agentic-qe 3.7.19 → 3.7.21

package/.claude/agents/v3/qe-deployment-advisor.md

@@ -5,6 +5,20 @@ updated: "2026-01-10"
 description: Deployment readiness assessment with go/no-go decisions, risk aggregation, and rollback planning
 v2_compat: qe-deployment-readiness
 domain: quality-assessment
+dependencies:
+  agents:
+    - name: qe-quality-gate
+      type: hard
+      reason: "Provides quality gate results for deployment decision"
+    - name: qe-risk-assessor
+      type: soft
+      reason: "Provides risk assessment context"
+    - name: qe-security-scanner
+      type: soft
+      reason: "Provides security scan results"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/.claude/agents/v3/qe-gap-detector.md

@@ -5,6 +5,14 @@ updated: "2026-01-10"
 description: Coverage gap detection with risk scoring, semantic analysis, and targeted test recommendations
 v2_compat: null # New in v3
 domain: coverage-analysis
+dependencies:
+  agents:
+    - name: qe-coverage-specialist
+      type: hard
+      reason: "Provides coverage data for gap detection"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/.claude/agents/v3/qe-impact-analyzer.md

@@ -5,6 +5,17 @@ updated: "2026-01-10"
 description: Change impact analysis with blast radius calculation, test selection, and risk assessment
 domain: code-intelligence
 v3_new: true
+dependencies:
+  agents:
+    - name: qe-dependency-mapper
+      type: hard
+      reason: "Provides dependency graph data for impact analysis"
+    - name: qe-kg-builder
+      type: soft
+      reason: "Enriches analysis with knowledge graph context"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/.claude/agents/v3/qe-queen-coordinator.md

@@ -5,6 +5,12 @@ updated: "2026-01-30"
 description: V3 QE Queen Coordinator - MCP-powered swarm orchestration with real fleet coordination
 v2_compat: null # New in v3
 domain: coordination
+dependencies:
+  mcp_servers:
+    - name: agentic-qe
+      required: true
+    - name: claude-flow
+      required: false
 ---
 
