Security triage
One input, five entry shapes: a named CVE (CVE-2021-44228), a product/version (Apache 2.4.49), a fuzzy symptom description, a raw Nmap XML scan, or a CycloneDX / SPDX / requirements.txt SBOM (a machine-readable dependency inventory). The agent grounds every answer with ten typed tools: NVD lookup and semantic CVE search (NVD is the NIST vulnerability database), CISA KEV (the US agency's catalog of vulnerabilities confirmed exploited in the wild), FIRST EPSS (estimated probability of exploitation in the next 30 days), public-exploit search across Exploit-DB and GitHub, MITRE ATT&CK technique mapping, patch and OSV.dev advisory lookups (fixed versions and open source advisories), plus SBOM and Nmap parsers. The answer comes back as a typed TriageReport; the reasoning chain at the bottom of each report logs every tool call behind it.