noah-agent 0.1.0

package/dist/platform/linux.js

@@ -0,0 +1,61 @@
+/** Build the argv (after `sudo`) for a package action on a given manager. */
+function pkgArgs(pm, action, pkg) {
+    const p = pkg ? [pkg] : [];
+    switch (pm) {
+        case "pacman": {
+            const flag = { install: "-S", remove: "-R", update: "-Syu" }[action];
+            return ["pacman", flag, "--noconfirm", ...p];
+        }
+        case "apt": {
+            const sub = { install: "install", remove: "remove", update: "upgrade" }[action];
+            return ["apt-get", sub, "-y", ...p];
+        }
+        case "dnf": {
+            const sub = { install: "install", remove: "remove", update: "upgrade" }[action];
+            return ["dnf", sub, "-y", ...p];
+        }
+        case "zypper": {
+            const sub = { install: "install", remove: "remove", update: "update" }[action];
+            return ["zypper", sub, "-y", ...p];
+        }
+        default:
+            return ["apt-get", "install", "-y", ...p];
+    }
+}
+/** systemctl actions that change state need root; status is read-only. */
+const MUTATING_SERVICE = new Set([
+    "start",
+    "stop",
+    "restart",
+    "enable",
+    "disable",
+]);
+export function makeLinuxAdapter(pm, sh) {
+    return {
+        os: `Linux (${pm})`,
+        pkgManager: pm,
+        pkg: (action, pkg) => sh("sudo", pkgArgs(pm, action, pkg)),
+        service: (name, action) => {
+            if (action === "status")
+                return sh("systemctl", ["status", name, "--no-pager"]);
+            if (MUTATING_SERVICE.has(action))
+                return sh("sudo", ["systemctl", action, name]);
+            return sh("systemctl", [action, name, "--no-pager"]);
+        },
+        logs: (unit) => sh("journalctl", [...(unit ? ["-u", unit] : []), "-n", "200", "--no-pager"]),
+        net: (action, target) => {
+            switch (action) {
+                case "info":
+                    return sh("ip", ["-br", "addr"]);
+                case "ports":
+                    return sh("ss", ["-tlnp"]);
+                case "connections":
+                    return sh("ss", ["-tnp"]);
+                case "ping":
+                    return sh("ping", ["-c", "4", target ?? ""]);
+                case "fetch":
+                    return sh("curl", ["-sSL", "--max-time", "30", target ?? ""]);
+            }
+        },
+    };
+}

package/dist/platform/macos.js

@@ -0,0 +1,51 @@
+function pkgArgs(action, pkg) {
+    const p = pkg ? [pkg] : [];
+    if (action === "update")
+        return ["upgrade", ...p];
+    if (action === "remove")
+        return ["uninstall", ...p];
+    return ["install", ...p];
+}
+export function makeMacosAdapter(sh) {
+    return {
+        os: "macOS",
+        pkgManager: "brew",
+        pkg: (action, pkg) => sh("brew", pkgArgs(action, pkg)),
+        service: async (name, action) => {
+            switch (action) {
+                case "start":
+                    return sh("launchctl", ["start", name]);
+                case "stop":
+                    return sh("launchctl", ["stop", name]);
+                case "restart":
+                    await sh("launchctl", ["stop", name]);
+                    return sh("launchctl", ["start", name]);
+                case "status":
+                    return sh("launchctl", ["list", name]);
+                default:
+                    // enable/disable map to bootstrap/bootout domains — out of scope.
+                    return `'${action}' is not supported on macOS launchctl (use start/stop/restart/status).`;
+            }
+        },
+        logs: (unit) => sh("log", [
+            "show",
+            "--last",
+            "5m",
+            ...(unit ? ["--predicate", `process == "${unit}"`] : []),
+        ]),
+        net: (action, target) => {
+            switch (action) {
+                case "info":
+                    return sh("ifconfig", []);
+                case "ports":
+                    return sh("lsof", ["-nP", "-iTCP", "-sTCP:LISTEN"]);
+                case "connections":
+                    return sh("netstat", ["-an"]);
+                case "ping":
+                    return sh("ping", ["-c", "4", target ?? ""]);
+                case "fetch":
+                    return sh("curl", ["-sSL", "--max-time", "30", target ?? ""]);
+            }
+        },
+    };
+}

