From e8a5403f91e1af11442f02c7009c226298e51064 Mon Sep 17 00:00:00 2001 From: Kjell Tore Guttormsen Date: Thu, 26 Mar 2026 10:04:05 +0100 Subject: [PATCH] feat: add Computer Use, Remote Control, Auto Mode, and Cowork integration Major update based on Anthropic's March 24, 2026 releases: - feature-map.md: expanded from 20 to 22 capabilities, gaps reduced from 2 to 1 (only Canvas/A2UI remains) - examples/11-computer-use: desktop control via screenshots and clicks - examples/12-remote-control: /rc and Dispatch for phone control - examples/13-auto-mode: AI safety classifier for autonomous execution - cowork-integration/: how Code + Cowork + Dispatch together replicate OpenClaw's full feature set - security/auto-mode-explained.md: deep-dive on the new permission mode - Updated README with broader ecosystem table and revised scores Score: 12 full match (55%), 9 different approach (41%), 1 gap (4%) Co-Authored-By: Claude Opus 4.6 (1M context) --- README.md | 73 +++++++++----- cowork-integration/README.md | 105 +++++++++++++++++++++ examples/11-computer-use/prompt.md | 54 +++++++++++ examples/12-remote-control/prompt.md | 71 ++++++++++++++ examples/13-auto-mode/prompt.md | 83 ++++++++++++++++ feature-map.md | 126 ++++++++++++++++--------- security/README.md | 3 +- security/auto-mode-explained.md | 78 +++++++++++++++ security/permission-modes-explained.md | 33 ++++++- 9 files changed, 553 insertions(+), 73 deletions(-) create mode 100644 cowork-integration/README.md create mode 100644 examples/11-computer-use/prompt.md create mode 100644 examples/12-remote-control/prompt.md create mode 100644 examples/13-auto-mode/prompt.md create mode 100644 security/auto-mode-explained.md diff --git a/README.md b/README.md index 7cf9755..3977890 100644 --- a/README.md +++ b/README.md @@ -2,27 +2,29 @@ A working setup that demonstrates every major OpenClaw capability using Claude Code's ecosystem: tools, MCP servers, plugins, hooks, -agents, skills, and triggers. +agents, skills, triggers, Computer Use, and Remote Control. Companion repo for the article [Every OpenClaw Feature, Covered by Claude Code](https://fromaitochitta.com/openclaw-vs-claude-code-every-feature-compared). ## Why this exists -OpenClaw has 247K GitHub stars and 20 major capabilities. It is the +OpenClaw has 247K GitHub stars and 22 major capabilities. It is the fastest-growing open-source project in history. This repo shows that -Claude Code covers 18 of those 20 capabilities, with 11 full matches -and 7 different approaches. Two gaps remain: Gateway/Control Plane -and Canvas/A2UI. +Claude Code's ecosystem (Code + Cowork + Dispatch) covers 21 of +those 22, with 12 full matches and 9 different approaches. One gap +remains: Canvas/A2UI. This is not a theoretical comparison. Clone this repo, open Claude Code, and try each example yourself. ## Prerequisites -- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) v2.1.81+ +- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) v2.1.86+ - Node.js 18+ (only needed for Playwright MCP) - A terminal (macOS or Linux) +- For Computer Use: Claude Code Desktop app + macOS +- For Dispatch: Claude mobile app (iOS/Android) No npm install. No Docker. No build step. @@ -57,11 +59,12 @@ Paste the prompt from examples/01-agent-runtime/prompt.md | Path | What it covers | |------|---------------| -| `security/` | Permission modes, hook patterns, NemoClaw comparison | +| `security/` | Permission modes, Auto Mode, hook patterns, NemoClaw comparison | | `memory/` | How Claude Code memory works vs OpenClaw's vector search | | `automation/` | Cron, launchd, /loop, /schedule | | `messaging/` | Slack MCP, Telegram Channels, channel comparison | | `browser/` | Playwright MCP setup and usage | +| `cowork-integration/` | How Code + Cowork + Dispatch together replicate OpenClaw | ### Examples (try these) @@ -77,43 +80,61 @@ Paste the prompt from examples/01-agent-runtime/prompt.md | 08 | Cron/Automation | /loop, CronCreate, /schedule | HEARTBEAT.md + cron | | 09 | Security Hooks | PreToolUse/PostToolUse | Exec approvals + Docker | | 10 | Full Pipeline | All capabilities combined | Complete workflow | +| 11 | Computer Use | Control desktop apps | macOS/iOS/Android apps | +| 12 | Remote Control | /rc + Dispatch (phone) | Telegram/WhatsApp control | +| 13 | Auto Mode | AI safety classifier | Autonomous daemon mode | Each example has a self-contained prompt you can paste directly into Claude Code. ## The feature map -See [feature-map.md](feature-map.md) for the complete 20-row +See [feature-map.md](feature-map.md) for the complete 22-row comparison table with verdicts and version requirements. -**Summary:** 11 full match, 7 different approach, 2 gaps. +**Summary:** 12 full match, 9 different approach, 1 gap. -## What Claude Code does not do (today) +## The broader ecosystem -**Gateway/Control Plane:** OpenClaw runs a WebSocket server with a -control UI and OpenAI-compatible API. Claude Code has no equivalent. -If you need a programmable HTTP interface to your agent, OpenClaw -is the better choice. +Claude Code is one part of Anthropic's answer to OpenClaw: -**Canvas/A2UI:** OpenClaw's canvas is an interactive HTML workspace -served by the gateway. Claude Code can generate HTML and preview it -via Playwright, but there is no persistent interactive surface. +| Product | What it does | Best for | +|---------|-------------|----------| +| **Claude Code** (CLI) | Terminal agent with hooks, plugins, MCP | Developers | +| **Claude Code Desktop** | Desktop app with Computer Use | GUI automation | +| **Cowork** | Non-technical agent with built-in connectors | Everyone | +| **Dispatch** | Mobile task assignment from phone | Remote control | +| **/schedule** | Remote triggers via claude.ai | Always-on tasks | +| **Agent SDK** | Programmatic control for CI/CD | Automation | -These gaps matter most for always-on, multi-user automation. For -development and task execution, they are less relevant. +See [cowork-integration/README.md](cowork-integration/README.md) +for a detailed breakdown of how these combine to cover OpenClaw's +feature set. -## Security note +## The remaining gap -The hooks in this repo demonstrate security patterns, but they are -examples, not a production security configuration. Review and -customize them for your environment: +**Canvas/A2UI (the only gap):** OpenClaw's canvas is an interactive +HTML workspace. Claude Code can generate HTML and preview it via +Playwright or Computer Use, but there is no persistent interactive +surface. Artifacts in claude.ai are the closest equivalent but are +not available in Claude Code. -- `hooks/pre-tool-use.sh` blocks known-dangerous commands +## Security + +Four permission modes, from manual approval to full autonomy: + +1. **Default:** Ask for every action (learning) +2. **Auto-edit:** Pre-approved patterns (known workflows) +3. **Auto Mode:** AI classifier reviews each action (autonomous) +4. **Bypass:** No checks (sandboxed environments only) + +The repo includes working security hooks: +- `hooks/pre-tool-use.sh` blocks dangerous commands - `hooks/post-tool-use.sh` logs all tool executions - `.claude/settings.json` has a permission deny list -Read `security/permission-modes-explained.md` before running -Claude Code on anything sensitive. +Read `security/` for the full picture, including an honest +comparison with NemoClaw's enterprise security. ## License diff --git a/cowork-integration/README.md b/cowork-integration/README.md new file mode 100644 index 0000000..4cfe849 --- /dev/null +++ b/cowork-integration/README.md @@ -0,0 +1,105 @@ +# Cowork Integration: The Full OpenClaw Alternative + +Claude Code alone covers 55% of OpenClaw features with a full +match and 41% with a different approach. But Claude Code is just +one product in Anthropic's ecosystem. Together, Claude Code + +Cowork + Dispatch get you closer to 95% of what OpenClaw does. + +## The ecosystem + +``` + ┌─────────────────────┐ + │ Your Phone │ + │ (Dispatch app) │ + └────────┬────────────┘ + │ assigns tasks + ┌────────▼────────────┐ + │ Your Mac │ + │ │ + │ ┌───────────────┐ │ + │ │ Claude Cowork │ │ ← Desktop agent, computer use, + │ │ (Desktop app) │ │ connected apps, scheduled tasks + │ └───────────────┘ │ + │ │ + │ ┌───────────────┐ │ + │ │ Claude Code │ │ ← Developer agent, terminal, + │ │ (CLI/IDE) │ │ plugins, hooks, agents, MCP + │ └───────────────┘ │ + │ │ + └─────────────────────┘ + │ + ┌────────▼────────────┐ + │ VPS / Server │ + │ (Headless CC) │ ← Always-on, cron, /schedule + └─────────────────────┘ +``` + +## Which product for which use case + +| Use case | Best tool | Why | +|----------|-----------|-----| +| Write code, manage repos | Claude Code (CLI) | Full terminal access, hooks, plugins | +| Control desktop apps (Photoshop, Excel) | Cowork (Computer Use) | Screen control, native app access | +| Send tasks from phone | Dispatch | Mobile-first, paired to desktop | +| Continue CC session remotely | /rc (Remote Control) | Works with CLI sessions | +| Run agent 24/7 on server | Headless CC on VPS | No display needed | +| Scheduled autonomous tasks | /schedule or CronCreate | Triggers from web or crontab | +| Connect to Slack, Google, Notion | Cowork connectors | Built-in, no config | +| Connect to any API | Claude Code + MCP | Flexible, developer-controlled | + +## Can you build an OpenClaw replacement with this? + +Mostly, yes. Here is how each OpenClaw selling point maps: + +### "Runs 24/7 on your hardware" +- **Cowork** with "keep computer awake" on a Mac Mini +- **Headless CC** on a VPS ($5/month server) +- **Both** require internet for Anthropic API calls (same as + OpenClaw when using cloud models) + +### "Control it from Telegram/WhatsApp" +- **Dispatch** from Claude mobile app (closest match) +- **/rc** from any browser on your phone +- **Telegram** via Claude Code Channels (v2.1.80+) +- Gap: no WhatsApp, Discord, Signal, iMessage native support + (OpenClaw has 15+ channels) + +### "It manages files, emails, calendars, browsers" +- **Cowork** has Slack, Google Workspace, Notion connectors +- **Claude Code** has file management + Playwright MCP for browser +- **Computer Use** handles anything with a GUI +- Gap: no native email/calendar integration in CC CLI (use MCP) + +### "It remembers everything about you" +- **CLAUDE.md** hierarchy + auto-memory for CC +- **Cowork** has its own context/memory system +- Gap: no vector search. OpenClaw's SQLite-vec/LanceDB memory + is more sophisticated for semantic recall + +### "Open source, works with any LLM" +- **Not replicable.** Claude Code only works with Claude models. + This is a fundamental architectural difference. If model + flexibility matters to you, OpenClaw is the better choice. + +### "5,700+ community skills" +- **2,300+** in Claude marketplace, growing fast +- Claude Code skills + plugins are a younger but active ecosystem +- You can write your own skills in minutes (see `.claude/skills/`) + +## The honest assessment + +If you are a developer who primarily wants an AI coding agent +with deep terminal integration, hooks, plugins, and MCP: Claude +Code is the better choice. It is more polished, more secure, and +requires no self-hosting. + +If you want a general-purpose life automation agent that runs 24/7 +across 15+ messaging channels with any LLM: OpenClaw is still the +better choice. The ecosystem is larger and more flexible. + +If you want both: run Claude Code for development work and +OpenClaw for life automation. They do not conflict. + +Ethan Mollick put it well: Anthropic's offering is "90% of +everything I wanted from OpenClaw, but far less likely to post +all my personal information on the internet." diff --git a/examples/11-computer-use/prompt.md b/examples/11-computer-use/prompt.md new file mode 100644 index 0000000..c941840 --- /dev/null +++ b/examples/11-computer-use/prompt.md @@ -0,0 +1,54 @@ +# Example 11: Computer Use + +Demonstrate Claude Code's ability to control your desktop: open +apps, click buttons, fill forms, take screenshots. This is the +capability that made people say "Anthropic just killed OpenClaw." + +**OpenClaw equivalent:** Browser automation + macOS/iOS/Android +companion apps with screen control. + +**Requirements:** +- Claude Code Desktop app (not CLI-only) +- macOS with Accessibility and Screen Recording permissions granted +- Computer Use enabled in Settings > Desktop app > General +- Pro or Max plan + +## The prompt + +``` +Open Safari, navigate to Hacker News, take a screenshot of the +front page, then open TextEdit and write a summary of the top +5 stories with their point counts. Save the file as +hn-summary-today.txt on the Desktop. +``` + +## What happens + +1. Claude