Complete reference for all command groups, subcommands, and flags
What this is for: the comis command is how you set up your daemon, manage agents and channels, browse memory, audit security, and operate the running system from the terminal. Who it’s for: operators and developers running Comis on their own machine or a server.Comis ships 24 command groups (verified against packages/cli/src/cli.ts). The CLI talks to the running daemon over JSON-RPC; offline-only commands such as secrets operate directly on local files. Run any command with --help to see its full flag list — every flag below is also documented inline in the binary.
For installation and your first run-through, see Quick Start and Operations. This page is the exhaustive reference; the Operations section is the friendlier task-oriented guide.
Channels are added with comis configure --section channels (interactive) or by editing ~/.comis/config.yaml directly. Token values are pulled from ~/.comis/.env via ${VAR_NAME} substitution.
comis configure --section channels
7
Store secrets safely
comis secrets set encrypts API keys with AES-256-GCM into secrets.db. comis secrets audit flags any plaintext secrets still sitting in your config.
comis secrets set OPENAI_API_KEYcomis secrets audit --check
After this you have a running agent reachable from at least one channel, with secrets encrypted and an auditable config history (comis config history).
Show how each agent operation resolves to a concrete model: primary model, tiered operation overrides, source (config or default), per-operation timeouts, cross-provider flag, and API-key availability.
Flag
Type
Default
Description
--format <format>
table | json
table
Output format
# List all agentscomis agent list# Create an agent with a specific provider and modelcomis agent create my-agent --provider anthropic --model claude-sonnet-4-5-20250929# Delete an agent without confirmationcomis agent delete old-agent --yes
OAuth authentication management for subscription-based providers (currently OpenAI Codex). Profiles are written to the OAuthCredentialStorePort — separate from SecretStorePort, with refresh + per-profile-ID locking semantics.
Force remote/headless mode (no browser open). Auto-detected via SSH_CLIENT, SSH_TTY, missing DISPLAY.
--local
boolean
auto
Force local/desktop mode (attempt browser open). Inverse of --remote.
--profile <id>
string
derived
Override the auto-derived profile id (<provider>:<email-from-jwt>). Provider portion of the override must match --provider.
--method <method>
browser | device-code
browser
Login method. Use device-code for SSH/no-clipboard environments.
# Local desktop (browser auto-open)comis auth login --provider openai-codex# Headless / SSH host (device-code flow — short code displayed; type it on a phone)comis auth login --provider openai-codex --method device-code# Multi-account: tag the new profile with a custom aliascomis auth login --provider openai-codex --profile openai-codex:work@company.com
Exit codes (auth login):
Code
Meaning
0
Login completed; profile persisted
1
Login flow failed (network, OAuth server error, store-write failure)
2
Invalid arguments (--provider not openai-codex; malformed --profile; provider mismatch in --profile; --method device-code on a non-codex provider)
Reports per-provider state: profile id, identity (email or accountId), expiry timestamp, status (active / expired), and last refresh time.
comis auth statuscomis auth status --provider openai-codex
Errors from any auth subcommand are classified into 6 categories — see OAuth concepts → Error classification. The CLI prints both userMessage and an actionable hint (e.g., Re-authenticate with: comis auth login --provider openai-codex).
Window start: 1h, 24h, 7d, 30d, or any Nh/Nd/Nw/Nm/Ny
--until <iso>
string
now
Window end (ISO-8601)
--agent <agentId>
string
—
Filter results by agent ID
--provider <provider>
string
—
Filter results by provider name
--format <format>
table | json | markdown
table
Output format
# Show cache stats for the last 24 hours (default)comis cache stats# Show stats for the last 7 days, filtered by providercomis cache stats --since 7d --provider anthropic# Machine-readable outputcomis cache stats --format json
# Validate config filescomis config validate -c ~/.comis/config.yaml# Show the gateway sectioncomis config show gateway# Set a config value (triggers daemon restart)comis config set gateway.port 5000# View config change historycomis config history --limit 5# Rollback to a previous config versioncomis config rollback abc1234 --yes
Discovers connected MCP servers (from integrations.mcp.servers[].name) and installed skills (walks agents.<id>.skills.discoveryPaths plus the daemon defaults ~/.comis/skills and ~/.comis/workspace/skills) and materializes the tooling: block in config.yaml.