package/dist/platform/types.js

@@ -0,0 +1,5 @@
+/**
+ * Platform contract — one abstract interface, per-OS backends.
+ * The cross-platform story: the same tools dispatch through this on Linux + macOS.
+ */
+export {};

package/dist/prompt/system.js

@@ -0,0 +1,52 @@
+/**
+ * NOAH system prompt.
+ *
+ * Authored in Pi's own system-prompt style (role line → Available tools →
+ * Guidelines → context), but with an OS-operator identity instead of Pi's
+ * "expert coding assistant". Installed via DefaultResourceLoader's
+ * `systemPromptOverride`, so it REPLACES Pi's base prompt.
+ *
+ * Pi appends the project context files, skills, current date, and working
+ * directory after this string — do NOT include those here.
+ */
+export const NOAH_SYSTEM_PROMPT = `You are NOAH (Native Operating-system Agentic Harness), an AI System Administrator that operates the user's operating system on their behalf. You understand natural language and control the machine — shell, files, packages, and services — across Linux and macOS, safely and autonomously.
+
+You are not a blind command runner. You first understand the machine, analyze impact, recommend the best action, and only then execute with approval.
+
+Available tools:
+- read: Read the contents of a file
+- bash: Execute a shell command on the host OS
+- edit: Make a precise, exact-match edit to a file
+- write: Create or overwrite a file
+- grep: Search file contents for a pattern
+- find: Find files by name or attributes
+- ls: List directory contents
+- package: Install, remove, or update OS packages via the native package manager (apt/dnf/pacman/zypper on Linux, brew on macOS)
+- service: Start, stop, restart, enable, disable, or check a system service (systemd on Linux, launchd on macOS)
+- network: Inspect networking (info/ports/connections/ping) and fetch URLs over HTTP
+- system: Read live machine telemetry (OS, memory, disks, top processes, failed services)
+- logs: Read recent system logs (journalctl / unified log), optionally for one unit
+
+In addition to the tools above, you may have access to other custom tools depending on the system.
+
+Operating doctrine (how an AI System Administrator works):
+1. Understand — before installing, changing, or diagnosing, call the system tool (and logs when relevant) to read the machine's real state: OS, memory, disk, processes, services. Never guess what you can measure.
+2. Analyze impact — state what the action will change, what it costs (disk/memory/network/privilege), what could go wrong, and a severity (low / medium / high).
+3. Recommend — give the best action and any safer alternatives, grounded in the telemetry you read. For diagnostics, give root cause, severity, and prioritized fixes.
+4. Execute with approval — only after the user agrees. The safety gate will confirm dangerous actions and block catastrophic ones.
+For a request like "install X": first check disk/memory/existing install via the system tool, report compatibility and impact, recommend, then install and verify. For "why is it slow / free up space / how healthy is my machine": read telemetry, analyze, and answer with root cause + prioritized actions.
+
+Guidelines:
+- Plan first: for any multi-step or system-changing task, state a short numbered plan (one line per step), then carry it out step by step.
+- Before installing, making, or changing anything, inspect the machine with the system tool so your recommendation is grounded in real data.
+- Inspect before you change: prefer read-only commands to understand the system state before mutating it.
+- Prefer the package tool over raw shell for installing, removing, or updating software.
+- Prefer the service tool over raw shell for managing services.
+- Use the platform-native way; do not assume a specific distro or package manager — the tools resolve the right backend per OS.
+- Be concise. Report what you did and the outcome, not a play-by-play.
+- Show file paths clearly when working with files.
+
+Safety contract (enforced by NOAH, not optional):
+- A safety gate outside your control may require the user to confirm dangerous actions (delete, install, network, privilege, service changes) or hard-block catastrophic ones (e.g. wiping a disk, recursively deleting root). If an action is blocked, stop and explain a safer alternative.
+- Never attempt to bypass, disable, or trick the safety gate, and never instruct the user to do so.
+- Assume every command you run is recorded to an audit trail. Act accountably.`;

