diff --git a/apps/client/index.html b/apps/client/index.html
index 923d162..ce1780e 100644
--- a/apps/client/index.html
+++ b/apps/client/index.html
@@ -2,9 +2,15 @@
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
-    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
+    <link rel="icon" type="image/svg+xml" href="/greenfield-3.svg" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>JWT-Auth Client</title>
+    <title>Green Field</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com" />
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+    <link
+      href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap"
+      rel="stylesheet"
+    />
   </head>
   <body>
     <div id="root"></div>
diff --git a/apps/client/public/greenfield-3.svg b/apps/client/public/greenfield-3.svg
new file mode 100644
index 0000000..4458b0d
--- /dev/null
+++ b/apps/client/public/greenfield-3.svg
@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64" role="img" aria-label="Green Field">
+  <!-- rounded square background -->
+  <rect x="6" y="6" width="52" height="52" rx="14" fill="#F5FBF6"></rect>
+
+  <!-- single-color drop for maximum simplicity -->
+  <path fill="#2E7D32" d="M32 13c7.6 10 13 18.3 13 27.7C45 48.8 39.2 54 32 54S19 48.8 19 40.7C19 31.3 24.4 23 32 13z"></path>
+
+  <!-- leaf cut (negative space) -->
+  <path fill="#F5FBF6" d="M43.5 29.2c-7.9 1.1-13.9 6.2-16.2 13.1 5.9-.2 11.7-3.2 14.8-8 1-1.6 1.5-3.3 1.4-5.1z"></path>
+</svg>
diff --git a/apps/client/public/vite.svg b/apps/client/public/vite.svg
deleted file mode 100644
index e7b8dfb..0000000
--- a/apps/client/public/vite.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="31.88" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 257"><defs><linearGradient id="IconifyId1813088fe1fbc01fb466" x1="-.828%" x2="57.636%" y1="7.652%" y2="78.411%"><stop offset="0%" stop-color="#41D1FF"></stop><stop offset="100%" stop-color="#BD34FE"></stop></linearGradient><linearGradient id="IconifyId1813088fe1fbc01fb467" x1="43.376%" x2="50.316%" y1="2.242%" y2="89.03%"><stop offset="0%" stop-color="#FFEA83"></stop><stop offset="8.333%" stop-color="#FFDD35"></stop><stop offset="100%" stop-color="#FFA800"></stop></linearGradient></defs><path fill="url(#IconifyId1813088fe1fbc01fb466)" d="M255.153 37.938L134.897 252.976c-2.483 4.44-8.862 4.466-11.382.048L.875 37.958c-2.746-4.814 1.371-10.646 6.827-9.67l120.385 21.517a6.537 6.537 0 0 0 2.322-.004l117.867-21.483c5.438-.991 9.574 4.796 6.877 9.62Z"></path><path fill="url(#IconifyId1813088fe1fbc01fb467)" d="M185.432.063L96.44 17.501a3.268 3.268 0 0 0-2.634 3.014l-5.474 92.456a3.268 3.268 0 0 0 3.997 3.378l24.777-5.718c2.318-.535 4.413 1.507 3.936 3.838l-7.361 36.047c-.495 2.426 1.782 4.5 4.151 3.78l15.304-4.649c2.372-.72 4.652 1.36 4.15 3.788l-11.698 56.621c-.732 3.542 3.979 5.473 5.943 2.437l1.313-2.028l72.516-144.72c1.215-2.423-.88-5.186-3.54-4.672l-25.505 4.922c-2.396.462-4.435-1.77-3.759-4.114l16.646-57.705c.677-2.35-1.37-4.583-3.769-4.113Z"></path></svg>
\ No newline at end of file
diff --git a/apps/client/src/App.jsx b/apps/client/src/App.jsx
deleted file mode 100644
index 1c87732..0000000
--- a/apps/client/src/App.jsx
+++ /dev/null
@@ -1,158 +0,0 @@
-import React from 'react'
-import './App.css'
-import { ApiError, fetchWithCred, fetchWithRefresh } from './lib/api'
-
-function Spinner() {
-  return <div className="spinner" />
-}
-
-function App() {
-
-  const [isLogin, setIsLogin] = React.useState(false)
-  const [isLoading, setIsLoading] = React.useState(false)
