diff --git a/middleware.ts b/middleware.ts
index 66921a7..6d72d89 100644
--- a/middleware.ts
+++ b/middleware.ts
@@ -1,3 +1,9 @@
+/**
+ * Next.js middleware to protect admin routes.
+ * - Runs for paths matched by the config `matcher` (see bottom).
+ * - Checks for the `refreshToken` cookie; if missing, redirects to `/login` before any page renders.
+ * - No manual import/use needed—Next.js automatically executes this for matching requests.
+ */
 import { NextRequest, NextResponse } from 'next/server'
 
 // Move accessToken to HttpOnly cookie in future for better security