diff --git a/src/api.js b/src/api.js
index 4548dce..fe8fd02 100644
--- a/src/api.js
+++ b/src/api.js
@@ -292,7 +292,18 @@ export async function fetchLandclass(lat, lon, signal) {
 
 /**
  * Check authentication state via whoami endpoint.
- * Uses redirect: manual to detect auth without triggering navigation.
+ *
+ * PATTERN: Uses fetch with redirect:'manual' to detect Authentik SSO state
+ * without triggering browser navigation. When unauthenticated, Caddy's
+ * forward_auth returns a 302 redirect to Authentik. With redirect:'manual',
+ * the browser exposes this as resp.type === 'opaqueredirect' instead of
+ * following the redirect.
+ *
+ * DEPENDENCIES:
+ * - /api/auth/whoami must be in Caddy's @authed_user path matcher
+ * - Authentik proxy outpost must return 302 (not 401) for unauthed requests
+ * - If Authentik changes to return 401, update the status check below
+ *
  * @returns {Promise<{authenticated: boolean, username: string|null}>}
  */
 export async function fetchAuthState() {
diff --git a/src/components/MapView.jsx b/src/components/MapView.jsx
index d4e11f8..6da9442 100644
--- a/src/components/MapView.jsx
+++ b/src/components/MapView.jsx
@@ -1504,7 +1504,7 @@ const MapView = forwardRef(function MapView(_, ref) {
       >
         Z {zoomLevel.toFixed(1)}
       </div>
-      {/* Radial context menu */}
+      {/* Radial menu disabled until actions are wired
       <RadialMenu
         open={radialMenu.open}
         x={radialMenu.x}
@@ -1515,6 +1515,7 @@ const MapView = forwardRef(function MapView(_, ref) {
         centerLabel={radialMenu.centerLabel}
         onDismiss={() => setRadialMenu((m) => ({ ...m, open: false }))}
       />
+      */}
     </div>
   )
 })