diff --git a/apps/e2e/tests/book.spec.ts b/apps/e2e/tests/book.spec.ts
index ecec404..c3f30a5 100644
--- a/apps/e2e/tests/book.spec.ts
+++ b/apps/e2e/tests/book.spec.ts
@@ -1,4 +1,4 @@
-import { test, expect } from "@playwright/test";
+import { test, expect } from "./fixtures.js";
 
 /**
  * Booking portal happy-path E2E test.
diff --git a/apps/e2e/tests/clients.spec.ts b/apps/e2e/tests/clients.spec.ts
index 4e681da..8b0ea62 100644
--- a/apps/e2e/tests/clients.spec.ts
+++ b/apps/e2e/tests/clients.spec.ts
@@ -1,4 +1,4 @@
-import { test, expect } from "@playwright/test";
+import { test, expect } from "./fixtures.js";
 
 /**
  * Client management E2E tests.
diff --git a/apps/e2e/tests/fixtures.ts b/apps/e2e/tests/fixtures.ts
new file mode 100644
index 0000000..3150ffe
--- /dev/null
+++ b/apps/e2e/tests/fixtures.ts
@@ -0,0 +1,22 @@
+import { test as base } from "@playwright/test";
+
+/**
+ * Custom test fixture that seeds a dev user in localStorage before each test.
+ *
+ * When AUTH_DISABLED=true, the app redirects to /login if no dev-user is set.
+ * This fixture ensures E2E tests bypass that redirect by pre-selecting a
+ * default staff user.
+ */
+export const test = base.extend({
+  page: async ({ page }, use) => {
+    await page.addInitScript(() => {
+      localStorage.setItem(
+        "dev-user",
+        JSON.stringify({ type: "staff", id: "dev-user", name: "Dev User" })
+      );
+    });
+    await use(page);
+  },
+});
+
+export { expect } from "@playwright/test";
diff --git a/apps/e2e/tests/navigation.spec.ts b/apps/e2e/tests/navigation.spec.ts
index 39d9530..e79a5f6 100644
--- a/apps/e2e/tests/navigation.spec.ts
+++ b/apps/e2e/tests/navigation.spec.ts
@@ -1,4 +1,4 @@
-import { test, expect } from "@playwright/test";
+import { test, expect } from "./fixtures.js";
 
 /**
  * Navigation smoke tests — verifies that each page loads without errors.
diff --git a/apps/web/src/lib/devFetch.ts b/apps/web/src/lib/devFetch.ts
index 67603ed..42078ce 100644
--- a/apps/web/src/lib/devFetch.ts
+++ b/apps/web/src/lib/devFetch.ts
@@ -5,6 +5,8 @@ const originalFetch = window.fetch;
 /**
  * Patches global fetch to include X-Dev-User-Id header on API requests
  * when a dev user is selected via the login selector.
+ *
+ * Intentionally mutates window.fetch — this is dev-only (AUTH_DISABLED=true).
  */
 export function installDevFetchInterceptor() {
   window.fetch = function (input: RequestInfo | URL, init?: RequestInit) {