Catch the recurring vulnerability before the sixth ship.

An agent that scans for SQL injection, hardcoded secrets, or unscoped permissions catches the issue every time, but never learns where it's happening most, who keeps shipping it, or which prompt revision made acceptance harder. Per-call traces in Langfuse show that a scan ran. They don't show patterns across the last 500 scans.

Signals from the registry that fire on coding/security traces: hallucination (fabricated vulnerability reports), cascade_failure (broken tool chains), context_drift (lost track of the codebase), cost_escalation (runaway token spend). Each fires per session and rolls up to per-developer and per-version views.

Custom signals you can promote from the discoveries queue: e.g. recurring vulnerability classes per developer, scan results clustering on a specific repo subdir, or false-positive patterns that suggest a prompt regression.

Developers cluster into the standard buckets, happy, at-risk, churning, by CSAT × cadence. When acceptance rate drops on one cohort but not another, you see it as a divergence on the cohort dashboard, not buried in individual traces.

Every prompt deploy gets a before/after panel on /versions: success rate, signal severity mix, cost per scan. A regression that would take a quarter to surface in session-level review shows up on the same day.

Point Flowlines at your Langfuse project, OTEL endpoint, or drop JSON over a webhook. First connect backfills the last 30 days of scans. Workspace preset security turns on the right signal blocks by default.