TBTommaso Bertocchiinfreecodecamp.org·May 15 · 13 min readHow to Build an Autonomous OSINT Agent in Python Using Claude's Tool Use APIWhen I started studying OSINT, I always felt I was just putting random values into software without deeply understanding what I was doing. After months in the field, I realized I wasn't really investi00
TBTommaso Bertocchiinsonotommy.hashnode.dev·May 11 · 7 min readHow I designed an AI agent where hallucination in tool results is structurally impossibleMost AI agents have a problem: when they call a tool, you're never 100% sure if the result you're reading is real or inferred. The model might hallucinate a plausible-looking username, a fake subdomai00
TBTommaso Bertocchiinsonotommy.hashnode.dev·May 7 · 5 min readAdd Virus Scanning to Your Node.js App in 5 Minuteshttps://giphy.com/gifs/siliconvalleyhbo-silicon-valley-hbo-l0HlNQ03J5JxX6lva File uploads are everywhere. Profile pictures, PDF invoices, CSV imports, document management systems. Every one of them i00
TBTommaso Bertocchiinsonotommy.hashnode.dev·May 6 · 7 min readHow We Built Framework Plugins for an npm Librarypompelmi started as a single function. scan(filePath) — that was the entire API. Nine months later it ships with dedicated plugins for NestJS, Fastify, Next.js, and Hono. Here's how we approached buil00
TBTommaso Bertocchiinsonotommy.hashnode.dev·May 5 · 4 min readStop Accepting Dangerous File Uploads. Here's How to Fix It in Node.js.Someone is uploading malware to your app right now. Not maybe. Not eventually. File uploads are one of the top attack vectors in web applications, and most Node.js tutorials show you how to accept t00
