@lumenflow/kernel 3.17.7 → 3.18.1

package/dist/runtime/kernel-runtime.js

@@ -3,7 +3,7 @@
 import { randomBytes } from 'node:crypto';
 import { access, mkdir, open, readFile, readdir, rm } from 'node:fs/promises';
 import path from 'node:path';
-import { fileURLToPath } from 'node:url';
+import { fileURLToPath, pathToFileURL } from 'node:url';
 import YAML from 'yaml';
 import { z } from 'zod';
 import { canonical_json } from '../canonical-json.js';
@@ -11,8 +11,8 @@ import { KERNEL_EVENT_KINDS, TOOL_TRACE_KINDS, isRunLifecycleEventKind, } from '
 import { EXECUTION_METADATA_KEYS, KERNEL_POLICY_IDS, KERNEL_RUNTIME_EVENTS_DIR_NAME, KERNEL_RUNTIME_EVENTS_FILE_NAME, KERNEL_RUNTIME_EVENTS_LOCK_FILE_NAME, KERNEL_RUNTIME_EVIDENCE_DIR_NAME, KERNEL_RUNTIME_ROOT_DIR_NAME, KERNEL_RUNTIME_TASKS_DIR_NAME, LUMENFLOW_DIR_NAME, LUMENFLOW_SCOPE_NAME, PACKAGES_DIR_NAME, PACK_MANIFEST_FILE_NAME, PACKS_DIR_NAME, UTF8_ENCODING, WORKSPACE_CONFIG_HASH_CONTEXT_KEYS, WORKSPACE_FILE_NAME, } from '../shared-constants.js';
 import { EventStore, projectTaskState, } from '../event-store/index.js';
 import { EvidenceStore } from '../evidence/evidence-store.js';
-import { ExecutionContextSchema, RUN_STATUSES, RunSchema, TOOL_ERROR_CODES, TOOL_HANDLER_KINDS, TaskSpecSchema, WorkspaceSpecSchema, validateWorkspaceRootKeys, } from '../kernel.schemas.js';
-import { PackLoader, resolvePackToolEntryPath } from '../pack/index.js';
+import { ENVIRONMENT_VARIABLE_NAME_PATTERN, ExecutionContextSchema, RUN_STATUSES, RunSchema, ToolScopeSchema, TOOL_ERROR_CODES, TOOL_HANDLER_KINDS, TaskSpecSchema, WorkspaceSpecSchema, validateWorkspaceRootKeys, } from '../kernel.schemas.js';
+import { PackLoader, resolvePackModuleEntry, resolvePackToolEntryPath, } from '../pack/index.js';
 import { POLICY_TRIGGERS, PolicyEngine, } from '../policy/index.js';
 import { SandboxSubprocessDispatcher, } from '../sandbox/index.js';
 import { assertTransition } from '../state-machine/index.js';
@@ -37,9 +37,14 @@ const CLI_PACKS_ROOT_CANDIDATE = path.resolve(KERNEL_RUNTIME_MODULE_DIR, ...CLI_
 const DEFAULT_PACK_TOOL_INPUT_SCHEMA = z.record(z.string(), z.unknown());
 const DEFAULT_PACK_TOOL_OUTPUT_SCHEMA = z.record(z.string(), z.unknown());
 const JSON_SCHEMA_MAX_DEPTH = 12;
+const PACK_CAPABILITY_FACTORY_DEFAULT_EXPORT = 'default';
+const PACK_CAPABILITY_FACTORY_NAMED_EXPORT = 'capabilityFactory';
+const PACK_POLICY_FACTORY_DEFAULT_EXPORT = 'default';
+const PACK_POLICY_FACTORY_NAMED_EXPORT = 'policyFactory';
 const RUNTIME_LOAD_STAGE_ERROR_PREFIX = 'Runtime load stage failed for pack';
 const RUNTIME_REGISTRATION_STAGE_ERROR_PREFIX = 'Runtime registration stage failed for tool';
 const WORKSPACE_UPDATED_INIT_SUMMARY = 'Workspace config hash initialized during runtime startup.';
+const PACK_CONFIG_ENV_REFERENCE_SUFFIX = '_env';
 const SPEC_TAMPERED_ERROR_CODE = 'SPEC_TAMPERED';
 const SPEC_TAMPERED_WORKSPACE_MESSAGE = 'Workspace configuration hash mismatch detected; execution blocked.';
 const SPEC_TAMPERED_WORKSPACE_MISSING_MESSAGE = 'Workspace configuration file is missing; execution blocked.';
@@ -343,6 +348,344 @@ function parsePackToolJsonSchema(schemaValue, toolName, schemaField) {
         });
     }
 }
+function isWithinDirectory(root, candidatePath) {
+    const relative = path.relative(root, candidatePath);
+    return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative));
+}
+function formatZodIssuePath(pathSegments) {
+    return pathSegments.length === 0
+        ? '<root>'
+        : pathSegments.map((segment) => String(segment)).join('.');
+}
+function formatZodIssues(issues) {
+    return issues.map((issue) => `${formatZodIssuePath(issue.path)}: ${issue.message}`).join('; ');
+}
+function parsePackConfigJsonSchema(schemaValue, packId, configKey) {
+    const context = `config_schema for pack "${packId}" (workspace root "${configKey}")`;
+    try {
+        return buildZodSchemaFromJsonSchema(schemaValue, context, 0);
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : 'unknown schema parsing error';
+        throw new Error(`Invalid ${context}: ${message}`, {
+            cause: error,
