diff --git a/src/lib/auth-server.ts b/src/lib/auth-server.ts
index fe2111c..a1d10c7 100644
--- a/src/lib/auth-server.ts
+++ b/src/lib/auth-server.ts
@@ -5,7 +5,21 @@ import { env } from "@/lib/env"
 import { isAdmin, isStaff } from "@/lib/authz"
 import { auth } from "@/lib/auth"
 
-type ServerSession = Awaited<ReturnType<typeof auth.api.getSession>>
+type ServerSession = {
+  session: {
+    id: string
+    expiresAt: number
+  }
+  user: {
+    id: string
+    name: string
+    email: string
+    role: string
+    tenantId: string | null
+    avatarUrl: string | null
+    machinePersona: string | null
+  }
+}
 
 async function serializeCookies() {
   const store = await cookies()
@@ -46,7 +60,33 @@ export async function getServerSession(): Promise<ServerSession | null> {
       headers: request.headers,
       request,
     })
-    return session ?? null
+    if (!session) return null
+
+    const expiresValue = session.session.expiresAt
+    const expiresAt =
+      expiresValue instanceof Date
+        ? expiresValue.getTime()
+        : typeof expiresValue === "number"
+          ? expiresValue
+          : expiresValue
+            ? new Date(expiresValue).getTime()
+            : Date.now()
+
+    return {
+      session: {
+        id: session.session.id,
+        expiresAt,
+      },
+      user: {
+        id: session.user.id,
+        name: session.user.name,
+        email: session.user.email,
+        role: (session.user as { role?: string }).role ?? "agent",
+        tenantId: (session.user as { tenantId?: string | null }).tenantId ?? null,
+        avatarUrl: (session.user as { avatarUrl?: string | null }).avatarUrl ?? null,
+        machinePersona: (session.user as { machinePersona?: string | null }).machinePersona ?? null,
+      },
+    }
   } catch (error) {
     console.error("Failed to read Better Auth session", error)
     return null