@lumenflow/cli 3.20.0 → 3.22.0

package/dist/chunk-HANJXVKW.js

@@ -0,0 +1,1127 @@
+// ../kernel/dist/shared-constants.js
+var UTF8_ENCODING = "utf8";
+var BASE64_ENCODING = "base64";
+var SHA256_ALGORITHM = "sha256";
+var SHA256_HEX_LENGTH = 64;
+var SHA256_HEX_REGEX = /^[a-f0-9]{64}$/;
+var SHA256_INTEGRITY_PREFIX = "sha256:";
+var SHA256_INTEGRITY_REGEX = /^sha256:[a-f0-9]{64}$/;
+var WORKSPACE_FILE_NAME = "workspace.yaml";
+var GIT_DIR_NAME = ".git";
+var PACKS_DIR_NAME = "packs";
+var PACK_MANIFEST_FILE_NAME = "manifest.yaml";
+var PACKAGES_DIR_NAME = "packages";
+var LUMENFLOW_SCOPE_NAME = "@lumenflow";
+var LUMENFLOW_DIR_NAME = ".lumenflow";
+var KERNEL_RUNTIME_ROOT_DIR_NAME = "kernel";
+var KERNEL_RUNTIME_TASKS_DIR_NAME = "tasks";
+var KERNEL_RUNTIME_EVENTS_DIR_NAME = "events";
+var KERNEL_RUNTIME_EVIDENCE_DIR_NAME = "evidence";
+var KERNEL_RUNTIME_EVENTS_FILE_NAME = "events.jsonl";
+var KERNEL_RUNTIME_EVENTS_LOCK_FILE_NAME = "events.lock";
+var RESERVED_FRAMEWORK_SCOPE_ROOT = LUMENFLOW_DIR_NAME;
+var RESERVED_FRAMEWORK_SCOPE_PREFIX = `${LUMENFLOW_DIR_NAME}/`;
+var RESERVED_FRAMEWORK_SCOPE_GLOB = `${LUMENFLOW_DIR_NAME}/**`;
+var DEFAULT_WORKSPACE_CONFIG_HASH = "0".repeat(SHA256_HEX_LENGTH);
+var DEFAULT_KERNEL_RUNTIME_VERSION = "kernel-dev";
+var WORKSPACE_CONFIG_HASH_CONTEXT_KEYS = {
+  WORKSPACE_FILE_MISSING: "workspace_file_missing"
+};
+var EXECUTION_METADATA_KEYS = {
+  WORKSPACE_ALLOWED_SCOPES: "workspace_allowed_scopes",
+  LANE_ALLOWED_SCOPES: "lane_allowed_scopes",
+  TASK_DECLARED_SCOPES: "task_declared_scopes",
+  WORKSPACE_CONFIG_HASH: "workspace_config_hash",
+  RUNTIME_VERSION: "runtime_version",
+  PACK_ID: "pack_id",
+  PACK_VERSION: "pack_version",
+  PACK_INTEGRITY: "pack_integrity"
+};
+var KERNEL_POLICY_IDS = {
+  ALLOW_ALL: "kernel.policy.allow-all",
+  RUNTIME_FALLBACK: "kernel.policy.runtime-fallback",
+  BUILTIN_DEFAULT: "kernel.policy.builtin-default",
+  PROC_EXEC_DEFAULT_DENY: "kernel.policy.proc-exec-default-deny",
+  SCOPE_RESERVED_PATH: "kernel.scope.reserved-path",
+  SCOPE_BOUNDARY: "kernel.scope.boundary",
+  RECONCILIATION: "kernel.reconciliation",
+  APPROVAL_REQUIRED: "kernel.policy.approval-required"
+};
+
+// ../kernel/dist/kernel.schemas.js
+import { z } from "zod";
+
+// ../kernel/dist/event-kinds.js
+var KERNEL_EVENT_KINDS = {
+  TASK_CREATED: "task_created",
+  TASK_CLAIMED: "task_claimed",
+  TASK_BLOCKED: "task_blocked",
+  TASK_UNBLOCKED: "task_unblocked",
+  TASK_WAITING: "task_waiting",
+  TASK_RESUMED: "task_resumed",
+  TASK_COMPLETED: "task_completed",
+  TASK_RELEASED: "task_released",
+  TASK_DELEGATED: "task_delegated",
+  RUN_STARTED: "run_started",
+  RUN_PAUSED: "run_paused",
+  RUN_FAILED: "run_failed",
+  RUN_SUCCEEDED: "run_succeeded",
+  WORKSPACE_UPDATED: "workspace_updated",
+  WORKSPACE_WARNING: "workspace_warning",
+  SPEC_TAMPERED: "spec_tampered",
+  CHECKPOINT: "checkpoint"
+};
+var TASK_EVENT_KINDS = [
+  KERNEL_EVENT_KINDS.TASK_CREATED,
+  KERNEL_EVENT_KINDS.TASK_CLAIMED,
+  KERNEL_EVENT_KINDS.TASK_BLOCKED,
+  KERNEL_EVENT_KINDS.TASK_UNBLOCKED,
+  KERNEL_EVENT_KINDS.TASK_WAITING,
+  KERNEL_EVENT_KINDS.TASK_RESUMED,
+  KERNEL_EVENT_KINDS.TASK_COMPLETED,
+  KERNEL_EVENT_KINDS.TASK_RELEASED,
+  KERNEL_EVENT_KINDS.TASK_DELEGATED
+];
+var RUN_LIFECYCLE_EVENT_KINDS = [
+  KERNEL_EVENT_KINDS.RUN_STARTED,
+  KERNEL_EVENT_KINDS.RUN_PAUSED,
+  KERNEL_EVENT_KINDS.RUN_FAILED,
+  KERNEL_EVENT_KINDS.RUN_SUCCEEDED
+];
+var TASK_EVENT_KIND_SET = new Set(TASK_EVENT_KINDS);
+var RUN_LIFECYCLE_EVENT_KIND_SET = new Set(RUN_LIFECYCLE_EVENT_KINDS);
+function isTaskEventKind(kind) {
+  return TASK_EVENT_KIND_SET.has(kind);
+}
+function isRunLifecycleEventKind(kind) {
+  return RUN_LIFECYCLE_EVENT_KIND_SET.has(kind);
+}
+var TOOL_TRACE_KINDS = {
+  TOOL_CALL_STARTED: "tool_call_started",
+  TOOL_CALL_FINISHED: "tool_call_finished"
+};
+
+// ../kernel/dist/kernel.schemas.js
+var ISO_DATETIME_SCHEMA = z.string().datetime();
+var SEMVER_REGEX = /^\d+\.\d+\.\d+(?:-[0-9A-Za-z-.]+)?(?:\+[0-9A-Za-z-.]+)?$/;
+var SEMVER_MESSAGE = "Expected semantic version";
+var RUN_STATUSES = {
+  PLANNED: "planned",
+  EXECUTING: "executing",
+  PAUSED: "paused",
+  FAILED: "failed",
+  SUCCEEDED: "succeeded"
+};
+var RUN_STATUS_VALUES = [
+  RUN_STATUSES.PLANNED,
+  RUN_STATUSES.EXECUTING,
+  RUN_STATUSES.PAUSED,
+  RUN_STATUSES.FAILED,
+  RUN_STATUSES.SUCCEEDED
+];
+var TOOL_HANDLER_KINDS = {
+  IN_PROCESS: "in-process",
+  SUBPROCESS: "subprocess"
+};
+var TOOL_HANDLER_KIND_VALUES = [
+  TOOL_HANDLER_KINDS.IN_PROCESS,
+  TOOL_HANDLER_KINDS.SUBPROCESS
+];
+var TOOL_ERROR_CODES = {
+  TOOL_NOT_FOUND: "TOOL_NOT_FOUND",
+  SCOPE_DENIED: "SCOPE_DENIED",
+  POLICY_DENIED: "POLICY_DENIED",
+  APPROVAL_REQUIRED: "APPROVAL_REQUIRED",
+  INVALID_INPUT: "INVALID_INPUT",
+  INVALID_OUTPUT: "INVALID_OUTPUT",
+  TOOL_EXECUTION_FAILED: "TOOL_EXECUTION_FAILED"
+};
+var ToolScopePathSchema = z.object({
+  type: z.literal("path"),
+  pattern: z.string().min(1),
+  access: z.enum(["read", "write"])
+});
+var ToolScopeNetworkBaseSchema = z.object({
+  type: z.literal("network"),
+  posture: z.enum(["off", "full", "allowlist"]),
+  allowlist_entries: z.array(z.string().min(1)).min(1).optional()
+});
+var ToolScopeNetworkSchema = ToolScopeNetworkBaseSchema.refine((data) => {
+  if (data.posture === "allowlist") {
+    return data.allowlist_entries !== void 0 && data.allowlist_entries.length > 0;
+  }
+  return true;
+}, { message: "allowlist_entries required when posture is allowlist" });
+var ToolScopeSchema = z.discriminatedUnion("type", [ToolScopePathSchema, ToolScopeNetworkBaseSchema]).refine((data) => {
