Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

MCP Server

Wiggum can run as an MCP (Model Context Protocol) server, allowing AI agents to invoke Wiggum’s capabilities mid-session.

The server implements MCP protocol version 2025-11-25 over stdio transport (newline-delimited JSON).

Starting the server

wiggum serve --mcp

This starts the MCP server using stdio transport.

Integration

To use Wiggum as an MCP server with your AI coding tool, add it to your MCP configuration. For example, in VS Code’s MCP settings:

{
  "servers": {
    "wiggum": {
      "command": "wiggum",
      "args": ["serve", "--mcp"]
    }
  }
}

This enables agents to generate plans and task scaffolds directly within a coding session, without leaving the editor.

Available tools

ToolDescription
wiggum_versionReturn wiggum version metadata (package, git SHA, MCP protocol)
wiggum_generate_planGenerate full scaffold from a plan TOML file path
wiggum_validate_planValidate a plan TOML file (dependency DAG check, missing fields)
wiggum_lint_planRun quality lint rules against a plan TOML file
wiggum_check_planScore plan quality on five dimensions (granularity, dependency health, coverage, richness, token budget); returns overall score 0–10 and actionable suggestions
wiggum_draft_planGenerate a skeleton plan.toml from a natural-language description; takes project_name, description, language, and optional task_slugs
wiggum_read_progressParse PROGRESS.md and return structured status
wiggum_update_progressUpdate a task’s status in PROGRESS.md
wiggum_list_templatesList available language/architecture templates
wiggum_reportGenerate a post-execution report from PROGRESS.md
wiggum_generate_agents_mdGenerate an AGENTS.md file from a plan TOML
wiggum_bootstrapScan an existing project directory and generate a skeleton plan TOML

Protocol compliance

The server handles all required lifecycle messages:

  • initialize — responds with protocolVersion: "2025-11-25" and tool capabilities
  • notifications/initialized and notifications/cancelled — silently acknowledged (no response, per spec)
  • ping — responds with an empty result at any lifecycle phase
  • tools/list — returns the full tool catalogue
  • tools/call — dispatches to the named tool and returns content + optional isError

Unknown methods return JSON-RPC error -32601. Tool execution errors are returned as tool results with isError: true rather than protocol errors, so agents can self-correct.

Runtime security guardrails

MCP tools/call execution includes a baseline guardrail pipeline:

  • Input guardrail: blocks mutating tools when arguments contain common prompt-injection patterns (for example, attempts to override instructions or request exfiltration).
  • Output redaction: redacts common sensitive values in tool output text before returning content to the caller (emails, SSN format, bearer tokens, and basic secret-assignment patterns).
  • Output hard block: blocks responses that still contain high-risk secret markers (for example private key headers).
  • Security events: emits structured security events via tracing with event type, tool name, and detail for incident investigation.
  • Session anomaly monitoring: tracks tool-call sequences in-process and emits alerts for high read volume and suspicious read-to-write pivots.

Set WIGGUM_MCP_GUARDRAIL_STRICT=true to hard-block on session anomalies instead of alert-only mode.

These controls are intentionally lightweight and deterministic. They provide a production baseline for MCP sessions and can be extended with stricter policy engines where required.