14 — Blind Spot Action Plan (v_rp_blind_spot_action_plan)

9 blind spots, each with root cause, severity, safe fix, owner/operator, T1-can-fix-now, and the UI label to show until fixed.

blind spot	sev	owner	T1 now	fix
scanner_provenance_lie	P1	T1_SAFE_HOST_EDIT (deferred)	no	Wire orchestrator to write wf_scanner_run_log + registry last_run_at each run
ui_route_package_source	P1	OPERATOR	no	git push/deploy feat/rp-current-supervision @ d04d8e5 + 11-route smoke
kb_sop_docs	P2	OPERATOR	no	Full KB SOP crawl adapter
host_trigger_classes	P2	OWNER_PRESIDENT	no	Register AX-TRIGGER → triggers become RP-visible
dot_cron_declared_vs_host	P2	OWNER	yes	Reconcile 35 declared-not-scheduled cron DOTs
trigger_registry_snapshot_stale	P2	OWNER	yes	Refresh trigger_registry from pg_trigger
realrun_disabled	P2	AUTHORITY	no	Flip real_run_enabled after governance
fs_dot_bin_file_no_registry	P3	OWNER	yes	Triage 101 fs orphans helper vs DOT
process_candidate_manual	P3	OWNER	no	Wire candidate discovery into orchestrator

Severity reading

• 2 P1: the provenance lie (safe-eng, deferred this run to avoid scheduler mutation) and UI deploy (operator). Neither is a coverage hole.
• 0 P0: there is no source coverage that is unknown-and-unlabelled. Every gap is named, scoped, and routed.
• T1-can-fix-now (3): cron reconcile, trigger_registry refresh, fs orphan triage — all owner-reviewed but mechanically T1-doable; held because they touch canon/owner authority.