stage 4

app/op/layout.tsx

@@ -1,9 +1,17 @@
 import Link from "next/link";
-import { requireOperator } from "@/lib/auth";
+import { getCurrentUser } from "@/lib/auth";
 import LogoutButton from "@/components/LogoutButton";
 
+/**
+ * The /op layout intentionally does NOT force-redirect unauthenticated
+ * visitors. The scan page (/op/scan/[token]) needs to bounce them to
+ * /login/operator?next=<path> so they come back to the same QR card after
+ * signing in; a blanket redirect here would lose that context. Each page
+ * under /op is responsible for its own auth gate (see requireOperator in
+ * lib/auth.ts, or the scan page's custom redirect).
+ */
 export default async function OperatorLayout({ children }: { children: React.ReactNode }) {
-  const user = await requireOperator();
+  const user = await getCurrentUser();
 
   return (
     <div className="min-h-dvh flex flex-col">
@@ -12,8 +20,16 @@ export default async function OperatorLayout({ children }: { children: React.Rea
           <Link href="/op" className="font-semibold tracking-tight">
             MRP
           </Link>
-          <span className="ml-auto text-sm text-slate-500">{user.name}</span>
-          <LogoutButton />
+          {user ? (
+            <>
+              <span className="ml-auto text-sm text-slate-500">{user.name}</span>
+              <LogoutButton />
+            </>
+          ) : (
+            <Link href="/login/operator" className="ml-auto text-sm text-slate-900 hover:underline">
+              Sign in
+            </Link>
+          )}
         </div>
       </header>
       <main className="flex-1">{children}</main>