CMS pages were calling api/cms/track on https://localhost:5001 (the public host)
because the DeepDrft.API named client was base-addressed there; controllers live
on the Manager. Re-pointed to baseUrl. /cms page declared InteractiveAuto in a
Server-only host. App.razor link for MudBlazorThemeManager.css had _ outside the
@Assets[] expression. Public connections example carried a leftover Auth string.
TrackCard, TracksGallery, DDIcons, DeepDrftPalettes (Default+Cms), DeepDrftFontLinks,
and palette CSS tokens extracted. Both hosts and DeepDrftCms reference the shared RCL.
Public host is now auth-free: no AuthBlocks, no DeepDrftCms ref, no stealth routing.
MainLayout restored to full chrome. DeepDrft.Content/.Cms HttpClients wired on Manager.
InteractiveServer only, full AuthBlocks, no WASM. Controllers scaffolded for future
CMS controller migration. CmsStealthRoutingHandler omitted by design (subdomain topology).