takes control of your screen (golden border appears) +2. Opens Safari, navigates to news.ycombinator.com +3. Takes a screenshot to read the page content +4. Opens TextEdit (or creates a new document) +5. Types the summary with story titles and point counts +6. Saves the file to your Desktop + +## How this compares to OpenClaw + +OpenClaw controls the browser via CDP/Playwright (programmatic). +Its macOS/iOS companion apps can interact with the desktop. + +Claude Code Computer Use controls the screen like a human: +screenshots, mouse clicks, keyboard input. It is slower but +works with any application, not just browsers. + +## Limitations (honest) + +- Research preview. Expect rough edges. +- macOS only (for now) +- Slower than Playwright for browser-only tasks +- Cannot interact with apps that block screen recording +- Some actions cannot be undone (the macOS permission warning + is real) + +For browser-only automation, Playwright MCP (example 04) is +faster and more reliable. Computer Use shines when you need to +interact with native desktop apps that have no API or CLI. diff --git a/examples/12-remote-control/prompt.md b/examples/12-remote-control/prompt.md new file mode 100644 index 0000000..dad629e --- /dev/null +++ b/examples/12-remote-control/prompt.md @@ -0,0 +1,71 @@ +# Example 12: Remote Control and Dispatch + +Control your Claude Code session from your phone. This is +Anthropic's answer to OpenClaw's Telegram integration: manage +your AI agent from anywhere. + +**OpenClaw equivalent:** Telegram, WhatsApp, or any of the +15+ messaging channels for sending commands remotely. + +## Option A: Remote Control (/rc) for Claude Code + +Works with the CLI. No Cowork needed. + +### Setup + +1. Start a Claude Code session in your terminal +2. Type `/rc` (short for `/remote-control`) +3. A URL and QR code appear +4. Scan the QR code with your phone or open the URL in any browser +5. You now have a full interactive session from your phone + +### The prompt (from your phone) + +``` +Search the web for the latest Claude Code changelog entries, +summarize the 3 most important features, and save the summary +to changelog-latest.md in the project root. +``` + +### What happens + +- Your phone sends the message to the active CC session +- Claude Code executes on your computer (terminal stays active) +- Results appear on both your phone and the terminal +- You can continue the conversation from either device + +## Option B: Dispatch for Cowork + +If you use Claude Cowork (desktop app), Dispatch lets you +assign tasks from the Claude mobile app. + +### Setup + +1. Open Claude Desktop app on Mac +2. Switch to Cowork mode +3. Go to Dispatch in settings +4. Scan QR code with Claude mobile app (iOS/Android) +5. Your phone is now paired to your desktop agent + +### How it differs from /rc + +| Feature | /rc (Claude Code) | Dispatch (Cowork) | +|---------|------------------|------------------| +| Interface | Terminal session | Desktop app | +| Requires | CLI | Cowork desktop app | +| Phone app | Any browser | Claude mobile app | +| Computer Use | No | Yes | +| Connected apps | Via MCP | Built-in (Slack, Google, Notion) | + +## The OpenClaw comparison + +OpenClaw lets you text your agent via Telegram, WhatsApp, +Discord, or 12+ other channels. The agent is always-on. + +Claude Code /rc requires an active session. Dispatch requires +Cowork running on your Mac. Neither is truly "always-on" in +the OpenClaw sense, but /schedule (remote triggers) can start +sessions on demand from the web. + +The gap is narrowing. For most "text my agent from my phone" +use cases, /rc or Dispatch gets the job done. diff --git a/examples/13-auto-mode/prompt.md b/examples/13-auto-mode/prompt.md new file mode 100644 index 0000000..9c98804 --- /dev/null +++ b/examples/13-auto-mode/prompt.md @@ -0,0 +1,83 @@ +# Example 13: Auto Mode + +Let Claude Code run autonomously with an AI safety classifier +reviewing every action. No manual approvals needed. This is the +feature that makes Claude Code feel like OpenClaw's daemon mode. + +**OpenClaw equivalent:** Default autonomous mode with Docker +sandbox + exec approvals for dangerous commands. + +**Requirements:** +- Claude Code v2.1.86+ +- Team plan or