+  if (data.type === "network" && data.posture === "allowlist") {
+    return data.allowlist_entries !== void 0 && data.allowlist_entries.length > 0;
+  }
+  return true;
+}, { message: "allowlist_entries required when posture is allowlist" });
+var AcceptanceSchema = z.union([
+  z.array(z.string().min(1)).min(1),
+  z.record(z.string().min(1), z.array(z.string().min(1)).min(1))
+]);
+var TaskSpecSchema = z.object({
+  id: z.string().min(1),
+  workspace_id: z.string().min(1),
+  lane_id: z.string().min(1),
+  domain: z.string().min(1),
+  title: z.string().min(1),
+  description: z.string().min(1),
+  acceptance: AcceptanceSchema,
+  declared_scopes: z.array(ToolScopeSchema),
+  expected_artifacts: z.array(z.string().min(1)).optional(),
+  risk: z.enum(["low", "medium", "high", "critical"]),
+  blocks: z.array(z.string().min(1)).optional(),
+  blocked_by: z.array(z.string().min(1)).optional(),
+  extensions: z.record(z.string(), z.unknown()).optional(),
+  type: z.string().min(1),
+  priority: z.enum(["P0", "P1", "P2", "P3"]),
+  created: z.string().date(),
+  labels: z.array(z.string().min(1)).optional()
+});
+var RunSchema = z.object({
+  run_id: z.string().min(1),
+  task_id: z.string().min(1),
+  status: z.enum(RUN_STATUS_VALUES),
+  started_at: ISO_DATETIME_SCHEMA,
+  completed_at: ISO_DATETIME_SCHEMA.optional(),
+  by: z.string().min(1),
+  session_id: z.string().min(1)
+});
+var TaskStateSchema = z.object({
+  task_id: z.string().min(1),
+  status: z.enum(["ready", "active", "blocked", "waiting", "done"]),
+  claimed_at: ISO_DATETIME_SCHEMA.optional(),
+  claimed_by: z.string().min(1).optional(),
+  session_id: z.string().min(1).optional(),
+  blocked_reason: z.string().min(1).optional(),
+  completed_at: ISO_DATETIME_SCHEMA.optional(),
+  current_run: RunSchema.optional(),
+  run_count: z.number().int().nonnegative(),
+  domain_state: z.record(z.string(), z.unknown()).optional()
+});
+var PackPinSchema = z.object({
+  id: z.string().min(1),
+  version: z.string().regex(SEMVER_REGEX, SEMVER_MESSAGE),
+  integrity: z.union([
+    z.literal("dev"),
+    z.string().regex(SHA256_INTEGRITY_REGEX, "Expected dev or sha256:<64-hex>")
+  ]),
+  source: z.enum(["local", "git", "registry"]),
+  url: z.string().url().optional(),
+  /** Registry base URL override. When omitted, uses PackLoader's defaultRegistryUrl. */
+  registry_url: z.string().url().optional()
+});
+var LaneSpecSchema = z.object({
+  id: z.string().min(1),
+  title: z.string().min(1),
+  allowed_scopes: z.array(ToolScopeSchema).default([]),
+  wip_limit: z.number().int().positive().optional(),
+  policy_overrides: z.record(z.string(), z.unknown()).optional()
+});
+var WorkspaceControlPlanePolicyModeSchema = z.enum([
+  "authoritative",
+  "tighten-only",
+  "dev-override"
+]);
+var CONTROL_PLANE_AUTH_TOKEN_ENV_PATTERN = /^[A-Z][A-Z0-9_]*$/;
+var WorkspaceControlPlaneAuthConfigSchema = z.object({
+  token_env: z.string().regex(CONTROL_PLANE_AUTH_TOKEN_ENV_PATTERN, "Expected uppercase environment variable name")
+}).strict();
+var WorkspaceControlPlaneConfigSchema = z.object({
+  endpoint: z.string().url(),
+  org_id: z.string().min(1),
+  project_id: z.string().min(1),
+  sync_interval: z.number().int().positive(),
+  policy_mode: WorkspaceControlPlanePolicyModeSchema,
+  auth: WorkspaceControlPlaneAuthConfigSchema
+}).strict();
+var WorkspaceSpecSchema = z.object({
+  id: z.string().min(1),
+  name: z.string().min(1),
+  packs: z.array(PackPinSchema),
+  lanes: z.array(LaneSpecSchema),
+  policies: z.record(z.string(), z.unknown()).optional(),
+  security: z.object({
+    allowed_scopes: z.array(ToolScopeSchema),
+    network_default: z.enum(["off", "full"]),
+    deny_overlays: z.array(z.string().min(1))
+  }),
+  software_delivery: z.record(z.string(), z.unknown()).optional(),
+  control_plane: WorkspaceControlPlaneConfigSchema.optional(),
+  memory_namespace: z.string().min(1),
+  event_namespace: z.string().min(1)
+});
+var KERNEL_OWNED_ROOT_KEYS = [
+  "id",
+  "name",
+  "packs",
+  "lanes",
+  "policies",
+  "security",
+  "control_plane",
+  "memory_namespace",
+  "event_namespace"
+];
+var KNOWN_PACK_CONFIG_KEY_MIGRATIONS = {
+  software_delivery: {
+    packId: "software-delivery",
+    packLabel: "software-delivery"
+  }
+};
+function validateWorkspaceRootKeys(workspaceData, packManifests, availableManifests = []) {
+  const kernelKeys = new Set(KERNEL_OWNED_ROOT_KEYS);
+  const packConfigKeys = /* @__PURE__ */ new Set();
+  for (const manifest of packManifests) {
+    if (manifest.config_key) {
+      packConfigKeys.add(manifest.config_key);
+    }
+  }
+  const errors = [];
+  for (const key of Object.keys(workspaceData)) {
+    if (kernelKeys.has(key)) {
+      continue;
+    }
+    if (packConfigKeys.has(key)) {
+      continue;
+    }
+    const migration = KNOWN_PACK_CONFIG_KEY_MIGRATIONS[key];
+    if (migration) {
+      const availableManifest = availableManifests.find((m) => m.id === migration.packId) ?? packManifests.find((m) => m.id === migration.packId);
+      const versionFlag = availableManifest ? `--version ${availableManifest.version}` : "--version latest";
+      errors.push(`Your workspace has a "${key}" config block but the ${migration.packLabel} pack is not pinned. Since LumenFlow 3.x, pack config keys require explicit pack pinning. Add the ${migration.packLabel} pack to your workspace:
+
+  pnpm pack:install --id ${migration.packId} --source registry ${versionFlag}`);
+      continue;
+    }
