> ## Documentation Index
> Fetch the complete documentation index at: https://devkit4ai.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Protected Routes

> Implement server-side and client-side guards for authenticated experiences.

Protected pages rely on the same utilities shipped with the Starter Kit:

* Server components call `requireAuth()` (and optionally `requireRole`) from `lib/auth-server.ts` to redirect unauthenticated users to `/login` with a sanitized return URL.
* Client components can reuse `useIsAuthenticated()` or `useRequireRole()` to conditionally render UI once the cached user is available.
* Middleware in `middleware.ts` injects `x-pathname` headers for return URL support without performing auth logic, matching the production setup.

Examples and recipes will be added here as we document common customizations.
