v2026.2.14

Previous release

AIWG v2026.2.14 — "Forensics & Manageability" Release

Released: 2026-02-28

This release adds a complete digital forensics framework, codebase manageability tooling that keeps agent-generated code within processable limits, 17 specialist agents with team compositions, a UAT testing addon, and 8 model/prompting guides.

Highlights

What changedWhy you care
Forensics-complete DFIR frameworkFull incident response lifecycle with 13 agents, Sigma hunting, and evidence chain-of-custody
Codebase manageability toolingRules and tools that prevent agent-generated codebases from growing past context window limits
17 specialist agents + 7 team configsCloud platform experts, framework specialists, and pre-built team compositions
UAT-MCP toolkit addonMCP-powered user acceptance testing with structured plans and coverage tracking
8 model & prompting guidesOptimization guides for Claude, GPT, local models, and 4 prompting technique deep-dives

Forensics-Complete Framework

A new full framework for digital forensics and incident response (DFIR), deployable via `aiwg use forensics`:

aiwg use forensics              # Deploy forensics framework
/forensics-investigate           # Start an investigation
/forensics-triage                # Quick triage of an incident
/forensics-timeline              # Build forensic timeline

What's Included

CategoryCountExamples
Agents13acquisition-agent, memory-analyst, network-analyst, cloud-analyst, container-analyst, IOC-analyst, persistence-hunter, timeline-builder, triage-agent
Commands9forensics-investigate, forensics-triage, forensics-acquire, forensics-hunt, forensics-ioc, forensics-timeline, forensics-profile, forensics-report, forensics-status
Skills10linux-forensics, cloud-forensics, container-forensics, memory-forensics, evidence-preservation, sigma-hunting, ioc-extraction, log-analysis, supply-chain-forensics, target-profiling
Rules4evidence-integrity, non-destructive, red-flag-escalation, volatility-order
Templates7investigation-plan, forensic-report, incident-timeline, chain-of-custody, IOC-register, remediation-plan, sigma-rule
Schemas5evidence-manifest, finding, investigation-plan, ioc-entry, target-profile
Sigma Rules8Linux persistence, SSH brute force, container escape, AWS IAM escalation, and more

Key Capabilities

  • Evidence preservation — chain-of-custody tracking and hash verification at every step
  • Sigma rule hunting — custom Sigma rules for Linux, Docker, and cloud environments
  • Multi-environment — dedicated analysts for cloud (AWS/Azure/GCP), containers, network, and memory
  • AI-assisted analysis — agents research attack patterns and recommend investigation paths
  • Structured reporting — court-ready report templates with findings, evidence, and timeline

Codebase Manageability Tooling

Users reported that codebases built with AIWG agents grew into large, complex files that agents later struggled to process. This release adds prevention, detection, and remediation tooling.

Prevention: Rules

Agent-friendly code (`agent-friendly-code.md`) defines quantitative thresholds:

MetricWarningError
File length300 LOC500 LOC
Function length30 lines50 lines
Nesting depth3 levels4 levels
Function parameters46
Cyclomatic complexity1015

Agent generation guardrails (`agent-generation-guardrails.md`) enforces these at write time — agents check file size before appending and split proactively when thresholds would be exceeded.

Detection: Commands

# Scan codebase and get agent-readiness score
/codebase-health

# CI gate that returns pass/fail
/complexity-gate --format json --baseline .aiwg/complexity-baseline.json

# Pre-commit hook integration
/complexity-gate --changed-only

`/codebase-health` produces a dashboard with readiness score (0-100), file size distribution, anti-pattern detection (barrel files, generic names), and recommendations.

`/complexity-gate` returns exit code 0/1 for CI integration. Supports baseline mode for incremental adoption — existing violations don't fail the build, but new ones do.

Remediation: Skills

# Navigate a large file without reading it all
/code-chunker src/extensions/registry.ts

# Get a guided split plan
/decompose-file src/extensions/registry.ts

# Execute the split with import rewiring
/decompose-file src/extensions/registry.ts --execute

`/code-chunker` produces navigable structural maps (table of contents) so agents can read specific sections instead of entire files.

`/decompose-file` analyzes dependencies, proposes a split plan, and optionally executes the refactoring with import rewiring and test verification.

17 Specialist Agents

New domain-specific agents for cloud, frontend, and specialized development:

CategoryAgents
Cloud PlatformsAWS Specialist, Azure Specialist, GCP Specialist, Multi-Cloud Strategist
FrameworksReact Expert, Django Expert, Spring Boot Expert
InfrastructureKubernetes Expert, Cost Optimizer
SpecializedAI/ML Engineer, Blockchain Developer, Data Engineer, Frontend Specialist, Mobile Developer
GovernanceCompliance Checker, Migration Planner, Technical Debt Analyst

Team Compositions

7 pre-built team configurations in `teams/` define agent rosters for common scenarios:

# Available team configs
teams/api-development.json      # API-focused team
teams/full-stack.json           # Full-stack development
teams/greenfield.json           # New project bootstrap
teams/maintenance.json          # Legacy maintenance
teams/migration.json            # Platform migration
teams/security-review.json      # Security audit team

Each team config specifies agent roles, coordination patterns, and recommended workflows.

UAT-MCP Toolkit Addon

New addon for structured user acceptance testing:

aiwg use uat-mcp                # Deploy UAT toolkit

/uat-generate                    # Generate test plan from requirements
/uat-execute                     # Execute test cases with MCP
/uat-report                      # Generate coverage report

Includes 2 agents (uat-planner, uat-executor), 3 commands, 1 skill (uat-mode), 3 YAML schemas, and 4 templates.

Model & Prompting Guides

8 new documentation guides:

Model Optimization (`docs/models/`):

  • Claude optimization — context window strategies, tool use patterns
  • GPT optimization — function calling, structured outputs
  • Local models — quantization, hardware requirements, deployment
  • Hybrid architectures — routing between models based on task complexity

Prompting Techniques (`docs/prompting/`):

  • Chain-of-thought — structured reasoning for complex tasks
  • Context optimization — managing context windows effectively
  • Few-shot learning — example selection and formatting
  • Role-based prompting — persona design and voice consistency

Migration Notes

No breaking changes. All new features are additive.

  • New rules (agent-friendly-code, agent-generation-guardrails) are SDLC-tier HIGH — they activate when the SDLC framework is deployed
  • Forensics framework is independent — deploy with `aiwg use forensics`
  • UAT-MCP addon is independent — deploy with `aiwg use uat-mcp`
  • Team compositions are opt-in — reference them when setting up multi-agent workflows

Install / Update

npm install -g aiwg@latest
aiwg version                     # Should show 2026.2.14
aiwg use sdlc                   # Re-deploy to get new rules, agents, commands, skills

Full Changelog

See Changelog for complete details.