+    errors.push(`Unknown workspace root key "${key}". Only kernel-owned keys and pack-declared config_keys are allowed. If this key belongs to a pack, ensure the pack is pinned and declares config_key in its manifest.`);
+  }
+  return {
+    valid: errors.length === 0,
+    errors
+  };
+}
+var KernelEventBaseSchema = z.object({
+  schema_version: z.literal(1),
+  timestamp: ISO_DATETIME_SCHEMA
+});
+var TaskEventBaseSchema = KernelEventBaseSchema.extend({
+  task_id: z.string().min(1)
+});
+var RunEventBaseSchema = TaskEventBaseSchema.extend({
+  run_id: z.string().min(1)
+});
+var TaskCreatedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_CREATED),
+  spec_hash: z.string().regex(SHA256_HEX_REGEX)
+});
+var TaskClaimedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_CLAIMED),
+  by: z.string().min(1),
+  session_id: z.string().min(1),
+  domain_data: z.record(z.string(), z.unknown()).optional()
+});
+var TaskBlockedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_BLOCKED),
+  reason: z.string().min(1)
+});
+var TaskUnblockedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_UNBLOCKED)
+});
+var TaskWaitingEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_WAITING),
+  reason: z.string().min(1),
+  wait_for: z.string().min(1).optional()
+});
+var TaskResumedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_RESUMED)
+});
+var TaskCompletedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_COMPLETED),
+  evidence_refs: z.array(z.string().min(1)).optional()
+});
+var TaskReleasedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_RELEASED),
+  reason: z.string().min(1)
+});
+var TaskDelegatedEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.TASK_DELEGATED),
+  parent_task_id: z.string().min(1),
+  delegation_id: z.string().min(1)
+});
+var RunStartedEventSchema = RunEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.RUN_STARTED),
+  by: z.string().min(1),
+  session_id: z.string().min(1)
+});
+var RunPausedEventSchema = RunEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.RUN_PAUSED),
+  reason: z.string().min(1)
+});
+var RunFailedEventSchema = RunEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.RUN_FAILED),
+  reason: z.string().min(1),
+  evidence_refs: z.array(z.string().min(1)).optional()
+});
+var RunSucceededEventSchema = RunEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.RUN_SUCCEEDED),
+  evidence_refs: z.array(z.string().min(1)).optional()
+});
+var WorkspaceUpdatedEventSchema = KernelEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.WORKSPACE_UPDATED),
+  config_hash: z.string().regex(SHA256_HEX_REGEX),
+  changes_summary: z.string().min(1)
+});
+var WorkspaceWarningEventSchema = KernelEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.WORKSPACE_WARNING),
+  message: z.string().min(1)
+});
+var SpecTamperedEventSchema = KernelEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.SPEC_TAMPERED),
+  spec: z.enum(["task", "workspace"]),
+  id: z.string().min(1),
+  expected_hash: z.string().regex(SHA256_HEX_REGEX),
+  actual_hash: z.string().regex(SHA256_HEX_REGEX)
+});
+var CheckpointEventSchema = TaskEventBaseSchema.extend({
+  kind: z.literal(KERNEL_EVENT_KINDS.CHECKPOINT),
+  run_id: z.string().min(1).optional(),
+  note: z.string().min(1),
+  progress: z.string().min(1).optional()
+});
+var KernelEventSchema = z.discriminatedUnion("kind", [
+  TaskCreatedEventSchema,
+  TaskClaimedEventSchema,
+  TaskBlockedEventSchema,
+  TaskUnblockedEventSchema,
+  TaskWaitingEventSchema,
+  TaskResumedEventSchema,
+  TaskCompletedEventSchema,
+  TaskReleasedEventSchema,
+  TaskDelegatedEventSchema,
+  RunStartedEventSchema,
+  RunPausedEventSchema,
+  RunFailedEventSchema,
+  RunSucceededEventSchema,
+  WorkspaceUpdatedEventSchema,
+  WorkspaceWarningEventSchema,
+  SpecTamperedEventSchema,
+  CheckpointEventSchema
+]);
+var PolicyDecisionSchema = z.object({
+  policy_id: z.string().min(1),
+  decision: z.enum(["allow", "deny", "approval_required"]),
+  reason: z.string().min(1).optional()
+});
+var ToolCallStartedSchema = z.object({
+  schema_version: z.literal(1),
+  kind: z.literal(TOOL_TRACE_KINDS.TOOL_CALL_STARTED),
+  receipt_id: z.string().min(1),
+  run_id: z.string().min(1),
+  task_id: z.string().min(1),
+  session_id: z.string().min(1),
+  timestamp: ISO_DATETIME_SCHEMA,
+  tool_name: z.string().min(1),
+  execution_mode: z.enum(TOOL_HANDLER_KIND_VALUES),
+  scope_requested: z.array(ToolScopeSchema),
+  scope_allowed: z.array(ToolScopeSchema),
+  scope_enforced: z.array(ToolScopeSchema),
+  input_hash: z.string().regex(SHA256_HEX_REGEX),
+  input_ref: z.string().min(1),
+  tool_version: z.string().regex(SEMVER_REGEX, SEMVER_MESSAGE),
+  pack_id: z.string().min(1).optional(),
+  pack_version: z.string().regex(SEMVER_REGEX, SEMVER_MESSAGE).optional(),
+  pack_integrity: z.string().optional(),
+  workspace_config_hash: z.string().regex(SHA256_HEX_REGEX),
+  runtime_version: z.string().min(1)
+});
+var ToolCallFinishedSchema = z.object({
+  schema_version: z.literal(1),
+  kind: z.literal(TOOL_TRACE_KINDS.TOOL_CALL_FINISHED),
+  receipt_id: z.string().min(1),
+  timestamp: ISO_DATETIME_SCHEMA,
+  result: z.enum(["success", "failure", "denied", "crashed"]),
+  duration_ms: z.number().int().nonnegative(),
+  output_hash: z.string().regex(SHA256_HEX_REGEX).optional(),
+  output_ref: z.string().min(1).optional(),
+  redaction_summary: z.string().min(1).optional(),
+  scope_enforcement_note: z.string().min(1).optional(),
+  policy_decisions: z.array(PolicyDecisionSchema),
+  artifacts_written: z.array(z.string().min(1)).optional()
+});
+var ToolTraceEntrySchema = z.discriminatedUnion("kind", [
