Cloud WebIDs can legitimately be linked to both Cloud and Local storage providers. The account dashboard, registration continuation, and consent picker must therefore resolve Pod choices inside the current SP scope instead of accepting the first account-level WebID or Pod fact.

This keeps provisionCode available until logout, uses the Local SP provision lookup for scoped dashboard/registration decisions, and lets consent evaluate every Pod candidate for a Cloud WebID before presenting it.

Constraint: Local mode uses Cloud issuer plus Local storage provider, so WebID identity and storage provider are intentionally different.
Rejected: Fall back to Cloud Pod facts when Local lookup fails | that silently binds Local login back to Cloud storage.
Confidence: high
Scope-risk: moderate
Directive: Do not clear provisionCode before logout; it is the scope carrier for account dashboard, registration, and consent.
Tested: bun run test:run tests/ui/registration-flow.test.ts tests/ui/storage-scope.test.ts tests/identity/ScopedPickWebIdHandler.test.ts tests/identity/PodLookupRepository.test.ts
Tested: bun run build
Tested: bun run test:integration
Tested: bun run publish:release:dry