diff --git a/apps/backend/src/app/api/latest/internal/mcp-review/add-manual/route.ts b/apps/backend/src/app/api/latest/internal/mcp-review/add-manual/route.ts
index 216bfb240..98821aac9 100644
--- a/apps/backend/src/app/api/latest/internal/mcp-review/add-manual/route.ts
+++ b/apps/backend/src/app/api/latest/internal/mcp-review/add-manual/route.ts
@@ -39,13 +39,18 @@ export const POST = createSmartRouteHandler({
       throw new StatusError(503, "SpacetimeDB unavailable");
     }
 
+    const authUser = fullReq.auth?.user;
+    if (!authUser) {
+      throw new StatusError(StatusError.Unauthorized, "Authentication required");
+    }
+
     const token = getEnvVariable("STACK_MCP_LOG_TOKEN");
     await conn.reducers.addManualQa({
       token,
       question: body.question,
       answer: body.answer,
       publish: body.publish,
-      reviewedBy: fullReq.auth.user.display_name ?? fullReq.auth.user.primary_email ?? fullReq.auth.user.id,
+      reviewedBy: authUser.display_name ?? authUser.primary_email ?? authUser.id,
     });
 
     return {
diff --git a/apps/backend/src/app/api/latest/internal/mcp-review/mark-reviewed/route.ts b/apps/backend/src/app/api/latest/internal/mcp-review/mark-reviewed/route.ts
index 175fbd965..2d581e846 100644
--- a/apps/backend/src/app/api/latest/internal/mcp-review/mark-reviewed/route.ts
+++ b/apps/backend/src/app/api/latest/internal/mcp-review/mark-reviewed/route.ts
@@ -37,11 +37,16 @@ export const POST = createSmartRouteHandler({
       throw new StatusError(503, "SpacetimeDB unavailable");
     }
 
+    const authUser = fullReq.auth?.user;
+    if (!authUser) {
+      throw new StatusError(StatusError.Unauthorized, "Authentication required");
+    }
+
     const token = getEnvVariable("STACK_MCP_LOG_TOKEN");
     await conn.reducers.markHumanReviewed({
       token,
       correlationId: body.correlationId,
-      reviewedBy: fullReq.auth.user.display_name ?? fullReq.auth.user.primary_email ?? fullReq.auth.user.id,
+      reviewedBy: authUser.display_name ?? authUser.primary_email ?? authUser.id,
     });
 
     return {
diff --git a/apps/backend/src/app/api/latest/internal/mcp-review/update-correction/route.ts b/apps/backend/src/app/api/latest/internal/mcp-review/update-correction/route.ts
index f9371a38d..f4206c73e 100644
--- a/apps/backend/src/app/api/latest/internal/mcp-review/update-correction/route.ts
+++ b/apps/backend/src/app/api/latest/internal/mcp-review/update-correction/route.ts
@@ -40,6 +40,11 @@ export const POST = createSmartRouteHandler({
       throw new StatusError(503, "SpacetimeDB unavailable");
     }
 
+    const authUser = fullReq.auth?.user;
+    if (!authUser) {
+      throw new StatusError(StatusError.Unauthorized, "Authentication required");
+    }
+
     const token = getEnvVariable("STACK_MCP_LOG_TOKEN");
     await conn.reducers.updateHumanCorrection({
       token,
@@ -47,7 +52,7 @@ export const POST = createSmartRouteHandler({
       correctedQuestion: body.correctedQuestion,
       correctedAnswer: body.correctedAnswer,
       publish: body.publish,
-      reviewedBy: fullReq.auth.user.display_name ?? fullReq.auth.user.primary_email ?? fullReq.auth.user.id,
+      reviewedBy: authUser.display_name ?? authUser.primary_email ?? authUser.id,
     });
 
     return {