+  ToolCallStartedSchema,
+  ToolCallFinishedSchema
+]);
+var ToolErrorSchema = z.object({
+  code: z.string().min(1),
+  message: z.string().min(1),
+  details: z.record(z.string(), z.unknown()).optional()
+});
+var ToolOutputSchema = z.object({
+  success: z.boolean(),
+  data: z.unknown().optional(),
+  error: ToolErrorSchema.optional(),
+  metadata: z.record(z.string(), z.unknown()).optional()
+});
+var ExecutionContextSchema = z.object({
+  run_id: z.string().min(1),
+  task_id: z.string().min(1),
+  session_id: z.string().min(1),
+  allowed_scopes: z.array(ToolScopeSchema),
+  metadata: z.record(z.string(), z.unknown()).optional()
+});
+var ZodSchemaSchema = z.custom((value) => value instanceof z.ZodType, {
+  message: "Expected a Zod schema"
+});
+var InProcessToolHandlerSchema = z.object({
+  kind: z.literal(TOOL_HANDLER_KINDS.IN_PROCESS),
+  fn: z.custom((value) => typeof value === "function", {
+    message: "Expected an async tool function"
+  })
+});
+var SubprocessToolHandlerSchema = z.object({
+  kind: z.literal(TOOL_HANDLER_KINDS.SUBPROCESS),
+  entry: z.string().min(1)
+});
+var ToolHandlerSchema = z.discriminatedUnion("kind", [
+  InProcessToolHandlerSchema,
+  SubprocessToolHandlerSchema
+]);
+var ToolCapabilitySchema = z.object({
+  name: z.string().min(1),
+  domain: z.string().min(1),
+  version: z.string().regex(SEMVER_REGEX, SEMVER_MESSAGE),
+  input_schema: ZodSchemaSchema,
+  output_schema: ZodSchemaSchema.optional(),
+  permission: z.enum(["read", "write", "admin"]),
+  required_scopes: z.array(ToolScopeSchema),
+  handler: ToolHandlerSchema,
+  description: z.string().min(1),
+  pack: z.string().min(1).optional()
+});
+
+// ../kernel/dist/pack/hash.js
+import { createHash } from "crypto";
+import { readdir, readFile } from "fs/promises";
+import path from "path";
+var NULL_BYTE_BUFFER = Buffer.from([0]);
+var DEFAULT_EXCLUSIONS = ["node_modules/", `${GIT_DIR_NAME}/`, "dist/", ".DS_Store"];
+function normalizeRelativePath(root, absolutePath) {
+  return path.relative(root, absolutePath).split(path.sep).join("/");
+}
+function shouldExclude(relativePath, exclusions) {
+  return exclusions.some((excluded) => {
+    if (excluded.endsWith("/")) {
+      return relativePath.startsWith(excluded);
+    }
+    return relativePath === excluded || relativePath.endsWith(`/${excluded}`);
+  });
+}
+async function collectFilesRecursive(root, directory) {
+  const entries = await readdir(directory, { withFileTypes: true });
+  const sortedEntries = [...entries].sort((left, right) => left.name.localeCompare(right.name));
+  const files = [];
+  for (const entry of sortedEntries) {
+    const absolutePath = path.join(directory, entry.name);
+    const relativePath = normalizeRelativePath(root, absolutePath);
+    if (entry.isDirectory()) {
+      files.push(...await collectFilesRecursive(root, absolutePath));
+      continue;
+    }
+    files.push(relativePath);
+  }
+  return files;
+}
+async function listPackFiles(packRoot, exclusions = DEFAULT_EXCLUSIONS) {
+  const absoluteRoot = path.resolve(packRoot);
+  const allFiles = await collectFilesRecursive(absoluteRoot, absoluteRoot);
+  return allFiles.filter((relativePath) => !shouldExclude(relativePath, exclusions)).sort();
+}
+async function computeDeterministicPackHash(input) {
+  const absoluteRoot = path.resolve(input.packRoot);
+  const files = await listPackFiles(absoluteRoot, input.exclusions || DEFAULT_EXCLUSIONS);
+  const digestChunks = [];
+  for (const relativePath of files) {
+    const fileContents = await readFile(path.join(absoluteRoot, relativePath));
+    const fileHash = createHash(SHA256_ALGORITHM).update(fileContents).digest("hex");
+    digestChunks.push(Buffer.from(relativePath, UTF8_ENCODING));
+    digestChunks.push(NULL_BYTE_BUFFER);
+    digestChunks.push(Buffer.from(fileHash, UTF8_ENCODING));
+    digestChunks.push(NULL_BYTE_BUFFER);
+  }
+  return createHash(SHA256_ALGORITHM).update(digestChunks.length === 0 ? Buffer.alloc(0) : Buffer.concat(digestChunks)).digest("hex");
+}
+
+// ../kernel/dist/pack/manifest.js
+import { z as z2 } from "zod";
+
+// ../kernel/dist/policy/policy-engine.js
+var POLICY_TRIGGERS = {
+  ON_TOOL_REQUEST: "on_tool_request",
+  ON_CLAIM: "on_claim",
+  ON_COMPLETION: "on_completion",
+  ON_EVIDENCE_ADDED: "on_evidence_added"
+};
+var POLICY_LAYER_ORDER = ["workspace", "lane", "pack", "task"];
+function layerOrderScore(level) {
+  const index = POLICY_LAYER_ORDER.indexOf(level);
+  return index < 0 ? POLICY_LAYER_ORDER.length : index;
+}
+function matchingRules(layer, context) {
+  return layer.rules.filter((rule) => {
+    if (rule.trigger !== context.trigger) {
+      return false;
+    }
+    if (!rule.when) {
+      return true;
+    }
+    return rule.when(context);
+  });
+}
+function canLoosen(layer) {
+  return layer.allow_loosening === true;
+}
+var PolicyEngine = class {
+  layers;
+  constructor(options) {
+    this.layers = [...options.layers].sort((left, right) => layerOrderScore(left.level) - layerOrderScore(right.level));
+  }
+  async evaluate(context) {
+    let effectiveDecision = "deny";
+    let hasInitializedDecision = false;
+    let hasHardDeny = false;
+    let hasApprovalRequired = false;
+    const warnings = [];
+    const decisions = [];
+    for (const layer of this.layers) {
+      if (!hasInitializedDecision) {
+        if (layer.default_decision) {
+          effectiveDecision = layer.default_decision;
+        }
+        hasInitializedDecision = true;
+      } else if (layer.default_decision) {
