diff --git a/apps/admin/src/middleware.ts b/apps/admin/src/proxy.ts
similarity index 95%
rename from apps/admin/src/middleware.ts
rename to apps/admin/src/proxy.ts
index a7b12f4..c6d0d2a 100644
--- a/apps/admin/src/middleware.ts
+++ b/apps/admin/src/proxy.ts
@@ -7,7 +7,7 @@ import {
   resolveRoleFromRequest,
 } from "@/lib/access"
 
-export function middleware(request: NextRequest) {
+export function proxy(request: NextRequest) {
   const { pathname } = request.nextUrl
 
   if (isPublicRoute(pathname)) {
diff --git a/docs/product-engineering/rbac-permission-model.md b/docs/product-engineering/rbac-permission-model.md
index 1c426ad..91ea007 100644
--- a/docs/product-engineering/rbac-permission-model.md
+++ b/docs/product-engineering/rbac-permission-model.md
@@ -40,7 +40,7 @@ Scope hierarchy (higher includes lower):
 
 ## Enforcement Layers
 
-- Route-level: `apps/admin/src/middleware.ts`
+- Route-level: `apps/admin/src/proxy.ts`
 - Action-level: server component checks in admin pages (`/` and `/todo`)
 - Shared model + checks: `packages/content/src/rbac.ts`