diff --git a/src/server/index.ts b/src/server/index.ts
index 8035b2e..4cb98f5 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -1746,33 +1746,16 @@ app.get('/api/admin/analytics/charts', requireAdmin, (c) => {
 })
 
 // Admin HTML auth middleware - redirects unauthenticated users to login
-const adminHtmlAuth = async (c: any, next: any) => {
-  const path = c.req.path
-
-  // Skip static assets (CSS, JS, images, fonts)
-  if (/\.(css|js|png|jpg|jpeg|gif|svg|ico|woff2?|ttf|eot)$/i.test(path)) {
-    return await next()
-  }
-
-  // Check auth for admin HTML pages
-  const sessionId = c.req.header('Cookie')?.match(/session=([^;]+)/)?.[1]
-  if (!sessionId) {
-    return c.redirect('/login', 302)
-  }
-
-  const session = getSession(sessionId)
-  if (!session) {
-    return c.redirect('/login', 302)
-  }
-
-  c.set('user', { id: session.userId, role: session.role })
+// NOTE: This middleware is currently DISABLED because it conflicts with serveStatic
+// for admin component files (dashboard.html, properties.html, etc.)
+// Client-side auth check in admin.js handles redirect to /login
+// API endpoints remain protected by requireAdmin middleware
+const adminHtmlAuthDisabled = async (c: any, next: any) => {
+  // Middleware disabled — client-side auth in admin.js
+  // Keep function for reference but do NOT use app.use('/admin', ...)
   await next()
 }
 
-// Apply admin auth middleware to all /admin routes
-app.use('/admin', adminHtmlAuth)
-app.use('/admin/*', adminHtmlAuth)
-
 // Serve static files and SPA routes (clean URLs without .html)
 // Admin component files - serve explicitly BEFORE the /admin route
 app.get('/admin/sidebar.html', serveStatic({ path: './public/admin/sidebar.html' }))