diff --git a/docker/web.Dockerfile b/docker/web.Dockerfile
index 8f87a51..70e9cb0 100644
--- a/docker/web.Dockerfile
+++ b/docker/web.Dockerfile
@@ -18,7 +18,20 @@ COPY tsconfig.base.json turbo.json ./
 COPY apps/web apps/web
 COPY packages/db packages/db
 COPY packages/shared packages/shared
-RUN pnpm --filter @cmbot/shared build && \
+# Placeholder env values during `next build`'s "Collecting page data"
+# pass. Next bundles `lib/db.ts` (`createClient(env.DATABASE_URL)`) and
+# `actions/auth.ts` (uses AUTH_SECRET) into route bundles; their
+# top-level env access fires when Next imports the route to inspect
+# its config (the route's own `export const dynamic = "force-dynamic"`
+# stops handler execution, NOT module evaluation).
+#
+# pg.Pool is lazy — it stores the URL and only connects on the first
+# query — so a build-time placeholder never opens a socket. The
+# placeholders are scoped to this RUN layer (each Dockerfile RUN is
+# its own shell); nothing leaks into the runtime image.
+RUN export DATABASE_URL=postgres://build:build@localhost:5432/build && \
+    export AUTH_SECRET=build-time-placeholder-not-used-at-runtime && \
+    pnpm --filter @cmbot/shared build && \
     pnpm --filter @cmbot/db build && \
     pnpm --filter @cmbot/web build