+        });
+    }
+}
+async function resolvePackConfigSchema(loadedPack) {
+    const configSchemaEntry = loadedPack.manifest.config_schema;
+    if (!configSchemaEntry) {
+        return undefined;
+    }
+    const packRoot = path.resolve(loadedPack.packRoot);
+    const configSchemaPath = path.resolve(packRoot, configSchemaEntry);
+    if (!isWithinDirectory(packRoot, configSchemaPath)) {
+        throw new Error(`Pack "${loadedPack.manifest.id}" config_schema "${configSchemaEntry}" resolves outside pack root.`);
+    }
+    let schemaRaw;
+    try {
+        schemaRaw = await readFile(configSchemaPath, UTF8_ENCODING);
+    }
+    catch (error) {
+        throw new Error(`Unable to read config_schema "${configSchemaEntry}" for pack "${loadedPack.manifest.id}".`, { cause: error });
+    }
+    try {
+        return JSON.parse(schemaRaw);
+    }
+    catch (error) {
+        throw new Error(`Invalid config_schema "${configSchemaEntry}" for pack "${loadedPack.manifest.id}": expected valid JSON.`, { cause: error });
+    }
+}
+async function attachResolvedPackConfig(loadedPack, rawWorkspaceData) {
+    const configKey = loadedPack.manifest.config_key;
+    if (!configKey || !(configKey in rawWorkspaceData)) {
+        return loadedPack;
+    }
+    const rawPackConfig = rawWorkspaceData[configKey];
+    if (!loadedPack.manifest.config_schema) {
+        return {
+            ...loadedPack,
+            resolvedConfig: rawPackConfig,
+        };
+    }
+    const configSchemaValue = await resolvePackConfigSchema(loadedPack);
+    const configSchema = parsePackConfigJsonSchema(configSchemaValue, loadedPack.manifest.id, configKey);
+    const validation = configSchema.safeParse(rawPackConfig);
+    if (!validation.success) {
+        throw new Error(`Invalid workspace config for "${configKey}" in pack "${loadedPack.manifest.id}": ${formatZodIssues(validation.error.issues)}`, { cause: validation.error });
+    }
+    return {
+        ...loadedPack,
+        resolvedConfig: validation.data,
+    };
+}
+function isRecord(value) {
+    return !!value && typeof value === 'object' && !Array.isArray(value);
+}
+function formatPackConfigPath(pathSegments) {
+    return pathSegments.join('.');
+}
+function collectPackConfigEnvReferences(value, pathSegments) {
+    if (Array.isArray(value)) {
+        return value.flatMap((entry, index) => collectPackConfigEnvReferences(entry, [...pathSegments, String(index)]));
+    }
+    if (!isRecord(value)) {
+        return [];
+    }
+    const references = [];
+    for (const [key, childValue] of Object.entries(value)) {
+        const childPath = [...pathSegments, key];
+        if (key.endsWith(PACK_CONFIG_ENV_REFERENCE_SUFFIX) && typeof childValue === 'string') {
+            references.push({
+                envName: childValue,
+                path: formatPackConfigPath(childPath),
+            });
+        }
+        references.push(...collectPackConfigEnvReferences(childValue, childPath));
+    }
+    return references;
+}
+function validatePackConfigEnvReferences(loadedPack) {
+    if (!loadedPack.manifest.config_key || loadedPack.resolvedConfig === undefined) {
+        return;
+    }
+    const declaredEnvNames = collectDeclaredEnvNames(loadedPack);
+    const envReferences = collectPackConfigEnvReferences(loadedPack.resolvedConfig, [
+        loadedPack.manifest.config_key,
+    ]);
+    for (const reference of envReferences) {
+        if (!ENVIRONMENT_VARIABLE_NAME_PATTERN.test(reference.envName)) {
+            throw new Error(`Pack "${loadedPack.manifest.id}" workspace config reference "${reference.path}" must use an uppercase environment variable name, got "${reference.envName}".`);
+        }
+        if (!declaredEnvNames.has(reference.envName)) {
+            throw new Error(`Pack "${loadedPack.manifest.id}" workspace config reference "${reference.path}" uses "${reference.envName}" but no manifest tool declares it in required_env.`);
+        }
+    }
+}
+function collectDeclaredEnvNames(loadedPack) {
+    const manifestEnvNames = loadedPack.manifest.tools.flatMap((tool) => tool.required_env ?? []);
