Add cookbook: cross-database CVE verification with TensorFeed (hosted MCP)

[RipperMercs]

Summary

Adds an MCP-pattern cookbook demonstrating anti-hallucination CVE triage using the OpenAI Responses API's native MCP tool integration. Composes three independent vulnerability databases (MITRE CVE List, CISA Known Exploited Vulnerabilities, FIRST.org EPSS) via TensorFeed.ai's hosted MCP server.

What it teaches

The premise: the actual production failure mode of security agents isn't hallucination, it's acting on a single source. A triage agent that judges a CVE off one database can be wrong without ever fabricating anything. The fix is corroboration. The notebook shows the pattern in 10 cells using client.responses.create(...) with tools=[{type: "mcp", server_url: "https://tensorfeed.ai/api/mcp", ...}]:

1. Connect to a hosted MCP server via tools[].type = "mcp" (no manual JSON-RPC loop)
2. Two demos: single-CVE verification + parallel triage of three CVEs
3. Surface confirmed_by so the user can audit which databases backed the answer

Why this fits examples/mcp

The existing examples/mcp/mcp_tool_guide.ipynb introduces the Responses API's MCP tool with a single-server demo (gitmcp). This adds a real-world pattern showing multi-tool composition for cross-source corroboration within a single Responses call - a common need for security, compliance, and finance agents that must not act on a single source.

Files

• examples/mcp/tensorfeed_cve_verification.ipynb — 10 cells (markdown + code interleaved per the cookbook style)
• registry.yaml entry under examples/mcp with tags [mcp, agents, security]
• authors.yaml entry for ripper

Quality checks

• Uses OPENAI_API_KEY from environment, no hardcoded secrets
• Uses a current Responses API model (gpt-5.1); replace with gpt-4.1 if preferred
• TF MCP server tested live: tools/list returns 17 tools, the three referenced (get_cve_record, get_kev_catalog, get_epss_score) all return ok:true on representative queries (verified 2026-05-09)
• Markdown explanations alternated with code cells per the cookbook style
• No images, no large outputs

License + redistribution posture

Underlying data:

• MITRE CVE List: MITRE CVE Terms of Use, commercial redistribution permitted
• CISA KEV: US Government public domain (17 USC §105)
• FIRST.org EPSS: free for any use

The notebook itself is MIT under the cookbook repo's license.

About the author

Ripper builds TensorFeed.ai, a free machine-readable AI ecosystem data hub for AI agents. TF is also published as a hosted server in the official Model Context Protocol Registry as ai.tensorfeed/mcp-server. Recent submissions across the ecosystem: openai/skills#405, anthropics/skills#1114, anthropics/claude-cookbooks#611, anthropics/financial-services#156, anthropics/life-sciences#41, anthropics/knowledge-work-plugins#221.

Note on the API-based commit method

This branch was authored via the GitHub Contents API rather than a local clone because the examples/data/hotel_invoices/extracted_invoice_json / directory contains a trailing space in its name, which Windows refuses to check out. The three files in this PR are all in supported paths (examples/mcp/, root registry.yaml, root authors.yaml), so the commits are clean and reviewable normally; let me know if you'd like the branch reconstructed locally for any reason.