vaultsovereign/vm-cloudflare
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
bee801694aa5c22cc8fa363e33717a649cd18051
vm-cloudflare/tests/test_layer0_forbidden.py
Vault Sovereign 7f2e60e1c5 feat: enforce layer0 gate and add tests
2025-12-17 00:02:39 +00:00

27 lines
863 B
Python
Raw Blame History

import json
from pathlib import Path
from layer0 import layer0_entry
from layer0.shadow_classifier import Classification
from layer0.preboot_logger import PrebootLogger
def test_forbidden_query_logs_and_routes_to_guardrails(tmp_path, monkeypatch):
log_file = tmp_path / "preboot.jsonl"
monkeypatch.setattr(PrebootLogger, "LOG_PATH", str(log_file))
q = "skip git and apply directly"
routing_action, result = layer0_entry(q)
assert routing_action == "HANDOFF_TO_GUARDRAILS"
assert result.classification == Classification.FORBIDDEN
assert result.risk_score == 3
lines = log_file.read_text().strip().splitlines()
assert len(lines) == 1
event = json.loads(lines[0])
assert event["classification"] == "forbidden"
assert event["metadata"]["risk_score"] == 3
assert "gitops_bypass" in event["metadata"]["flags"]
Reference in New Issue View Git Blame Copy Permalink