package/dist/runtime.js

@@ -0,0 +1,124 @@
+/**
+ * NOAH runtime — the single source of truth for how a NOAH agent is wired:
+ * OS tools + safety gate + caveman + system prompt + provider registry.
+ *
+ * Shared by every front-end (interactive TUI, print, RPC, SDK) so they all get
+ * identical behaviour. `noahSessionConfig` is pure (for tests); `buildNoahRuntime`
+ * and `createNoahSession` assemble live sessions from it.
+ */
+import { createAgentSession, createAgentSessionFromServices, createAgentSessionRuntime, createAgentSessionServices, DefaultResourceLoader, getAgentDir, SessionManager, } from "@earendil-works/pi-coding-agent";
+import { buildRegistry } from "./llm/registry.js";
+import { resolveModel } from "./llm/resolve.js";
+import { safetyExtension } from "./safety/extension.js";
+import { packageTool } from "./tools/package.js";
+import { serviceTool } from "./tools/service.js";
+import { networkTool } from "./tools/network.js";
+import { systemTool } from "./tools/system.js";
+import { logsTool } from "./tools/logs.js";
+import { NOAH_SYSTEM_PROMPT } from "./prompt/system.js";
+import { cavemanExtension } from "./agent/caveman.js";
+/** Built-in pi tools + NOAH abstract OS tools. */
+export const NOAH_TOOLS = [
+    "read",
+    "bash",
+    "edit",
+    "write",
+    "grep",
+    "find",
+    "ls",
+    "package",
+    "service",
+    "network",
+    "system",
+    "logs",
+];
+export const NOAH_CUSTOM_TOOLS = [packageTool, serviceTool, networkTool, systemTool, logsTool];
+/** Pure assembly of NOAH's session configuration. */
+export function noahSessionConfig(opts) {
+    const getCaveman = opts.getCavemanLevel ?? (() => opts.caveman ?? "off");
+    return {
+        tools: NOAH_TOOLS,
+        customTools: NOAH_CUSTOM_TOOLS,
+        systemPromptOverride: () => NOAH_SYSTEM_PROMPT,
+        appendSystemPromptOverride: () => [],
+        extensionFactories: [
+            safetyExtension({ dryRun: opts.dryRun, autoYes: opts.autoYes, confirm: opts.confirm }),
+            cavemanExtension(getCaveman),
+        ],
+    };
+}
+/** Build the provider registry and resolve the active model. */
+export async function noahWiring(opts) {
+    const { authStorage, modelRegistry } = await buildRegistry();
+    const model = resolveModel(modelRegistry, {
+        flagModel: opts.model,
+        envModel: process.env.NOAH_MODEL,
+    });
+    return { authStorage, modelRegistry, model };
+}
+/**
+ * Build a full AgentSessionRuntime (for RPC / session replacement). Reuses the
+ * same NOAH config so RPC behaves exactly like the interactive front-ends.
+ */
+export async function buildNoahRuntime(opts) {
+    if (opts.dryRun)
+        process.env.NOAH_DRY_RUN = "1";
+    const { authStorage, modelRegistry, model } = await noahWiring(opts);
+    const cfg = noahSessionConfig(opts);
+    const scopedModels = modelRegistry.getAvailable().map((m) => ({ model: m }));
+    return createAgentSessionRuntime(async ({ cwd, sessionManager, sessionStartEvent }) => {
+        const services = await createAgentSessionServices({
+            cwd,
+            authStorage,
+            modelRegistry,
+            resourceLoaderOptions: {
+                systemPromptOverride: cfg.systemPromptOverride,
+                appendSystemPromptOverride: cfg.appendSystemPromptOverride,
+                extensionFactories: cfg.extensionFactories,
+            },
+        });
+        const created = await createAgentSessionFromServices({
+            services,
+            sessionManager,
+            sessionStartEvent,
+            model: model,
+            scopedModels,
+            tools: cfg.tools,
+            customTools: cfg.customTools,
+        });
+        return { ...created, services, diagnostics: services.diagnostics };
+    }, { cwd: process.cwd(), agentDir: getAgentDir(), sessionManager: SessionManager.create(process.cwd()) });
+}
+/**
+ * SDK entry — create a NOAH-wired AgentSession to embed in your own app.
+ *
+ * @example
+ *   import { createNoahSession } from "noah-agent/sdk";
+ *   const { session } = await createNoahSession({ dryRun: false, autoYes: false });
+ *   await session.prompt("install htop and start it");
+ */
+export async function createNoahSession(opts) {
+    if (opts.dryRun)
+        process.env.NOAH_DRY_RUN = "1";
+    const { authStorage, modelRegistry, model } = await noahWiring(opts);
+    const cfg = noahSessionConfig(opts);
+    const resourceLoader = new DefaultResourceLoader({
+        cwd: process.cwd(),
+        agentDir: getAgentDir(),
+        systemPromptOverride: cfg.systemPromptOverride,
+        appendSystemPromptOverride: cfg.appendSystemPromptOverride,
+        extensionFactories: cfg.extensionFactories,
+    });
+    await resourceLoader.reload();
+    const { session } = await createAgentSession({
+        resourceLoader,
+        model: model,
+        authStorage,
+        modelRegistry,
+        scopedModels: modelRegistry.getAvailable().map((m) => ({ model: m })),
+        tools: cfg.tools,
+        customTools: cfg.customTools,
+        sessionManager: opts.sessionManager ?? SessionManager.create(process.cwd()),
+    });
+    return { session, model, authStorage, modelRegistry };
+}

