diff --git a/services/mam-api/src/routes/auth.js b/services/mam-api/src/routes/auth.js
index 8eb9d0b..efbb4f3 100644
--- a/services/mam-api/src/routes/auth.js
+++ b/services/mam-api/src/routes/auth.js
@@ -74,6 +74,12 @@ router.post('/logout', (req, res, next) => {
 // GET /me
 // ---------------------------------------------------------------------------
 router.get('/me', async (req, res) => {
+  // When auth is disabled return a synthetic guest/admin user so the frontend
+  // auth-guard never receives a 401 and never redirects to login.html.
+  if (process.env.AUTH_ENABLED !== 'true') {
+    return res.json({ id: null, username: 'admin', display_name: 'Admin', role: 'admin' });
+  }
+
   if (!req.session || !req.session.userId) {
     return res.status(401).json({ error: 'Not authenticated' });
   }