Agentless Mini: Modular Workflow Approach

• Agentless Mini is a structured workflow paradigm that decomposes complex tasks into discrete, verifiable steps in software engineering and cybersecurity.
• It has demonstrated high efficiency in dynamic malware analysis by avoiding detectable in-guest agents and capturing comprehensive behavioral logs via hypervisor-level monitoring.
• The methodology enables cost-effective automated patch generation through sequential modules for localization, repair, and validation, fostering transferable skill priors.

Agentless Mini refers to structured, pipeline-based approaches to software engineering automation and dynamic behavioral analysis that avoid granting autonomous decision-making capabilities to LLMs or software agents. The core principle is to decompose complex tasks into discrete, verifiable steps (such as localization, patch generation, and validation) that are executed in a fixed order, without iterative planning or free-form agentic action selection. In recent literature, "Agentless Mini" has also been used to denote compact or minimal variants of agentless workflows, particularly those that induce transferable "skill priors" for subsequent adaptation to more interactive software agents. This methodology has demonstrated notable efficiency and cost-effectiveness compared to more complex agent-based systems in both cybersecurity (via dynamic malware sandboxing) and automated software engineering, with high empirical performance on key benchmarks.

1. Foundational Concepts: Agentless vs. Agent-Based Paradigms

The agentless paradigm is characterized by its non-interactive, workflow-driven structure. Each phase is hard-coded and strictly sequenced, contrasting with agent-based frameworks where models are empowered to observe, plan, and execute actions over multiple rounds, potentially invoking external tools or commands, and responding to feedback in a manner reminiscent of autonomous agents.

In dynamic malware analysis (Ali et al., 2019), agentless sandboxes implement system-level monitoring at the hypervisor rather than through injected in-guest agents. This ensures that the behavior of evaluated software is not affected by detectable instrumentation, thereby capturing richer and more authentic behavioral traces. In software engineering automation (Xia et al., 1 Jul 2024, Yang et al., 27 Sep 2025), agentless approaches decompose the overall task (e.g., bug fixing) into static pipelines of localization, edit-generation, and patch validation, with the LLM responsible only for targeted, verifiable outputs at each stage.

By avoiding the entanglement and unpredictability of agent-based decision-making, agentless systems reduce both operational overhead and susceptibility to error compounding.

2. Agentless Mini in Dynamic Malware Analysis

In dynamic behavioral analysis for cybersecurity, agentless sandboxing achieves stealth by shifting behavioral monitoring entirely to the virtualization (hypervisor) layer. This means no agent process is executed inside the guest operating system, minimizing the risk of malware detecting the analysis environment. For example, malware that detects a monitoring agent (flag "A") via system inspection might self-terminate or suppress malicious behavior, eluding detection.

A direct comparison of agent-based (Cuckoo Sandbox) versus agentless (VMRay Analyzer) sandboxes shows that agentless designs excel at capturing zero-day behaviors, complex parent–child process relationships, and full behavioral logs. Agent-based sandboxes frequently yield incomplete traces from advanced threats such as Petya and Spyeye due to intentional evasion routines, ultimately declining the fidelity of downstream analysis and machine learning classification (Ali et al., 2019).

System Type	Detection Resistance	Behavioral Coverage
Agent-based	Low	Often limited (evasion)
Agentless	High	Comprehensive

A plausible implication is that minimal, agentless monitoring—i.e., Agentless Mini—represents a preferred baseline for dynamic behavioral analysis in adversarial settings, especially where evasion is common.

3. Agentless Mini for Autonomous Software Engineering

Agentless Mini methodologies for software engineering employ a three-stage pipeline (Xia et al., 1 Jul 2024):

1. Localization: Hierarchically reduces the problem scope, first parsing the repository structure into a tree, then extracting candidate files and lines for edit consideration. This process isolates the code regions relevant to the reported defect.
2. Repair: Once localized, context windows (e.g., ±10 lines around candidate locations) are selected, and the LLM is prompted to synthesize code edits strictly as "diff" or search/replace instructions, avoiding rewriting whole files to reduce hallucinations and cost.
3. Validation: Candidate patches are filtered through compilation/syntax checks and regression testing, with a majority voting/reranking mechanism applied after patch normalization (via Abstract Syntax Tree unparse and diff comparison).

This process is strictly sequential and non-iterative; the model is not permitted to make decisions about which tools to invoke or which steps to take next. The entire workflow enforces interpretability, debuggability, and reproducibility.