higher (research preview) + +## Enabling Auto Mode + +From the CLI: +```bash +claude --enable-auto-mode +``` + +In an active session, press `Shift+Tab` to cycle through +permission modes until you reach Auto Mode. + +## The prompt + +``` +Clone the repository at https://github.com/example/sample-app, +install dependencies, run the test suite, fix any failing tests, +and create a summary of what you changed in CHANGES.md. +``` + +## What happens + +1. Claude Code clones the repo (no permission prompt) +2. Runs `npm install` (no permission prompt) +3. Runs `npm test` (no permission prompt) +4. Reads failing test output, edits source files (no prompt) +5. Re-runs tests until they pass (no prompt) +6. Writes CHANGES.md (no prompt) + +Every action is reviewed by the safety classifier (Sonnet 4.6) +before execution. If an action is flagged as risky (e.g., mass +file deletion, data exfiltration), it is blocked and Claude is +redirected to take a different approach. + +## How the safety classifier works + +Two-layer system: +1. **Fast filter:** Quick yes/no on the action category +2. **Chain-of-thought:** Detailed reasoning for borderline cases + +Performance (Anthropic's internal testing): +- 0.4% false positive rate (safe actions incorrectly blocked) +- 5.7% false negative rate (risky actions not caught) + +The classifier runs on Sonnet 4.6 regardless of your session model. + +## Permission mode comparison + +| Mode | Approvals | Safety | Use case | +|------|----------|--------|----------| +| Default | Every action | Maximum | Learning, sensitive projects | +| Auto-edit | Pre-approved patterns | High | Known workflows | +| Auto Mode | AI classifier | High | Autonomous execution | +| Bypass | None | Minimal | Sandboxed environments only | + +## How this compares to OpenClaw + +OpenClaw runs autonomously by default. Safety comes from Docker +sandboxing (container limits what the agent can do even if it +tries something dangerous). + +Claude Code Auto Mode runs autonomously with an AI classifier +reviewing each action before execution. Safety comes from +pre-execution screening, not post-execution containment. + +Different philosophy: +- **OpenClaw:** "Let it try, contain the damage" (sandbox) +- **Claude Code:** "Review before executing" (classifier) + +Both have trade-offs. Sandboxes catch unknown threats. Classifiers +prevent the action from happening at all but may miss novel attacks +(5.7% false negative rate). diff --git a/feature-map.md b/feature-map.md index a447f04..e1d9288 100644 --- a/feature-map.md +++ b/feature-map.md @@ -1,6 +1,8 @@ # OpenClaw vs Claude Code: Complete Feature Map Every major OpenClaw capability, mapped to its Claude Code equivalent. +Updated March 2026 to include Auto Mode, Computer Use, Remote Control, +and Dispatch. ## Verdict legend @@ -10,69 +12,109 @@ Every major OpenClaw capability, mapped to its Claude Code equivalent. | ~ | Different approach | Achievable but requires more setup or different architecture | | ❌ | Gap | Not possible today without significant workarounds | -## The map (20 capabilities) +## The map (22 capabilities) -| # | Capability | OpenClaw | Claude Code | Verdict | -|---|-----------|----------|-------------|---------| -| 1 | Agent Runtime | Long-running daemon, tool exec, streaming | CLI agent loop, tool exec, streaming | ✅ | -| 2 | Shell Execution | `exec` tool, PTY, background, elevated | Bash tool with permission system | ✅ | +| # | Capability | OpenClaw | Claude Code Ecosystem | Verdict | +|---|-----------|----------|----------------------|---------| +| 1 | Agent Runtime | Long-running daemon, tool exec, streaming | CLI agent loop + Auto Mode (AI safety classifier) | ✅ | +| 2 | Shell Execution | `exec` tool, PTY, background, elevated | Bash tool + Auto Mode (no manual approvals) | ✅ | | 3 | File I/O | read, write, edit, apply_patch | Read, Write, Edit, Glob, Grep | ✅ | | 4 | Web Search | Brave Search, Firecrawl fallback | WebSearch + WebFetch (built-in) | ✅ | -| 5 | Browser | CDP/Playwright, screenshots, act | Playwright MCP (same engine) | ✅ | -| 6 | Memory | Daily logs + vector search | CLAUDE.md hierarchy + auto-memory | ~ | -| 7 | Multi-Agent | Sub-agents, mesh, agent-to-agent | Agent