compact). | Built-in context pipeline (thinking cleaner, reasoning tag stripper, history window, dead content evictor, observation masker, LLM compaction, rehydration, objective reinforcement) with per-layer circuit breakers. | Comis |
| Compaction strategy | Reactive on context overflow (~95% capacity) or provider 400 error. | Proactive at 85% context utilization. | Comis |
| Tool result handling | Tool result context guard runs before each LLM call via transformContext hook. | Microcompaction guard intercepts at write time with per-tool thresholds: file_read 15K, MCP tools 15K, default 8K chars. | Comis |
| Token budgeting | 75% input headroom ratio on context window (CONTEXT_INPUT_HEADROOM_RATIO = 0. | Formula: H = W - S - O - M - R - P (window minus system, output reserve, safety margin, recall, and fresh-tail preamble). | Comis |
| Post-compaction recovery | No dedicated post-compaction recovery layer. | Rehydration layer injects AGENTS. | Comis |
| History management | Per-provider DM history limits with per-user overrides (channels. | Configurable history window (default 15 turns) with per-channel overrides (e. | Tie |
| Context engine ecosystem | Growing plugin ecosystem: lossless-claw (DAG-based, scored 74. | Built-in pipeline and DAG engines cover Comis's core context needs without a plugin marketplace. | OpenClaw |
| Lossless context (DAG mode) | Via lossless-claw plugin (third-party, requires separate install). | DAG-backed context engine (config: version: "dag"). | Tie |
| Memory search | SQLite + FTS5 + vector embeddings (OpenAI, Gemini, Voyage, Mistral, Ollama). | Memory that learns, not just remembers: SQLite + FTS5 + sqlite-vec, hybrid search via reciprocal rank fusion, optional on-device reranking, trust-first recall, proof-accruing observations, and an opt-in feedback loop that learns from which memories are actually used. | Tie |
| System prompt stability | Date/time excluded from system prompt. | Prompt caching is a target architecture, not an afterthought: a cache-fence index keeps the cached prefix byte-stable while the context engine edits everything after it, with adaptive TTL escalation, two-phase cache-break detection, and sub-agent spawn staggering - 15+ shipped optimizations. | Comis |
| Cache breakpoint placement | Single cache_control ephemeral injection on system message. | 3 custom breakpoints + 2 SDK-auto = up to 5 total. | Comis |
| Cache fence (prefix protection) | No cache fence concept. | cacheFenceIndex tracks the highest breakpoint position. | Comis |
| Fence persistence across turns | Cache TTL timestamps stored in session entries, but no breakpoint index or fence state persisted across turns. | Module-level Map keyed by session key persists the breakpoint index across execute() calls. | Comis |
| Index space translation | No index translation. | lastTrimOffset tracks messages removed by history-window. | Comis |
| Sub-agent spawn staggering | No spawn staggering. | Concurrent sub-agents in a pipeline wave staggered by 4 seconds (configurable via deps). | Comis |
| Observation masking for cache | No observation masking system. | Hysteresis band: 120K activation, 80K deactivation. | Comis |
| Sub-agent cache economics | No sub-agent-specific cache strategy. | CACHE-16: sub-agents use 5-minute TTL ($6. | Comis |
| Tool schema stability | Tool definitions loaded once per session. | Per-session snapshot captures tool schemas after deferral. | Comis |
| Embedding cache | SQLite-backed persistent cache. | Two-tier: in-memory LRU (10K entries) + SQLite L2 persistent cache. | Tie |
| Cache observability | 6-stage diagnostic trace system. | cacheFenceIndex logged on every CE pipeline run. | Comis |
| Multi-provider cache awareness | Normalizes cache tokens across Anthropic, OpenAI, Kimi K2, Moonshot. | Anthropic: full (fence, breakpoints, staggering, tiered retention). | Comis |
| Memory safety bounds | WAL mode with 1s busy timeout. | Duplicate detector: 500-entry FIFO. | Comis |
| Production cost impact | Cache read tokens tracked and reported. | Measured 16. | Comis |
| Proactive behavior | Cron-based heartbeat delivery. | Heartbeat polling with quiet hours and critical bypass. | Tie |
| Self-evolution | Configuration-driven personality. | Agents maintain 9 workspace files (SOUL. | Comis |
| Task extraction | No conversation-to-task extraction. | LLM extracts tasks from conversations with confidence scoring. | Comis |
| Session continuity | QMD transcript persistence. | BOOT. | Tie |
| Group chat intelligence | Two config modes (mention/always) with LLM-driven filtering in always mode. | Structured heuristics in workspace templates: when to speak, when to stay silent, reaction guidance (minimal/extensive), triple-tap avoidance, "human rule" for natural presence. | Comis |
| Self-onboarding | User-guided CLI wizard requiring human input at every step. | Agent-driven BOOTSTRAP. | Comis |
| Test volume | 6,000+ test files (~3,600 in src/, ~2,000 in extensions, ~100 in packages). | ~1,650 unit + ~175 integration test files. | OpenClaw |
| Test utilities | 40+ utility files: temp HOME isolation, stub channel plugins, fetch mocks, frozen time helpers, contract dispatch. | 20 specialized helpers: daemon harness with port detection, ChaosEchoAdapter for fault injection (configurable fail rates, latency, rate limiting), EventAwaiter for typed event promises, structured log validation with known-pattern allowlist. | Comis |
| Live model testing | 60+ dedicated . | Provider-gated via TEST_PROVIDER_MODE=mock. | OpenClaw |
| E2E & containerized testing | 70+ E2E test files, Docker-based suites (live models, gateway, onboarding, plugins), plus browser tests via Playwright + headless Chromium. | 15+ E2E test files with real daemon. | OpenClaw |
| CI & coverage | GitHub Actions CI with parallel lane splitting (unit-fast, unit-isolated, extensions, gateway, channels, e2e, live). | GitHub Actions CI (ci. | Tie |
| Build system | tsdown (esbuild-based) plus tsc for types. | tsc per package with composite references. | OpenClaw |
| Logging | Pino with redaction patterns and custom per-module fields. | Pino with canonical field dictionary. | Comis |
| Observability | System events, diagnostic flags, channel health monitor. | Token tracker, latency recorder, circuit breaker metrics, distributed tracing via AsyncLocalStorage. | Comis |
| Code quality | Oxlint type-aware, Oxfmt, knip/ts-prune dead code detection, jscpd duplication check. | ESLint security rules with banned patterns. | Tie |
Choose honestly
These are different tools with different design centers, and both are excellent at what they set out to do. If you want a personal assistant with native mobile & desktop apps, voice wake, and the widest channel list in the field, OpenClaw is excellent - that's its design center, by its own documentation. If you want an agent platform you can hand to your team, your family, or your company - multi-tenant by design, with sandboxed tools where supported, keys the agent can never read, and every action reconstructable from the logs alone - that's Comis.
This comparison was created by parallel deep-dive analysis of both codebases and verified by independent agents that checked every claim (132 in total, one per project per dimension) against the actual source code. All corrections have been applied.
Ready to try Comis?
Free, open source, and quick to try from the one-line installer.