Comisai
БесплатноНе проверенSecurity-first AI agent platform — connects AI agents to Discord, Telegram, Slack, WhatsApp, and more
Описание
Security-first AI agent platform — connects AI agents to Discord, Telegram, Slack, WhatsApp, and more
README
Run AI agents you can constrain, inspect, and recover.
Open-source agent runtime for governed execution.
Quick Start · Documentation · Capabilities · Contribute
Comis
Comis gives AI platform and security teams an Apache-2.0, self-hosted runtime for governed multi-agent workflows, with scoped authority, bounded spend, recoverable context, provenance-aware memory, and operational evidence.
Govern execution, memory, security, authority, and cost as one system. Formal workflows, recoverable context, provenance-aware memory, scoped authority, bounded spend, and operational evidence share one governance model.
It is also built for self-hosted operators and security-conscious builders moving persistent agents onto real tools and data.
The controls apply to agents executing through Comis-controlled paths.
Comis runs on infrastructure you control. Network access depends on the models, channels, tools, and media services you configure.
[!NOTE] Development status: Comis is under active development. APIs and configuration may change, and deployments should be evaluated carefully before use in critical environments. See Current limitations and the threat model.
Quick Start
One-line install
For a managed macOS or Linux host:
curl -fsSL --proto '=https' --tlsv1.2 https://comis.ai/install.sh | bash
This downloads and runs the installer immediately. The managed-host installer can install Node.js and host dependencies, initialize Comis data, and register the daemon with systemd or PM2. On Linux, it also attempts to provision Chromium and Xvfb by default and can create a dedicated comis user for a systemd service.
Additional options
To inspect the installer and preview its changes before running it:
curl -fsSL --proto '=https' --tlsv1.2 https://comis.ai/install.sh -o comis-install.sh
less comis-install.sh
bash comis-install.sh --dry-run
bash comis-install.sh
If Node.js 22.19+ is already installed, install directly from npm:
npm install --global comisai
comis init
Direct npm installation does not install host tools, create a service account, or register a system service. Use bash comis-install.sh --help to review managed-installer opt-outs and service choices.
Complete the setup wizard and start the daemon when prompted. If you choose to start it later, run comis daemon start. Then open http://127.0.0.1:4766, or connect a messaging channel during setup. Verify the daemon with:
curl http://127.0.0.1:4766/health
For containers and production hosts, see the installation guides. Linux with Bubblewrap is the recommended deployment target for isolated tool execution.
Why Comis
Comis does not compete on feature count alone. Its strength is one governance model across the agent lifecycle.
| Capability | What it provides |
|---|---|
| Formal multi-agent execution | Typed DAGs coordinate sequential and parallel nodes with barriers, retries, budgets, approval nodes, debate, voting, refinement, and map-reduce; configured durable runs add checkpoints and node-boundary recovery. |
| Recoverable context by default | Canonical messages and tool results remain available beneath summaries in the default DAG-backed context engine and can be recovered with ctx_search, ctx_inspect, and ctx_expand. |
| Provenance-aware memory and learning | Learning combines source provenance, configurable corroboration, trust ceilings, outcome gates, correction-driven demotion, supersession, and usefulness feedback. |
| Security for adversarial models | Comis treats model output and external content as untrusted, with scoped stores, capability gates, deny-by-origin controls, encrypted secrets, credential brokering, memory/input/output guards, and audit events. |
| Bounded spend and operational evidence | Traces, trajectories, incident explanation, fleet and delivery health, recall/cache diagnostics, audit records, provider cost accounting, and opt-in spend ceilings connect enforcement to investigation. |
| Per-agent operational control | Assign each agent its own model, memory/context scopes, tools, budgets, policies, configurable secret allowlist, and routing bindings across channels and APIs. |
| Architecture built to evolve safely | Hexagonal ports and adapters, a composition root, Result discipline, strict schemas, typed events, dependency rules, targeted test-neighbor gates, cycle checks, security linting, and shrink-only architecture gates keep change contained. |
Where Comis Fits
- Governed research and analysis: coordinate parallel source gathering, synthesis, criticism, context recovery, provenance-aware memory, and a configured budget while retaining evidence for review.
- Controlled operational investigation: collect read-only system evidence, correlate events, and produce an incident report with cost and audit records. Keep privileged remediation behind tested approval and isolation boundaries.
- Routed support and knowledge operations: give specialized agents separate context, memory, tools, budgets, and routing while keeping the operator's control model consistent.
Capabilities
- Messaging: Telegram, Discord, Slack, WhatsApp, Signal, iMessage, LINE, IRC, Email, and Microsoft Teams, with platform-specific media and interaction support.
- Models, tools, and MCP: Cloud providers, local Ollama and LM Studio models, fallback chains, browser, files, web, media, scheduling, memory, infrastructure, MCP client integrations, and a permission-gated MCP server.
