AGENTIC QE V3.8.13 SHIPS CODE-INTEL CLI, INCREMENTAL INDEXING, AND A COMMAND-INJECTION FIX
Agentic QE v3.8.13 delivers a code-intelligence CLI with complexity metrics, incremental indexing, and a patch for a command injection bug. The release adds CL...
Agentic QE v3.8.13 delivers a code-intelligence CLI with complexity metrics, incremental indexing, and a patch for a command injection bug.
The release adds CLI commands for code analysis, including complexity metrics (cyclomatic, cognitive, Halstead) and fast indexing of changed files via --git-since and --incremental. See the notes and examples in the GitHub release for details: v3.8.13: Code Intelligence CLI & Security Fix.
It also patches a command injection vulnerability in --git-since (CWE-78). Treat earlier versions as unsafe for change-based scans and pin to 3.8.13+. A separate report hints at Anthropic’s leaked “Mythos” model aimed at cybersecurity and coding, but details remain unconfirmed: InfoWorld.
You can add cheap, fast code-health telemetry to CI without wiring an MCP or hosted service.
The patch removes a realistic command-injection path in common change-based indexing workflows.
-
terminal
Benchmark aqe code complexity and aqe code index on a large repo with --incremental to size CI runtime and cache strategy.
-
terminal
Fuzz --git-since with unusual refspecs and shell metacharacters to verify the injection fix and correct file selection.
Legacy codebase integration strategies...
- 01.
Introduce the CLI as a non-blocking CI job to map hotspots, then enforce thresholds over time; pin agentic-qe to >= 3.8.13.
- 02.
For monorepos and partial builds, combine --git-since HEAD~N with --incremental to keep scan cost predictable.
Fresh architecture paradigms...
- 01.
Bake complexity/security scans into your starter CI template with sane default thresholds and PR feedback.
- 02.
Surface metrics in dashboards early to guide refactors before tech debt hardens.