feat(03-01): protect /portal routes and update post-login redirect

- middleware.ts: add /portal/:path* to matcher array
- auth.config.ts: add isPortalRoute check, redirect unauthenticated to /agent/login
- auth.config.ts: change post-login redirect from /agent/dashboard to /portal/dashboard
- agent dashboard page: replace stub with redirect to /portal/dashboard

teressa-copeland-homes/src/app/agent/(protected)/dashboard/page.tsx

@@ -1,17 +1,5 @@
-import { auth } from "@/lib/auth";
 import { redirect } from "next/navigation";
 
-export default async function DashboardPage() {
-  // Defense-in-depth session check (layout also checks, this is belt-and-suspenders)
-  const session = await auth();
-  if (!session) redirect("/agent/login");
-
-  return (
-    <div>
-      <h1 className="text-2xl font-semibold text-gray-900">Dashboard</h1>
-      <p className="mt-2 text-gray-500">
-        Welcome back, {session.user?.email}. Portal content coming in Phase 3.
-      </p>
-    </div>
-  );
+export default function DashboardPage() {
+  redirect("/portal/dashboard");
 }

teressa-copeland-homes/src/lib/auth.config.ts

@@ -20,9 +20,10 @@ export const authConfig = {
       const isLoggedIn = !!auth?.user;
       const isLoginPage = nextUrl.pathname === "/agent/login";
       const isAgentRoute = nextUrl.pathname.startsWith("/agent");
+      const isPortalRoute = nextUrl.pathname.startsWith("/portal");
 
       if (isLoginPage) {
-        if (isLoggedIn) return Response.redirect(new URL("/agent/dashboard", nextUrl.origin));
+        if (isLoggedIn) return Response.redirect(new URL("/portal/dashboard", nextUrl.origin));
         return true; // Always allow unauthenticated access to login page
       }
 
@@ -30,6 +31,10 @@ export const authConfig = {
         return isLoggedIn; // Redirect unauthenticated users to login
       }
 
+      if (isPortalRoute) {
+        if (!isLoggedIn) return Response.redirect(new URL("/agent/login", nextUrl));
+      }
+
       return true;
     },
     jwt({ token, user }) {