I built a deterministic security auditing engine that runs 10 detection engines (Bandit, Semgrep, Gitleaks, IaC, CI/CD, dependencies) and produces a calibrated Security Posture Index score. AI advisory via Gemini/Groq. Hardware-bound licensing. Would love feedback from security engineers.