OP here. Happy to answer any technical questions about the implementation, especially around the static analysis of the call-graph (DAG) or the BSL 1.1 license choice.

(I also have a GIF demo of it blocking a malicious tool in real-time if anyone is interested, but didn't want to clutter the main post).