diff --git a/packages/ditto/workers/deno-env.ts b/packages/ditto/workers/deno-env.ts
deleted file mode 100644
index 1500eb57..00000000
--- a/packages/ditto/workers/deno-env.ts
+++ /dev/null
@@ -1,2 +0,0 @@
-// @ts-ignore Don't try to access the env from this worker.
-Deno.env = new Map<string, string>();
diff --git a/packages/ditto/workers/policy.test.ts b/packages/ditto/workers/policy.test.ts
new file mode 100644
index 00000000..623e7c98
--- /dev/null
+++ b/packages/ditto/workers/policy.test.ts
@@ -0,0 +1,14 @@
+import { DittoConf } from '@ditto/conf';
+import { generateSecretKey, nip19 } from 'nostr-tools';
+
+import { PolicyWorker } from './policy.ts';
+
+Deno.test('PolicyWorker', () => {
+  const conf = new DittoConf(
+    new Map([
+      ['DITTO_NSEC', nip19.nsecEncode(generateSecretKey())],
+    ]),
+  );
+
+  new PolicyWorker(conf);
+});
diff --git a/packages/ditto/workers/policy.ts b/packages/ditto/workers/policy.ts
index e2617f72..6cddd0a0 100644
--- a/packages/ditto/workers/policy.ts
+++ b/packages/ditto/workers/policy.ts
@@ -3,6 +3,8 @@ import { NostrEvent, NostrRelayOK, NPolicy } from '@nostrify/nostrify';
 import { logi } from '@soapbox/logi';
 import * as Comlink from 'comlink';
 
+import { errorJson } from '@/utils/log.ts';
+
 import type { CustomPolicy } from '@/workers/policy.worker.ts';
 
 export class PolicyWorker implements NPolicy {
@@ -85,6 +87,15 @@ export class PolicyWorker implements NPolicy {
         return;
       }
 
+      logi({
+        level: 'error',
+        ns: 'ditto.system.policy',
+        msg: 'Failed to load custom policy',
+        path: conf.policy,
+        error: errorJson(e),
+        enabled: false,
+      });
+
       throw new Error(`DITTO_POLICY (error importing policy): ${conf.policy}`);
     }
   }
diff --git a/packages/ditto/workers/policy.worker.ts b/packages/ditto/workers/policy.worker.ts
index 6ea39f1a..80966c2e 100644
--- a/packages/ditto/workers/policy.worker.ts
+++ b/packages/ditto/workers/policy.worker.ts
@@ -1,5 +1,3 @@
-import './deno-env.ts'; // HACK should be removed when `@/config.ts` is removed.
-
 import { DittoConf } from '@ditto/conf';
 import { DittoPolyPg } from '@ditto/db';
 import '@soapbox/safe-fetch/load';
@@ -10,6 +8,9 @@ import * as Comlink from 'comlink';
 import { ReadOnlySigner } from '@/signers/ReadOnlySigner.ts';
 import { DittoPgStore } from '@/storages/DittoPgStore.ts';
 
+// @ts-ignore Don't try to access the env from this worker.
+Deno.env = new Map<string, string>();
+
 /** Serializable object the worker can use to set up the state. */
 interface PolicyInit {
   /** Path to the policy module (https, jsr, file, etc) */