Flag
Type
Default
Description
--write
boolean
false
Apply the diff atomically to config.yaml; writes a timestamped backup beside the active config first. Daemon must be stopped — tooling.* is restart-required.
--overwrite
boolean
false
With --write, regenerate the entire managed sub-tree. Preserves operator-authored tooling.capabilityClusters.clusters byte-for-byte; wipes and rebuilds mcp.capabilityHints, skills.capabilityHints, installDetours, capabilityIndex. Errors without --write.
--format <format>
human | json
human
Output format for inspect mode (default — no flags).
-c, --config <path>
string
~/.comis/config.yaml
Config file path.
Modes:
Inspect (default) — prints the discovered/existing/diff/wouldWrite shape to stdout; never touches config.yaml. Daemon may be running.
--write — atomic write with config.pre-sync-tooling-<ISO>-<hex>.yaml backup. Append-only on existing keys (operator hand-edits to description / replacesPackages are preserved); stale hints (MCPs/skills no longer in discovery) are pruned.
--write --overwrite — full regenerate of the managed sub-tree, plus the destructive-overwrite warning.
Stub-emission contract: newly-generated MCP and skill hints land with description: TODO, replacesPackages: [], and a # TODO: list npm/pip packages this MCP replaces comment. Operators fill these by hand or via config tooling-fill (below). Until they’re filled, the install-detour subsystem cannot fire on alias overlaps for that hint.Exit codes:
Code
Meaning
0
Success (inspect printed; or --write applied / no-op)
1
Daemon-active guard fired (daemon running with --write); usage error (--overwrite without --write); LLM-related failures
2
Backup or atomic-write failure
3
Config parse error (invalid YAML in config.yaml)
# Inspect what would change (safe, daemon may be running)comis config sync-tooling# JSON output for scriptingcomis config sync-tooling --format json# Apply (daemon must be stopped first)systemctl stop comiscomis config sync-tooling --writesystemctl start comis# Full regenerate (destructive of managed sub-tree, preserves operator clusters)systemctl stop comiscomis config sync-tooling --write --overwritesystemctl start comis
Fills the description and replacesPackages fields of a tooling capability hint via the live Comis agent. Automates the LLM call, the daemon-stop window, the AST-aware YAML edit, and the daemon-restart cycle. Use after config sync-tooling --write has materialized stubs.
Flag
Type
Default
Description
--all
boolean
false
Fill every stub-valued hint in one daemon-restart cycle. Skips operator-filled hints silently unless --force is also set.
--force
boolean
false
Overwrite hints that already have non-stub values. Required to refill an operator-edited hint.
--dry-run
boolean
false
Call the agent, print the suggested values + diff, exit 0. Never stops the daemon, never writes the file.
--yes
boolean
false
Skip the values-confirmation prompt. Required for non-TTY runs.
--restart
boolean
false
Authorize the daemon stop+start window. Required for non-TTY runs. --allow-restart is an accepted alias.
--no-restart
boolean
false
Write the file but skip the daemon stop+start cycle. Mutually exclusive with --allow-restart.
--restart-cmd <cmd>
string
(auto-detect)
Override the supervisor with a literal shell command. Use for non-standard setups (custom init, container runtime, etc.). The command runs once, after the file is written.
--force-no-validate
boolean
false
Skip the npm/pip name-shape regex on replacesPackages. Escape hatch — emits a loud warning.
-c, --config <path>
string
~/.comis/config.yaml
Config file path.
--agent <id>
string
(daemon’s first agent)
Agent ID for the LLM call.
--kind <kind>
mcp | skills
(auto-resolved)
Disambiguate hint kind when the same name appears in both tooling.mcp.capabilityHints and tooling.skills.capabilityHints.
