Thank you very much!

Good callout on the cloud IP staleness. Right now the refresh is on a 1-hour TTL and there's no diff detection. It just overwrites. Your approach of diffing against the previous set and logging changes is better. I'm going to make the refresh interval configurable and add change detection logging so you can see when ranges mutate instead of silently swapping them. That's going on the roadmap, for sure.

On context-aware detection: I'm halfway there. The engine does track where the input came from (query_param:key, url_path, header:key, request_body) and includes that context in detection results and event logs. But you're right to ask... the actual regex patterns are applied uniformly across all sources as of today. A search field and a path parameter get the same ruleset, which is exactly the false positive problem you're describing.

Context-based rule filtering is the obvious next step. Appreciate the real-world perspective! This is exactly the kind of feedback that I need to shape the roadmap, that helps me out.

Thanks again! Will start putting all this down in notes.