Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Language Profiles

Wiggum ships with built-in profiles for 11 programming languages. Each profile provides sensible defaults for build commands, test patterns, documentation style, error handling conventions, security rules, and a vulnerability audit command.

Supported languages

LanguageBuild commandTest commandLint commandAudit command
Rustcargo build --workspacecargo test --workspacecargo clippy --workspace -- -D warningscargo audit
Gogo build ./...go test -v ./...go vet ./... && golangci-lint run ./...govulncheck ./...
TypeScripttsc --noEmitvitest runeslint .npm audit --audit-level=high
Pythonpython -m py_compilepytest -vruff check .pip-audit
Javamvn compilemvn testmvn checkstyle:checkmvn dependency-check:check
C# / .NETdotnet build --nologo -v qdotnet test --nologo -v qdotnet format --verify-no-changesdotnet list package --vulnerable
Kotlingradle buildgradle testgradle detektgradle dependencyCheckAnalyze
Swiftswift buildswift testswiftlint(none — SwiftPM has no first-party SCA)
Rubyruby -cbundle exec rspecbundle exec rubocopbundle exec bundler-audit check --update
Elixirmix compile --warnings-as-errorsmix testmix credo --strictmix deps.audit
PHPcomposer install --no-interaction --no-progressvendor/bin/phpunitvendor/bin/php-cs-fixer fix --dry-run --diff && vendor/bin/phpstan analysecomposer audit

What profiles provide

Each language profile includes:

  • Build success phrase — The expected output indicating a successful build (e.g., “Compiling” for Rust, “Build complete” for Go)
  • Test file pattern — Where test files are typically found (e.g., tests/ for Rust, *_test.go for Go)
  • Doc style — Documentation conventions (e.g., /// doc comments for Rust, GoDoc for Go)
  • Error handling — Idiomatic error handling approach (e.g., Result<T, E> for Rust, error return values for Go)
  • Security rules — Language-specific rules covering OWASP categories plus crypto, deserialization, and path traversal (see Security); profiles currently define 14–16 rules depending on the language
  • Audit command — Supply-chain vulnerability scanner appended to every task’s preflight chain
  • AI avoidance rules — Guidelines to reduce detectability of AI-generated code (see below)
  • Comment guidelines — Best practices for meaningful, non-robotic comments
  • Strict rules — A deeper language-specific rule set that is injected only when [style] strict = true is set in the plan (see Strict Standards)

Profile defaults are applied in different places during generation: build/test/audit settings flow into generated task and preflight content, while security, AI-avoidance, and strict guidance are injected through the orchestrator and exit-criteria templates rather than directly into task.md.

AI avoidance rules

When [style] avoid_ai_patterns = true (the default), each language profile injects five AI avoidance rules:

RuleDescription
Slop vocabularyAvoid words like “robust”, “leverage”, “comprehensive”, “delve”, “embark”
Filler phrasesSkip “it’s worth noting that”, “at its core”, “let’s break this down”
Prompt leakageNever echo instructions or write “As an AI…” in code or comments
Natural writingUse direct, human language — not corporate jargon
Self-documentingPrefer meaningful names over excessive comments

Comment guidelines

Profiles also include language-specific comment guidance. Common themes include:

GuidelineDescription
WHY not WHATPrefer comments that explain reasoning, tradeoffs, or intent rather than restating the code
Preserve important annotationsKeep existing structured comments such as safety or security annotations when the target language and codebase use them
Delete tutorial commentsRemove temporary instructional or step-by-step comments after implementation
Use project conventions for TODOsFollow the repository’s existing TODO/FIXME ownership and formatting conventions
Doc contractsDocument preconditions, postconditions, and error cases when they are important to callers

Overriding defaults

You can override any default preflight command in your plan’s [preflight] section. Language profile defaults are used only when no explicit override is provided.

[preflight]
build = "cargo build --workspace --release"
audit = "cargo audit --deny warnings"

To disable the audit entirely, set it to an empty string:

[preflight]
audit = ""