diff --git a/api/app/Providers/AppServiceProvider.php b/api/app/Providers/AppServiceProvider.php
index 699accae..f16031bd 100644
--- a/api/app/Providers/AppServiceProvider.php
+++ b/api/app/Providers/AppServiceProvider.php
@@ -201,7 +201,7 @@ class AppServiceProvider extends ServiceProvider
         // per-attempt fingerprinting).
         \Illuminate\Support\Facades\Event::listen(
             \Illuminate\Queue\Events\JobProcessing::class,
-            \App\Listeners\Observability\TagJobAttemptOnSentry::class,
+            [\App\Listeners\Observability\TagJobAttemptOnSentry::class, 'handle'],
         );
 
         // RFC-WS-7 §3.6 — auth-scope Sentry tags + Log::withContext on
diff --git a/api/bootstrap/app.php b/api/bootstrap/app.php
index 182c051c..5d702be5 100644
--- a/api/bootstrap/app.php
+++ b/api/bootstrap/app.php
@@ -22,6 +22,14 @@ return Application::configure(basePath: dirname(__DIR__))
         health: '/up',
         apiPrefix: 'api/v1',
     )
+    // Listener auto-discovery uitgeschakeld — observability listeners (en
+    // alle andere listeners) worden expliciet geregistreerd in
+    // AppServiceProvider::boot(). Reden: silent double-registration is
+    // mogelijk wanneer auto-discovery + explicit listen samen lopen, en
+    // expliciete registratie is grep-baar / IDE-navigeerbaar / direct
+    // zichtbaar bij code review. Onder enterprise-grade observability is
+    // impliciete discovery een stille fault-mode (RFC-WS-7 §3.6, OBS-8).
+    ->withEvents(discover: false)
     ->withMiddleware(function (Middleware $middleware): void {
         // API uses token-based auth, no CSRF needed