Catch the recurring vulnerability before the sixth time you ship it.
Secure-code agent sec-code-v2 was catching SQL injection every time the same developer wrote it, but never preventing it. Flowlines learned the pattern, drafted the fix in their style, and compressed acceptance time from 45 seconds to 8.
The problem
Marcus always used f-string SQL. The agent caught it on review every time and proposed a generic parameterized-query fix. Marcus would read the diff, rewrite it in his own style, and accept. Every session, same pattern, same friction.
Flowlines counted: 6 occurrences of SQL injection across 4 sessions, each with an accept time over 40 seconds. The agent had no model of what Marcus's preferred fix style actually was.
The fix
Flowlines extracted remediation_preferences from the accepted diffs (parameterized queries, inline comments, snake_case variable names) and proposed injecting the field into the agent's fix-drafting prompt. The engineer shipped it. Next SQL injection, Marcus accepted in 8 seconds.
What it catches now
Recurring vulnerability patterns per developer. Hardcoded secrets before commit. Remediation velocity: whether acceptance time is falling (learning) or flat (friction). Each backed by structured per-user memory the agent can reason about.
What the team writes
Two lines in the agent entrypoint. Flowlines traces every review, extracts preference fields from accepted diffs, and proposes injection changes the team can approve from the Monday digest.
Structured memory fields
The typed fields Flowlines reads and writes for this domain. Each field is scoped, versioned, and traceable back to the interaction that produced it.
remediation_preferencesrecurring_vulnsrepo_stackaccept_velocitysecurity_maturity