Operating principles:
Daemon must be up for the LLM call (the CLI POSTs to /api/chat on the local gateway). The CLI then stops the daemon, mutates the file atomically, writes a config.pre-tooling-fill-<ISO>-<hex>.yaml backup, and restarts.
After systemctl start (or the equivalent) succeeds, the orchestrator polls /api/system.ping for up to 15 s to confirm the daemon actually came up — not just that the unit was queued. If the daemon crashed during boot (e.g. invalid YAML), the orchestrator restores the backup and exits 2 with a manual-recovery hint.
File ownership of config.yaml is preserved across the atomic write, even when run as root on behalf of an unprivileged service user (the typical VPS setup with comis user under systemd).
Backups older than the 5 most recent are pruned automatically after a successful run. The tooling-fill and sync-tooling prefixes prune independently.
The agent’s response is restricted to a strict 2-line format (DESCRIPTION: and REPLACES_PACKAGES:); any other field is stripped from the parsed output. Package names that fail the npm/pip name-shape regex are silently dropped (or surface as a hard failure if all are dropped).
Idempotency: A hint is “stub-valued” iff description ∈ {missing, "", "TODO"} AND replacesPackages ∈ {missing, []}. Stub-valued hints fill freely; hints with any operator-authored value refuse without --force.Exit codes:
Code
Meaning
0
Success (filled, dry-run, or operator declined at confirmation prompt)
1
Idempotency guard fired without --force; non-TTY without --yes/--restart; daemon unreachable; LLM call failed; all package names invalid
2
Backup, atomic-write, validate, or post-restart liveness failure (rolled back to backup state — message includes the backup path and recovery command if rollback itself failed)
# Fill a single hint interactively (prompts for values + restart)comis config tooling-fill yfinance# Non-interactive (CI / scripts)comis config tooling-fill yfinance --yes --restart# Preview what the agent would suggest, without touching anythingcomis config tooling-fill yfinance --dry-run# Fill all stub-valued hints in one daemon-restart cyclecomis config tooling-fill --all --yes --restart# Overwrite an operator-edited hint (force replace)comis config tooling-fill yfinance --force --yes --restart# Custom supervisor (e.g. a container restart command)comis config tooling-fill yfinance --yes --restart-cmd "docker compose restart comis"# Write the file but skip the restart (operator handles it manually)comis config tooling-fill yfinance --yes --no-restart && systemctl restart comis
comis config tooling-fill requires the daemon to be running at invocation time (the LLM call goes through the local gateway). It then stops the daemon, writes the file, and restarts. This inverts the daemon-state requirement of config sync-tooling --write (which requires the daemon to be stopped at invocation time).
Interactive configuration editor using terminal prompts. Walks through editable config fields section by section, validates changes against the Zod schema, and writes back to the YAML file preserving formatting and comments.
Flag
Type
Default
Description
-c, --config <path>
string
/etc/comis/config.yaml
Config file path
--section <section>
string
-
Jump directly to a specific section
Requires an interactive terminal (TTY). Use comis config set for non-interactive config changes.
# Launch interactive config editorcomis configure# Edit a specific section directlycomis configure --section gateway
No additional flags. Starts via systemd if installed, otherwise spawns a detached Node.js process and waits for the gateway health endpoint to respond.
Run diagnostic health checks across eight categories: configuration, daemon, gateway, channels, workspace, oauth, secrets-audit, and LCD store. Supports auto-repair mode for fixable issues. The oauth category covers JWT expiry, schema mismatch, ca-certificates, HTTPS_PROXY drift, and TLS preflight — see OAuth concepts → Error classification.All checks share one config resolution that mirrors daemon boot: ${VAR} references are substituted from the process environment, then ~/.comis/.env, then the encrypted secret store (offline read). A reference none of them resolves is reported with its config path and var name, and the channel check fails an enabled channel whose credential reference did not resolve — encrypted-store deployments validate cleanly without exporting secrets into the environment.LCD Store checks — when memory.db is present, six read-only scan classes run automatically against the lossless context store: orphaned summaries, dangling context_items references, fallback-marker summaries (quality debt), FTS row-count drift, R4 scope anomalies (NULL tenant/agent keys), and lcd_ingest_cursor over-count (a cursor claiming more ingested messages than the store holds). Output is content-free: findings carry only counts and row ids, never message text. Silently skipped on new installs where memory.db does not exist yet.
