diff --git a/crates/rrt-runtime/src/smp.rs b/crates/rrt-runtime/src/smp.rs
index 0c49778..8504d49 100644
--- a/crates/rrt-runtime/src/smp.rs
+++ b/crates/rrt-runtime/src/smp.rs
@@ -4375,6 +4375,9 @@ fn build_region_service_trace_report(
     notes.push(
         "A direct-writer census now narrows the remaining literal offset path further: the other `0x302/0x316` writer bands at 0x0043dd45/0x0043de19/0x0043e0a7/0x0043f5bc all hang off the same non-region 0x005ca078 object family as 0x0043a5a0 through helpers 0x0043af60/0x0043b030, so the only grounded region-owned literal writes left are the constructor 0x00421200 plus the producer/consumer pair 0x00422100 and 0x004358d0.".to_string(),
     );
+    notes.push(
+        "The later post-load per-region sweep is ruled down further now too: in the 0x00444887 restore strip, the follow-on loop at 0x00444b90 dispatches 0x00420560 over each live region, but that helper only zeroes and recomputes [region+0x312] from the embedded profile collection [region+0x37f]/[region+0x383] and lazily seeds the year-driven [region+0x317/+0x31b] band through 0x00420350, not [region+0x276/+0x302/+0x316].".to_string(),
+    );
     notes.push(
         "The current region seam is strong enough to prove record-envelope ownership, profile subcollection ownership, and the absence of hidden 0x55f3 tail padding on grounded saves.".to_string(),
     );
diff --git a/docs/rehost-queue.md b/docs/rehost-queue.md
index cc99fed..6967a6c 100644
--- a/docs/rehost-queue.md
+++ b/docs/rehost-queue.md
@@ -348,6 +348,12 @@ Working rule:
   region-owned literal writes left are the constructor `0x00421200` plus the producer/consumer
   pair `0x00422100` and `0x004358d0`, which means the remaining region seam should now be treated
   as an indirect restore/rebuild path rather than another direct offset writer hunt.
+- The later post-load per-region sweep is narrowed too: in the broader `0x00444887` restore strip,
+  the follow-on loop at `0x00444b90` dispatches `0x00420560` over each live region, but that
+  helper only zeroes and recomputes `[region+0x312]` from the embedded profile collection
+  `[region+0x37f]/[region+0x383]` and lazily seeds the year-driven `[region+0x317/+0x31b]` band
+  through `0x00420350`. It still does not touch `[region+0x276/+0x302/+0x316]`, so that whole
+  follow-on branch should stay out of the remaining latch-restore search too.
 - The checked-in constructor owner `0x00421200`
   `world_region_construct_entry_with_id_class_and_default_marker09_profile_seed` now also grounds
   the initialization side of this family: it clears `[region+0x276]`, `[region+0x302]`,