From 44659a9dd7c921841adce1743896f3a1fbb112eb Mon Sep 17 00:00:00 2001
From: Sharang Parnerkar <30073382+mighty840@users.noreply.github.com>
Date: Wed, 15 Apr 2026 18:20:16 +0200
Subject: [PATCH] fix(pitch-deck): serve /screenshots/* past the auth
 middleware
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The SDK Live Demo slide renders screenshots via next/image from
/public/screenshots/*.png. Because /screenshots was not on the
PUBLIC_PATHS list, every request was 307-redirected to /auth, and the
next/image optimizer responded with
  HTTP 400 "The requested resource isn't a valid image."
leaving the slide with empty dark frames (surfaced in the pitch preview).

next/image also bypasses middleware itself (see the matcher), but the
server-side fetch it performs for the source URL does hit middleware
and carries no investor cookie, so whitelisting the path is required
even for authenticated viewers.

These PNGs are public marketing assets — there's no reason to gate them.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 pitch-deck/middleware.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pitch-deck/middleware.ts b/pitch-deck/middleware.ts
index 635afed..14fd7ed 100644
--- a/pitch-deck/middleware.ts
+++ b/pitch-deck/middleware.ts
@@ -12,6 +12,7 @@ const PUBLIC_PATHS = [
   '/manifest.json',
   '/sw.js',
   '/icons',
+  '/screenshots',             // SDK demo screenshots: public marketing assets. Must bypass auth because the next/image optimizer fetches them server-side without investor cookies.
   '/favicon.ico',
 ]