-  const [csrfToken, setCsrfToken] = React.useState('')
-
-  const handleLogin = async () => {
-    try {
-      setIsLoading(true)
-      const url = `${import.meta.env.VITE_AUTH_SERVICE_URL}/auth/login`
-      console.log('AUTH URL:', import.meta.env.VITE_AUTH_SERVICE_URL)
-      const response = await fetchWithCred(url, {
-        method: 'POST',
-        body: JSON.stringify({
-          empLoginId: 'djhyoja',
-          empLoginPassword: '2145'
-        })
-      })
-      if (!response.ok) {
-        const data = await response.json()
-        throw new ApiError(data.message || 'Login failed', response.status, data)
-      }
-
-      const token = document.cookie
-        .split('; ')
-        .find(row => row.startsWith('csrfToken='))
-        ?.split('=')[1]
-
-      setCsrfToken(token)
-
-      const result = await response.json()
-      console.log('[Client] Login response:', result)
-
-      setIsLogin(true)
-    } catch(err) {
-      if (err instanceof ApiError) {
-        console.log('[Client] API Error:', err.message)
-        console.log('[Client] Status:', err.statusCode)
-        console.log('[Client] Details:', err.details)
-      } else {
-        console.log('[Client] Unexpected error:', err)
-      }
-    } finally {
-      setIsLoading(false)
-    }
-  }
-
-  const handleLogout = async () => {
-    try {
-      setIsLoading(true)
-      const url = `${import.meta.env.VITE_AUTH_SERVICE_URL}/auth/logout`
-      const response = await fetchWithCred(url, {
-        method: 'POST',
-        //...(csrfToken && { headers: { 'x-csrf-token': csrfToken }})
-      })
-      if (!response.ok) {
-        const data = await response.json()
-        throw new ApiError(data.message || 'Failed to logout', response.status, data)
-      }
-      console.log('[Client] Logout response:', response)
-      setIsLogin(false)
-    } catch(err) {
-      if (err instanceof ApiError) {
-        console.log('[Client] API Error:', err.message)
-        console.log('[Client] Status:', err.statusCode)
-        console.log('[Client] Details:', err.details)
-      } else {
-        console.log('[Client] Unexpected error:', err)
-      }
-    } finally {
-      setIsLoading(false)
-    }
-  }
-
-  const handleProducts = async () => {
-    try {
-      setIsLoading(true)
-      const url = `${import.meta.env.VITE_AUTH_SERVICE_URL}/api/products`
-      const response = await fetchWithRefresh(url,{},{ retries: 5 }, csrfToken)
-      if (!response.ok) {
-        const data = await response.json()
-        throw new ApiError(data.message || 'Failed to get products', response.status, data)
-      }
-      const result = await response.json()
-      console.log('[Client] Get Products response:', result)
-    } catch(err) {
-      if (err instanceof ApiError) {
-        console.log('[Client] API Error:', err.message)
-        console.log('[Client] Status:', err.statusCode)
-        console.log('[Client] Details:', err.details)
-      } else {
-        console.log('[Client] Unexpected error:', err)
-      }
-    } finally {
-      setIsLoading(false)
-    }
-  }
-
-  const handleRefresh = async () => {
-    try {
-      setIsLoading(true)
-      const url = `${import.meta.env.VITE_AUTH_SERVICE_URL}/auth/refresh`
-      const response = await fetchWithCred(url,{ 
-        method: 'POST',
-        ...(csrfToken && { headers: { 'x-csrf-token': csrfToken }})
-      })
-      if (!response.ok) {
-        const data = await response.json()
