Merge origin/main with local pending work and update AGENTS.md references

- Resolve 14 conflicts from popping local stash on top of origin's
  eed1e88 + 8d3352f doc-comment additions (11 mechanical, plus
  version.rs, DashboardAuthenticatorTests.cs, DashboardGalaxyProjector.cs)
- Fix 4 test files that used AGENTS.md as the repo-root sentinel
  (now use CLAUDE.md, since AGENTS.md was removed in 4731ab5)
- Redirect 10 doc citations from AGENTS.md to the matching gateway.md
  sections (Value Model, Status Model, Security, STA Worker Thread
  Model, gRPC Layer rule, cancellation rule)

Verified: solution build clean, x86 worker build clean, 266/266
gateway tests passing, 121/121 worker tests passing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

src/MxGateway.Server/Dashboard/Components/Layout/DashboardLayout.razor

@@ -26,14 +26,27 @@
                     <li class="nav-item">
                         <NavLink class="nav-link" href="galaxy">Galaxy</NavLink>
                     </li>
+                    <li class="nav-item">
+                        <NavLink class="nav-link" href="apikeys">API Keys</NavLink>
+                    </li>
                     <li class="nav-item">
                         <NavLink class="nav-link" href="settings">Settings</NavLink>
                     </li>
                 </ul>
-                <form method="post" action="@DashboardPath("/logout")" class="d-flex">
-                    <AntiforgeryToken />
-                    <button class="btn btn-outline-secondary btn-sm" type="submit">Sign out</button>
-                </form>
+                <AuthorizeView>
+                    <Authorized Context="authState">
+                        <div class="d-flex align-items-center gap-2">
+                            <span class="navbar-text">@authState.User.Identity?.Name</span>
+                            <form method="post" action="@DashboardPath("/logout")">
+                                <AntiforgeryToken />
+                                <button class="btn btn-outline-secondary btn-sm" type="submit">Sign out</button>
+                            </form>
+                        </div>
+                    </Authorized>
+                    <NotAuthorized>
+                        <a class="btn btn-outline-secondary btn-sm" href="@DashboardPath("/login")">Sign in</a>
+                    </NotAuthorized>
+                </AuthorizeView>
             </div>
         </div>
     </nav>

src/MxGateway.Server/Dashboard/Components/Pages/GalaxyPage.razor

@@ -190,6 +190,8 @@ else
 
     private int CommandTimeoutSeconds() => GalaxyOptions.Value.CommandTimeoutSeconds;
 
-    private string? GalaxyConnectionStringDisplay() =>
-        DashboardRedactor.Redact(GalaxyOptions.Value.ConnectionString);
+    private string GalaxyConnectionStringDisplay()
+    {
+        return DashboardConnectionStringDisplay.GalaxyRepositoryConnectionString(GalaxyOptions.Value.ConnectionString);
+    }
 }

src/MxGateway.Server/Dashboard/Components/Pages/SettingsPage.razor

@@ -25,6 +25,15 @@ else
                     <tr><th scope="row">Auth database</th><td><code>@Snapshot.Configuration.Authentication.SqlitePath</code></td></tr>
                     <tr><th scope="row">Pepper secret</th><td>@Snapshot.Configuration.Authentication.PepperSecretName</td></tr>
                     <tr><th scope="row">Run migrations</th><td>@Snapshot.Configuration.Authentication.RunMigrationsOnStartup</td></tr>
+                    <tr><th scope="row">LDAP enabled</th><td>@Snapshot.Configuration.Ldap.Enabled</td></tr>
+                    <tr><th scope="row">LDAP server</th><td>@Snapshot.Configuration.Ldap.Server:@Snapshot.Configuration.Ldap.Port</td></tr>
+                    <tr><th scope="row">LDAP TLS</th><td>@Snapshot.Configuration.Ldap.UseTls</td></tr>
+                    <tr><th scope="row">LDAP search base</th><td><code>@Snapshot.Configuration.Ldap.SearchBase</code></td></tr>
+                    <tr><th scope="row">LDAP service account</th><td><code>@Snapshot.Configuration.Ldap.ServiceAccountDn</code></td></tr>
+                    <tr><th scope="row">LDAP service password</th><td>@Snapshot.Configuration.Ldap.ServiceAccountPassword</td></tr>
+                    <tr><th scope="row">LDAP username attribute</th><td>@Snapshot.Configuration.Ldap.UserNameAttribute</td></tr>
+                    <tr><th scope="row">LDAP group attribute</th><td>@Snapshot.Configuration.Ldap.GroupAttribute</td></tr>
+                    <tr><th scope="row">LDAP required group</th><td>@Snapshot.Configuration.Ldap.RequiredGroup</td></tr>
                     <tr><th scope="row">Worker executable</th><td><code>@Snapshot.Configuration.Worker.ExecutablePath</code></td></tr>
                     <tr><th scope="row">Worker architecture</th><td>@Snapshot.Configuration.Worker.RequiredArchitecture</td></tr>
                     <tr><th scope="row">Startup timeout</th><td>@Snapshot.Configuration.Worker.StartupTimeoutSeconds seconds</td></tr>

src/MxGateway.Server/Dashboard/Components/_Imports.razor

@@ -8,5 +8,6 @@
 @using MxGateway.Server.Dashboard
 @using MxGateway.Server.Dashboard.Components.Layout
 @using MxGateway.Server.Dashboard.Components.Shared
+@using MxGateway.Server.Security.Authorization
 @using MxGateway.Server.Workers
 @using static Microsoft.AspNetCore.Components.Web.RenderMode