METATRON adds agentic local pentest loop

This is a strong demo of where local LLMs are actually useful: not just summarizing scan output, but steering the next recon step without cloud dependency. The tradeoff is that agentic pentesting only matters if the tool boundaries, logs, and prompts are tight enough to keep the loop reproducible and safe.

• –Local inference lowers cost and keeps target data off third-party APIs, which matters for security work
• –The design is opinionated toward Parrot OS, MariaDB, and a specific toolchain, so portability will determine whether it feels like a real product or a lab project
• –Agentic tool use can improve coverage versus a static script, but it also raises the bar for guardrails, audit trails, and deterministic replay
• –Fine-tuning Qwen 3.5 9B for pentest workflows is a sensible size/perf choice for offline use, especially if the model can reliably call tools
• –The repo reads more like an open-source security workflow prototype than a polished platform, which is fine, but it sets expectations accordingly