Flag
Type
Default
Description
--repair
boolean
false
Auto-fix repairable issues
-c, --config <paths...>
string[]
-
Config file paths to check
--format <format>
table | json
table
Output format
--refresh-test
boolean
false
OAuth: actively test refresh against the provider. Warning: this rotates the refresh token at OpenAI.
# Run full diagnosticscomis doctor# Auto-repair fixable issuescomis doctor --repair -c ~/.comis/config.yaml
--repair flag — LCD store repair actionsWhen --repair is passed, actionable findings are automatically repaired offline (no daemon required). Two LCD finding categories support offline repair:
Finding
Repair action
Dangling context_items refs
Stale lcd_context_items entries whose ref_id points to a deleted summary or message are removed.
FTS row-count drift
lcd_summaries_fts (external-content) is rebuilt via the FTS5 rebuild command. lcd_messages_fts (contentless — message text lives in lcd_message_parts, not a content column) is repopulated by re-rendering each message’s parts into the index.
Fallback-marker summaries (fallback=1) are not repairable offline. They are quality debt produced when the LLM summarizer was unavailable — re-summarization requires the running daemon. The daemon re-summarizes fallback-marker summaries automatically during normal compaction as conversations are processed.Raw message history (lcd_messages) is never modified by any repair action — the lossless verbatim raw store is read-only from the repair path (F1 invariant).
Doctor repair requires the daemon to be stopped. The repair opens memory.db in read-write mode. If the daemon is running, the repair will return SQLITE_BUSY.Always run comis sessions backup before comis doctor --repair to ensure a recovery point exists before any writes to memory.db.
Quick view of system health issues. Unlike doctor which shows all checks, health shows only failures and warnings by default. Exits with code 1 when failures exist, making it suitable for CI pipelines.
Flag
Type
Default
Description
-c, --config <paths...>
string[]
-
Config file paths
--format <format>
table | json
table
Output format
--all
boolean
false
Show all findings including passing checks
# Quick health checkcomis health# Show all checks including passing onescomis health --all# JSON output for CIcomis health --format json
Interactive setup wizard for first-time configuration. Supports three modes: interactive wizard (default), non-interactive with flags for CI/Docker, and JSON output for automation.
comis init --non-interactive --provider openai-codex is deliberately rejected because the Codex OAuth flow requires interactive UI (browser callback, device-code prompt, or manual paste). The CLI exits non-zero with the literal error:
openai-codex requires interactive login; run comis init interactively or run comis auth login --provider openai-codex --method device-code separately.
For headless / CI environments, you have three options:
Pre-seed the OAuth credential via the OAUTH_OPENAI_CODEX environment variable on the daemon’s first start. The daemon’s env-var bootstrap path is read once when the credential store is empty for that provider; subsequent drift triggers a one-shot WARN.
# Wrong — exits non-zero with the error abovecomis init --non-interactive --provider openai-codex# Right — drop --provider and add the profile interactively afterwardcomis init --non-interactivecomis auth login --provider openai-codex --method device-code
Memory management and recall-diagnostics commands for searching, inspecting, and clearing conversation memory entries, and for inspecting how hybrid recall ranked them.
