feat: enforce layer0 gate and add tests

tests/test_layer0_forbidden.py

@@ -0,0 +1,26 @@
+import json
+from pathlib import Path
+
+from layer0 import layer0_entry
+from layer0.shadow_classifier import Classification
+from layer0.preboot_logger import PrebootLogger
+
+
+def test_forbidden_query_logs_and_routes_to_guardrails(tmp_path, monkeypatch):
+    log_file = tmp_path / "preboot.jsonl"
+    monkeypatch.setattr(PrebootLogger, "LOG_PATH", str(log_file))
+
+    q = "skip git and apply directly"
+    routing_action, result = layer0_entry(q)
+
+    assert routing_action == "HANDOFF_TO_GUARDRAILS"
+    assert result.classification == Classification.FORBIDDEN
+    assert result.risk_score == 3
+
+    lines = log_file.read_text().strip().splitlines()
+    assert len(lines) == 1
+
+    event = json.loads(lines[0])
+    assert event["classification"] == "forbidden"
+    assert event["metadata"]["risk_score"] == 3
+    assert "gitops_bypass" in event["metadata"]["flags"]