Teams, SendMessage, worktree | ✅ | -| 8 | Messaging | 15+ native channels | MCP + Telegram native (v2.1.80) | ~ | -| 9 | Model Providers | 20+ providers, failover | Opus/Sonnet/Haiku + overrides | ~ | -| 10 | Cron/Automation | HEARTBEAT.md, cron, webhooks | /loop, CronCreate, /schedule, hooks | ✅ | -| 11 | Plugin System | openclaw.plugin.json, 20+ hooks | plugin.json, hooks, commands, agents | ✅ | -| 12 | Skills | SKILL.md, ClawHub (5,700+) | Skills + marketplace (2,300+) | ✅ | -| 13 | Security | Docker sandbox, DM pairing | Permission modes, hooks, sandbox | ~ | -| 14 | Voice/TTS | Talk Mode, wake word | Via MCP/scripts (not built-in) | ~ | -| 15 | Companion Apps | macOS, iOS, Android native | VS Code, JetBrains, Desktop, Web | ~ | -| 16 | Gateway | WebSocket server, Control UI | No equivalent (Remote Control partial) | ❌ | -| 17 | Configuration | JSON5, hot-reload, profiles | settings.json hierarchy, CLAUDE.md | ✅ | -| 18 | Canvas/A2UI | Agent-driven HTML workspace | HTML generation + Playwright preview | ❌ | -| 19 | Chat Commands | /status, /model, /think, /mesh | Built-in + custom skills | ✅ | -| 20 | CLI | onboard, gateway, tui, doctor | claude CLI with subcommands | ✅ | +| 5 | Browser | CDP/Playwright, screenshots, act | Playwright MCP + Computer Use (Desktop) | ✅ | +| 6 | Computer Use | Browser + desktop app control | Computer Use in CC Desktop + Cowork (research preview) | ✅ | +| 7 | Memory | Daily logs + vector search | CLAUDE.md hierarchy + auto-memory | ~ | +| 8 | Multi-Agent | Sub-agents, mesh, agent-to-agent | Agent Teams, SendMessage, worktree | ✅ | +| 9 | Messaging/Remote | 15+ native channels | MCP + Telegram (v2.1.80) + Remote Control (/rc) + Dispatch | ~ | +| 10 | Model Providers | 20+ providers, failover | Opus/Sonnet/Haiku + overrides | ~ | +| 11 | Cron/Automation | HEARTBEAT.md, cron, webhooks | /loop, CronCreate, /schedule, hooks | ✅ | +| 12 | Always-On | Daemon process, 24/7 | Headless on VPS + Cowork "keep awake" + /schedule | ~ | +| 13 | Plugin System | openclaw.plugin.json, 20+ hooks | plugin.json, hooks, commands, agents | ✅ | +| 14 | Skills | SKILL.md, ClawHub (5,700+) | Skills + marketplace (2,300+) | ✅ | +| 15 | Security | Docker sandbox, DM pairing | Permission modes + Auto Mode classifier + hooks | ~ | +| 16 | Voice/TTS | Talk Mode, wake word | Via MCP/scripts (not built-in) | ~ | +| 17 | Companion Apps | macOS, iOS, Android native | Desktop, VS Code, JetBrains, Web, Dispatch (mobile) | ~ | +| 18 | Gateway | WebSocket server, Control UI | Remote Control (/rc) + Dispatch (partial) | ~ | +| 19 | Canvas/A2UI | Agent-driven HTML workspace | HTML generation + Playwright preview | ❌ | +| 20 | Configuration | JSON5, hot-reload, profiles | settings.json hierarchy, CLAUDE.md | ✅ | +| 21 | Chat Commands | /status, /model, /think, /mesh | Built-in + custom skills | ✅ | +| 22 | CLI | onboard, gateway, tui, doctor | claude CLI with subcommands | ✅ | ## Score | Verdict | Count | % | |---------|-------|---| -| ✅ Full match | 11 | 55% | -| ~ Different approach | 7 | 35% | -| ❌ Gap | 2 | 10% | +| ✅ Full match | 12 | 55% | +| ~ Different approach | 9 | 41% | +| ❌ Gap | 1 | 4% | -## What the gaps mean +## What changed from the initial assessment -**Gateway/Control Plane (❌):** OpenClaw runs a WebSocket server -with a control UI, webchat, and an OpenAI-compatible API. Claude -Code has no equivalent. Remote Control (research preview) partially -addresses phone access but is not a programmable gateway. +The initial feature map (20 rows, 2 gaps) was based on Claude Code +CLI alone. This updated map adds: + +- **Computer Use** (row 6): New capability. Claude Code Desktop and + Cowork can control your screen, click, type, navigate apps. This + matches OpenClaw's browser + desktop control. + +- **Always-On** (row 12): Explicitly broken out. OpenClaw runs as a + daemon. Claude Code achieves persistence through headless VPS + deployment, Cowork's "keep awake" mode, and /schedule for remote + triggers. Different architecture, same outcome. + +- **Gateway** (row 18): Upgraded from Gap to Different approach. + Remote Control (/rc) lets you control a CC session from phone or + browser. Dispatch (Cowork) adds mobile task assignment. Together + they cover the phone-control