Comparison¶
A factual comparison of approaches to deploying AI agents in production.
KruxOS vs raw Docker¶
| Feature | KruxOS | Docker container |
|---|---|---|
| Agent interface | 89 typed capabilities via MCP-native (JSON-RPC fallback) | Shell commands, text parsing |
| Error handling | Structured errors with typed codes, recovery suggestions | Exit codes, stderr text |
| Permission control | 4-tier policy engine with rate limits | Unix permissions (root or not) |
| Audit trail | Hash-chained append-only logs, queryable | Container logs (deletable, unstructured) |
| Secret management | Encrypted vault, use-not-read model | Environment variables (visible to agent) |
| Multi-agent isolation | Per-agent namespaces, cgroups, seccomp, nftables (Landlock adds in v0.0.3) | Per-container isolation |
| External service safety | Read-replica, write buffer, batch protection, rollback | Direct API access |
| Agent-to-agent comms | Built-in message broker with policy integration | Custom implementation needed |
| Human oversight | Approval queue, real-time dashboard, live activity stream | Manual log inspection |
| State management | 3-tier persistence (session/persistent/shared) | Filesystem or external database |
| Tool discovery | Auto-discovery with schemas and documentation | Custom documentation |
| Updates | A/B partition with automatic rollback | Container image replacement |
| Setup time | 5 min (Docker) / 15 min (VM image) | Varies (custom Dockerfile) |
| Token efficiency | ~60% fewer tokens (structured responses) | Baseline |
When to use Docker instead: If you need complete control over the runtime environment, are running agents that don't interact with the OS, or have existing container infrastructure that you want to reuse.
When to use KruxOS: If you need governance, audit trails, human oversight, multi-agent support, or safe external service access.
KruxOS vs OpenClaw¶
| Feature | KruxOS | OpenClaw |
|---|---|---|
| Skill/capability model | Typed YAML definitions with semantic types | JSON definitions with loose types |
| Permission model | 4-tier deterministic policy engine | All-or-nothing |
| Audit trail | Hash-chained, append-only, tamper-detectable | None |
| Secret management | Encrypted vault, capability-scoped, use-not-read | Environment variables |
| Sandbox isolation | 4-layer kernel isolation in v0.0.1 (ns + cgroup v2 + seccomp + nftables); Landlock adds 5th layer in v0.0.3 | None |
| External service safety | Read-replica + write buffer + batch protection + rollback | Direct API access |
| Error handling | Structured errors with recovery suggestions | Unstructured text |
| Multi-agent | Session isolation, comms, shared state | Single agent |
| Human oversight | Dashboard, approval queue, CLI supervision | None |
| Community skills | 13,000+ via compatibility bridge | 13,000+ native |
| Migration effort | Automatic importer with type inference | N/A |
| Model support | Claude (MCP native), OpenAI, Gemini, Ollama, any local | Varies |
| OS integration | Purpose-built Linux distribution | Application layer |
Migration path: KruxOS includes an OpenClaw compatibility bridge that lets existing OpenClaw agents connect without code changes. Skills can be gradually migrated to native capabilities for full type safety and governance.
KruxOS vs NemoClaw¶
| Feature | KruxOS | NemoClaw |
|---|---|---|
| Architecture | Purpose-built OS with kernel-level isolation | Application framework on existing OS |
| Governance | Deterministic YAML policy engine | Configuration-based restrictions |
| Audit | Hash-chained append-only logs with tamper detection | Application-level logging |
| Sandbox | Linux kernel mechanisms (4 layers in v0.0.1, 5 in v0.0.3) | Application-level sandboxing |
| Vault | Dedicated encrypted vault with use-not-read | Credential store |
| Service Proxy | Read-replica + write buffer + batch protection | Direct API access |
| Open source | Apache 2.0 (community edition) | Proprietary |
| Model support | Any model (MCP native for Claude, adapters for others) | NVIDIA ecosystem focused |
| Community | OpenClaw-compatible, 13,000+ importable skills | NVIDIA ecosystem |
Feature matrix¶
| Feature | KruxOS | Docker | OpenClaw | NemoClaw |
|---|---|---|---|---|
| Typed API capabilities | Yes | No | Partial | Partial |
| Deterministic policy engine | Yes | No | No | Partial |
| Hash-chained audit | Yes | No | No | No |
| Encrypted secret vault | Yes | No | No | Partial |
| Kernel-level sandboxing | Yes | Partial | No | No |
| Service Proxy (read-replica) | Yes | No | No | No |
| Write buffer + cancellation | Yes | No | No | No |
| Batch protection | Yes | No | No | No |
| Human approval workflow | Yes | No | No | Partial |
| Real-time dashboard | Yes | No | No | Yes |
| Multi-agent comms | Yes | No | No | Partial |
| A/B update with rollback | Yes | No | No | No |
| Model-agnostic | Yes | Yes | Yes | Partial |
| Community skill ecosystem | 13K+ (via bridge) | N/A | 13K+ | NVIDIA |
| Open source | Yes | Yes | Yes | No |
Cost comparison¶
| Approach | Infrastructure | Licensing | Agent token cost |
|---|---|---|---|
| KruxOS (community) | 1 server / VM | Free (Apache 2.0) | ~40% lower than Docker |
| KruxOS (enterprise) | 1+ servers | Commercial license | ~40% lower than Docker |
| Docker | 1+ servers | Free | Baseline |
| OpenClaw | 1+ servers | Free | Similar to Docker |
| NemoClaw | NVIDIA hardware | Commercial license | Varies |
The ~40% token cost reduction comes from structured responses eliminating the output parsing and error guessing that consume tokens on unstructured platforms.