Middleware runs on every single request including static assets

Next.js middleware executes on EVERY request, including static files in /public. This means if you add auth middleware, your images, fonts, and other static assets all get routed through it too. The matcher config is confusing and the default behavior is wrong. You shouldn't have to opt-out static files from middleware - they should be excluded by default.