diff --git a/resources/views/app.blade.php b/resources/views/app.blade.php
new file mode 100644
index 0000000..04aa5ce
--- /dev/null
+++ b/resources/views/app.blade.php
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="csrf-token" content="{{ csrf_token() }}">
+    <title>FuelAlert</title>
+    @vite(['resources/css/app.css', 'resources/js/app.js'])
+</head>
+<body class="bg-[#f5ede5]">
+    <div id="app"></div>
+</body>
+</html>
diff --git a/routes/web.php b/routes/web.php
index 6e3732e..f30ae12 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -7,3 +7,6 @@ Route::middleware(['auth', 'verified'])->group(function (): void {
 });
 
 require __DIR__.'/settings.php';
+
+// SPA catch-all — must be last
+Route::get('/{any}', fn () => view('app'))->where('any', '.*')->name('spa');
diff --git a/tests/Feature/SpaRouteTest.php b/tests/Feature/SpaRouteTest.php
new file mode 100644
index 0000000..e7c77a3
--- /dev/null
+++ b/tests/Feature/SpaRouteTest.php
@@ -0,0 +1,23 @@
+<?php
+
+it('serves the spa shell for the root path', function (): void {
+    $response = $this->get('/');
+
+    $response->assertStatus(200);
+    $response->assertSee('<div id="app">', false);
+});
+
+it('serves the spa shell for unknown frontend paths', function (): void {
+    $response = $this->get('/some/frontend/route');
+
+    $response->assertStatus(200);
+    $response->assertSee('<div id="app">', false);
+});
+
+it('does not intercept api routes', function (): void {
+    $response = $this->get('/api/stations');
+
+    // API route handles it (403 from missing key, not SPA HTML)
+    $response->assertStatus(403);
+    $response->assertJson(['message' => '']);
+});