 <qe_agent_definition>
@@ -162,6 +168,45 @@ Output a summary table:
 ```
 </mandatory_execution_protocol>
 
+<dependency_aware_orchestration>
+## Dependency-Aware Agent Orchestration (Issue #342)
+
+When spawning multiple agents, ALWAYS check and respect agent dependencies:
+
+### Dependency Types
+| Type | Meaning | Action |
+|------|---------|--------|
+| **hard** | Agent requires data from dependency | Spawn dependency FIRST, wait for completion |
+| **soft** | Agent benefits from dependency data | Spawn dependency first if available, proceed without if not |
+| **peer** | Agents work alongside each other | Spawn in parallel |
+
+### Known Agent Dependencies (spawn order matters)
+| Agent | Hard Dependencies | Soft Dependencies |
+|-------|-------------------|-------------------|
+| qe-impact-analyzer | qe-dependency-mapper | qe-kg-builder |
+| qe-security-scanner | qe-dependency-mapper | — |
+| qe-gap-detector | qe-coverage-specialist | — |
+| qe-deployment-advisor | qe-quality-gate | qe-risk-assessor, qe-security-scanner |
+| qe-root-cause-analyzer | — | qe-regression-analyzer, qe-defect-predictor |
+
+### Orchestration Rules
+1. **Before spawning agents**: Check dependencies for all requested agents
+2. **Phase spawning**: Group agents into spawn phases:
+   - Phase 1: Agents with no unsatisfied hard deps (e.g., qe-dependency-mapper, qe-coverage-specialist)
+   - Phase 2: Agents whose hard deps completed in Phase 1 (e.g., qe-impact-analyzer, qe-gap-detector)
+   - Phase 3+: Continue until all agents spawned
+3. **Soft deps**: Spawn soft dependencies in an earlier phase when possible, but never delay for them
+4. **Missing deps**: If a hard dependency agent is not in the task scope, log an advisory warning and proceed
+5. **Parallel within phases**: All agents in the same phase can be spawned in parallel
+
+### Example: Full Release Validation
+```
+Phase 1 (parallel): qe-dependency-mapper, qe-coverage-specialist, qe-quality-gate, qe-risk-assessor
+Phase 2 (parallel): qe-impact-analyzer, qe-security-scanner, qe-gap-detector
+Phase 3 (parallel): qe-deployment-advisor, qe-root-cause-analyzer
+```
+</dependency_aware_orchestration>
+
 <task_type_routing>
 ## Automatic Task-to-Domain Routing
 

package/.claude/agents/v3/qe-root-cause-analyzer.md

@@ -5,6 +5,17 @@ updated: "2026-01-10"
 description: Systematic root cause analysis for test failures and incidents with prevention recommendations
 domain: defect-intelligence
 v3_new: true
+dependencies:
+  agents:
+    - name: qe-regression-analyzer
+      type: soft
+      reason: "Provides regression context for root cause investigation"
+    - name: qe-defect-predictor
+      type: soft
+      reason: "Provides defect prediction data"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/.claude/agents/v3/qe-security-scanner.md

@@ -5,6 +5,14 @@ updated: "2026-01-10"
 description: Comprehensive security scanning with SAST, DAST, dependency scanning, and secrets detection
 v2_compat: qe-security-scanner
 domain: security-compliance
+dependencies:
+  agents:
+    - name: qe-dependency-mapper
+      type: hard
+      reason: "Provides dependency data for vulnerability correlation"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>
@@ -17,17 +25,18 @@ V2 Compatibility: Maps to qe-security-scanner for backward compatibility.
 
 <implementation_status>
 Working:
-- SAST scanning with OWASP Top 10 and CWE SANS 25 rules
-- Dependency vulnerability scanning (npm audit, Snyk, NVD)
-- Secrets detection with entropy analysis and git history scan
+- SAST scanning with OWASP Top 10 and CWE SANS 25 regex pattern rules
+- Semgrep integration: runs alongside pattern scanning when semgrep is installed (pip install semgrep)
+- Dependency vulnerability scanning via OSV API (real HTTP calls to osv.dev)
+- AI-powered remediation suggestions via LLM router (ADR-051)
 - SARIF output format for IDE and CI/CD integration
-- AI-powered remediation suggestions
 
 Partial:
-- DAST scanning with authenticated crawling
-- Container image vulnerability scanning
+- DAST scanning: custom fetch-based scanner for security headers, cookies, CORS, XSS/SQLi reflection testing (GET params only, no JS execution, no OWASP ZAP)
+- Secrets detection: regex pattern-based (no TruffleHog/Gitleaks integration)
 
-Planned:
+Not Implemented:
+- Container image vulnerability scanning
 - Runtime application security testing (RAST)
 - Supply chain security analysis (SLSA)
 </implementation_status>
@@ -49,12 +58,12 @@ Use up to 8 concurrent scanners for large codebases.
 </parallel_execution>
 
 <capabilities>
-- **SAST Scanning**: Static analysis with ESLint Security, Semgrep, custom rules
