# Demo Test Suite

Automated tests for the investor demo configuration.

## SAFETY RULE (critical)

Tests in this suite MUST be strictly read-only towards the database.

Pytest runs against the **real dev database** (there is no separate test DB).
Tests must NEVER load or remove demo configs — neither via direct module
calls (`cfg.load()` / `cfg.remove()`) nor via HTTP calls to
`/api/admin/demo-config/<code>/load|remove` (not even to assert 401/403).

Background: on 2026-06-09 a demo test reloaded `investor-demo-2026` during a
pytest run. The demo mandates (HappyLife AG, Alpina Treuhand AG) were deleted
and recreated with new UUIDs, orphaning all real feature data (trustee
accounting incl. RMA connection, workflows, documents). The data had to be
recovered by remapping ~15'000 rows across 9 databases.

Demo configs are loaded/removed manually via Admin UI → `/admin/demo-config`.

## Run

```bash
cd platform-core/
pytest tests/demo/ -v
```

## Test files

| File | What it tests |
|------|--------------|
| `test_demo_api.py` | Config auto-discovery (read-only), list endpoint rejects unauthenticated |
| `test_demo_data_files.py` | Demo data files exist in `demoData/` (filesystem only) |