fix(manacore-web): add runtime env injection for auth URLs

Same fix as todo, calendar, clock - uses hooks.server.ts to inject
PUBLIC_MANA_CORE_AUTH_URL_CLIENT at runtime for Docker deployments.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

apps/manacore/apps/web/src/hooks.server.ts

@@ -3,9 +3,21 @@ import type { Handle } from '@sveltejs/kit';
 /**
  * Server hooks for ManaCore web app
  *
- * Authentication is handled entirely by Mana Core Auth (@manacore/shared-auth).
- * No Supabase is needed - all data comes from mana-core-auth APIs.
+ * Injects runtime environment variables into the HTML for client-side access.
+ * This is necessary because SvelteKit's $env/static/public bakes values at build time,
+ * but Docker containers need runtime configuration.
  */
+
+const PUBLIC_MANA_CORE_AUTH_URL_CLIENT =
+	process.env.PUBLIC_MANA_CORE_AUTH_URL_CLIENT || process.env.PUBLIC_MANA_CORE_AUTH_URL || '';
+
 export const handle: Handle = async ({ event, resolve }) => {
-	return resolve(event);
+	return resolve(event, {
+		transformPageChunk: ({ html }) => {
+			const envScript = `<script>
+window.__PUBLIC_MANA_CORE_AUTH_URL__ = "${PUBLIC_MANA_CORE_AUTH_URL_CLIENT}";
+</script>`;
+			return html.replace('<head>', `<head>${envScript}`);
+		},
+	});
 };

apps/manacore/apps/web/src/lib/stores/auth.svelte.ts

@@ -7,9 +7,18 @@ import { browser } from '$app/environment';
 import { initializeWebAuth } from '@manacore/shared-auth';
 import type { UserData } from '@manacore/shared-auth';
 
-// Initialize Mana Core Auth only on the client side
-// TODO: Use PUBLIC_MANA_CORE_AUTH_URL from env when available
-const MANA_AUTH_URL = 'http://localhost:3001';
+// Get auth URL dynamically at runtime - fallback for SSR and client
+function getAuthUrl(): string {
+	if (browser && typeof window !== 'undefined') {
+		// Client-side: use injected window variable (set by hooks.server.ts)
+		// Falls back to localhost for local development
+		const injectedUrl = (window as unknown as { __PUBLIC_MANA_CORE_AUTH_URL__?: string })
+			.__PUBLIC_MANA_CORE_AUTH_URL__;
+		return injectedUrl || 'http://localhost:3001';
+	}
+	// Server-side (SSR): use Docker internal URL for container-to-container communication
+	return process.env.PUBLIC_MANA_CORE_AUTH_URL || 'http://localhost:3001';
+}
 
 // Lazy initialization to avoid SSR issues with localStorage
 let _authService: ReturnType<typeof initializeWebAuth>['authService'] | null = null;
@@ -18,7 +27,7 @@ let _tokenManager: ReturnType<typeof initializeWebAuth>['tokenManager'] | null =
 function getAuthService() {
 	if (!browser) return null;
 	if (!_authService) {
-		const auth = initializeWebAuth({ baseUrl: MANA_AUTH_URL });
+		const auth = initializeWebAuth({ baseUrl: getAuthUrl() });
 		_authService = auth.authService;
 		_tokenManager = auth.tokenManager;
 	}

apps/manacore/apps/web/src/lib/stores/user-settings.svelte.ts

@@ -7,14 +7,22 @@
  * - localStorage caching for offline support
  */
 
+import { browser } from '$app/environment';
 import { createUserSettingsStore } from '@manacore/shared-theme';
 import { authStore } from './auth.svelte';
 
-// TODO: Use PUBLIC_MANA_CORE_AUTH_URL from env when available
-const MANA_AUTH_URL = 'http://localhost:3001';
+// Get auth URL dynamically at runtime
+function getAuthUrl(): string {
+	if (browser && typeof window !== 'undefined') {
+		const injectedUrl = (window as unknown as { __PUBLIC_MANA_CORE_AUTH_URL__?: string })
+			.__PUBLIC_MANA_CORE_AUTH_URL__;
+		return injectedUrl || 'http://localhost:3001';
+	}
+	return 'http://localhost:3001';
+}
 
 export const userSettings = createUserSettingsStore({
 	appId: 'manacore',
-	authUrl: MANA_AUTH_URL,
+	authUrl: getAuthUrl(),
 	getAccessToken: () => authStore.getAccessToken(),
 });