+        if (effectiveDecision === "deny" && layer.default_decision === "allow" && !canLoosen(layer)) {
+          warnings.push(`Policy layer "${layer.level}" attempted loosening default decision without explicit opt-in.`);
+        } else {
+          effectiveDecision = layer.default_decision;
+        }
+      }
+      const layerRules = matchingRules(layer, context);
+      for (const rule of layerRules) {
+        decisions.push({
+          policy_id: rule.id,
+          decision: rule.decision,
+          reason: rule.reason
+        });
+        if (rule.decision === "deny") {
+          hasHardDeny = true;
+          effectiveDecision = "deny";
+          continue;
+        }
+        if (rule.decision === "approval_required") {
+          hasApprovalRequired = true;
+          if (effectiveDecision !== "deny" || canLoosen(layer)) {
+            effectiveDecision = "approval_required";
+          }
+          continue;
+        }
+        if (effectiveDecision === "deny" && !canLoosen(layer)) {
+          warnings.push(`Policy layer "${layer.level}" attempted loosening via rule "${rule.id}" without explicit opt-in.`);
+          continue;
+        }
+        effectiveDecision = "allow";
+      }
+    }
+    if (hasHardDeny) {
+      return { decision: "deny", decisions, warnings };
+    }
+    if (hasApprovalRequired) {
+      return { decision: "approval_required", decisions, warnings };
+    }
+    return { decision: effectiveDecision, decisions, warnings };
+  }
+};
+
+// ../kernel/dist/pack/manifest.js
+var SEMVER_REGEX2 = /^\d+\.\d+\.\d+(?:-[0-9A-Za-z-.]+)?(?:\+[0-9A-Za-z-.]+)?$/;
+var SEMVER_MESSAGE2 = "Expected semantic version";
+var NULL_BYTE = "\0";
+var SCOPE_TRAVERSAL_PATTERN = /(^|\/)\.\.(\/|$)/;
+var BROAD_WILDCARD_SCOPE_PATTERNS = /* @__PURE__ */ new Set(["*", "**", "**/*", "./**", "./**/*"]);
+var JsonSchemaObjectSchema = z2.record(z2.string(), z2.unknown());
+var DomainPackToolSchema = z2.object({
+  name: z2.string().min(1),
+  entry: z2.string().min(1),
+  permission: z2.enum(["read", "write", "admin"]).default("read"),
+  required_scopes: z2.array(ToolScopeSchema).min(1),
+  internal_only: z2.boolean().optional(),
+  /** Optional JSON Schema for tool input validation. */
+  input_schema: JsonSchemaObjectSchema.optional(),
+  /** Optional JSON Schema for tool output validation. */
+  output_schema: JsonSchemaObjectSchema.optional()
+});
+function isBroadWildcardScopePattern(pattern) {
+  return BROAD_WILDCARD_SCOPE_PATTERNS.has(pattern.trim());
+}
+function hasUnsafeScopePattern(pattern) {
+  return pattern.includes(NULL_BYTE) || SCOPE_TRAVERSAL_PATTERN.test(pattern);
+}
+function validateDomainPackToolSafety(tool) {
+  const issues = [];
+  for (const scope of tool.required_scopes) {
+    if (scope.type !== "path") {
+      continue;
+    }
+    if (hasUnsafeScopePattern(scope.pattern)) {
+      issues.push(`scope pattern "${scope.pattern}" contains unsafe traversal or null-byte content`);
+    }
+    if ((tool.permission === "write" || tool.permission === "admin") && scope.access === "write" && isBroadWildcardScopePattern(scope.pattern)) {
+      issues.push(`scope pattern "${scope.pattern}" is too broad for ${tool.permission} permission and write access`);
+    }
+  }
+  const inputSchemaType = tool.input_schema?.type;
+  if (inputSchemaType && inputSchemaType !== "object") {
+    issues.push(`input_schema.type must be "object" when provided, got "${String(inputSchemaType)}"`);
+  }
+  const outputSchemaType = tool.output_schema?.type;
+  if (outputSchemaType && outputSchemaType !== "object") {
+    issues.push(`output_schema.type must be "object" when provided, got "${String(outputSchemaType)}"`);
+  }
+  return issues;
+}
+var DomainPackPolicySchema = z2.object({
+  id: z2.string().min(1),
+  trigger: z2.enum([
+    POLICY_TRIGGERS.ON_TOOL_REQUEST,
+    POLICY_TRIGGERS.ON_CLAIM,
+    POLICY_TRIGGERS.ON_COMPLETION,
+    POLICY_TRIGGERS.ON_EVIDENCE_ADDED
+  ]),
+  decision: z2.enum(["allow", "deny"]),
+  reason: z2.string().min(1).optional()
+});
+var DomainPackLaneTemplateSchema = z2.object({
+  id: z2.string().min(1),
+  title: z2.string().min(1).optional(),
+  description: z2.string().min(1).optional()
+});
+var DomainPackManifestSchema = z2.object({
+  id: z2.string().min(1),
+  version: z2.string().regex(SEMVER_REGEX2, SEMVER_MESSAGE2),
+  task_types: z2.array(z2.string().min(1)).min(1),
+  tools: z2.array(DomainPackToolSchema),
+  policies: z2.array(DomainPackPolicySchema),
+  evidence_types: z2.array(z2.string().min(1)).default([]),
+  state_aliases: z2.record(z2.string().min(1), z2.string().min(1)).default({}),
+  lane_templates: z2.array(DomainPackLaneTemplateSchema).default([]),
+  /** Root key in workspace.yaml that this pack owns for its configuration namespace. */
+  config_key: z2.string().min(1).optional(),
+  /** Path to a JSON Schema file (relative to pack root) describing the pack config shape. */
+  config_schema: z2.string().optional()
+});
+
+// ../kernel/dist/pack/pack-loader.js
+import { builtinModules } from "module";
+import path2 from "path";
+import { access, mkdir, readFile as readFile2 } from "fs/promises";
+import { homedir } from "os";
+import YAML from "yaml";
+var PACK_CACHE_DIR_NAME = "pack-cache";
+var VERSION_TAG_PREFIX = "v";
+var DEFAULT_REGISTRY_URL = "https://registry.lumenflow.dev";
+var NODE_BUILTINS = new Set(builtinModules.map((moduleName) => moduleName.replace(/^node:/, "")));
+var ALLOWED_BARE_IMPORT_SPECIFIERS = /* @__PURE__ */ new Set(["simple-git"]);
+var IMPORT_SPECIFIER_PATTERNS = [
+  /\bimport\s+(?:[^'"]*?\sfrom\s*)?["']([^"']+)["']/,
