diff --git a/src/accounting-app/app.ts b/src/accounting-app/app.ts
index bdf83e4..38d7d99 100644
--- a/src/accounting-app/app.ts
+++ b/src/accounting-app/app.ts
@@ -136,16 +136,18 @@ export async function createAppInstance() {
   await auth.initialize()
 
   // Auth guard — only redirect for routes that explicitly require auth
+  // Castle has no public view — every non-login route requires auth.
   router.beforeEach(async (to, _from, next) => {
-    const requiresAuth = to.meta.requiresAuth === true
-
-    if (requiresAuth && !auth.isAuthenticated.value) {
-      next('/login')
-    } else if (to.path === '/login' && auth.isAuthenticated.value) {
-      next('/')
-    } else {
-      next()
+    if (to.path === '/login') {
+      if (auth.isAuthenticated.value) next('/')
+      else next()
+      return
     }
+    if (!auth.isAuthenticated.value) {
+      next('/login')
+      return
+    }
+    next()
   })
 
   // Global error handling
diff --git a/src/chat-app/app.ts b/src/chat-app/app.ts
index 78a95b7..c058f86 100644
--- a/src/chat-app/app.ts
+++ b/src/chat-app/app.ts
@@ -91,16 +91,18 @@ export async function createAppInstance() {
   const { auth } = await import('@/composables/useAuthService')
   await auth.initialize()
 
+  // Chat has no public view — every non-login route requires auth.
   router.beforeEach(async (to, _from, next) => {
-    const requiresAuth = to.meta.requiresAuth === true
-
-    if (requiresAuth && !auth.isAuthenticated.value) {
-      next('/login')
-    } else if (to.path === '/login' && auth.isAuthenticated.value) {
-      next('/')
-    } else {
-      next()
+    if (to.path === '/login') {
+      if (auth.isAuthenticated.value) next('/')
+      else next()
+      return
     }
+    if (!auth.isAuthenticated.value) {
+      next('/login')
+      return
+    }
+    next()
   })
 
   app.config.errorHandler = (err, _vm, info) => {
diff --git a/src/wallet-app/app.ts b/src/wallet-app/app.ts
index 8c41eee..5380484 100644
--- a/src/wallet-app/app.ts
+++ b/src/wallet-app/app.ts
@@ -95,16 +95,18 @@ export async function createAppInstance() {
   const { auth } = await import('@/composables/useAuthService')
   await auth.initialize()
 
+  // Wallet has no public view — every non-login route requires auth.
   router.beforeEach(async (to, _from, next) => {
-    const requiresAuth = to.meta.requiresAuth === true
-
-    if (requiresAuth && !auth.isAuthenticated.value) {
-      next('/login')
-    } else if (to.path === '/login' && auth.isAuthenticated.value) {
-      next('/')
-    } else {
-      next()
+    if (to.path === '/login') {
+      if (auth.isAuthenticated.value) next('/')
+      else next()
+      return
     }
+    if (!auth.isAuthenticated.value) {
+      next('/login')
+      return
+    }
+    next()
   })
 
   app.config.errorHandler = (err, _vm, info) => {