diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index b5c2c62..f0e139d 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -43,7 +43,9 @@ jobs:
           bun-version: latest
 
       - name: Install Dependencies
-        run: bun install --frozen-lockfile
+        run: |
+          bun install --frozen-lockfile
+          cd web && bun install --frozen-lockfile
 
       - name: Create Config File
         run: |
@@ -96,6 +98,8 @@ jobs:
           LOG_LEVEL="error"
           EOF
           bash shared/scripts/test-sequential.sh
+        env:
+          NODE_ENV: test
 
   # ==========================================================================
   # Build Job
diff --git a/web/src/server.test.ts b/web/src/server.test.ts
index 62dba49..95b6233 100644
--- a/web/src/server.test.ts
+++ b/web/src/server.test.ts
@@ -58,6 +58,7 @@ mock.module("../../bot/lib/clientStats", () => ({
 
 describe("WebServer Security & Limits", () => {
     const port = 3001;
+    const hostname = "127.0.0.1";
     let serverInstance: WebServerInstance | null = null;
 
     afterAll(async () => {
@@ -67,8 +68,8 @@ describe("WebServer Security & Limits", () => {
     });
 
     test("should reject more than 10 concurrent WebSocket connections", async () => {
-        serverInstance = await createWebServer({ port, hostname: "localhost" });
-        const wsUrl = `ws://localhost:${port}/ws`;
+        serverInstance = await createWebServer({ port, hostname });
+        const wsUrl = `ws://${hostname}:${port}/ws`;
         const sockets: WebSocket[] = [];
 
         try {
@@ -95,9 +96,9 @@ describe("WebServer Security & Limits", () => {
 
     test("should return 200 for health check", async () => {
         if (!serverInstance) {
-            serverInstance = await createWebServer({ port, hostname: "localhost" });
+            serverInstance = await createWebServer({ port, hostname });
         }
-        const response = await fetch(`http://localhost:${port}/api/health`);
+        const response = await fetch(`http://${hostname}:${port}/api/health`);
         expect(response.status).toBe(200);
         const data = (await response.json()) as { status: string };
         expect(data.status).toBe("ok");
@@ -105,7 +106,7 @@ describe("WebServer Security & Limits", () => {
 
     describe("Administrative Actions", () => {
         test("should allow administrative actions without token", async () => {
-            const response = await fetch(`http://localhost:${port}/api/actions/reload-commands`, {
+            const response = await fetch(`http://${hostname}:${port}/api/actions/reload-commands`, {
                 method: "POST"
             });
             // Should be 200 (OK) or 500 (if underlying service fails, but NOT 401)
@@ -114,7 +115,7 @@ describe("WebServer Security & Limits", () => {
         });
 
         test("should reject maintenance mode with invalid payload", async () => {
-            const response = await fetch(`http://localhost:${port}/api/actions/maintenance-mode`, {
+            const response = await fetch(`http://${hostname}:${port}/api/actions/maintenance-mode`, {
                 method: "POST",
                 headers: {
                     "Content-Type": "application/json"