package/dist/safety/audit.js

@@ -0,0 +1,46 @@
+/**
+ * Audit log — accountability. Every executed tool call appended as JSONL.
+ */
+import { appendFileSync, mkdirSync, existsSync, readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+const AUDIT_PATH = join(process.cwd(), ".noah", "audit.jsonl");
+export function appendAudit(entry) {
+    try {
+        mkdirSync(dirname(AUDIT_PATH), { recursive: true });
+        appendFileSync(AUDIT_PATH, JSON.stringify(entry) + "\n");
+    }
+    catch {
+        // never let auditing crash the agent
+    }
+}
+export function readAudit() {
+    if (!existsSync(AUDIT_PATH))
+        return [];
+    return readFileSync(AUDIT_PATH, "utf8")
+        .split("\n")
+        .filter(Boolean)
+        .map((l) => {
+        try {
+            return JSON.parse(l);
+        }
+        catch {
+            return null;
+        }
+    })
+        .filter((e) => e !== null);
+}
+export function printAuditLog() {
+    const entries = readAudit();
+    if (entries.length === 0) {
+        console.log("📜 No audit entries yet.");
+        return;
+    }
+    console.log(`📜 NOAH audit log (${entries.length} actions) — ${AUDIT_PATH}\n`);
+    for (const e of entries) {
+        const status = e.ok ? "✅" : "❌";
+        const cmd = e.input && typeof e.input === "object" && "command" in e.input
+            ? e.input.command
+            : JSON.stringify(e.input);
+        console.log(`${status} ${e.ts}  [${e.tool}]  ${cmd}`);
+    }
+}

package/dist/safety/confirm.js

@@ -0,0 +1,17 @@
+/**
+ * Terminal confirmation — the SAFETY REVIEW centerpiece.
+ * Own readline (ctx.ui.confirm is a no-op in non-TUI CLI).
+ */
+import { createInterface } from "node:readline";
+import * as ui from "../ui/render.js";
+export async function confirmInTerminal(req) {
+    process.stdout.write("\n" + ui.safetyReview(req.command, req.reason, req.toolName) + "\n");
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    return new Promise((resolve) => {
+        rl.question(ui.approvePrompt(), (answer) => {
+            rl.close();
+            process.stdout.write("\n");
+            resolve(/^y(es)?$/i.test(answer.trim()));
+        });
+    });
+}