-        throw new ApiError(data.message || 'Failed to refresh', response.status, data)
-      }
-
-      const token = document.cookie
-        .split('; ')
-        .find(row => row.startsWith('csrfToken='))
-        ?.split('=')[1]
-      setCsrfToken(token)
-      
-      const result = await response.json()
-      console.log('[Client] Get Products response:', result)
-    } catch(err) {
-      if (err instanceof ApiError) {
-        console.log('[Client] API Error:', err.message)
-        console.log('[Client] Status:', err.statusCode)
-        console.log('[Client] Details:', err.details)
-      } else {
-        console.log('[Client] Unexpected error:', err)
-      }
-    } finally {
-      setIsLoading(false)
-    }
-  }
-
-  return (
-    <div className="container">
-      <h4>JWT-Auth Client</h4>
-      <p>Open the browser's <strong>DevTools</strong> and check the <strong>Console</strong> and <strong>Network</strong> tabs for authentication and request activity.</p>
-      {
-        isLogin ? (
-          <button onClick={handleLogout} disabled={isLoading}>Logout</button>
-        ):(
-          <button onClick={handleLogin} disabled={isLoading}>Login</button>
-        )
-      }
-      <button onClick={handleProducts} disabled={isLoading}>{ isLoading && <Spinner /> }Get Products</button>
-      <button onClick={handleRefresh} disabled={isLoading}>{ isLoading && <Spinner /> }Refresh</button>
-    </div>
-  )
-}
-
-export default App
diff --git a/apps/client/src/App.css b/apps/client/src/app/App.css
similarity index 100%
rename from apps/client/src/App.css
rename to apps/client/src/app/App.css
diff --git a/apps/client/src/app/App.jsx b/apps/client/src/app/App.jsx
new file mode 100644
index 0000000..665e6d3
--- /dev/null
+++ b/apps/client/src/app/App.jsx
@@ -0,0 +1,46 @@
+// src/app/App.jsx
+import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom'
+import { AuthProvider, useAuth } from './providers/AuthProvider'
+import MainLayout from '../layouts/MainLayout'
+import AuthLayout from '../layouts/AuthLayout'
+import Login from '../auth/pages/Login'
+import Home from '../auth/pages/Home'
+import { RequireAuth } from '../auth/authGuard'
+
+function AppRoutes() {
+  const { user } = useAuth()
+
+  return (
+    <Routes>
+      <Route
+        path="/login"
+        element={
+          user
+            ? <Navigate to="/" replace />
+            : <AuthLayout><Login /></AuthLayout>
+        }
+      />
+
+      <Route
+        path="/"
+        element={
+          <RequireAuth>
+            <MainLayout />
+          </RequireAuth>
+        }
+      >
+        <Route index element={<Home />} />
+      </Route>
+    </Routes>
+  )
+}
+
+export default function App() {
+  return (
+    <BrowserRouter>
+      <AuthProvider>
+        <AppRoutes />
+      </AuthProvider>
+    </BrowserRouter>
+  )
+}
diff --git a/apps/client/src/app/providers/AuthProvider.jsx b/apps/client/src/app/providers/AuthProvider.jsx
new file mode 100644
index 0000000..108b411
--- /dev/null
+++ b/apps/client/src/app/providers/AuthProvider.jsx
@@ -0,0 +1,34 @@
+import { createContext, useContext, useEffect, useState } from 'react'
+import { fetchWithRefresh } from '../../lib/api'
+
+const AuthContext = createContext(null)
+
+export function AuthProvider({ children }) {
+  const [user, setUser] = useState(null)
+  const [loading, setLoading] = useState(true)
+
+  useEffect(() => {
+  fetchWithRefresh(`${import.meta.env.VITE_AUTH_SERVICE_URL}/auth/me`)
+    .then(res => res.ok ? res.json() : null)
+    .then(data => {
