Happy to clarify scope — this is intentionally a static inventory/audit tool, not runtime enforcement or a policy engine. I am focused on visibility first