Display memory statistics (with a best-effort recall-counter overlay)
memory recall-trace <session>
Inspect a session’s hybrid-recall trace — admin
memory observations
List observation provenance (sources + history) — admin
memory entities
List an agent’s entity graph, most-mentioned first — admin
memory clear
Clear memory entries matching a filter
memory export
Export agent memory to a secret-scrubbed versioned JSON file — admin
memory import <file>
Import memory from a comis-memory-export-v1 JSON envelope — admin
memory pin <id>
Pin a memory entry so it is always injected in recall — admin
memory unpin <id>
Remove the always-inject pin from a memory entry — admin
memory recall-trace, memory observations, memory entities, memory pin, and memory unpin are admin-gated and (tenant, agent)-scoped — they require an admin-scoped gateway token and operate within the caller’s tenant/agent scope.
memory stats now overlays best-effort recall counters on top of the base memory statistics: lane usage, rerank-fallback rate, consolidation throughput, and recall hit-rate. The overlay is best-effort — a daemon that has not wired the counters (or a non-admin caller) still renders base stats.
Inspect the hybrid-recall trace for a session — the per-recall ranking previews recorded by the opt-in diagnostics.recallTrace artifact. Admin-gated and (tenant, agent)-scoped.
Flag
Type
Default
Description
--trace-id <id>
string
-
Filter by trace id instead of / alongside the session
--agent <agentId>
string
-
Scope to a specific agent
--limit <n>
string
200
Maximum records to return
--format <format>
table | json
table
Output format
The table view shows the correlation keys and the final-count summary (trace, session, finalCount, ts) — enough to locate the right record. The full per-record ranking breakdown (matched lanes, fused order, pre/post-rerank scores, score components, include/exclude reasons) is available via --format json. See the recall runbook.
The output file uses the comis-memory-export-v1 envelope format. Every content field is
run through the secret scrubber before being written — secrets matching known patterns (API
keys, tokens) are replaced with [REDACTED]. The file is written with permissions 0600
(owner read/write only).The daemon returns the scrubbed payload over RPC; the CLI writes the file locally. This design
means memory export works correctly even when the daemon runs under node --permission (which
disables fd-based filesystem APIs on the daemon side).
The CLI validates the envelope’s schemaVersion before sending anything to the daemon.
Files with a mismatched or missing schemaVersion are rejected with a non-zero exit code
(fail-closed: no data is sent to the daemon).Every entry is routed through the memory-poisoning firewall on the daemon:
CRITICAL entries (secret-bearing content) are blocked — not persisted, counted in blocked.
WARN entries (jailbreak-pattern content) are stored at downgraded external trust with
a security-tainted tag, counted in downgraded.
Clean entries are stored at learned trust (capped — system trust cannot be imported).
Import re-stamps tenantId and agentId to the target scope. The envelope’s scope field
is metadata only and is never used for writes.
Idempotent: unpinning an already-unpinned entry is a no-op.
Flag
Type
Default
Description
--agent <agentId>
string
—
Agent scope
--tenant <tenantId>
string
—
Tenant scope
# Search memorycomis memory search "project requirements" --limit 5# View memory statistics (incl. the recall-counter overlay)comis memory stats# Inspect a session's recall trace — full ranking breakdown as JSONcomis memory recall-trace my-session --format jsoncomis memory recall-trace my-session --trace-id 9f2c1a --agent default --limit 50# List observation provenance for an agentcomis memory observations --agent default --limit 50# List an agent's entity graph (most-mentioned first)comis memory entities --agent default --limit 100# Clear conversation memory for a specific tenantcomis memory clear --tenant default --filter memoryType=conversation --yes# Export an agent's memory to a file (secrets scrubbed, 0600 permissions)comis memory export --agent default --output backup.json# Import from a backup envelope (dry-run first to preview firewall counts)comis memory import backup.json --agent default --dry-runcomis memory import backup.json --agent default# Pin a memory entry so it is always injected in recall (admin)comis memory pin <entryId> --agent default# Unpin a previously-pinned memory entry (admin)comis memory unpin <entryId> --agent default
Recall-trace records only exist when diagnostics.recallTrace.enabled is on (opt-in, default off). See the recall runbook for the enable-and-read workflow.
Model management commands for browsing the model catalog and updating agent model assignments. The catalog is sourced live from the @earendil-works/pi-ai SDK — adding a new provider/model to pi-ai automatically surfaces it here with no Comis update required.When the daemon is running, the commands fetch via the models.list RPC. When the daemon is stopped (e.g., during comis init), they fall back to the local pi-ai static catalog so the wizard works pre-init.
