From 7b4c40ae0bde61830d35b827f0dd1350d364d431 Mon Sep 17 00:00:00 2001
From: "Ishaan (OpenClaw)" <ishaan@openclaw.local>
Date: Sat, 7 Feb 2026 20:04:23 +0000
Subject: [PATCH] fix(auth): use redirectToSignIn in Clerk middleware

---
 frontend/src/proxy.ts | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/frontend/src/proxy.ts b/frontend/src/proxy.ts
index 46600084..29c99a5a 100644
--- a/frontend/src/proxy.ts
+++ b/frontend/src/proxy.ts
@@ -12,10 +12,16 @@ const isClerkEnabled = () =>
 const isPublicRoute = createRouteMatcher(["/sign-in(.*)"]);
 
 export default isClerkEnabled()
-  ? clerkMiddleware(async (auth, req) => {
+  ? clerkMiddleware((auth, req) => {
       if (isPublicRoute(req)) return NextResponse.next();
-      const session = await auth();
-      session.protect();
+
+      // Clerk typings in App Router return SessionAuthWithRedirect.
+      // Use redirectToSignIn() instead of protect(). Keep middleware callback sync.
+      const { userId, redirectToSignIn } = auth();
+      if (!userId) {
+        return redirectToSignIn({ returnBackUrl: req.url });
+      }
+
       return NextResponse.next();
     })
   : () => NextResponse.next();