-- **Dependency Scanning**: Check npm, pip, maven dependencies against NVD, GitHub Advisories, Snyk
-- **Secrets Detection**: Find API keys, passwords, tokens using TruffleHog, Gitleaks with entropy analysis
-- **DAST Scanning**: Dynamic testing with OWASP ZAP for XSS, SQLi, CSRF, SSRF
+- **SAST Scanning**: Regex pattern rules (OWASP Top 10, CWE SANS 25) + Semgrep when installed
+- **Dependency Scanning**: npm dependency checks via OSV API (osv.dev)
+- **Secrets Detection**: Regex pattern-based detection of API keys, passwords, tokens in source
+- **DAST Scanning**: Custom fetch-based scanner — security headers, cookies, CORS, XSS/SQLi reflection (GET params only, no browser/JS execution)
 - **SARIF Output**: Generate standardized SARIF reports for GitHub Code Scanning
-- **AI Remediation**: Provide intelligent fix suggestions with code examples
+- **AI Remediation**: LLM-powered fix suggestions with code examples (ADR-051)
 </capabilities>
 
 <memory_namespace>
@@ -225,10 +234,10 @@ Use via Claude Code: `Skill("compliance-testing")`
 **Scan Types**:
 | Scan | Target | Tools | Frequency |
 |------|--------|-------|-----------|
-| SAST | Source code | ESLint Security, Semgrep | Per-commit |
-| Dependency | Dependencies | npm audit, Snyk | Per-build |
-| Secrets | Repo history | TruffleHog, Gitleaks | Per-commit |
-| DAST | Running app | OWASP ZAP | Per-release |
+| SAST | Source code | Regex patterns + Semgrep (when installed) | Per-commit |
+| Dependency | Dependencies | OSV API (osv.dev) | Per-build |
+| Secrets | Source files | Regex pattern detection | Per-commit |
+| DAST | Running app | Custom fetch-based scanner | Per-release |
 
 **Cross-Domain Communication**:
 - Reports vulnerabilities to qe-quality-gate for gate evaluation

package/.claude/helpers/brain-checkpoint.cjs

@@ -6,7 +6,7 @@
  *   node brain-checkpoint.cjs export   # Export brain to aqe.rvf (session-end)
  *   node brain-checkpoint.cjs verify   # Verify aqe.rvf exists (session-start)
  */
-const { execSync } = require('child_process');
+const { execFileSync } = require('child_process');
 const fs = require('fs');
 const path = require('path');
 
@@ -23,8 +23,8 @@ function exportBrain() {
     if (fs.existsSync(RVF_PATH)) fs.unlinkSync(RVF_PATH);
     const idmap = RVF_PATH + '.idmap.json';
     if (fs.existsSync(idmap)) fs.unlinkSync(idmap);
-    const result = execSync(
-      'npx agentic-qe brain export -o "' + RVF_PATH + '" --format rvf 2>&1',
+    const result = execFileSync(
+      'npx', ['agentic-qe', 'brain', 'export', '-o', RVF_PATH, '--format', 'rvf'],
       { timeout: 60000, encoding: 'utf-8' }
     );
     const m = result.match(/Patterns:\s+(\d+)/);

package/.claude/helpers/statusline-v3.cjs

@@ -16,7 +16,7 @@
 
 const fs = require('fs');
 const path = require('path');
-const { execSync, spawnSync } = require('child_process');
+const { execSync, execFileSync, spawnSync } = require('child_process');
 
 // Use better-sqlite3 for reliable database access (no CLI dependency)
 let Database;
@@ -171,9 +171,10 @@ function sqlite3Query(dbPath, query, defaultValue = '0') {
 
   // Fallback to CLI if better-sqlite3 not available
   try {
-    const result = execSync(`sqlite3 "${dbPath}" "${query}" 2>/dev/null`, {
+    const result = execFileSync('sqlite3', [dbPath, query], {
       encoding: 'utf-8',
-      timeout: 3000
+      timeout: 3000,
+      stdio: ['pipe', 'pipe', 'pipe'],
     }).trim();
     return result || defaultValue;
   } catch {

package/.claude/skills/skills-manifest.json

@@ -932,7 +932,7 @@
   },
   "metadata": {
     "generatedBy": "Agentic QE Fleet",
-    "fleetVersion": "3.7.18",
+    "fleetVersion": "3.7.21",
     "manifestVersion": "1.3.0",
     "lastUpdated": "2026-02-04T00:00:00.000Z",
     "contributors": [

package/CHANGELOG.md

@@ -5,6 +5,33 @@ All notable changes to the Agentic QE project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.7.21] - 2026-03-13
+
+### Added
+
+- **Agent dependency intelligence** — Pre-spawn MCP validation scans agent definitions for tool references and validates availability. Agent dependency graph with YAML frontmatter parsing, topological sort, and phased spawn plans for multi-agent orchestration. Co-execution repository tracks agent pair success rates, feeding behavioral signals into the routing signal merger. (#342)
+
+### Fixed
+
+- **Shell injection prevention across all CLI bridges** — Converted 21 `execSync` template-literal calls to `execFileSync` with argument arrays, eliminating shell metacharacter injection vectors in claude-flow-adapter, trajectory-bridge, pretrain-bridge, model-router-bridge, brain-checkpoint, and statusline helpers.