+    const capabilityEnvNames = Object.values(loadedPack.resolvedCapabilityAugmentations ?? {}).flatMap((augmentation) => augmentation.required_env ?? []);
+    return new Set([...manifestEnvNames, ...capabilityEnvNames]);
+}
+function isCapabilityFactory(value) {
+    return typeof value === 'function';
+}
+function selectPackCapabilityFactory(options) {
+    const { loadedModule, exportName, capabilityFactoryEntry, packId } = options;
+    if (exportName) {
+        if (!isRecord(loadedModule) || !isCapabilityFactory(loadedModule[exportName])) {
+            throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${packId}" must export function "${exportName}".`);
+        }
+        return loadedModule[exportName];
+    }
+    if (isCapabilityFactory(loadedModule)) {
+        return loadedModule;
+    }
+    if (isRecord(loadedModule)) {
+        const defaultExport = loadedModule[PACK_CAPABILITY_FACTORY_DEFAULT_EXPORT];
+        if (isCapabilityFactory(defaultExport)) {
+            return defaultExport;
+        }
+        const namedExport = loadedModule[PACK_CAPABILITY_FACTORY_NAMED_EXPORT];
+        if (isCapabilityFactory(namedExport)) {
+            return namedExport;
+        }
+    }
+    throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${packId}" must export a function via default export, capabilityFactory, or an explicit #export.`);
+}
+function validateCapabilityAugmentation(augmentationValue, packId, capabilityFactoryEntry, toolName) {
+    if (augmentationValue === undefined || augmentationValue === null) {
+        return {};
+    }
+    if (!isRecord(augmentationValue)) {
+        throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${packId}" returned a non-object augmentation for tool "${toolName}".`);
+    }
+    const requiredScopesValue = augmentationValue.required_scopes;
+    const requiredEnvValue = augmentationValue.required_env;
+    const extraKeys = Object.keys(augmentationValue).filter((key) => key !== 'required_scopes' && key !== 'required_env');
+    if (extraKeys.length > 0) {
+        throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${packId}" returned unsupported fields for tool "${toolName}": ${extraKeys.join(', ')}.`);
+    }
+    const requiredScopes = (() => {
+        if (requiredScopesValue === undefined) {
+            return undefined;
+        }
+        if (!Array.isArray(requiredScopesValue)) {
+            throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${packId}" must return required_scopes as an array for tool "${toolName}".`);
+        }
+        return requiredScopesValue.map((scopeValue, index) => {
+            const parsed = ToolScopeSchema.safeParse(scopeValue);
+            if (!parsed.success) {
+                throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${packId}" returned invalid required_scopes[${index}] for tool "${toolName}": ${formatZodIssues(parsed.error.issues)}`);
+            }
+            return parsed.data;
+        });
+    })();
+    const requiredEnv = (() => {
+        if (requiredEnvValue === undefined) {
+            return undefined;
+        }
+        if (!Array.isArray(requiredEnvValue) ||
+            requiredEnvValue.some((envName) => typeof envName !== 'string' || !ENVIRONMENT_VARIABLE_NAME_PATTERN.test(envName))) {
+            throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${packId}" must return required_env as uppercase environment variable names for tool "${toolName}".`);
+        }
+        return [...new Set(requiredEnvValue)];
+    })();
+    return {
+        ...(requiredScopes ? { required_scopes: requiredScopes } : {}),
+        ...(requiredEnv ? { required_env: requiredEnv } : {}),
+    };
+}
+async function resolvePackCapabilityAugmentations(workspaceRoot, loadedPack) {
+    const capabilityFactoryEntry = loadedPack.manifest.capability_factory;
+    if (!capabilityFactoryEntry) {
+        return {};
+    }
+    const resolvedEntry = resolvePackModuleEntry(loadedPack.packRoot, capabilityFactoryEntry, 'Pack capability_factory entry');
+    let loadedModule;
+    try {
