The four-step coachmark over the top tabs was a tour pretending to be
guidance: each step duplicated the tab title in one sentence, and the
Reopen control on /settings/system-general spawned a centered panel with
no spotlight target because the tabs only exist on dashboard routes.
Delete the modal, the localStorage dismissal key, the reopen event, the
Reopen row in General settings, and the matching guardrails so the
shared-primitives tests stop pinning the deleted owner split. Drop the
WhatsNew dismissal helpers and addInitScript bypasses from the
integration suite, and the dedicated tour test in
19-telemetry-disclosure.
Keep the buffered EOF compatibility path for OpenAI-compatible streams that omit [DONE] but provide a terminal finish_reason, while rejecting truncated tool-call streams before they can produce executable tool calls.
Refs #1411
Refs #1412
Retire runtime/API/UI monitored-system volume enforcement now that infrastructure monitoring is no longer capped.
Keep only legacy metadata scrubbing and purchase-start compatibility for old max_monitored_systems references.
Rename the remaining preview surface to monitored-system impact and make previews explanatory rather than save-blocking.
Update subsystem contracts and RA7 evidence for the caps-retired invariant.
Derive OIDC and SAML browser-session principals from provider-scoped subjects instead of mutable username or email claims.
Preserve compatibility by migrating legacy username/email RBAC assignments to the stable SSO principal when no authoritative group mapping is present, and pin the invariant in API/security contracts.
Resolve hosted magic-link verification through current organization membership so sessions bind to the stored stable user principal instead of token email.
Add the v6 identity invariant contract and static guards covering hosted handoff, checkout, provisioning, and magic-link boundaries.