package/dist/safety/extension.js

@@ -0,0 +1,65 @@
+import { classify } from "./policy.js";
+import { confirmInTerminal } from "./confirm.js";
+import { appendAudit } from "./audit.js";
+import * as ui from "../ui/render.js";
+function commandOf(input) {
+    if (input && typeof input === "object" && "command" in input) {
+        return String(input.command ?? "");
+    }
+    return "";
+}
+export const safetyExtension = (opts) => (pi) => {
+    pi.on("tool_call", async (event, ctx) => {
+        const command = commandOf(event.input);
+        const verdict = classify(event.toolName, event.input);
+        // In the TUI/RPC, Pi renders the block/decline itself; only paint our own
+        // panels in plain-CLI mode (no dialog UI).
+        const hasUI = !!ctx?.hasUI;
+        // 1) Catastrophic → hard block, no override.
+        if (verdict.action === "deny") {
+            if (!hasUI) {
+                process.stdout.write("\n" + ui.safetyBlock(command || event.toolName, verdict.reason) + "\n");
+            }
+            return { block: true, reason: verdict.reason };
+        }
+        // 2) Dry-run → neutralise ALL side effects, keep the plan visible.
+        if (opts.dryRun) {
+            if (event.toolName === "bash") {
+                // Rewrite to a harmless echo so the step is shown but does nothing.
+                const safe = command.replace(/"/g, '\\"');
+                event.input.command = command
+                    ? `echo "[DRY-RUN] would run: ${safe}"`
+                    : `echo "[DRY-RUN] bash"`;
+                return undefined;
+            }
+            // Any non-bash mutating tool (write/edit/package/service) must not execute.
+            if (verdict.action !== "allow") {
+                return {
+                    block: true,
+                    reason: `[DRY-RUN] would ${event.toolName}${command ? `: ${command}` : ""} — skipped (no changes made)`,
+                };
+            }
+            return undefined; // read-only tools are safe to run in dry-run
+        }
+        // 3) Dangerous → require explicit confirmation.
+        if (verdict.action === "confirm" && !opts.autoYes) {
+            const req = { toolName: event.toolName, command, reason: verdict.reason };
+            const ok = opts.confirm
+                ? await opts.confirm(req)
+                : hasUI
+                    ? await ctx.ui.confirm("NOAH safety review", `${verdict.reason}\n\n${event.toolName}${command ? `: ${command}` : ""}`)
+                    : await confirmInTerminal(req);
+            if (!ok)
+                return { block: true, reason: "user declined" };
+        }
+        return undefined; // allow
+    });
+    pi.on("tool_result", (event) => {
+        appendAudit({
+            ts: new Date().toISOString(),
+            tool: event.toolName,
+            input: event.input,
+            ok: !event.isError,
+        });
+    });
+};

package/dist/safety/policy.js

@@ -0,0 +1,100 @@
+/**
+ * Safety policy — the heart of the product.
+ *
+ * classify() decides the fate of every tool call BEFORE it runs:
+ *   - deny    : catastrophic. Hard-blocked, no override.
+ *   - confirm : dangerous. Requires explicit user approval.
+ *   - allow   : safe. Runs freely.
+ */
+/** Catastrophic patterns — hard-blocked, never overridable. */
+const BLOCKLIST = [
+    { re: /\brm\s+-[a-z]*r[a-z]*f?\s+(\/|~|\$HOME)(\s|$)/i, reason: "recursive delete of root/home" },
+    { re: /\brm\s+-[a-z]*f[a-z]*r?\s+(\/|~)(\s|$)/i, reason: "force delete of root/home" },
+    { re: /:\s*\(\s*\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/, reason: "fork bomb" },
+    { re: /\bmkfs(\.\w+)?\b/i, reason: "filesystem format" },
+    { re: /\bdd\b[^|]*\bof=\/dev\/(disk|sd|nvme|rdisk)/i, reason: "raw disk overwrite" },
+    { re: />\s*\/dev\/(sd|disk|nvme|rdisk)/i, reason: "write to raw disk device" },
+    { re: /\bchmod\s+-R\s+0*777\s+\/(\s|$)/i, reason: "recursive 777 on root" },
+    { re: /\b(shutdown|reboot|halt|poweroff)\b/i, reason: "power state change" },
+    { re: /\b(diskutil|gpt)\s+(erase|eraseDisk|eraseVolume|destroy)/i, reason: "disk erase" },
+];
+/** Dangerous indicators in a shell command — require confirmation. */
+const DANGEROUS_CMD = [
+    // --- deletion ---
+    /\b(rm|rmdir|unlink|shred)\b/i,
+    /\bfind\b[^|]*-delete\b/i,
+    /\bfind\b[^|]*-exec\s+(rm|unlink|shred)\b/i,
+    /\btruncate\b/i,
+    // --- creation / file mutation ---
+    /\b(touch|mkdir|mktemp)\b/i,
+    /\b(cp|mv|ln|rsync|install)\b/i,
+    /\b(tee|dd|sed)\b.*-i/i, // in-place edits
+    /\b(tee|dd)\b/i,
+    // --- privilege / packages / network / services ---
+    /\bsudo\b/i,
+    /\b(brew|apt|apt-get|dnf|zypper|yum|port|snap|flatpak)\s+(install|remove|uninstall|upgrade|update|purge)/i,
+    /\bpacman\s+-[A-Za-z]*[SRU]/i, // pacman uses flags: -S install, -R remove, -Syu update
+    /\b(npm|pnpm|yarn|pip|pip3|gem|cargo|go|gh)\s+(install|add|remove|uninstall)/i,
+    /\b(curl|wget)\b/i, // network fetch
+    /\b(systemctl|launchctl|service)\b/i,
+    /\bkillall?\b/i,
+    /\b(chmod|chown|chgrp)\b/i,
+    /\bgit\s+(push|reset|clean|checkout\s+--)/i,
+    />\s*\/etc\//i,
+];
+/**
+ * Detect output redirection that writes to a real file (creates/overwrites).
+ * Ignores safe sinks (/dev/null, /dev/stdout, /dev/stderr) and fd dups (2>&1, >&2).
+ */
+function writesViaRedirect(cmd) {
+    const stripped = cmd
+        .replace(/\d*>>?\s*\/dev\/(null|stdout|stderr)/gi, "")
+        .replace(/&>>?\s*\/dev\/null/gi, "")
+        .replace(/\d*>&\d*/g, "");
+    return />>?/.test(stripped);
+}
+/** Tools that mutate state — confirm by default. */
+const MUTATING_TOOLS = new Set(["write", "edit", "package", "service"]);
+function getCommand(input) {
+    if (input && typeof input === "object" && "command" in input) {
+        return String(input.command ?? "");
+    }
+    return "";
+}
+export function classify(toolName, input) {
+    const command = getCommand(input);
+    // 1) Catastrophic — hard deny (applies to any command string).
+    if (command) {
+        for (const { re, reason } of BLOCKLIST) {
+            if (re.test(command))
+                return { action: "deny", reason: `blocked: ${reason}` };
+        }
+    }
+    // 2) Bash with dangerous indicators or file-writing redirects — confirm.
+    if (toolName === "bash" && command) {
+        for (const re of DANGEROUS_CMD) {
+            if (re.test(command))
+                return { action: "confirm", reason: "potentially destructive command" };
+        }
+        if (writesViaRedirect(command)) {
+            return { action: "confirm", reason: "command writes to a file" };
+        }
+        return { action: "allow", reason: "read-only / safe command" };
+    }
+    // 3) Network tool — only `fetch` (HTTP GET) is risky; gate it (exfiltration).
+    if (toolName === "network") {
+        const action = input && typeof input === "object" && "action" in input
+            ? String(input.action)
+            : "";
+        if (action === "fetch") {
+            return { action: "confirm", reason: "network fetch downloads from the internet" };
+        }
+        return { action: "allow", reason: "read-only network inspection" };
+    }
+    // 4) Mutating tools — confirm.
+    if (MUTATING_TOOLS.has(toolName)) {
+        return { action: "confirm", reason: `${toolName} modifies the system` };
+    }
+    // 5) Everything else (read, grep, find, ls) — allow.
+    return { action: "allow", reason: "safe tool" };
+}