+        loadedModule = await import(pathToFileURL(resolvedEntry.modulePath).href);
+    }
+    catch (error) {
+        throw new Error(`Failed to load capability_factory "${capabilityFactoryEntry}" for pack "${loadedPack.manifest.id}".`, { cause: error });
+    }
+    const capabilityFactory = selectPackCapabilityFactory({
+        loadedModule,
+        exportName: resolvedEntry.exportName,
+        capabilityFactoryEntry,
+        packId: loadedPack.manifest.id,
+    });
+    const augmentations = {};
+    for (const tool of loadedPack.manifest.tools) {
+        let augmentationValue;
+        try {
+            augmentationValue = await capabilityFactory({
+                workspaceRoot,
+                packId: loadedPack.manifest.id,
+                packRoot: loadedPack.packRoot,
+                packConfig: loadedPack.resolvedConfig,
+                tool,
+            });
+        }
+        catch (error) {
+            throw new Error(`capability_factory "${capabilityFactoryEntry}" for pack "${loadedPack.manifest.id}" failed while resolving tool "${tool.name}".`, { cause: error });
+        }
+        const augmentation = validateCapabilityAugmentation(augmentationValue, loadedPack.manifest.id, capabilityFactoryEntry, tool.name);
+        if (augmentation.required_env || augmentation.required_scopes) {
+            augmentations[tool.name] = augmentation;
+        }
+    }
+    return augmentations;
+}
+function isPolicyTrigger(value) {
+    return (value === POLICY_TRIGGERS.ON_TOOL_REQUEST ||
+        value === POLICY_TRIGGERS.ON_CLAIM ||
+        value === POLICY_TRIGGERS.ON_COMPLETION ||
+        value === POLICY_TRIGGERS.ON_EVIDENCE_ADDED);
+}
+function isPolicyEffect(value) {
+    return value === 'allow' || value === 'deny' || value === 'approval_required';
+}
+function isPackPolicyFactory(value) {
+    return typeof value === 'function';
+}
+function isPolicyWhenPredicate(value) {
+    return typeof value === 'function';
+}
+function selectPackPolicyFactory(options) {
+    const { loadedModule, exportName, policyFactoryEntry, packId } = options;
+    if (exportName) {
+        if (!isRecord(loadedModule) || !isPackPolicyFactory(loadedModule[exportName])) {
+            throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" must export function "${exportName}".`);
+        }
+        return loadedModule[exportName];
+    }
+    if (isPackPolicyFactory(loadedModule)) {
+        return loadedModule;
+    }
+    if (isRecord(loadedModule)) {
+        const defaultExport = loadedModule[PACK_POLICY_FACTORY_DEFAULT_EXPORT];
+        if (isPackPolicyFactory(defaultExport)) {
+            return defaultExport;
+        }
+        const namedExport = loadedModule[PACK_POLICY_FACTORY_NAMED_EXPORT];
+        if (isPackPolicyFactory(namedExport)) {
+            return namedExport;
+        }
+    }
+    throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" must export a function via default export, policyFactory, or an explicit #export.`);
+}
+function validatePackPolicyFactoryRules(rulesValue, packId, policyFactoryEntry) {
+    if (!Array.isArray(rulesValue)) {
+        throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" must return an array of policy rules.`);
+    }
+    return rulesValue.map((ruleValue, index) => {
+        if (!isRecord(ruleValue)) {
+            throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" returned rule ${index} that is not an object.`);
+        }
+        const id = ruleValue.id;
+        if (typeof id !== 'string' || id.trim().length === 0) {
+            throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" returned rule ${index} with an invalid id.`);
+        }
+        const trigger = ruleValue.trigger;
+        if (!isPolicyTrigger(trigger)) {
+            throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" returned rule "${id}" with an invalid trigger.`);
+        }
+        const decision = ruleValue.decision;
+        if (!isPolicyEffect(decision)) {
+            throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" returned rule "${id}" with an invalid decision.`);
