v2026.2.14
Previous release
AIWG v2026.2.14 — "Forensics & Manageability" Release
Released: 2026-02-28
This release adds a complete digital forensics framework, codebase manageability tooling that keeps agent-generated code within processable limits, 17 specialist agents with team compositions, a UAT testing addon, and 8 model/prompting guides.
Highlights
| What changed | Why you care |
|---|---|
| Forensics-complete DFIR framework | Full incident response lifecycle with 13 agents, Sigma hunting, and evidence chain-of-custody |
| Codebase manageability tooling | Rules and tools that prevent agent-generated codebases from growing past context window limits |
| 17 specialist agents + 7 team configs | Cloud platform experts, framework specialists, and pre-built team compositions |
| UAT-MCP toolkit addon | MCP-powered user acceptance testing with structured plans and coverage tracking |
| 8 model & prompting guides | Optimization guides for Claude, GPT, local models, and 4 prompting technique deep-dives |
Forensics-Complete Framework
A new full framework for digital forensics and incident response (DFIR), deployable via `aiwg use forensics`:
aiwg use forensics # Deploy forensics framework
/forensics-investigate # Start an investigation
/forensics-triage # Quick triage of an incident
/forensics-timeline # Build forensic timeline
What's Included
| Category | Count | Examples |
|---|---|---|
| Agents | 13 | acquisition-agent, memory-analyst, network-analyst, cloud-analyst, container-analyst, IOC-analyst, persistence-hunter, timeline-builder, triage-agent |
| Commands | 9 | forensics-investigate, forensics-triage, forensics-acquire, forensics-hunt, forensics-ioc, forensics-timeline, forensics-profile, forensics-report, forensics-status |
| Skills | 10 | linux-forensics, cloud-forensics, container-forensics, memory-forensics, evidence-preservation, sigma-hunting, ioc-extraction, log-analysis, supply-chain-forensics, target-profiling |
| Rules | 4 | evidence-integrity, non-destructive, red-flag-escalation, volatility-order |
| Templates | 7 | investigation-plan, forensic-report, incident-timeline, chain-of-custody, IOC-register, remediation-plan, sigma-rule |
| Schemas | 5 | evidence-manifest, finding, investigation-plan, ioc-entry, target-profile |
| Sigma Rules | 8 | Linux persistence, SSH brute force, container escape, AWS IAM escalation, and more |
Key Capabilities
- Evidence preservation — chain-of-custody tracking and hash verification at every step
- Sigma rule hunting — custom Sigma rules for Linux, Docker, and cloud environments
- Multi-environment — dedicated analysts for cloud (AWS/Azure/GCP), containers, network, and memory
- AI-assisted analysis — agents research attack patterns and recommend investigation paths
- Structured reporting — court-ready report templates with findings, evidence, and timeline
Codebase Manageability Tooling
Users reported that codebases built with AIWG agents grew into large, complex files that agents later struggled to process. This release adds prevention, detection, and remediation tooling.
Prevention: Rules
Agent-friendly code (`agent-friendly-code.md`) defines quantitative thresholds:
| Metric | Warning | Error |
|---|---|---|
| File length | 300 LOC | 500 LOC |
| Function length | 30 lines | 50 lines |
| Nesting depth | 3 levels | 4 levels |
| Function parameters | 4 | 6 |
| Cyclomatic complexity | 10 | 15 |
Agent generation guardrails (`agent-generation-guardrails.md`) enforces these at write time — agents check file size before appending and split proactively when thresholds would be exceeded.
Detection: Commands
# Scan codebase and get agent-readiness score
/codebase-health
# CI gate that returns pass/fail
/complexity-gate --format json --baseline .aiwg/complexity-baseline.json
# Pre-commit hook integration
/complexity-gate --changed-only
`/codebase-health` produces a dashboard with readiness score (0-100), file size distribution, anti-pattern detection (barrel files, generic names), and recommendations.
`/complexity-gate` returns exit code 0/1 for CI integration. Supports baseline mode for incremental adoption — existing violations don't fail the build, but new ones do.
Remediation: Skills
# Navigate a large file without reading it all
/code-chunker src/extensions/registry.ts
# Get a guided split plan
/decompose-file src/extensions/registry.ts
# Execute the split with import rewiring
/decompose-file src/extensions/registry.ts --execute
`/code-chunker` produces navigable structural maps (table of contents) so agents can read specific sections instead of entire files.
`/decompose-file` analyzes dependencies, proposes a split plan, and optionally executes the refactoring with import rewiring and test verification.
17 Specialist Agents
New domain-specific agents for cloud, frontend, and specialized development:
| Category | Agents |
|---|---|
| Cloud Platforms | AWS Specialist, Azure Specialist, GCP Specialist, Multi-Cloud Strategist |
| Frameworks | React Expert, Django Expert, Spring Boot Expert |
| Infrastructure | Kubernetes Expert, Cost Optimizer |
| Specialized | AI/ML Engineer, Blockchain Developer, Data Engineer, Frontend Specialist, Mobile Developer |
| Governance | Compliance Checker, Migration Planner, Technical Debt Analyst |
Team Compositions
7 pre-built team configurations in `teams/` define agent rosters for common scenarios:
# Available team configs
teams/api-development.json # API-focused team
teams/full-stack.json # Full-stack development
teams/greenfield.json # New project bootstrap
teams/maintenance.json # Legacy maintenance
teams/migration.json # Platform migration
teams/security-review.json # Security audit team
Each team config specifies agent roles, coordination patterns, and recommended workflows.
UAT-MCP Toolkit Addon
New addon for structured user acceptance testing:
aiwg use uat-mcp # Deploy UAT toolkit
/uat-generate # Generate test plan from requirements
/uat-execute # Execute test cases with MCP
/uat-report # Generate coverage report
Includes 2 agents (uat-planner, uat-executor), 3 commands, 1 skill (uat-mode), 3 YAML schemas, and 4 templates.
Model & Prompting Guides
8 new documentation guides:
Model Optimization (`docs/models/`):
- Claude optimization — context window strategies, tool use patterns
- GPT optimization — function calling, structured outputs
- Local models — quantization, hardware requirements, deployment
- Hybrid architectures — routing between models based on task complexity
Prompting Techniques (`docs/prompting/`):
- Chain-of-thought — structured reasoning for complex tasks
- Context optimization — managing context windows effectively
- Few-shot learning — example selection and formatting
- Role-based prompting — persona design and voice consistency
Migration Notes
No breaking changes. All new features are additive.
- New rules (agent-friendly-code, agent-generation-guardrails) are SDLC-tier HIGH — they activate when the SDLC framework is deployed
- Forensics framework is independent — deploy with `aiwg use forensics`
- UAT-MCP addon is independent — deploy with `aiwg use uat-mcp`
- Team compositions are opt-in — reference them when setting up multi-agent workflows
Install / Update
npm install -g aiwg@latest
aiwg version # Should show 2026.2.14
aiwg use sdlc # Re-deploy to get new rules, agents, commands, skills
Full Changelog
See Changelog for complete details.