# Dashboard + Dev Server Plan

## Focus
- Protected dashboard (server-side session check + redirect)
- Confirm dev server setup for live reload of UI + API routes

## Goals
- Prevent unauthenticated access to the dashboard.
- Keep auth validation server-side.
- Ensure local dev server supports hot reload for frontend and backend (API routes).

## Proposed changes
### Backend/session
- Add a server helper to fetch the current user from the session cookie.

### Dashboard
- Update `apps/web/app/page.tsx` to:
  - Load current user on the server.
  - Redirect to `/login` if no valid session.
  - Show a minimal dashboard once authenticated.

### Dev server
- Use `npm run dev` at repo root (already mapped to `apps/web` dev).
- Next.js dev server hot reloads both UI and API routes automatically.

## Files impacted
- `apps/web/lib/session.ts` (new)
- `apps/web/app/page.tsx`
- `package.json` (optional script alias)

## Status
- Implemented

## Notes
- Run `npm run dev` or `npm run dev:web` for hot reload of UI + API routes.