What is the Interlace ESLint Ecosystem?

The Interlace ESLint Ecosystem is a collection of 18+ production-ready ESLint plugins designed for the AI/Agentic era. These plugins feature LLM-optimized error messages that empower both human developers and AI coding assistants to catch and fix security vulnerabilities automatically.

Why AI-native ESLint plugins?

Traditional ESLint error messages are designed for human developers reading them in an IDE. As AI coding assistants become more prevalent, there's a need for error messages that are also machine-parseable and provide clear remediation guidance. Our plugins bridge this gap.

Which security standards do the plugins cover?

The plugins provide comprehensive coverage for OWASP Top 10 2021, OWASP Mobile 2024, and framework-specific security patterns for Express, NestJS, Lambda, and more. Each plugin includes detailed documentation with Known False Negatives disclosure.

What technologies does Ofri Peretz work with?

Languages: TypeScript, JavaScript, Node.js. Frameworks: React, Express, NestJS. Backend: Kafka, Redis, Serverless. Cloud: AWS, Docker, Kubernetes. DevEx: ESLint, Nx Monorepos, CLIs.

The AI Security Protocol: Hardening Vercel AI SDK Agents

Name: Interlace ESLint Ecosystem
Author: Ofri Peretz

2025 was the year of LLMs. 2026 is the year of Agents.

Agents don't just answer questions—they take actions. They browse the web, execute code, query databases, and call APIs. This changes the security model completely.

An LLM that hallucinates is annoying. An Agent that hallucinates can delete your production database.

This guide is for developers using the Vercel AI SDK. The linting rules understand generateText, streamText, tool(), and other SDK functions natively.

The OWASP Agentic Top 10 2026

OWASP saw this coming. They're drafting a new category specifically for agentic systems:

#	Category	The Risk
ASI01	Agent Confusion	System prompt dynamically overwritten
ASI02	Insufficient Input Validation	Tool parameters not validated
ASI03	Insecure Credentials	API keys hardcoded in config
ASI04	Sensitive Data in Output	Tools leak secrets in responses
ASI05	Unexpected Code Execution	AI output executed as code
ASI07	RAG Injection	Malicious docs inject instructions
ASI08	Cascading Failures	Errors propagate across agent steps
ASI09	Trust Boundary Violations	AI bypasses authorization
ASI10	Insufficient Logging	No audit trail for AI actions

Visual Example: The Problem

The Vercel AI SDK makes building agents easy. Maybe too easy.

❌ Before: Unprotected Agent

typescript

// This code ships to production every day
const result = await generateText({
  model: openai('gpt-4'),
  tools: {
    deleteUser: tool({
      execute: async ({ userId }) => {
        await db.users.delete(userId); // No confirmation, no validation
      },
    }),
  },
});

What's wrong?

No human confirmation before destructive action
No parameter validation on userId
No maxSteps limit—agent can loop forever
No error boundaries for cascading failures

✅ After: With ESLint Protection

Install and run the linter:

bash

npm install eslint-plugin-vercel-ai-security --save-dev
npx eslint src/

Immediate feedback on every issue:

bash

🔒 CWE-862 OWASP:ASI09 CVSS:7.0 | Destructive tool without confirmation | HIGH
   at src/agent.ts:5:5
   Fix: Add human-in-the-loop confirmation before execution

🔒 CWE-20 OWASP:ASI02 CVSS:6.5 | Tool parameters not validated | MEDIUM
   at src/agent.ts:6:7
   Fix: Add Zod schema validation for tool parameters

🔒 CWE-400 OWASP:ASI08 CVSS:5.0 | No maxSteps limit on agent | MEDIUM
   at src/agent.ts:3:16
   Fix: Add maxSteps option to prevent infinite loops

✅ Fixed Code

typescript

import { z } from 'zod';

const result = await generateText({
  model: openai('gpt-4'),
  maxSteps: 10, // ✅ Prevent infinite loops
  tools: {
    deleteUser: tool({
      parameters: z.object({
        userId: z.string().uuid(), // ✅ Validated input
      }),
      execute: async ({ userId }, { confirmDangerous }) => {
        await confirmDangerous(); // ✅ Human-in-the-loop
        await db.users.delete(userId);
      },
    }),
  },
});

Result: All warnings resolved. Agent is production-ready.

Setup (60 Seconds)

javascript

// eslint.config.js
import vercelAISecurity from 'eslint-plugin-vercel-ai-security';

export default [
  vercelAISecurity.configs.strict, // Maximum security for agents
];

Strict mode enforces:

✅ Tool schema validation (Zod)
✅ Human confirmation for destructive actions
✅ maxSteps limits for multi-step workflows
✅ Error handling for cascading failures

Coverage: 9/10 OWASP Agentic Categories

eslint-plugin-vercel-ai-security covers 9/10 OWASP Agentic categories. ASI06 (Memory Corruption) is N/A for TypeScript.

The plugin knows:

Which functions are Vercel AI SDK calls
Which tools perform destructive operations
Whether proper safeguards are in place

The Bottom Line

AI agents are the most powerful—and most dangerous—software we've ever built.

The difference between a helpful assistant and a liability is the guardrails you put in place.

Don't ship agents without them.

The Interlace ESLint Ecosystem Interlace is a high-fidelity suite of static code analyzers designed to automate security, performance, and reliability for the modern Node.js stack. With over 330 rules across 18 specialized plugins, it provides 100% coverage for OWASP Top 10, LLM Security, and Database Hardening.

Explore the full Documentation

Build Securely. I'm Ofri Peretz, a Security Engineering Leader and the architect of the Interlace Ecosystem. I build static analysis standards that automate security and performance for Node.js fleets at scale.

ofriperetz.dev | LinkedIn | GitHub