+- **Semgrep wired into SAST pipeline** — Semgrep integration was only used as a fallback when the regex scanner failed. Now SASTScanner runs pattern scanning and semgrep in parallel when semgrep is installed, merging and deduplicating results.
+- **Security scanner agent overclaims corrected** — Agent documentation that falsely claimed OWASP ZAP, TruffleHog, Gitleaks, ESLint Security, and Snyk integrations updated to reflect actual implementations: regex patterns + semgrep (SAST), OSV API (deps), custom fetch-based scanner (DAST), and regex patterns (secrets).
+- **Swallowed promise handlers replaced with structured logging** — 12 `.catch(() => {})` handlers across task-executor, experience-capture-middleware, token-tracker, qe-reasoning-bank, and init-wizard now log errors via the project's LoggerFactory with structured context (taskId, domain, error message).
+- **Non-null assertion guard in mincut-test-optimizer** — `testMap.get(promotedId)!` replaced with guard clause to prevent potential runtime TypeError.
+- **JSON.parse error clarity in brain-rvf-exporter** — Inner try-catch added around kernel data parsing for clearer error messages when data is malformed.
+
+### Changed
+
+- **LLM provider retry backoff extracted** — 12 duplicate `Math.min(1000 * Math.pow(2, attempt), 30000)` expressions across 6 providers replaced with shared `backoffDelay()` utility in `src/shared/llm/retry.ts`.
+- **Agent router capability presets** — 100-line boolean capability matrix collapsed into 4 named presets (heavyweight, standard, lightweight, minimal) for maintainability.
+
+## [3.7.20] - 2026-03-12
+
+### Fixed
+
+- **Duplicate brain-checkpoint hooks on re-init** — Running `aqe init --auto` multiple times accumulated 4x copies of brain-checkpoint verify/export hooks in settings.json, potentially blocking tool calls for up to 4 minutes. Added `brain-checkpoint.cjs` and `.claude/helpers/` to the AQE hook detection patterns so `mergeHooksSmart()` correctly deduplicates them. (#344)
+- **Governance time budget blocking requirements_validate and coverage_analyze_sublinear** — The continue-gate's `budgetRemaining.timeMs` was measuring total session elapsed time instead of idle time since last action. After 5+ minutes of normal usage, the WASM gate would return "Budget exhausted: time" even when tools were actively running. Fixed the calculation to reference last action timestamp and increased the default idle timeout from 5 to 15 minutes. (#345)
+
 ## [3.7.18] - 2026-03-11
 
 ### Fixed

package/assets/agents/v3/qe-deployment-advisor.md

@@ -5,6 +5,20 @@ updated: "2026-01-10"
 description: Deployment readiness assessment with go/no-go decisions, risk aggregation, and rollback planning
 v2_compat: qe-deployment-readiness
 domain: quality-assessment
+dependencies:
+  agents:
+    - name: qe-quality-gate
+      type: hard
+      reason: "Provides quality gate results for deployment decision"
+    - name: qe-risk-assessor
+      type: soft
+      reason: "Provides risk assessment context"
+    - name: qe-security-scanner
+      type: soft
+      reason: "Provides security scan results"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/assets/agents/v3/qe-gap-detector.md

@@ -5,6 +5,14 @@ updated: "2026-01-10"
 description: Coverage gap detection with risk scoring, semantic analysis, and targeted test recommendations
 v2_compat: null # New in v3
 domain: coverage-analysis
+dependencies:
+  agents:
+    - name: qe-coverage-specialist
+      type: hard
+      reason: "Provides coverage data for gap detection"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/assets/agents/v3/qe-impact-analyzer.md

@@ -5,6 +5,17 @@ updated: "2026-01-10"
 description: Change impact analysis with blast radius calculation, test selection, and risk assessment
 domain: code-intelligence
 v3_new: true
+dependencies:
+  agents:
+    - name: qe-dependency-mapper
+      type: hard
+      reason: "Provides dependency graph data for impact analysis"
+    - name: qe-kg-builder
+      type: soft
+      reason: "Enriches analysis with knowledge graph context"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/assets/agents/v3/qe-queen-coordinator.md

@@ -5,6 +5,12 @@ updated: "2026-01-30"
 description: V3 QE Queen Coordinator - MCP-powered swarm orchestration with real fleet coordination
 v2_compat: null # New in v3
 domain: coordination
+dependencies:
+  mcp_servers:
+    - name: agentic-qe
+      required: true
+    - name: claude-flow
+      required: false
 ---
 
 <qe_agent_definition>
@@ -162,6 +168,45 @@ Output a summary table:
 ```
 </mandatory_execution_protocol>
 
