Introduction
Wiggum is a CLI tool and MCP server that generates structured task files for autonomous AI coding workflows. It codifies a dependency-aware orchestration pattern — an orchestrator agent that drives subagents through a dependency-ordered task list until an entire project is implemented, hands-off.
What it does
Given a structured plan definition (TOML), Wiggum produces:
- Task files (
tasks/T{NN}-{slug}.md) — Structured markdown specs with goals, dependencies, implementation guidance, test requirements, preflight commands, and exit criteria - Progress tracker (
PROGRESS.md) — A phase/task table with status tracking and learnings - Orchestrator prompt (
orchestrator.prompt.md) — The agent-mode prompt that drives the loop - Implementation plan (
IMPLEMENTATION_PLAN.md) — Architecture overview for subagent context - Agents manifest (
AGENTS.md) — Agent role definitions
You can also opt in to:
- Strict mode (
[style] strict = true) — Injects language-specific rule sets beyond the baseline security rules, mirroring the verified-modern toolchain baseline (full pedantic clippy for Rust, golangci-lint v2 for Go, PHPStanlevel maxfor PHP, etc.). See Strict Standards. - Four output targets — VSCode + Copilot (default), opencode, Claude Code (full support via
CLAUDE.md+ hooks), andagent-rulesfor Cursor / Windsurf / GitHub Copilot users. See Targets.
Why it exists
Setting up an AI orchestration loop currently requires hand-authoring all of these artifacts. The structural and mechanical parts — numbering, dependency wiring, progress tables, preflight commands, orchestrator boilerplate — should be generated. The creative parts — what to build, architecture decisions, implementation details — come from the user.
Design principles
- Agent-agnostic — Wiggum generates artifacts, not agent invocations. Works with any AI coding tool that can read markdown.
- Scaffold, don’t execute — Wiggum produces plans and task files. Execution is someone else’s job.
- Language-aware — Ships with profiles for Rust, Go, TypeScript, Python, Java, C#, Kotlin, Swift, Ruby, Elixir, and PHP — providing sensible defaults for build, test, lint, and security audit commands.
- Security by default — Six OWASP-derived rules are injected into every task and orchestrator prompt automatically. Supply-chain audits run on every task completion. Plans with web-facing surface get an auto-appended security hardening task with verifiable exit criteria. None of this requires configuration.
- Multi-target — A single plan can emit artifacts for VSCode + Copilot, opencode, Claude Code, and Cursor / Windsurf / GitHub Copilot simultaneously. Each target gets the file format and agent conventions that IDE expects.