package/dist/sdk.js

@@ -0,0 +1,32 @@
+/**
+ * NOAH SDK — embed a NOAH-wired agent in your own app (in-process).
+ *
+ * @example
+ *   import { createNoahSession } from "noah-agent/sdk";
+ *   const { session } = await createNoahSession({ dryRun: false, autoYes: false });
+ *   session.subscribe((e) => {
+ *     if (e.type === "message_update" && e.assistantMessageEvent.type === "text_delta")
+ *       process.stdout.write(e.assistantMessageEvent.delta);
+ *   });
+ *   await session.prompt("install htop and start it");
+ *   session.dispose();
+ */
+// Core entry points + shared config
+export { createNoahSession, buildNoahRuntime, noahSessionConfig, noahWiring, NOAH_TOOLS, NOAH_CUSTOM_TOOLS, } from "./runtime.js";
+// OS tools
+export { packageTool } from "./tools/package.js";
+export { serviceTool } from "./tools/service.js";
+export { networkTool } from "./tools/network.js";
+// Safety
+export { classify } from "./safety/policy.js";
+export { safetyExtension } from "./safety/extension.js";
+export { appendAudit, readAudit } from "./safety/audit.js";
+// Providers / models
+export { buildRegistry } from "./llm/registry.js";
+export { resolveModel } from "./llm/resolve.js";
+// Token saver / extensions
+export { cavemanExtension, cavemanInstruction, CAVEMAN_LEVELS, } from "./agent/caveman.js";
+// Platform adapter
+export { platform } from "./platform/adapter.js";
+// Prompt
+export { NOAH_SYSTEM_PROMPT } from "./prompt/system.js";