+<dependency_aware_orchestration>
+## Dependency-Aware Agent Orchestration (Issue #342)
+
+When spawning multiple agents, ALWAYS check and respect agent dependencies:
+
+### Dependency Types
+| Type | Meaning | Action |
+|------|---------|--------|
+| **hard** | Agent requires data from dependency | Spawn dependency FIRST, wait for completion |
+| **soft** | Agent benefits from dependency data | Spawn dependency first if available, proceed without if not |
+| **peer** | Agents work alongside each other | Spawn in parallel |
+
+### Known Agent Dependencies (spawn order matters)
+| Agent | Hard Dependencies | Soft Dependencies |
+|-------|-------------------|-------------------|
+| qe-impact-analyzer | qe-dependency-mapper | qe-kg-builder |
+| qe-security-scanner | qe-dependency-mapper | — |
+| qe-gap-detector | qe-coverage-specialist | — |
+| qe-deployment-advisor | qe-quality-gate | qe-risk-assessor, qe-security-scanner |
+| qe-root-cause-analyzer | — | qe-regression-analyzer, qe-defect-predictor |
+
+### Orchestration Rules
+1. **Before spawning agents**: Check dependencies for all requested agents
+2. **Phase spawning**: Group agents into spawn phases:
+   - Phase 1: Agents with no unsatisfied hard deps (e.g., qe-dependency-mapper, qe-coverage-specialist)
+   - Phase 2: Agents whose hard deps completed in Phase 1 (e.g., qe-impact-analyzer, qe-gap-detector)
+   - Phase 3+: Continue until all agents spawned
+3. **Soft deps**: Spawn soft dependencies in an earlier phase when possible, but never delay for them
+4. **Missing deps**: If a hard dependency agent is not in the task scope, log an advisory warning and proceed
+5. **Parallel within phases**: All agents in the same phase can be spawned in parallel
+
+### Example: Full Release Validation
+```
+Phase 1 (parallel): qe-dependency-mapper, qe-coverage-specialist, qe-quality-gate, qe-risk-assessor
+Phase 2 (parallel): qe-impact-analyzer, qe-security-scanner, qe-gap-detector
+Phase 3 (parallel): qe-deployment-advisor, qe-root-cause-analyzer
+```
+</dependency_aware_orchestration>
+
 <task_type_routing>
 ## Automatic Task-to-Domain Routing
 