+      if (data?.authenticated) {
+        setUser(data)
+      } else {
+        setUser(null)
+      }
+    })
+    .catch(() => setUser(null))
+    .finally(() => setLoading(false))
+}, [])
+
+  const login = (userData) => setUser(userData)
+  const logout = () => setUser(null)
+
+  return (
+    <AuthContext.Provider value={{ user, loading, login, logout }}>
+      {children}
+    </AuthContext.Provider>
+  )
+}
+
+export const useAuth = () => useContext(AuthContext)
diff --git a/apps/client/src/assets/react.svg b/apps/client/src/assets/react.svg
deleted file mode 100644
index 6c87de9..0000000
--- a/apps/client/src/assets/react.svg
+++ /dev/null
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true" role="img" class="iconify iconify--logos" width="35.93" height="32" preserveAspectRatio="xMidYMid meet" viewBox="0 0 256 228"><path fill="#00D8FF" d="M210.483 73.824a171.49 171.49 0 0 0-8.24-2.597c.465-1.9.893-3.777 1.273-5.621c6.238-30.281 2.16-54.676-11.769-62.708c-13.355-7.7-35.196.329-57.254 19.526a171.23 171.23 0 0 0-6.375 5.848a155.866 155.866 0 0 0-4.241-3.917C100.759 3.829 77.587-4.822 63.673 3.233C50.33 10.957 46.379 33.89 51.995 62.588a170.974 170.974 0 0 0 1.892 8.48c-3.28.932-6.445 1.924-9.474 2.98C17.309 83.498 0 98.307 0 113.668c0 15.865 18.582 31.778 46.812 41.427a145.52 145.52 0 0 0 6.921 2.165a167.467 167.467 0 0 0-2.01 9.138c-5.354 28.2-1.173 50.591 12.134 58.266c13.744 7.926 36.812-.22 59.273-19.855a145.567 145.567 0 0 0 5.342-4.923a168.064 168.064 0 0 0 6.92 6.314c21.758 18.722 43.246 26.282 56.54 18.586c13.731-7.949 18.194-32.003 12.4-61.268a145.016 145.016 0 0 0-1.535-6.842c1.62-.48 3.21-.974 4.76-1.488c29.348-9.723 48.443-25.443 48.443-41.52c0-15.417-17.868-30.326-45.517-39.844Zm-6.365 70.984c-1.4.463-2.836.91-4.3 1.345c-3.24-10.257-7.612-21.163-12.963-32.432c5.106-11 9.31-21.767 12.459-31.957c2.619.758 5.16 1.557 7.61 2.4c23.69 8.156 38.14 20.213 38.14 29.504c0 9.896-15.606 22.743-40.946 31.14Zm-10.514 20.834c2.562 12.94 2.927 24.64 1.23 33.787c-1.524 8.219-4.59 13.698-8.382 15.893c-8.067 4.67-25.32-1.4-43.927-17.412a156.726 156.726 0 0 1-6.437-5.87c7.214-7.889 14.423-17.06 21.459-27.246c12.376-1.098 24.068-2.894 34.671-5.345a134.17 134.17 0 0 1 1.386 6.193ZM87.276 214.515c-7.882 2.783-14.16 2.863-17.955.675c-8.075-4.657-11.432-22.636-6.853-46.752a156.923 156.923 0 0 1 1.869-8.499c10.486 2.32 22.093 3.988 34.498 4.994c7.084 9.967 14.501 19.128 21.976 27.15a134.668 134.668 0 0 1-4.877 4.492c-9.933 8.682-19.886 14.842-28.658 17.94ZM50.35 144.747c-12.483-4.267-22.792-9.812-29.858-15.863c-6.35-5.437-9.555-10.836-9.555-15.216c0-9.322 13.897-21.212 37.076-29.293c2.813-.98 5.757-1.905 8.812-2.773c3.204 10.42 7.406 21.315 12.477 32.332c-5.137 11.18-9.399 22.249-12.634 32.792a134.718 134.718 0 0 1-6.318-1.979Zm12.378-84.26c-4.811-24.587-1.616-43.134 6.425-47.789c8.564-4.958 27.502 2.111 47.463 19.835a144.318 144.318 0 0 1 3.841 3.545c-7.438 7.987-14.787 17.08-21.808 26.988c-12.04 1.116-23.565 2.908-34.161 5.309a160.342 160.342 0 0 1-1.76-7.887Zm110.427 27.268a347.8 347.8 0 0 0-7.785-12.803c8.168 1.033 15.994 2.404 23.343 4.08c-2.206 7.072-4.956 14.465-8.193 22.045a381.151 381.151 0 0 0-7.365-13.322Zm-45.032-43.861c5.044 5.465 10.096 11.566 15.065 18.186a322.04 322.04 0 0 0-30.257-.006c4.974-6.559 10.069-12.652 15.192-18.18ZM82.802 87.83a323.167 323.167 0 0 0-7.227 13.238c-3.184-7.553-5.909-14.98-8.134-22.152c7.304-1.634 15.093-2.97 23.209-3.984a321.524 321.524 0 0 0-7.848 12.897Zm8.081 65.352c-8.385-.936-16.291-2.203-23.593-3.793c2.26-7.3 5.045-14.885 