+        }
+        const reason = ruleValue.reason;
+        if (reason !== undefined && (typeof reason !== 'string' || reason.trim().length === 0)) {
+            throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" returned rule "${id}" with an invalid reason.`);
+        }
+        const when = ruleValue.when;
+        if (when !== undefined && !isPolicyWhenPredicate(when)) {
+            throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${packId}" returned rule "${id}" with a non-function when predicate.`);
+        }
+        return {
+            id,
+            trigger,
+            decision,
+            ...(reason ? { reason } : {}),
+            ...(when ? { when } : {}),
+        };
+    });
+}
+async function resolvePackPolicyFactoryRules(workspaceRoot, loadedPack) {
+    const policyFactoryEntry = loadedPack.manifest.policy_factory;
+    if (!policyFactoryEntry) {
+        return [];
+    }
+    const resolvedEntry = resolvePackModuleEntry(loadedPack.packRoot, policyFactoryEntry, 'Pack policy_factory entry');
+    let loadedModule;
+    try {
+        loadedModule = await import(pathToFileURL(resolvedEntry.modulePath).href);
+    }
+    catch (error) {
+        throw new Error(`Failed to load policy_factory "${policyFactoryEntry}" for pack "${loadedPack.manifest.id}".`, { cause: error });
+    }
+    const policyFactory = selectPackPolicyFactory({
+        loadedModule,
+        exportName: resolvedEntry.exportName,
+        policyFactoryEntry,
+        packId: loadedPack.manifest.id,
+    });
+    let rulesValue;
+    try {
+        const factoryInput = {
+            workspaceRoot,
+            packId: loadedPack.manifest.id,
+            packRoot: loadedPack.packRoot,
+            packConfig: loadedPack.resolvedConfig,
+        };
+        rulesValue = await policyFactory(factoryInput);
+    }
+    catch (error) {
+        throw new Error(`policy_factory "${policyFactoryEntry}" for pack "${loadedPack.manifest.id}" failed during runtime startup.`, { cause: error });
+    }
+    return validatePackPolicyFactoryRules(rulesValue, loadedPack.manifest.id, policyFactoryEntry);
+}
 export async function defaultRuntimeToolCapabilityResolver(input) {
     const resolvedEntry = resolvePackToolEntryPath(input.loadedPack.packRoot, input.tool.entry);
     const resolvedInputSchema = input.tool.input_schema
@@ -351,6 +694,7 @@ export async function defaultRuntimeToolCapabilityResolver(input) {
     const resolvedOutputSchema = input.tool.output_schema
         ? parsePackToolJsonSchema(input.tool.output_schema, input.tool.name, 'output_schema')
         : DEFAULT_PACK_TOOL_OUTPUT_SCHEMA;
+    const augmentation = input.loadedPack.resolvedCapabilityAugmentations?.[input.tool.name];
     return {
         name: input.tool.name,
         domain: input.loadedPack.manifest.id,
@@ -358,15 +702,34 @@ export async function defaultRuntimeToolCapabilityResolver(input) {
         input_schema: resolvedInputSchema,
         output_schema: resolvedOutputSchema,
         permission: input.tool.permission,
-        required_scopes: input.tool.required_scopes,
+        required_scopes: mergeToolScopes(input.tool.required_scopes, augmentation?.required_scopes),
+        required_env: mergeRequiredEnvNames(input.tool.required_env, augmentation?.required_env),
         handler: {
             kind: TOOL_HANDLER_KINDS.SUBPROCESS,
             entry: resolvedEntry,
         },
         description: buildPackToolDescription(input.tool.name, input.loadedPack.manifest.id),
         pack: input.loadedPack.pin.id,
+        ...(input.loadedPack.resolvedConfig !== undefined
+            ? { pack_config: input.loadedPack.resolvedConfig }
+            : {}),
     };
 }
+function mergeRequiredEnvNames(manifestRequiredEnv, augmentedRequiredEnv) {
+    const merged = [...(manifestRequiredEnv ?? []), ...(augmentedRequiredEnv ?? [])];
+    if (merged.length === 0) {
+        return undefined;
+    }
+    return [...new Set(merged)];
+}
+function mergeToolScopes(manifestScopes, augmentedScopes) {
+    const merged = [...manifestScopes, ...(augmentedScopes ?? [])];