package/assets/agents/v3/qe-root-cause-analyzer.md

@@ -5,6 +5,17 @@ updated: "2026-01-10"
 description: Systematic root cause analysis for test failures and incidents with prevention recommendations
 domain: defect-intelligence
 v3_new: true
+dependencies:
+  agents:
+    - name: qe-regression-analyzer
+      type: soft
+      reason: "Provides regression context for root cause investigation"
+    - name: qe-defect-predictor
+      type: soft
+      reason: "Provides defect prediction data"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>

package/assets/agents/v3/qe-security-scanner.md

@@ -5,6 +5,14 @@ updated: "2026-01-10"
 description: Comprehensive security scanning with SAST, DAST, dependency scanning, and secrets detection
 v2_compat: qe-security-scanner
 domain: security-compliance
+dependencies:
+  agents:
+    - name: qe-dependency-mapper
+      type: hard
+      reason: "Provides dependency data for vulnerability correlation"
+  mcp_servers:
+    - name: agentic-qe
+      required: true
 ---
 
 <qe_agent_definition>
@@ -17,17 +25,18 @@ V2 Compatibility: Maps to qe-security-scanner for backward compatibility.
 
 <implementation_status>
 Working:
-- SAST scanning with OWASP Top 10 and CWE SANS 25 rules
-- Dependency vulnerability scanning (npm audit, Snyk, NVD)
-- Secrets detection with entropy analysis and git history scan
+- SAST scanning with OWASP Top 10 and CWE SANS 25 regex pattern rules
+- Semgrep integration: runs alongside pattern scanning when semgrep is installed (pip install semgrep)
+- Dependency vulnerability scanning via OSV API (real HTTP calls to osv.dev)
+- AI-powered remediation suggestions via LLM router (ADR-051)
 - SARIF output format for IDE and CI/CD integration
-- AI-powered remediation suggestions
 
 Partial:
-- DAST scanning with authenticated crawling
-- Container image vulnerability scanning
+- DAST scanning: custom fetch-based scanner for security headers, cookies, CORS, XSS/SQLi reflection testing (GET params only, no JS execution, no OWASP ZAP)
+- Secrets detection: regex pattern-based (no TruffleHog/Gitleaks integration)
 
-Planned:
+Not Implemented:
+- Container image vulnerability scanning
 - Runtime application security testing (RAST)
 - Supply chain security analysis (SLSA)
 </implementation_status>
@@ -49,12 +58,12 @@ Use up to 8 concurrent scanners for large codebases.
 </parallel_execution>
 
 <capabilities>
-- **SAST Scanning**: Static analysis with ESLint Security, Semgrep, custom rules
-- **Dependency Scanning**: Check npm, pip, maven dependencies against NVD, GitHub Advisories, Snyk
-- **Secrets Detection**: Find API keys, passwords, tokens using TruffleHog, Gitleaks with entropy analysis
-- **DAST Scanning**: Dynamic testing with OWASP ZAP for XSS, SQLi, CSRF, SSRF
+- **SAST Scanning**: Regex pattern rules (OWASP Top 10, CWE SANS 25) + Semgrep when installed
+- **Dependency Scanning**: npm dependency checks via OSV API (osv.dev)
+- **Secrets Detection**: Regex pattern-based detection of API keys, passwords, tokens in source
+- **DAST Scanning**: Custom fetch-based scanner — security headers, cookies, CORS, XSS/SQLi reflection (GET params only, no browser/JS execution)
 - **SARIF Output**: Generate standardized SARIF reports for GitHub Code Scanning
-- **AI Remediation**: Provide intelligent fix suggestions with code examples
+- **AI Remediation**: LLM-powered fix suggestions with code examples (ADR-051)
 </capabilities>
 
 <memory_namespace>
@@ -225,10 +234,10 @@ Use via Claude Code: `Skill("compliance-testing")`
 **Scan Types**:
 | Scan | Target | Tools | Frequency |
 |------|--------|-------|-----------|
-| SAST | Source code | ESLint Security, Semgrep | Per-commit |
-| Dependency | Dependencies | npm audit, Snyk | Per-build |
-| Secrets | Repo history | TruffleHog, Gitleaks | Per-commit |
-| DAST | Running app | OWASP ZAP | Per-release |
+| SAST | Source code | Regex patterns + Semgrep (when installed) | Per-commit |
+| Dependency | Dependencies | OSV API (osv.dev) | Per-build |
+| Secrets | Source files | Regex pattern detection | Per-commit |
+| DAST | Running app | Custom fetch-based scanner | Per-release |
 
 **Cross-Domain Communication**:
 - Reports vulnerabilities to qe-quality-gate for gate evaluation

package/assets/helpers/statusline-v3.cjs

@@ -16,7 +16,7 @@
 
 const fs = require('fs');
 const path = require('path');
-const { execSync, spawnSync } = require('child_process');
+const { execSync, execFileSync, spawnSync } = require('child_process');
 
 // Use better-sqlite3 for reliable database access (no CLI dependency)
 let Database;
@@ -171,9 +171,10 @@ function sqlite3Query(dbPath, query, defaultValue = '0') {
 