8.298-22.6a321.187 321.187 0 0 0 7.257 13.246c2.594 4.48 5.28 8.868 8.038 13.147Zm37.542 31.03c-5.184-5.592-10.354-11.779-15.403-18.433c4.902.192 9.899.29 14.978.29c5.218 0 10.376-.117 15.453-.343c-4.985 6.774-10.018 12.97-15.028 18.486Zm52.198-57.817c3.422 7.8 6.306 15.345 8.596 22.52c-7.422 1.694-15.436 3.058-23.88 4.071a382.417 382.417 0 0 0 7.859-13.026a347.403 347.403 0 0 0 7.425-13.565Zm-16.898 8.101a358.557 358.557 0 0 1-12.281 19.815a329.4 329.4 0 0 1-23.444.823c-7.967 0-15.716-.248-23.178-.732a310.202 310.202 0 0 1-12.513-19.846h.001a307.41 307.41 0 0 1-10.923-20.627a310.278 310.278 0 0 1 10.89-20.637l-.001.001a307.318 307.318 0 0 1 12.413-19.761c7.613-.576 15.42-.876 23.31-.876H128c7.926 0 15.743.303 23.354.883a329.357 329.357 0 0 1 12.335 19.695a358.489 358.489 0 0 1 11.036 20.54a329.472 329.472 0 0 1-11 20.722Zm22.56-122.124c8.572 4.944 11.906 24.881 6.52 51.026c-.344 1.668-.73 3.367-1.15 5.09c-10.622-2.452-22.155-4.275-34.23-5.408c-7.034-10.017-14.323-19.124-21.64-27.008a160.789 160.789 0 0 1 5.888-5.4c18.9-16.447 36.564-22.941 44.612-18.3ZM128 90.808c12.625 0 22.86 10.235 22.86 22.86s-10.235 22.86-22.86 22.86s-22.86-10.235-22.86-22.86s10.235-22.86 22.86-22.86Z"></path></svg>
\ No newline at end of file
diff --git a/apps/client/src/auth/authGuard.jsx b/apps/client/src/auth/authGuard.jsx
new file mode 100644
index 0000000..60e59da
--- /dev/null
+++ b/apps/client/src/auth/authGuard.jsx
@@ -0,0 +1,11 @@
+import { Navigate } from 'react-router-dom'
+import { useAuth } from '../app/providers/AuthProvider'
+
+export function RequireAuth({ children }) {
+  const { user, loading } = useAuth()
+
+  if (loading) return <div>Loading...</div>
+  if (!user) return <Navigate to="/login" replace />
+
+  return children
+}
diff --git a/apps/client/src/auth/pages/Home.jsx b/apps/client/src/auth/pages/Home.jsx
new file mode 100644
index 0000000..98bace7
--- /dev/null
+++ b/apps/client/src/auth/pages/Home.jsx
@@ -0,0 +1,9 @@
+// src/pages/Home.jsx
+export default function Home() {
+  return (
+    <div>
+      <h2>Home</h2>
+      <p>Welcome to ERP</p>
+    </div>
+  )
+}
diff --git a/apps/client/src/auth/pages/Login.jsx b/apps/client/src/auth/pages/Login.jsx
new file mode 100644
index 0000000..6080e07
--- /dev/null
+++ b/apps/client/src/auth/pages/Login.jsx
@@ -0,0 +1,84 @@
+import { useState } from 'react'
+import { fetchWithCred } from '../../lib/api'
+import { useAuth } from '../../app/providers/AuthProvider'
+
+export default function Login() {
+  const { login } = useAuth()
+
+  const [form, setForm] = useState({
+    empLoginId: '',
+    empLoginPassword: ''
+  })
+  const [loading, setLoading] = useState(false)
+  const [error, setError] = useState(null)
+
+  const handleChange = (e) => {
+    setForm({
+      ...form,
+      [e.target.name]: e.target.value
+    })
+  }
+
+  const handleLogin = async (e) => {
+    // enter 키에 페이지 리로드막고 직접 처리
+    e.preventDefault() 
+    try {
+      setLoading(true)
+      setError(null)
+
+      const res = await fetchWithCred(
+        `${import.meta.env.VITE_AUTH_SERVICE_URL}/auth/login`,
+        {
+          method: 'POST',
+          body: JSON.stringify(form)
+        }
+      )
+
+      if (!res.ok) {
+        throw new Error('Invalid ID or password')
+      }
+
+      const user = await res.json()
+      login(user)
+    } catch (e) {
+      setError(e.message)
+    } finally {
+      setLoading(false)
+    }
+  }
+
+  return (
+    <form className="login-box" onSubmit={handleLogin}>