use case, though not the programmable + HTTP API. + +- **Auto Mode** (rows 1, 2, 15): The AI safety classifier (Sonnet 4.6) + reviews every tool call. 0.4% false positive rate. This eliminates + the constant approval prompts that made CC feel less autonomous than + OpenClaw's daemon mode. + +## The remaining gap **Canvas/A2UI (❌):** OpenClaw's canvas is an interactive, -agent-driven HTML workspace served by the gateway. Claude Code can -generate HTML files and preview them via Playwright, but there is -no persistent, interactive canvas surface. +agent-driven HTML/CSS/JS workspace served by the gateway. Claude Code +can generate HTML files and preview them via Playwright or Computer +Use, but there is no persistent, interactive canvas surface. Artifacts +in claude.ai are the closest equivalent but are not available in +Claude Code. -These are real gaps. They matter most for always-on automation and -visual agent interfaces. For development and task execution, they -are less relevant. +## The broader ecosystem + +Claude Code is one part of Anthropic's answer to OpenClaw. +The full picture: + +| Product | Role | OpenClaw equivalent | +|---------|------|-------------------| +| Claude Code (CLI) | Developer agent, terminal | OpenClaw core agent | +| Claude Code Desktop | Desktop app with computer use | OpenClaw + macOS app | +| Cowork | Non-technical agent, connectors | OpenClaw for non-developers | +| Dispatch | Mobile task assignment | Telegram/WhatsApp channels | +| /schedule | Remote triggers via claude.ai | HEARTBEAT.md cron | +| Agent SDK | Programmatic control, CI/CD | OpenClaw API | + +This repo focuses on Claude Code (CLI + Desktop) because it gives +you the most control. But Cowork + Dispatch are relevant alternatives +for use cases that do not require terminal access. ## Version requirements -Minimum Claude Code version for full coverage: **v2.1.81** +Minimum Claude Code version for full coverage: **v2.1.86** | Feature | Version | OpenClaw equivalent | |---------|---------|-------------------| | Agent Teams | v2.1.32 | Multi-agent mesh | | Auto-memory | v2.1.32 | Vector memory | +| Background agents | v2.1.49 | Sub-agent spawning | +| Worktree isolation | v2.1.50 | Agent sandboxing | +| HTTP hooks | v2.1.63 | Webhook integrations | +| /loop + CronCreate | v2.1.71 | HEARTBEAT.md + cron | +| disallowedTools | v2.1.78 | Tool deny lists | | Channels + Telegram | v2.1.80 | Multi-channel messaging | | Permission relay | v2.1.81 | DM approval | -| /loop + CronCreate | v2.1.71 | HEARTBEAT.md + cron | -| Worktree isolation | v2.1.50 | Agent sandboxing | -| disallowedTools | v2.1.78 | Tool deny lists | -| Background agents | v2.1.49 | Sub-agent spawning | -| HTTP hooks | v2.1.63 | Webhook integrations | -| Plugin marketplace | v2.1.6 | ClawHub | | managed-settings.d | v2.1.84 | Enterprise policy | +| Auto Mode | v2.1.86 | Autonomous execution | +| Computer Use | v2.1.86 | Desktop control | +| Remote Control (/rc) | v2.1.85 | Phone access | diff --git a/security/README.md b/security/README.md index 266a456..239b0c8 100644 --- a/security/README.md +++ b/security/README.md @@ -10,6 +10,7 @@ agent behavior. | File | What it covers | |------|---------------| -| `permission-modes-explained.md` | The three permission modes and when to use each | +| `permission-modes-explained.md` | The four permission modes and when to use each | +| `auto-mode-explained.md` | Auto Mode: AI safety classifier for autonomous execution | | `hook-based-guardrails.md` | Building custom security with PreToolUse hooks | | `nemoclaw-comparison.md` | Honest comparison with NemoClaw's enterprise security | diff --git a/security/auto-mode-explained.md b/security/auto-mode-explained.md new file mode 100644 index 0000000..61cfc1f --- /dev/null +++ b/security/auto-mode-explained.md @@ -0,0 +1,78 @@ +# Auto Mode + +Auto Mode (v2.1.86, March 24, 2026) is a new permission mode where +an AI safety classifier reviews every tool call before execution. +No manual approvals. Claude runs autonomously, with a safety net. + +## How to enable + +```bash +# From CLI launch: +claude --enable-auto-mode + +# In active session: +# Press Shift+Tab to cycle through permission modes +``` + +## How the classifier