Good news is that I found the solution - there was a server side privacy rule blocking the repeating group from receiving its data, which I’ve now removed.
Bad news is that I haven’t touched the privacy tab in quite a while - @emmanuel do you know if there is any chance that there was a change made in this area that might have caused an old privacy constraint to be brought back to life?
In trying to work this out, I also did an app revert to 7 days ago - and I can see changes that I made 3 days ago still in effect. Specifically, the CC: person in an email workflow was added 3 days ago, and I had expected to need to redo this after the revert. Not so.