Detect → Understand → Fix
The 3-step workflow that defines the Interlace experience
The Interlace Workflow
Every security vulnerability follows a 3-step journey from detection to remediation. Interlace is designed to make each step seamless—for both humans and AI agents.
Step 1: Detect
ESLint catches the vulnerability in your code, highlighting the exact line and providing context.
Step 2: Understand
Structured metadata (CWE, OWASP, CVSS) gives you—and your AI assistant—everything needed to understand the risk.
Step 3: Fix
Verified remediation patterns guide the fix, ensuring you apply the correct solution every time.
Workflow in Action
Let's walk through a real SQL Injection vulnerability:
🔴 Step 1: Detect
Your editor shows a red squiggly on line 19:
async function getUserById(userId: string) {
// ❌ ESLint Error: SQL query constructed via string concatenation
const query = "SELECT * FROM users WHERE id = " + userId;
return db.query(query);
}The ESLint rule secure-coding/no-sql-concatenation has detected the vulnerability.
🟡 Step 2: Understand
Hovering over the error reveals rich metadata:
| Field | Value | Meaning |
|---|---|---|
| CWE | CWE-89 | SQL Injection |
| OWASP | A03:2021 | Injection category |
| CVSS | 9.8 | Critical severity |
| Impact | Data breach, auth bypass | Real-world consequences |
Why This Matters
A CVSS of 9.8 means this vulnerability could allow complete database access. This isn't a "fix later" issue—it needs immediate attention.
🟢 Step 3: Fix
The rule provides a verified fix pattern:
async function getUserById(userId: string) {
// ✅ Fixed: Parameterized query prevents injection
const result = await db.query(
'SELECT * FROM users WHERE id = $1',
[userId]
);
return result.rows[0];
}The fix:
- Uses parameterized queries (placeholders like
$1) - Separates data from SQL syntax
- Prevents any SQL injection regardless of input
How AI Agents Use This Workflow
When you ask an AI assistant to fix the error:
- Detect: AI reads the ESLint error output
- Understand: AI parses the structured metadata (CWE-89, CVSS 9.8)
- Fix: AI applies the documented remediation pattern
No Hallucinations
Because the AI has structured context, it applies the exact fix pattern—not a guess. This is the power of AI-native documentation.
The Difference: Traditional vs. Interlace
| Aspect | Traditional Linter | Interlace |
|---|---|---|
| Detection | "Possible SQL injection" | Exact line, node, and pattern |
| Understanding | None | CWE, OWASP, CVSS, impact |
| Fix | Generic docs link | Verified code pattern |
| AI Readiness | ❌ Plain text | ✓ Structured JSON metadata |
Workflow Integration
In Your Editor
- VS Code — Red squiggly + hover for metadata
- Cursor — AI chat reads ESLint context automatically
- WebStorm — Inspections panel with severity badges
In CI/CD
# GitHub Actions
- run: npx eslint . --format json > eslint-report.json
- name: Check for Critical Issues
run: |
if grep -q '"cvss": 9' eslint-report.json; then
echo "Critical security issues found!"
exit 1
fi