+  /\bexport\s+[^'"]*?\sfrom\s*["']([^"']+)["']/,
+  /\bimport\(\s*["']([^"']+)["']\s*\)/
+];
+function isWithinRoot(root, candidatePath) {
+  const relative = path2.relative(root, candidatePath);
+  return relative === "" || !relative.startsWith("..") && !path2.isAbsolute(relative);
+}
+function isRuntimeSourceFile(relativePath) {
+  const normalizedPath = relativePath.replace(/\\/g, "/");
+  const extension = path2.extname(normalizedPath);
+  const isCodeFile = [".ts", ".tsx", ".mts", ".cts", ".js", ".mjs", ".cjs"].includes(extension);
+  if (!isCodeFile) {
+    return false;
+  }
+  if (normalizedPath.includes("/__tests__/")) {
+    return false;
+  }
+  return !/\.(test|spec)\.[cm]?[jt]sx?$/.test(normalizedPath);
+}
+function parseToolEntry(entry) {
+  const separator = entry.indexOf("#");
+  const modulePath = separator < 0 ? entry : entry.slice(0, separator);
+  const exportName = separator < 0 ? void 0 : entry.slice(separator + 1);
+  if (modulePath.trim().length === 0) {
+    throw new Error(`Pack tool entry "${entry}" is missing a module path.`);
+  }
+  if (exportName !== void 0 && exportName.trim().length === 0) {
+    throw new Error(`Pack tool entry "${entry}" has an empty export fragment.`);
+  }
+  return {
+    modulePath,
+    exportName
+  };
+}
+function resolvePackToolEntryPath(packRoot, entry) {
+  const absolutePackRoot = path2.resolve(packRoot);
+  const { modulePath, exportName } = parseToolEntry(entry);
+  const absoluteModulePath = path2.resolve(absolutePackRoot, modulePath);
+  if (!isWithinRoot(absolutePackRoot, absoluteModulePath)) {
+    throw new Error(`Pack tool entry "${entry}" resolves outside pack root.`);
+  }
+  return exportName ? `${absoluteModulePath}#${exportName}` : absoluteModulePath;
+}
+function extractImportSpecifiers(sourceCode) {
+  const specifiers = /* @__PURE__ */ new Set();
+  for (const pattern of IMPORT_SPECIFIER_PATTERNS) {
+    const globalPattern = new RegExp(pattern.source, "g");
+    for (const match of sourceCode.matchAll(globalPattern)) {
+      if (match[1]) {
+        specifiers.add(match[1]);
+      }
+    }
+  }
+  return [...specifiers];
+}
+function isAllowedKernelImport(specifier) {
+  return specifier === "@lumenflow/kernel" || specifier.startsWith("@lumenflow/kernel/");
+}
+function validateImportSpecifier(options) {
+  const { specifier, sourceFilePath, packRoot } = options;
+  if (specifier.startsWith("node:")) {
+    return;
+  }
+  if (NODE_BUILTINS.has(specifier)) {
+    return;
+  }
+  if (isAllowedKernelImport(specifier)) {
+    return;
+  }
+  if (specifier.startsWith("@lumenflow/")) {
+    throw new Error(`Import "${specifier}" in ${sourceFilePath} is not allowed; only @lumenflow/kernel and Node built-ins are permitted.`);
+  }
+  if (path2.isAbsolute(specifier)) {
+    throw new Error(`Import "${specifier}" in ${sourceFilePath} resolves outside pack root.`);
+  }
+  if (specifier.startsWith(".")) {
+    const absoluteFilePath = path2.resolve(packRoot, sourceFilePath);
+    const resolvedImport = path2.resolve(path2.dirname(absoluteFilePath), specifier);
+    if (!isWithinRoot(packRoot, resolvedImport)) {
+      throw new Error(`Import "${specifier}" in ${sourceFilePath} resolves outside pack root.`);
+    }
+    return;
+  }
+  if (ALLOWED_BARE_IMPORT_SPECIFIERS.has(specifier)) {
+    return;
+  }
+  throw new Error(`Bare package import "${specifier}" in ${sourceFilePath} is not allowed; only relative imports, @lumenflow/kernel, and Node built-ins are permitted.`);
+}
+async function validatePackImportBoundaries(packRoot, hashExclusions) {
+  const files = await listPackFiles(packRoot, hashExclusions);
+  const candidateFiles = files.filter((relativePath) => isRuntimeSourceFile(relativePath));
+  for (const relativePath of candidateFiles) {
+    const sourceCode = await readFile2(path2.join(packRoot, relativePath), UTF8_ENCODING);
+    const importSpecifiers = extractImportSpecifiers(sourceCode);
+    for (const specifier of importSpecifiers) {
+      validateImportSpecifier({
+        specifier,
+        sourceFilePath: relativePath,
+        packRoot
+      });
+    }
+  }
+}
+function resolvePackPin(workspaceSpec, packId) {
+  const pin = workspaceSpec.packs.find((candidate) => candidate.id === packId);
+  if (!pin) {
+    throw new Error(`Pack "${packId}" is not present in workspace PackPin entries.`);
+  }
+  return pin;
+}
+var PackLoader = class {
+  packsRoot;
+  manifestFileName;
+  hashExclusions;
+  runtimeEnvironment;
+  allowDevIntegrityInProduction;
+  packCacheDir;
+  gitClient;
+  registryClient;
+  defaultRegistryUrl;
+  constructor(options) {
+    this.packsRoot = path2.resolve(options.packsRoot);
+    this.manifestFileName = options.manifestFileName || PACK_MANIFEST_FILE_NAME;
+    this.hashExclusions = options.hashExclusions;
+    this.runtimeEnvironment = options.runtimeEnvironment ?? process.env.NODE_ENV ?? "development";
+    this.allowDevIntegrityInProduction = options.allowDevIntegrityInProduction ?? false;
+    this.packCacheDir = options.packCacheDir ?? path2.join(homedir(), LUMENFLOW_DIR_NAME, PACK_CACHE_DIR_NAME);
+    this.gitClient = options.gitClient;
+    this.registryClient = options.registryClient;
+    this.defaultRegistryUrl = options.defaultRegistryUrl ?? DEFAULT_REGISTRY_URL;
+  }
+  async load(input) {
+    const pin = resolvePackPin(input.workspaceSpec, input.packId);
+    const packRoot = await this.resolvePackRoot(pin);
+    return this.loadFromDisk(pin, packRoot, input);
+  }
+  /**
+   * Resolve the pack root directory based on the pin source.
