The compliance report we run every day uses the exact specs you are asking for, but I don't know of a way to have the version automatically change when a new version is available. I could see how this would be good in some cases, but not all companies are that aggressive.
In our case, we use:
Agent Last Communication within the last 1 week
Agent Version greater than or equal to 22.214.171.1247
VSE Version is greater than or equal to 126.96.36.1995
DAT Version within 7 days of repository
We usually want our VSE and Agent at least 1 version behind the latest, so when a new version is released, I just manually step up the version numbers in the query.
Hope that helps.