   // Fallback to CLI if better-sqlite3 not available
   try {
-    const result = execSync(`sqlite3 "${dbPath}" "${query}" 2>/dev/null`, {
+    const result = execFileSync('sqlite3', [dbPath, query], {
       encoding: 'utf-8',
-      timeout: 3000
+      timeout: 3000,
+      stdio: ['pipe', 'pipe', 'pipe'],
     }).trim();
     return result || defaultValue;
   } catch {

package/dist/adapters/claude-flow/model-router-bridge.d.ts

@@ -54,12 +54,6 @@ export declare class ModelRouterBridge {
      * Local rule-based routing
      */
     private localRoute;
-    /**
-     * Escape shell argument using $'...' syntax for complete safety
-     * This ANSI-C quoting handles ALL special characters including backslashes
-     * CodeQL: js/incomplete-sanitization - Fixed by escaping backslashes AND quotes
-     */
-    private escapeArg;
 }
 /**
  * Create model router bridge

package/dist/adapters/claude-flow/model-router-bridge.js

@@ -54,8 +54,8 @@ export class ModelRouterBridge {
     async routeTask(task) {
         if (this.claudeFlowAvailable) {
             try {
-                const { execSync } = await import('child_process');
-                const result = execSync(`npx --no-install @claude-flow/cli hooks model-route --task ${this.escapeArg(task)}`, { encoding: 'utf-8', timeout: 10000, cwd: this.options.projectRoot });
+                const { execFileSync } = await import('child_process');
+                const result = execFileSync('npx', ['--no-install', '@claude-flow/cli', 'hooks', 'model-route', '--task', task], { encoding: 'utf-8', timeout: 10000, cwd: this.options.projectRoot });
                 // Parse result
                 const modelMatch = result.match(/model[:\s]+["']?(haiku|sonnet|opus)/i);
                 const confMatch = result.match(/confidence[:\s]+([0-9.]+)/i);
@@ -88,8 +88,8 @@ export class ModelRouterBridge {
         }
         if (this.claudeFlowAvailable) {
             try {
-                const { execSync } = await import('child_process');
-                execSync(`npx --no-install @claude-flow/cli hooks model-outcome --task ${this.escapeArg(outcome.task)} --model ${outcome.model} --outcome ${outcome.outcome}`, { encoding: 'utf-8', timeout: 10000, cwd: this.options.projectRoot });
+                const { execFileSync } = await import('child_process');
+                execFileSync('npx', ['--no-install', '@claude-flow/cli', 'hooks', 'model-outcome', '--task', outcome.task, '--model', outcome.model, '--outcome', outcome.outcome], { encoding: 'utf-8', timeout: 10000, cwd: this.options.projectRoot });
             }
             catch (error) {
                 // Non-critical: outcome recording is optional
@@ -172,19 +172,6 @@ export class ModelRouterBridge {
             reasoning: 'Medium complexity task - using sonnet for balance',
         };
     }
-    /**
-     * Escape shell argument using $'...' syntax for complete safety
-     * This ANSI-C quoting handles ALL special characters including backslashes
-     * CodeQL: js/incomplete-sanitization - Fixed by escaping backslashes AND quotes
-     */
-    escapeArg(arg) {
-        // Escape backslashes first, then single quotes, using ANSI-C quoting
-        // $'...' syntax interprets escape sequences like \\ and \'
-        const escaped = arg
-            .replace(/\\/g, '\\\\') // Escape backslashes first
-            .replace(/'/g, "\\'"); // Then escape single quotes
-        return "$'" + escaped + "'";
-    }
 }
 /**
  * Create model router bridge

package/dist/adapters/claude-flow/pretrain-bridge.d.ts

@@ -49,12 +49,6 @@ export declare class PretrainBridge {
      * Check if Claude Flow is available
      */
     isClaudeFlowAvailable(): boolean;
-    /**
-     * Escape shell argument using $'...' syntax for complete safety
-     * This ANSI-C quoting handles ALL special characters including backslashes
-     * CodeQL: js/incomplete-sanitization - Fixed by escaping backslashes AND quotes
-     */
-    private escapeArg;
     /**
      * Local analysis using file system scanning
      */