# List all available models (~949 entries across 27 providers as of pi-ai 0.71.0)comis models list# Filter by providercomis models list --provider anthropiccomis models list --provider openrouter# Machine-readablecomis models list --format json# Set agent modelcomis models set my-agent claude-sonnet-4-5-20250929
Manage Model Context Protocol (MCP) server connections. Connect, disconnect, probe, and authenticate MCP servers; inspect their exposed tools and capabilities.All subcommands accept --token <token> to override COMIS_GATEWAY_TOKEN.
# List all connected MCP serverscomis mcp list# Inspect tools and capabilities for a specific servercomis mcp status my-server --format json# Test a server config without persisting itcomis mcp test my-server --transport stdio --command "npx" --args "-y,my-mcp-server"# Connect an MCP servercomis mcp connect my-server --transport stdio --command "npx" --args "-y,my-mcp-server"# Initiate OAuth for an MCP servercomis mcp login my-server# Disconnect an MCP servercomis mcp disconnect my-server
Provider management commands. Like comis models, the provider list is sourced live from the pi-ai SDK catalog (getProviders() via the models.list_providers RPC), with local fallback when the daemon isn’t running.
Provider — pi-ai provider id (e.g., anthropic, openrouter, groq)
Models — count of models the provider exposes in the catalog
Status — configured (canonical env key resolved), missing key (provider listed but key not in env), or keyless (local providers like ollama / lm-studio that don’t need a key)
Read the local encrypted store directly (no daemon RPC). Needs SECRETS_MASTER_KEY in ~/.comis/.env. Use when the daemon is down or the gateway token itself is the secret you need (comis secrets get COMIS_GATEWAY_TOKEN --offline) — daemon-side reads are audit-logged, so the RPC path stays the default
# Generate and save master keycomis secrets init --write# Store a secret interactivelycomis secrets set OPENAI_API_KEY# Store a secret from a pipeecho "sk-..." | comis secrets set OPENAI_API_KEY --stdin# Import secrets from .env filecomis secrets import --file ~/.comis/.env# Audit for plaintext secrets (CI-friendly)comis secrets audit --check --json
Security audit and auto-remediation tools. Runs all check categories covering configuration validation, file permissions, secret exposure, gateway hardening, and more.
Complete conversation reset — clears both the LCD durable history and the daemon sessionStore working transcript. This operation is irreversible. Admin-gated — requires an admin token. After a reset, the model starts with a clean slate for this session in both dag and pipeline modes: the LCD store is empty (dag mode) and the sessionStore messages are empty (both modes — the JSONL-backed transcript that feeds state.messages on the next turn is wiped).This is the correct command when you want the model to explicitly forget a conversation. Deleting the session JSONL file alone (sessions delete) does not clear the LCD store, so the model would continue with its LCD history intact.
Flag
Type
Default
Description
--memory
boolean
false
Also clear the conversation’s RAG memories — the full-forget path. Deletes every memory row matching this session (both paired-conversation memories and LCD-distilled episodic memories) for the agent + tenant scope, then unlinks them from consolidated observations (an observation built only from this session is deleted; one corroborated by other sessions is kept with the reference removed). The CLI prints the deleted count. If the daemon has no memory store wired, the flag is reported as unavailable (a stderr warning) and only LCD history + the session transcript are cleared.
--purge-derived
boolean
false
Only meaningful with --memory. Escalates to deleting every consolidated observation derived from this session — even those still corroborated by other sessions (nuclear forget). Destructive; use only when a complete erasure of anything learned from the session is required.
--yes
boolean
false
Required — skip the confirmation prompt (the command exits with an error if omitted)
Use sessions reset (not sessions delete) when you want the model to explicitly forget a conversation. Deletion only removes the session record; the LCD store keeps its full history and the model would resume from it. See Data Directory for the full durability model.
