diff --git a/server.ts b/server.ts
index ae9bd91b..06eb2a4c 100644
--- a/server.ts
+++ b/server.ts
@@ -70,11 +70,18 @@ if ((process.env.JWT_SECRET || 'your_super_secret_jwt_key_change_this') === 'you
 
 // --- API Routes ---
 
+// The order of route registration is critical.
+// More specific routes should be registered before more general ones.
+// 1. Public routes that require no authentication.
 app.use('/api', publicRouter);
+// 2. Authentication routes for login, registration, etc.
 app.use('/api/auth', authRouter);
-app.use('/api', userRouter); // Contains protected user routes
-app.use('/api/admin', adminRouter);
+// 3. AI routes, some of which use optional authentication.
 app.use('/api/ai', aiRouter);
+// 4. Admin routes, which are all protected by admin-level checks.
+app.use('/api/admin', adminRouter);
+// 5. General authenticated user routes. This should come after other specific '/api' routes.
+app.use('/api', userRouter);
 
 // --- Error Handling and Server Startup ---