hi! i have a question regarding using caveats and 2FA. Some businesses may have 2fa enable and we want to only check if the user is 2fa or not if the business has 2fa (for context, our authz service will have to call an external service to validate if user has or not 2fa and we are also caching this response). from what i am seeing on caveats, looks like we need the context before we do the check so the call to the external service will be always and not only for businesses that require 2fa? any idea how to represent this/avoid calling that service always?