Bug Fixes
The (internal) layout previously had to redirect unauthenticated requests, but child page components would attempt to validate the session before the layout's redirect reached the client. This caused "No session found" errors to be captured by Sentry on every unauth hit to crawlable internal URLs.
Auth checks now happen at the middleware level—before any page components run—so unauthenticated requests short-circuit cleanly to the sign-in page with the proper redirect context. This eliminates spurious Sentry noise while keeping the layout-level check as a defense-in-depth safeguard.