4. Quantitative Assessment and Benchmark Evaluation

Empirical studies on SWE-bench Lite (Xia et al., 1 Jul 2024) demonstrate that the agentless approach achieves superior or comparable fix rates at substantially reduced cost, even compared to state-of-the-art agentic methods. Specifically, Agentless achieves 27.33% solve rate (82/300 correct fixes) with average cost around $0.34 per issue. Furthermore, after filtering problematic instances to construct SWE-bench Lite-S (252 non-trivial, context-sufficient issues), agentless workflows enable more rigorous cross-system comparison. There is a strong observed correlation between localization accuracy (at file, function, and line scope) and downstream patching success; this underlines the value of highly modularized training and evaluation found in agentless pipelines.

In the context of model adaptation, the Kimi-Dev framework (Yang et al., 27 Sep 2025) demonstrates that agentless training recipes induce robust "skill priors" (localization, code edit, self-reflection) that are highly transferable. Kimi-Dev, after agentless mid-training with structured patch/test trajectories, achieves 60.4% on SWE-bench Verified and enables SWE-Agents, after minimal adaptation, to reach 48.6% pass@1—matching leading proprietary models.

5. Transferable Skill Priors and Adaptation in Compact Systems

A distinguishing aspect of Agentless Mini is the explicit induction of fine-grained, verifiable skills through workflow-based training. In Kimi-Dev (Yang et al., 27 Sep 2025), these skills—file localization, code edit formulation, and reasoning (via test-time self-play)—are acquired in a single-turn, stepwise context. This training does not require the agent to interact over free-form multi-turn dialogues with tools but still provides the underlying competencies that, once adapted with a relatively small number of agentic trajectories, enable flexible, multi-turn debugging and problem solving.

The reinforcement learning stage in Kimi-Dev is formulated as:

$$J(\theta) = \mathbb{E}_{q \sim P(Q), \{o_i\}_{i=1}^G} \left\{ \sum_{i=1}^G \left[ \left( R_i(q, o_i) - \text{mean}\{R_j\}_{j=1}^G - \tau \log\left(\frac{\pi_\theta(o_i | q)}{\pi_{\theta_\text{ref}}(o_i | q)}\right)\right)^2 \right] \right\}$$

where $q$ represents sampled prompts, $o_i$ are generated outputs, $R_i$ are rewards, and $\tau$ penalizes deviations from the reference policy. This mechanism, in conjunction with test-time self-play (aggregated bug fixes and regression evaluations), forms the foundation for reliable self-reflection and rational patch selection even in minimal, compact models.

6. Technical Blueprint and Practical Implementation

Agentless Mini systems can be instantiated by adhering to the following pipeline paradigm:

1. Repository Intake: Parse and encode repository structure as a tree.
2. Hierarchical Localization: Generate concise skeleton views (classes, functions) and narrow to probable edit sites.
3. Context Preparation: Select ±$x$ lines around probable sites, with $x$ typically set to 10.
4. Patch Generation: Instruct the LLM to produce candidate diffs/search-replace edits with a sampled temperature (e.g., 0.8), generating a set number of candidates.
5. Patch Normalization and Filtering: Convert patches into canonical AST-unparsed forms, compute text diffs, and filter duplicates.
6. Validation: Run test suites to select syntactically valid and functionally correct patches via majority voting.

Phase	Purpose	Key Mechanism
Localization	Identify bug-relevant code fragments	Tree, skeleton, narrowing
Repair	Generate targeted code edit proposals	Diff/search-replace, LLM
Validation	Score and select working patches	Test execution, AST diff

This structured workflow is cost-efficient, interpretable, and robust to overfitting and hallucination, with less risk of cumulative agentic errors.

7. Significance and Outlook

Agentless Mini exemplifies a robust trade-off between process transparency, performance, and resource efficiency in both malware analysis and automated programming. Workflow-driven methodologies not only match the efficacy of agent-based systems but also serve as strong foundations for skill transfer and later adaptation in more flexible agentic settings. This paradigm shift has motivated the construction of new, rigorously filtered benchmarks (e.g., SWE-bench Lite-S) and encourages a reevaluation of complexity in the design of autonomous coding systems.

A plausible implication is that increasing model scale or agentic freedom may not be the sole path to performance improvements. Instead, modular, interpretable agentless pipelines—possibly in minimal or "Mini" configurations—can underpin scalable and transferable solutions for automation in software engineering and cybersecurity. This approach is particularly relevant for compact deployments and for scenarios demanding interpretability and reproducibility. The continued development of skill-rich, agentless workflows and their systematic integration into agentic systems is anticipated to define future research trajectories in this area.