+      <h2 className="login-title">GREEN FIELD</h2>
+
+      <input
+        className="login-input"
+        name="empLoginId"
+        placeholder="Login ID"
+        value={form.empLoginId}
+        onChange={handleChange}
+        disabled={loading}
+      />
+
+      <input
+        className="login-input"
+        name="empLoginPassword"
+        type="password"
+        placeholder="Password"
+        value={form.empLoginPassword}
+        onChange={handleChange}
+        disabled={loading}
+      />
+
+      {error && <div className="login-error">{error}</div>}
+
+      <button
+        className="login-button"
+        type="submit"
+        disabled={loading || !form.empLoginId || !form.empLoginPassword}
+      >
+        {loading ? 'Signing in...' : 'Login'}
+      </button>
+    </form>
+  )
+}
diff --git a/apps/client/src/index.css b/apps/client/src/index.css
index 561b5ae..8083666 100644
--- a/apps/client/src/index.css
+++ b/apps/client/src/index.css
@@ -1,80 +1,122 @@
-:root {
-  font-family: system-ui, Avenir, Helvetica, Arial, sans-serif;
-  line-height: 1.5;
-  font-weight: 400;
-
-  color-scheme: light dark;
-  color: rgba(255, 255, 255, 0.87);
-  background-color: #242424;
-
-  font-synthesis: none;
-  text-rendering: optimizeLegibility;
-  -webkit-font-smoothing: antialiased;
-  -moz-osx-font-smoothing: grayscale;
-}
-
-a {
-  font-weight: 500;
-  color: #646cff;
-  text-decoration: inherit;
-}
-a:hover {
-  color: #535bf2;
-}
-
-body {
+/* index.css */
+html, body {
+  height: 100%;
   margin: 0;
+  padding: 0;
+  font-family: 'Inter', system-ui, -apple-system, BlinkMacSystemFont,
+               'Segoe UI', Roboto, Helvetica, Arial, sans-serif;
+  color: #1f2937;
+  background-color: #f9fafb;
+}
+
+.layout {
+  height: 100vh;
   display: flex;
-  place-items: center;
-  min-width: 320px;
-  min-height: 100vh;
+  flex-direction: column;
 }
 
-h1 {
-  font-size: 3.2em;
-  line-height: 1.1;
-}
-
-h4 {
-  font-size: 1.2em;
-  line-height: 1.1;
-  margin: 0;
-}
-
-ul {
-  margin: 0;
+h1, h2, h3, h4 {
+  font-weight: 600;
+  letter-spacing: -0.01em;
 }
 
 button {
-  border-radius: 8px;
-  border: 1px solid transparent;
-  padding: 0.6em 1.2em;
-  font-size: 1em;
-  font-weight: 500;
   font-family: inherit;
-  background-color: #1a1a1a;
-  cursor: pointer;
-  transition: border-color 0.25s;
-  display: flex;
-  align-items: center;
-}
-button:hover {
-  border-color: #646cff;
-}
-button:focus,
-button:focus-visible {
-  outline: 4px auto -webkit-focus-ring-color;
+  font-weight: 500;
 }
 
-@media (prefers-color-scheme: light) {
-  :root {
-    color: #213547;
-    background-color: #ffffff;
-  }
-  a:hover {
-    color: #747bff;
-  }
-  button {
-    background-color: #f9f9f9;
-  }
+.topbar {
+  height: 56px;
+  background: #4CAF50;
+  color: white;
+  display: flex;
+  align-items: center;
+  padding: 0 16px;
+  justify-content: space-between;
 }
+
+.body {
+  flex: 1;
+  display: flex;
+}
+
+.sidebar {
+  width: 220px;
+  background: #f4f6f8;
+}
+
+.content {
+  flex: 1;
+  padding: 16px;
+}
+
+.user-info {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+}
+
+.user-name {
+  font-weight: 500;
+}
+
+.logout-btn {
+  background: transparent;
+  border: 1px solid white;
+  color: white;
+  padding: 4px 10px;
+  border-radius: 4px;
+  cursor: pointer;
+}
+
+/* login */
+.login-box {
+  width: 320px;
+  padding: 32px;
+  background: white;
+  border-radius: 8px;
+  box-shadow: 0 4px 12px rgba(0, 0, 0, 0.08);
+  display: flex;
+  flex-direction: column;
+  gap: 14px;
