Skip to content
View tranhoangtu-it's full-sized avatar
🕵️
Executing Plan R...
🕵️
Executing Plan R...
6 followers · 7 following

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx2Achievement: Pair Extraordinairex2Achievement: YOLO

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx2Achievement: Pair Extraordinairex2Achievement: YOLO

Highlights

Block or report tranhoangtu-it

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
tranhoangtu-it/README.md

Tran Hoang Tu

Full-Stack & Security Engineer · Vietnam

Building secure, production-ready systems across .NET, TypeScript, Rust, and Go. Active OSS contributor and security researcher.

Portfolio Upwork LinkedIn Huntr

About

Software engineer with 8+ years of experience building production systems. I specialize in full-stack development, application security, and AI/ML infrastructure. Active open-source contributor with 30+ PRs across projects like validator.js (23K stars), eslint-plugin-unicorn (4.9K stars), and meshery (CNCF). Security researcher on Huntr.com — discovered SSRF vulnerabilities in HuggingFace AI/ML frameworks.

Open Source Highlights

Project Stars Contribution
validatorjs/validator.js 23K Added phone validation for Mali & Togo locales
sindresorhus/eslint-plugin-unicorn 4.9K Extended no-for-loop rule for cached-length pattern
meshery/meshery 6K Documentation improvements (CNCF project)
welldone-software/why-did-you-render 12K Fixed dead Next.js integration link
aqlaboratory/openfold-3 Fixed multi-user temp directory collisions
567-labs/instructor Security: changed validator to fail-closed

Security Research

  • 4 SSRF vulnerabilities reported to HuggingFace AI/ML ecosystem via Huntr.com
  • Targets: smolagents, text-generation-inference, mlflow, llama_index
  • All rated CVSS 9.3 (Critical) — unvalidated requests.get() with user-controlled URLs

Tech Stack

Backend & Systems

.NET C# Rust Go Python

Web & Frontend

TypeScript React Next.js Tailwind

AI & Cloud

OpenAI Docker GitHub Actions Azure

Featured Projects

Project Description Tech
medagent AI Assistant for Healthcare — multi-tenant RLS, gRPC microservices, 349+ tests Rust, Python, Next.js
mcpman Universal MCP server package manager — v2.1.0, 46 commands, 10 AI clients, npm published TypeScript
portfolio-site AI automation portfolio at tuth.site — SEO-optimized Next.js 15, Tailwind v4
halluciguard-api AI Hallucination Firewall — detect incorrect LLM outputs Python, FastAPI
FHIRBridge Patient Data Portability Tool with AI summaries TypeScript
rag-chatbot Document Q&A with source citations and streaming Python, LangChain, Next.js

Contributions

contribution graph

Open to full-time roles, freelance projects, and security research. Get in touch

Pinned Loading

  1. ai-hallucination-firewall ai-hallucination-firewall Public

    Pre-commit proxy detecting hallucinated code in AI output — invalid functions, bad imports, wrong signatures.

    Python 2

  2. repo-archaeologist repo-archaeologist Public

    CLI tool for legacy codebase architecture reconstruction via static analysis and Git history.

    JavaScript

  3. rt-translator-desktop rt-translator-desktop Public

    Real-time meeting translation desktop app — Whisper speech-to-text + Ollama translation. Built with Tauri/Rust.

    Rust

  4. mcpman mcpman Public

    Universal MCP server package manager for Claude, VS Code, Cursor, Windsurf, Zed, and more. 3 stars.

    TypeScript 3 1

  5. portfolio-and-resume portfolio-and-resume Public

    Professional portfolio with AWS and HL7 FHIR certifications

  6. fhir-validator-web fhir-validator-web Public

    HL7 FHIR data validator supporting Japanese Implementation Guides (JP-Core).

    HTML