org chart 자동로그인 보완. seed-tenant 삭제불가 조치

backend/internal/bootstrap/tenant_seed.go

@@ -129,6 +129,36 @@ func loadSeedTenantConfigs() ([]InitialTenantConfig, error) {
 	return configs, nil
 }
 
+func SeedTenantSlugSet() (map[string]bool, error) {
+	configs, err := loadSeedTenantConfigs()
+	if err != nil {
+		return nil, err
+	}
+
+	slugs := make(map[string]bool, len(configs))
+	for _, config := range configs {
+		slug := strings.TrimSpace(strings.ToLower(config.Slug))
+		if slug != "" {
+			slugs[slug] = true
+		}
+	}
+	return slugs, nil
+}
+
+func IsSeedTenantSlug(slug string) bool {
+	normalized := strings.TrimSpace(strings.ToLower(slug))
+	if normalized == "" {
+		return false
+	}
+
+	slugs, err := SeedTenantSlugSet()
+	if err != nil {
+		slog.Warn("[Bootstrap] Failed to load seed tenant slug set", "error", err)
+		return false
+	}
+	return slugs[normalized]
+}
+
 func findSeedTenantCSVPath() (string, error) {
 	if configured := strings.TrimSpace(os.Getenv(seedTenantCSVPathEnv)); configured != "" {
 		return configured, nil

backend/internal/bootstrap/tenant_seed_test.go

@@ -82,3 +82,21 @@ func TestLoadSeedTenantConfigsUsesConfiguredCSVPath(t *testing.T) {
 		t.Fatalf("child domains = %#v, want child.example.com", configs[1].Domains)
 	}
 }
+
+func TestIsSeedTenantSlugUsesConfiguredCSVPath(t *testing.T) {
+	dir := t.TempDir()
+	path := filepath.Join(dir, "seed-tenant.csv")
+	csv := "name,type,parent_tenant_slug,slug,memo,email_domain\n" +
+		"Root,COMPANY_GROUP,,protected-root,Root memo,\n"
+	if err := os.WriteFile(path, []byte(csv), 0o600); err != nil {
+		t.Fatalf("failed to write seed csv: %v", err)
+	}
+	t.Setenv(seedTenantCSVPathEnv, path)
+
+	if !IsSeedTenantSlug("protected-root") {
+		t.Fatal("protected-root must be detected as seed tenant")
+	}
+	if IsSeedTenantSlug("normal-tenant") {
+		t.Fatal("normal-tenant must not be detected as seed tenant")
+	}
+}