--memory is the explicit delete side of the LCD→LTM loop. There is also an automatic, non-deleting complement on the recall side: when a conversation’s condensed LCD summary has been distilled into a learned memory, recall down-weights (it does not remove) the overlapping paired-conversation memories from that same session, so the distilled summary and its own source rows do not double-count. That down-weighting needs no flag and never deletes anything — --memory / --purge-derived remain the only commands that actually remove memories.
# List all sessionscomis sessions list# Inspect a specific sessioncomis sessions inspect "default:user123:telegram"# Delete a sessioncomis sessions delete "default:user123:telegram" --yes# Full conversation reset (clears LCD history + session transcript — irreversible, requires --yes)comis sessions reset "default:user123:telegram" --yes# Also clear RAG memories for this session (the full-forget path — prints deleted count)comis sessions reset "default:user123:telegram" --memory --yes# Nuclear forget — also purge consolidated observations derived from this sessioncomis sessions reset "default:user123:telegram" --memory --purge-derived --yes
Creates a timestamped copy of memory.db using the SQLite Online Backup API. Safe to run while
the daemon is running — the backup API handles concurrent writes atomically. The backup file is
placed in the same directory as memory.db with restricted permissions (0600).
Flag
Type
Default
Description
--data-dir <dir>
string
~/.comis
Override the data directory
# Back up memory.db (safe while daemon is running)comis sessions backup# Back up from a custom data directorycomis sessions backup --data-dir /var/comis
The backup filename includes an ISO timestamp: memory.db.backup.20260610T120000000Z.
Run comis sessions backup before schema migrations or destructive operations. To restore,
copy the backup file back to memory.db while the daemon is stopped.
Interactive setup wizard for installing and configuring Signal CLI. Guides through Java prerequisite checks, signal-cli installation from GitHub releases, phone number registration with SMS or voice verification, and a test message.No flags. Requires an interactive terminal (TTY).
Search, tail, and export agent execution traces. Traces capture the inbound message pipeline and are stored in the durable trace store. Backed by ObsTraceSearchContract, ObsTraceTailContract, and ObsTraceExportContract.Primarily flag-driven; use --chat with --tail to stream live events.
Assemble an IncidentReport for a single agent session — a bounded, causal post-mortem (outcome, cost, per-tool stats, normalized failures, circuit-breaker timeline, large-result offloads, and a deterministic likely root cause). The report is derived from log evidence only; no LLM is invoked, so the same session always yields the same verdict. Backed by ObsExplainContract (obs.explain).The positional argument is routed automatically: a session key (tenant:user:channel:ts, contains :) is passed as sessionKey; a trace ID (a UUID, no :) is passed as traceId. The daemon canonicalizes a trace ID to its session key first, so both forms produce the identical report.
Flag
Type
Default
Description
--format <format>
table | json
table
Output format
--depth <depth>
summary | full
summary
summary bounds the report to roughly 6 KB (about 1,500 tokens) and caps the failure list; full relaxes the array caps. Both depths are digest-only — no raw tool-output body is ever inlined
--offline
boolean
false
Assemble from the local ~/.comis files without contacting the daemon (same pure assembler the RPC handler runs)
# Explain a session by session keycomis explain "default:user123:telegram:1717000000"# Explain by trace ID, with the uncapped (full) reportcomis explain 6ba7b810-9dad-11d1-80b4-00c04fd430c8 --depth full# Machine-readable outputcomis explain "default:user123:telegram:1717000000" --format json# No daemon required — assemble from the local filescomis explain "default:user123:telegram:1717000000" --offline
Requires an admin-scoped gateway token (same as comis trace) — unless --offline. When the gateway is unreachable (daemon down / wrong port) the command automatically falls back to the offline assembly with a notice. When the gateway rejects the token it does NOT silently fall back — the daemon is demonstrably running, so the error names COMIS_GATEWAY_TOKEN (env var or ~/.comis/.env) and suggests --offline as the explicit out.
