# Meezi load tests (k6)

Smoke-test public endpoints and verify rate limiting under abuse.

## Prerequisites

Install [k6](https://k6.io/docs/get-started/installation/).

## Run

```powershell
# API must be running (e.g. docker compose or dotnet run)
$env:BASE_URL = "http://localhost:5080"
k6 run tests/load/public-abuse.js
```

## Variables

| Env | Default | Description |
|-----|---------|-------------|
| `BASE_URL` | `http://localhost:5080` | API root |
| `QR_CODE` | `demo_table_01` | QR resolver code |

## Expected

- Most requests succeed under normal VUs.
- At high rate, some responses return **429** with `RATE_LIMITED` (ASP.NET or Redis limits).

See `docs/SECURITY.md` for limit values.