+}
+
+.login-title {
+  text-align: center;
+  margin-bottom: 8px;
+}
+
+.login-input {
+  height: 40px;
+  padding: 0 12px;
+  font-size: 14px;
+  border: 1px solid #dcdfe3;
+  border-radius: 4px;
+}
+
+.login-input:focus {
+  outline: none;
+  border-color: #4CAF50;
+}
+
+.login-button {
+  height: 40px;
+  font-size: 14px;
+  border-radius: 4px;
+  border: none;
+  background: #4CAF50;
+  color: white;
+  cursor: pointer;
+}
+
+.login-button:disabled {
+  background: #b5d6b8;
+  cursor: not-allowed;
+}
+
+.login-error {
+  font-size: 13px;
+  color: #d32f2f;
+  text-align: center;
+}
+
diff --git a/apps/client/src/layouts/AuthLayout.jsx b/apps/client/src/layouts/AuthLayout.jsx
new file mode 100644
index 0000000..180687a
--- /dev/null
+++ b/apps/client/src/layouts/AuthLayout.jsx
@@ -0,0 +1,13 @@
+export default function AuthLayout({ children }) {
+  return (
+    <div style={{
+      height: '100vh',
+      display: 'flex',
+      justifyContent: 'center',
+      alignItems: 'center',
+      background: '#f4f6f8'
+    }}>
+      {children}
+    </div>
+  )
+}
diff --git a/apps/client/src/layouts/MainLayout.jsx b/apps/client/src/layouts/MainLayout.jsx
new file mode 100644
index 0000000..a0c35f1
--- /dev/null
+++ b/apps/client/src/layouts/MainLayout.jsx
@@ -0,0 +1,24 @@
+// src/layouts/MainLayout.jsx
+import { Outlet } from 'react-router-dom'
+import TopBar from './TopBar'
+
+export default function MainLayout() {
+  return (
+    <div className="layout">
+      <TopBar />
+
+      <div className="body">
+        <aside className="sidebar">
+          <ul>
+            <li>Employee</li>
+            <li>Department</li>
+          </ul>
+        </aside>
+
+        <main className="content">
+          <Outlet />
+        </main>
+      </div>
+    </div>
+  )
+}
diff --git a/apps/client/src/layouts/TopBar.jsx b/apps/client/src/layouts/TopBar.jsx
new file mode 100644
index 0000000..6e623da
--- /dev/null
+++ b/apps/client/src/layouts/TopBar.jsx
@@ -0,0 +1,45 @@
+import { useNavigate } from 'react-router-dom'
+import { useAuth } from '../app/providers/AuthProvider'
+import { fetchWithCred } from '../lib/api'
+
+export default function TopBar() {
+  const { user, logout } = useAuth()
+  const navigate = useNavigate()
+
+  const handleLogout = async () => {
+    try {
+      await fetchWithCred(
+        `${import.meta.env.VITE_AUTH_SERVICE_URL}/auth/logout`,
+        { method: 'POST' }
+      )
+    } catch (e) {
+      // 서버 에러 나도 프론트는 로그아웃 처리
+      console.warn('Logout request failed', e)
+    } finally {
+      logout()
+      navigate('/login', { replace: true })
+    }
+  }
+
+  return (
+    <header className="topbar">
+      <div className="logo">GREEN FIELD</div>
+
+      <nav className="top-menu">
+        <span>HR</span>
+        <span>ACCOUNT</span>
+        <span>CUSTOMER</span>
+        <span>OPERATION</span>
+      </nav>
+
+      <div className="user-info">
+        <span className="user-name">
+          {user?.firstName} {user?.lastName}
+        </span>
+        <button className="logout-btn" onClick={handleLogout}>
+          Logout
+        </button>
+      </div>
+    </header>
+  )
+}
diff --git a/apps/client/src/lib/api.js b/apps/client/src/lib/api.js
index 6810805..6585e6b 100644
--- a/apps/client/src/lib/api.js
+++ b/apps/client/src/lib/api.js
@@ -48,7 +48,7 @@ export const fetchWithRefresh = async (url, options = {}, { retries = 1, timeout
 
   if (response.status === 401) {
     console.log('Access token expired, trying refresh...')