works + +Before each tool call, a classifier (running on Sonnet 4.6) +evaluates whether the action is safe: + +1. **Fast filter:** Quick binary decision on the action category +2. **Chain-of-thought:** Detailed reasoning for borderline cases + +Safe actions proceed automatically. Risky actions (mass deletion, +data exfiltration, malicious code) are blocked, and Claude is +redirected to an alternative approach. + +## Performance numbers (Anthropic's internal testing) + +| Metric | Value | +|--------|-------| +| False positive rate | 0.4% (safe actions incorrectly blocked) | +| False negative rate | 5.7% (risky actions not caught) | + +The classifier runs on Sonnet 4.6 regardless of your session model. +This means even Opus sessions get fast, consistent safety screening. + +## When to use Auto Mode + +**Good for:** +- Code refactoring across many files +- Test-fix-test loops +- Research and summarization tasks +- Any workflow where constant approvals break your flow + +**Not recommended for:** +- First time using Claude Code (learn default mode first) +- Sensitive environments with production data +- Multi-agent workflows where you want explicit control + +## Comparison to OpenClaw security + +| Aspect | OpenClaw | Auto Mode | +|--------|----------|-----------| +| Default behavior | Autonomous | Autonomous | +| Safety mechanism | Docker sandbox (containment) | AI classifier (prevention) | +| Unknown threats | Contained by sandbox | May slip through (5.7% FN) | +| Known threats | Depend on config | Caught by classifier | +| User intervention | /approve for flagged actions | Automatic redirect | +| Infrastructure | Requires Docker | No infrastructure | + +## All four permission modes + +| Mode | Behavior | Safety | OpenClaw equivalent | +|------|----------|--------|-------------------| +| Default | Ask for every action | Maximum control | DM pairing + exec approvals | +| Auto-edit | Pre-approved patterns | Selective | Tool allowlists | +| Auto Mode | AI classifier reviews | AI-enforced | Autonomous + sandbox | +| Bypass | No checks | Minimal | Elevated mode | + +Auto Mode sits between auto-edit and bypass. It gives you the +autonomy of bypass with most of the safety of auto-edit. + +## Availability + +Research preview on Team plan (March 2026). Enterprise and API +coming soon. diff --git a/security/permission-modes-explained.md b/security/permission-modes-explained.md index 01d33e3..0d41751 100644 --- a/security/permission-modes-explained.md +++ b/security/permission-modes-explained.md @@ -1,6 +1,6 @@ # Permission Modes -Claude Code has three permission modes that control how much +Claude Code has four permission modes that control how much autonomy the agent has. This is the first line of defense. ## The three modes @@ -39,7 +39,31 @@ Configured in `.claude/settings.json`: **OpenClaw equivalent:** Tool allowlists per agent/session. -### 3. Bypass mode (`--dangerously-skip-permissions`) +### 3. Auto Mode (`--enable-auto-mode`) + +An AI safety classifier (Sonnet 4.6) reviews every tool call +before execution. Safe actions proceed automatically. Risky +actions are blocked and Claude is redirected. + +```bash +claude --enable-auto-mode +# Or press Shift+Tab in a session to cycle to Auto Mode +``` + +Performance: 0.4% false positive rate, 5.7% false negative rate. + +**Best for:** +- Autonomous coding workflows +- Test-fix-test loops +- Any task where constant approvals break flow + +**OpenClaw equivalent:** Default autonomous mode with Docker sandbox. +Different philosophy: Auto Mode prevents dangerous actions before +execution. OpenClaw's sandbox contains damage after execution. + +See `auto-mode-explained.md` for the full deep-dive. + +### 4. Bypass mode (`--dangerously-skip-permissions`) No permission checks at all. Claude Code executes everything. @@ -69,6 +93,7 @@ Settings deny list: decides WHICH tools exist at all ## Recommendation -Start with default mode. Move to auto-edit mode once you -understand which operations you trust. Never use bypass mode +Start with default mode. Move to auto-edit once you understand +which operations you trust. Graduate to Auto Mode when you want +autonomous execution with AI safety. Never use bypass mode outside of sandboxes.