+   * For local packs, resolves relative to packsRoot.
+   * For git packs, clones/pulls to the pack cache and checks out the version tag.
+   * For registry packs, fetches metadata and downloads tarball to the pack cache.
+   */
+  async resolvePackRoot(pin) {
+    if (pin.source === "git") {
+      return this.resolveGitPackRoot(pin);
+    }
+    if (pin.source === "registry") {
+      return this.resolveRegistryPackRoot(pin);
+    }
+    return path2.resolve(this.packsRoot, pin.id);
+  }
+  /**
+   * Resolve a git-sourced pack by cloning or pulling to the pack cache,
+   * then checking out the version tag.
+   */
+  async resolveGitPackRoot(pin) {
+    if (!pin.url) {
+      throw new Error(`Pack "${pin.id}" has source: git but no url field. Add a url field to the PackPin to specify the git repository.`);
+    }
+    if (!this.gitClient) {
+      throw new Error(`Pack "${pin.id}" has source: git but no gitClient was provided to PackLoader. Pass a gitClient in PackLoaderOptions to load git-sourced packs.`);
+    }
+    const packCachePath = path2.join(this.packCacheDir, `${pin.id}@${pin.version}`);
+    await mkdir(this.packCacheDir, { recursive: true });
+    const alreadyCached = await this.gitClient.isRepo(packCachePath);
+    if (alreadyCached) {
+      await this.gitClient.pull(packCachePath);
+    } else {
+      await this.gitClient.clone(pin.url, packCachePath);
+    }
+    const versionTag = `${VERSION_TAG_PREFIX}${pin.version}`;
+    await this.gitClient.checkout(packCachePath, versionTag);
+    return packCachePath;
+  }
+  /**
+   * Resolve a registry-sourced pack by fetching metadata and downloading the tarball
+   * to the pack cache. Skips download if the pack is already cached.
+   */
+  async resolveRegistryPackRoot(pin) {
+    if (!this.registryClient) {
+      throw new Error(`Pack "${pin.id}" has source: registry but no registryClient was provided to PackLoader. Pass a registryClient in PackLoaderOptions to load registry-sourced packs.`);
+    }
+    const packCachePath = path2.join(this.packCacheDir, `${pin.id}@${pin.version}`);
+    await mkdir(this.packCacheDir, { recursive: true });
+    const manifestCachePath = path2.join(packCachePath, this.manifestFileName);
+    const alreadyCached = await access(manifestCachePath).then(() => true).catch(() => false);
+    if (!alreadyCached) {
+      const registryUrl = pin.registry_url ?? this.defaultRegistryUrl;
+      const metadata = await this.registryClient.fetchMetadata(pin.id, pin.version, registryUrl);
+      await this.registryClient.downloadTarball(metadata.tarball_url, packCachePath);
+    }
+    return packCachePath;
+  }
+  /**
+   * Load pack from a resolved on-disk directory.
+   * Handles manifest parsing, tool entry validation, import boundary checks,
+   * integrity verification, and dev-mode warnings.