-    const refreshRes = await fetchWithCred(`${import.meta.env.VITE_AUTH_SERVICE_URL}/api/refresh`, 
+    const refreshRes = await fetchWithCred(`${import.meta.env.VITE_AUTH_SERVICE_URL}/auth/token/refresh`, 
       { 
         method: 'POST',
         ...(csrfToken && { headers: { 'x-csrf-token': csrfToken }})
diff --git a/apps/client/src/main.jsx b/apps/client/src/main.jsx
index b9a1a6d..6e1b90d 100644
--- a/apps/client/src/main.jsx
+++ b/apps/client/src/main.jsx
@@ -1,10 +1,8 @@
-import { StrictMode } from 'react'
+// src/main.jsx
 import { createRoot } from 'react-dom/client'
+import App from './app/App'
 import './index.css'
-import App from './App.jsx'
 
 createRoot(document.getElementById('root')).render(
-  <StrictMode>
-    <App />
-  </StrictMode>,
+  <App />
 )
diff --git a/package-lock.json b/package-lock.json
index 15fd308..82d5826 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,6 +12,9 @@
         "apps/*",
         "shared"
       ],
+      "dependencies": {
+        "react-router-dom": "^7.13.0"
+      },
       "devDependencies": {
         "concurrently": "^9.0.0"
       }
@@ -3697,6 +3700,57 @@
         "node": ">=0.10.0"
       }
     },
+    "node_modules/react-router": {
+      "version": "7.13.0",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-7.13.0.tgz",
+      "integrity": "sha512-PZgus8ETambRT17BUm/LL8lX3Of+oiLaPuVTRH3l1eLvSPpKO3AvhAEb5N7ihAFZQrYDqkvvWfFh9p0z9VsjLw==",
+      "license": "MIT",
+      "dependencies": {
+        "cookie": "^1.0.1",
+        "set-cookie-parser": "^2.6.0"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=18",
+        "react-dom": ">=18"
+      },
+      "peerDependenciesMeta": {
+        "react-dom": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/react-router-dom": {
+      "version": "7.13.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-7.13.0.tgz",
+      "integrity": "sha512-5CO/l5Yahi2SKC6rGZ+HDEjpjkGaG/ncEP7eWFTvFxbHP8yeeI0PxTDjimtpXYlR3b3i9/WIL4VJttPrESIf2g==",
+      "license": "MIT",
+      "dependencies": {
+        "react-router": "7.13.0"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      },
+      "peerDependencies": {
+        "react": ">=18",
+        "react-dom": ">=18"
+      }
+    },
+    "node_modules/react-router/node_modules/cookie": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-1.1.1.tgz",
+      "integrity": "sha512-ei8Aos7ja0weRpFzJnEA9UHJ/7XQmqglbRwnf2ATjcB9Wq874VKH9kfjjirM6UhU2/E5fFYadylyhFldcqSidQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
     "node_modules/readdirp": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
@@ -3886,6 +3940,12 @@
         "node": ">= 18"
       }
     },
+    "node_modules/set-cookie-parser": {
+      "version": "2.7.2",
+      "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.2.tgz",
+      "integrity": "sha512-oeM1lpU/UvhTxw+g3cIfxXHyJRc/uidd3yK1P242gzHds0udQBYzs3y8j4gCCW+ZJ7ad0yctld8RYO+bdurlvw==",
+      "license": "MIT"
+    },
     "node_modules/setprototypeof": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
diff --git a/package.json b/package.json
index 5c4b756..2348617 100644
--- a/package.json
+++ b/package.json
@@ -27,5 +27,8 @@
     "demo"
   ],
   "author": "supershaneski",
-  "license": "MIT"
+  "license": "MIT",
+  "dependencies": {
+    "react-router-dom": "^7.13.0"
+  }
 }