+    const uniqueScopes = new Map();
+    for (const scope of merged) {
+        uniqueScopes.set(JSON.stringify(scope), scope);
+    }
+    return [...uniqueScopes.values()];
+}
 async function fileExists(targetPath) {
     try {
         await access(targetPath);
@@ -489,15 +852,17 @@ async function resolveWorkspaceSpec(options) {
         raw_workspace_data: rawWorkspaceData,
     };
 }
-function buildDefaultPolicyLayers(loadedPacks) {
-    const packRules = loadedPacks.flatMap((loadedPack) => {
-        return loadedPack.manifest.policies.map((policy) => ({
+async function buildDefaultPolicyLayers(workspaceRoot, loadedPacks) {
+    const packRules = [];
+    for (const loadedPack of loadedPacks) {
+        packRules.push(...loadedPack.manifest.policies.map((policy) => ({
             id: policy.id,
             trigger: policy.trigger,
             decision: policy.decision,
             reason: policy.reason,
-        }));
-    });
+        })));
+        packRules.push(...(await resolvePackPolicyFactoryRules(workspaceRoot, loadedPack)));
+    }
     return [
         {
             level: 'workspace',
@@ -533,6 +898,7 @@ function createRuntimePolicyHook(policyEngine) {
             tool_name: input.capability.name,
             pack_id: input.capability.pack,
             tool_arguments: input.tool_arguments,
+            execution_metadata: resolveExecutionMetadata(input.context),
         };
         const evaluation = await policyEngine.evaluate(context);
         return [...builtinDecisions, ...toPolicyHookDecisions(evaluation)];
@@ -973,6 +1339,17 @@ export async function initializeKernelRuntime(options) {
         const keyList = rootKeyValidation.errors.join('\n  - ');
         throw new Error(`Workspace root-key validation failed:\n  - ${keyList}`);
     }
+    const resolvedLoadedPacks = [];
+    for (const loadedPack of loadedPacks) {
+        const resolvedLoadedPack = await attachResolvedPackConfig(loadedPack, resolvedWorkspace.raw_workspace_data);
+        const resolvedCapabilityAugmentations = await resolvePackCapabilityAugmentations(workspaceRoot, resolvedLoadedPack);
+        const augmentedLoadedPack = {
+            ...resolvedLoadedPack,
+            resolvedCapabilityAugmentations,
+        };
+        validatePackConfigEnvReferences(augmentedLoadedPack);
+        resolvedLoadedPacks.push(augmentedLoadedPack);
+    }
     const registry = new ToolRegistry();
     if (options.includeBuiltinTools !== false) {
         registerBuiltinToolCapabilities(registry, {
@@ -980,7 +1357,7 @@ export async function initializeKernelRuntime(options) {
         });
     }
     const toolCapabilityResolver = options.toolCapabilityResolver ?? defaultRuntimeToolCapabilityResolver;
-    for (const loadedPack of loadedPacks) {
+    for (const loadedPack of resolvedLoadedPacks) {
         for (const tool of loadedPack.manifest.tools) {
             let capability;
             try {
@@ -1001,7 +1378,7 @@ export async function initializeKernelRuntime(options) {
         }
     }
     const policyEngine = new PolicyEngine({
-        layers: options.policyLayers ?? buildDefaultPolicyLayers(loadedPacks),
+        layers: options.policyLayers ?? (await buildDefaultPolicyLayers(workspaceRoot, resolvedLoadedPacks)),
     });
     const evidenceStore = new EvidenceStore({ evidenceRoot });
     const eventStoreOptions = {
@@ -1034,13 +1411,13 @@ export async function initializeKernelRuntime(options) {
         workspace_spec: workspaceSpec,
         workspace_file_path: resolvedWorkspace.workspace_file_path,
         workspace_config_hash: resolvedWorkspace.workspace_config_hash,
-        loaded_packs: loadedPacks,
+        loaded_packs: resolvedLoadedPacks,
         task_spec_root: taskSpecRoot,
         event_store: eventStore,
         evidence_store: evidenceStore,
         tool_host: toolHost,
         policy_engine: policyEngine,
-        state_aliases: mergeStateAliases(loadedPacks),
+        state_aliases: mergeStateAliases(resolvedLoadedPacks),
         now,
         run_id_factory: options.runIdFactory,
     });