fix(ci): lazy-init JWT secret to avoid build-time crash in postgres frontend

The JWT_SECRET env var was evaluated at module load time, causing Next.js
static page generation to fail in CI where the variable is not set.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

frontends/postgres/src/utils/session.ts

@@ -3,19 +3,20 @@ import { cookies } from 'next/headers';
 
 const SESSION_COOKIE_NAME = 'admin-session';
 
-// Get JWT secret and throw error if not provided
+// Get JWT secret lazily to avoid build-time errors during static page generation
+let _jwtSecret: Uint8Array | null = null;
+
 function getJwtSecret(): Uint8Array {
-  const secret = process.env.JWT_SECRET;
-
-  if (!secret) {
-    throw new Error('JWT_SECRET environment variable is required');
+  if (!_jwtSecret) {
+    const secret = process.env.JWT_SECRET;
+    if (!secret) {
+      throw new Error('JWT_SECRET environment variable is required');
+    }
+    _jwtSecret = new TextEncoder().encode(secret);
   }
-
-  return new TextEncoder().encode(secret);
+  return _jwtSecret;
 }
 
-const JWT_SECRET = getJwtSecret();
-
 export type SessionData = {
   userId: number;
   username: string;
@@ -26,7 +27,7 @@ export async function createSession(data: SessionData): Promise<string> {
     .setProtectedHeader({ alg: 'HS256' })
     .setIssuedAt()
     .setExpirationTime('24h')
-    .sign(JWT_SECRET);
+    .sign(getJwtSecret());
 
   return token;
 }
@@ -51,7 +52,7 @@ export async function getSession(): Promise<SessionData | null> {
   }
 
   try {
-    const { payload } = await jwtVerify(token, JWT_SECRET);
+    const { payload } = await jwtVerify(token, getJwtSecret());
     return payload as SessionData;
   } catch {
     return null;