Assemble a FleetHealthReport — a bounded, cross-session triage over a recent window: the session count and degradation rate, the degraded-by-cause breakdown (degraded sessions bucketed by named endReason cause, e.g. context_exhausted / output_starved), the recurring WARN findings (recurring lcd_divergence / model / config-posture signals, counts + hints only), the total circuit-breaker trips, the window cost, and a deterministic likely root cause. Like comis explain, the report is derived from log + diagnostics evidence only; no LLM is invoked, so the same window yields the same verdict. Backed by ObsFleetHealthContract (obs.fleet.health).The table view prints the degraded-by-cause spread as a Degraded by cause: context_exhausted=13, output_starved=9 line (sorted highest-count first; counts + closed-set labels only, no raw bodies) — omitted when no degraded session carried a named cause. The full per-cause map is also on the --format json output (degradedByCause).A dedicated config_posture:served_below_configured finding fires when an Ollama provider serves a smaller num_ctx than the configured contextWindow — the agents on that provider silently run with the smaller window. The count is the number of providers affected at the latest boot (posture is standing state, not cumulative — a healthy restart clears it). Fix by raising the served window (OLLAMA_CONTEXT_LENGTH=<configured> ollama serve, or Modelfile PARAMETER num_ctx <configured> — see the served-window section for the VRAM caveat), then run comis explain on a served-bound session for the numbers-backed budget verdict — and see the Local models playbook for the full local-deployment triage map.This is the cross-session sibling of comis explain (single-session). It is a remote admin RPC over the operator’s gateway token — DISTINCT from comis health, the local daemon doctor that runs offline checks with no RPC. (comis health is unaffected; this is a separate command.)
Flag
Type
Default
Description
--since <hours>
number
24
Aggregation window in hours
--format <format>
table | json
table
Output format
--offline
boolean
false
Assemble from the local ~/.comis files without contacting the daemon. Without memory.db access the session-summary half degrades and coverage.sessionSummary.found reports it honestly
# Fleet-health triage over the last 24h (default window)comis fleet# Widen the window to 72hcomis fleet --since 72# Machine-readable outputcomis fleet --since 24 --format json# No daemon required — assemble from the local filescomis fleet --since 24 --offline
Requires an admin-scoped gateway token (same as comis explain / comis trace) — unless --offline. Unreachable-gateway calls fall back to the offline assembly automatically; a token rejection surfaces the auth error (with the --offline tip) instead of masking the misconfiguration.
Display a unified system status overview showing daemon, gateway, channel, and agent information. Connects to the daemon via RPC for live data and handles daemon offline gracefully.
Flag
Type
Default
Description
--format <format>
table | json
table
Output format
# View system statuscomis status# Machine-readable outputcomis status --format json
Remove Comis from the host. Re-invokes install.sh --uninstall (downloaded from comis.ai) so the installer remains the single source of truth for everything that may have been created during install.
Flag
Type
Default
Description
--purge
boolean
false
Also delete ~/.comis, /etc/comis, and (if --with-cloakbrowser was used to install) ~/.cloakbrowser + ~/.cloakbrowser-wrapper
--remove-user
boolean
false
Linux+root only: also delete the comis system user (implies --purge)
--yes
boolean
false
Skip confirmation prompt
--dry-run
boolean
false
Print actions without performing them
--installer <path>
string
-
Use a local install.sh instead of downloading
# Uninstall Comis (keeps data)comis uninstall# Full purge with no promptscomis uninstall --purge --yes
The uninstaller cleans up everything the installer wrote: the main comis.service systemd unit, the optional comis-xvfb.service companion (if --with-xvfb was used), the CLI binary, and — when --purge is set — the data dir plus the CloakBrowser binary cache (which can be 200–500 MB depending on cached versions). On --remove-user the comis system user is dropped too. Sudoers rules, AppArmor profile, and the egress-logging iptables chain are left in place; remove those manually if you’re decommissioning the host.
Commands that detect problems (doctor, health, security audit) exit with code 1 when failures or critical findings are present, making them suitable for CI pipeline gating.