- Media: Speech-to-text, text-to-speech, image and video analysis, image generation, and document extraction.
- Automation: Cron, heartbeat monitoring, background work, sub-agents, and durable execution graphs.
- Interfaces: Web dashboard, CLI, JSON-RPC, WebSocket, early Agent Client Protocol (ACP) bridge work, and experimental OpenAI-shaped HTTP endpoints.
- Storage: Local SQLite stores with FTS5, optional vectors, session history, delivery queues, and encrypted-by-default secret storage.
Security and Deployment
Comis treats model output and external content as untrusted. The runtime includes AES-256-GCM encrypted secret storage by default, configurable per-agent secret allowlists, SSRF defenses, external-content wrapping, prompt-injection detection, memory-write validation, completed-response output guards, tool policy, and an audit trail persisted by default. Streaming consumers receive deltas before the final-response scan.
Isolation depends on the host:
- Linux with Bubblewrap provides the strongest supported tool isolation.
- macOS
sandbox-execis best-effort and does not provide the same boundary as Linux. - By default, the interactive terminal driver refuses to spawn without its jail; an explicit operator-only setting can bypass that jail. The ordinary
exectool can run directly on the host when its sandbox is disabled or unavailable. Disableexecor deploy with Bubblewrap where this risk is unacceptable. - The default agent tool-policy profile is
full, and an emptysecrets.allowlist is unrestricted. Narrow both before accepting untrusted input. - Skill-declared permissions are advisory unless the same limits are enforced through runtime tool policy and deployment controls.
- Approval requests are available on explicitly wired paths when approvals are enabled; configured rules and default modes are not yet a universal policy engine.
Read THREAT_MODEL.md before enabling shell, browser, network, or third-party integrations.
Current Limitations
- Code extensions currently require source changes through ports, adapters, hooks, and tools. Prompt skills can be uploaded or imported, but Comis does not yet provide a stable third-party code-plugin ecosystem.
- ACP support is early library-level bridge work. A daemon entrypoint and complete approval round-trip are not yet shipped.
- Durable graphs support configured checkpoint recovery, but general exact replay remains incomplete.
- Deterministic tests cover the core runtime extensively, but not every provider, channel, model, or deployment combination is validated live.
- Comis is an enterprise-oriented foundation under active development. Evaluate identity integration, tenant isolation, availability, backup and restore, upgrades, and support before critical or regulated deployment.
- APIs and configuration may change during active development; review release notes before upgrading.
Architecture
Comis is a pnpm/TypeScript monorepo organized around hexagonal ports and adapters. core owns contracts and domain rules; adapters implement them; the daemon composition root wires the running system.
| Layer | Packages |
|---|---|
| Foundations | shared, core |
| Runtime | infra, memory, agent, orchestrator, scheduler |
| Interfaces | channels, gateway, cli, web |
| Capabilities | skills |
| Operations and distribution | observability, observability-otel, daemon, comis |
Build and validate from source:
git clone https://github.com/comisai/comis.git
cd comis
pnpm install
pnpm validate
Start with the architecture guide, package guide, and repository engineering protocol.
Contributing
Contributors can start in any of these tracks:
- Governance and security: threat scenarios, policy, secret brokering, approval behavior, memory validation, and adversarial tests.
- Standards and interoperability: MCP authorization, ACP, A2A, OpenTelemetry semantics, and conformance fixtures.
- Runtime reliability: graphs, recovery, context, memory, delivery, incident reconstruction, and cost enforcement.
- Integrations and deployments: channels, providers, tools, hardened Linux profiles, containers, backup, and restore.
- Operator experience and documentation: evidence views, provenance, budgets, approvals, failure explanation, tutorials, and accessibility.
Browse open issues or discuss a proposal in GitHub Discussions. Read CONTRIBUTING.md before opening a pull request; behavior changes follow test-first development and the full architecture and security validation gates.
If Comis is useful, star the repository to help other contributors discover it.
Community
Comis builds on prior work from pi-mono by Mario Zechner.
License
Comis is licensed under the Apache License 2.0. Commercial use, modification, redistribution, and private deployment are permitted under its terms.
Установить Comisai в Claude Desktop, Claude Code, Cursor
unyly install comisaiСтавит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.
Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh
Или настроить вручную
Выполни в терминале:
claude mcp add comisai -- npx -y comisaiFAQ
Comisai MCP бесплатный?
Да, Comisai MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Comisai?
Нет, Comisai работает без API-ключей и переменных окружения.
Comisai — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Comisai в Claude Desktop, Claude Code или Cursor?
Открой Comisai на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Gmail
Read, send and search emails from Claude
автор: GoogleSlack
Send, search and summarize Slack messages
автор: SlackRunbear
No-code MCP client for team chat platforms, such as Slack, Microsoft Teams, and Discord.
Discord Server
A community discord server dedicated to MCP by [Frank Fiegel](https://github.com/punkpeye)
Compare Comisai with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории communication