+   */
+  async loadFromDisk(pin, packRoot, input) {
+    const manifestPath = path2.join(packRoot, this.manifestFileName);
+    const manifestRaw = await readFile2(manifestPath, UTF8_ENCODING);
+    const manifest = DomainPackManifestSchema.parse(YAML.parse(manifestRaw));
+    if (manifest.id !== pin.id) {
+      throw new Error(`Pack manifest id mismatch: expected ${pin.id}, got ${manifest.id}`);
+    }
+    if (manifest.version !== pin.version) {
+      throw new Error(`Pack manifest version mismatch: expected ${pin.version}, got ${manifest.version}`);
+    }
+    for (const tool of manifest.tools) {
+      resolvePackToolEntryPath(packRoot, tool.entry);
+    }
+    await validatePackImportBoundaries(packRoot, this.hashExclusions);
+    const integrity = await computeDeterministicPackHash({
+      packRoot,
+      exclusions: this.hashExclusions
+    });
+    if (pin.integrity === "dev") {
+      if (this.runtimeEnvironment === "production" && !this.allowDevIntegrityInProduction) {
+        throw new Error(`Pack ${pin.id}@${pin.version} uses integrity: dev is not allowed in production.`);
+      }
+      input.onWorkspaceWarning?.({
+        schema_version: 1,
+        kind: KERNEL_EVENT_KINDS.WORKSPACE_WARNING,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+        message: `Pack ${pin.id}@${pin.version} loaded with integrity: dev (verification skipped).`
+      });
+      return {
+        pin,
+        manifest,
+        packRoot,
+        integrity
+      };
+    }
+    const expectedIntegrity = pin.integrity.startsWith(SHA256_INTEGRITY_PREFIX) ? pin.integrity.slice(SHA256_INTEGRITY_PREFIX.length) : pin.integrity;
+    if (integrity !== expectedIntegrity) {
+      throw new Error(`Pack integrity mismatch for ${pin.id}: expected ${expectedIntegrity}, got ${integrity}`);
+    }
+    return {
+      pin,
+      manifest,
+      packRoot,
+      integrity
+    };
+  }
+};
+
+// ../kernel/dist/pack/pack-manifest-resolver.js
+import path3 from "path";
+import { existsSync, readFileSync } from "fs";
+import { homedir as homedir2 } from "os";
+import YAML2 from "yaml";
+var PACK_CACHE_DIR_NAME2 = "pack-cache";
+var NODE_MODULES_DIR_NAME = "node_modules";
+var DEFAULT_PACK_CACHE_DIR = path3.join(homedir2(), LUMENFLOW_DIR_NAME, PACK_CACHE_DIR_NAME2);
+function resolveManifestPath(projectRoot, pack, packCacheDir) {
+  const source = pack.source;
+  if (source === "registry") {
+    return path3.join(projectRoot, NODE_MODULES_DIR_NAME, LUMENFLOW_SCOPE_NAME, PACKS_DIR_NAME, pack.id, PACK_MANIFEST_FILE_NAME);
+  }
+  if (source === "git") {
+    return path3.join(packCacheDir, `${pack.id}@${pack.version}`, PACK_MANIFEST_FILE_NAME);
+  }
+  if (pack.path) {
+    return path3.join(projectRoot, pack.path, PACK_MANIFEST_FILE_NAME);
+  }
+  return path3.join(projectRoot, PACKAGES_DIR_NAME, LUMENFLOW_SCOPE_NAME, PACKS_DIR_NAME, pack.id, PACK_MANIFEST_FILE_NAME);
+}
+function resolvePackManifestPaths(input) {
+  const result = /* @__PURE__ */ new Map();
+  const { projectRoot, packs, packCacheDir } = input;
+  if (!Array.isArray(packs)) {
+    return result;
+  }
+  const effectiveCacheDir = packCacheDir ?? DEFAULT_PACK_CACHE_DIR;
+  for (const pack of packs) {
+    if (!pack || typeof pack !== "object" || !("id" in pack)) {
+      continue;
+    }
+    const packId = String(pack.id);
+    const manifestPath = resolveManifestPath(projectRoot, { ...pack, id: packId }, effectiveCacheDir);
+    if (!manifestPath || !existsSync(manifestPath)) {
+      continue;
+    }
+    try {
+      const manifestContent = readFileSync(manifestPath, "utf8");
+      const manifest = YAML2.parse(manifestContent);
+      if (manifest && typeof manifest.config_key === "string") {
+        result.set(manifest.config_key, packId);
+      }
+    } catch {
+    }
+  }
+  return result;
+}
+function resolvePackSchemaMetadata(input) {
+  const result = /* @__PURE__ */ new Map();
+  const { projectRoot, packs, packCacheDir } = input;
+  if (!Array.isArray(packs)) {
+    return result;
+  }
+  const effectiveCacheDir = packCacheDir ?? DEFAULT_PACK_CACHE_DIR;
+  for (const pack of packs) {
+    if (!pack || typeof pack !== "object" || !("id" in pack)) {
+      continue;
+    }
+    const packId = String(pack.id);
+    const manifestPath = resolveManifestPath(projectRoot, { ...pack, id: packId }, effectiveCacheDir);
+    if (!manifestPath || !existsSync(manifestPath)) {
+      continue;
+    }
+    try {
+      const manifestContent = readFileSync(manifestPath, "utf8");
+      const manifest = YAML2.parse(manifestContent);
+      if (!manifest)
+        continue;
+      const configSchema = manifest.config_schema;
+      if (typeof configSchema === "string" && configSchema.length > 0) {
+        const packRoot = path3.dirname(manifestPath);
+        const schemaAbsPath = path3.join(packRoot, configSchema);
+        result.set(packId, { hasSchema: true, schemaPath: schemaAbsPath });
+      } else {
+        const configKey = manifest.config_key;
+        if (typeof configKey === "string") {
+          result.set(packId, { hasSchema: false });
+        }
+      }
+    } catch {
+    }
+  }
+  return result;
+}
+
+export {
+  KERNEL_EVENT_KINDS,
+  isTaskEventKind,
+  isRunLifecycleEventKind,
+  TOOL_TRACE_KINDS,
+  UTF8_ENCODING,
+  BASE64_ENCODING,
+  SHA256_ALGORITHM,
+  SHA256_HEX_REGEX,
+  SHA256_INTEGRITY_PREFIX,
+  WORKSPACE_FILE_NAME,
+  PACKS_DIR_NAME,
+  PACK_MANIFEST_FILE_NAME,
+  PACKAGES_DIR_NAME,
+  LUMENFLOW_SCOPE_NAME,
+  LUMENFLOW_DIR_NAME,
+  KERNEL_RUNTIME_ROOT_DIR_NAME,
+  KERNEL_RUNTIME_TASKS_DIR_NAME,
+  KERNEL_RUNTIME_EVENTS_DIR_NAME,
+  KERNEL_RUNTIME_EVIDENCE_DIR_NAME,
+  KERNEL_RUNTIME_EVENTS_FILE_NAME,
+  KERNEL_RUNTIME_EVENTS_LOCK_FILE_NAME,
+  RESERVED_FRAMEWORK_SCOPE_ROOT,
+  RESERVED_FRAMEWORK_SCOPE_PREFIX,
+  RESERVED_FRAMEWORK_SCOPE_GLOB,
+  DEFAULT_WORKSPACE_CONFIG_HASH,
+  DEFAULT_KERNEL_RUNTIME_VERSION,
+  WORKSPACE_CONFIG_HASH_CONTEXT_KEYS,
+  EXECUTION_METADATA_KEYS,
+  KERNEL_POLICY_IDS,
+  RUN_STATUSES,
+  TOOL_HANDLER_KINDS,
+  TOOL_ERROR_CODES,
+  ToolScopeSchema,
+  TaskSpecSchema,
+  RunSchema,
+  TaskStateSchema,
+  WorkspaceControlPlaneConfigSchema,
+  WorkspaceSpecSchema,
+  validateWorkspaceRootKeys,
+  KernelEventSchema,
+  ToolTraceEntrySchema,
+  ToolOutputSchema,
+  ExecutionContextSchema,
+  ToolCapabilitySchema,
+  computeDeterministicPackHash,
+  POLICY_TRIGGERS,
+  PolicyEngine,
+  isBroadWildcardScopePattern,
+  validateDomainPackToolSafety,
+  DomainPackManifestSchema,
+  resolvePackToolEntryPath,
+  validatePackImportBoundaries,
+  PackLoader,
+  resolvePackManifestPaths,
+  resolvePackSchemaMetadata
+};