Multi-Provider Runtime
Teams can standardize on Claude, Codex, or both. Developers can choose the agent that fits the task while keeping the same governance, profiles, and audit surface.
SCC CLI
Run Claude Code and Codex in governed container sandboxes with network controls, team-managed profiles, and built-in guardrails
Start Here
Section titled “Start Here”Most readers do not need to browse the whole docs tree.
If you just want to get productive quickly, follow this path:
1. Quick Start Install SCC, connect Claude and/or Codex, and launch your first sandboxed session
2. Core Concepts Understand providers, sessions, profiles, worktrees, and network policy
3. Daily Workflow Learn the commands you will actually use every day: start, resume, stop, list, and worktrees
If you are evaluating SCC rather than using it day to day, start with What is SCC?, then read Security Model and Architecture Overview.
Find Your Path
Section titled “Find Your Path” I'm joining a team Get running in 30 seconds with your team's config
I manage a team Configure plugins and profiles for your developers
I'm an org admin Set up security policies and governance
I'm evaluating SCC Learn what SCC does and why
Popular Topics
Section titled “Popular Topics”These pages answer the questions that usually bring new readers to SCC in the first place.
Why sandbox AI coding agents? Understand the real risks, where containers help, and where network controls matter
AI coding agent governance See how organizations roll out Claude, Codex, or both without losing control
Network controls for AI coding agents Understand why container isolation is not enough on its own
How SCC handles network access See how open, web-egress-enforced, and locked-down-web differ in practice
Run agents in containers Understand the container model, first-run image builds, and runtime choices
Compare SCC with local agent use See the tradeoffs between local convenience and governed team rollout
Why SCC?
Section titled “Why SCC?”Container Isolation
Code runs in OCI container sandboxes. The agent only sees the mounted workspace instead of your full host filesystem.
Network Egress Control
Containers alone do not stop an agent from reaching the network. SCC can leave egress open, force HTTP/HTTPS through a proxy sidecar, or disable network access entirely.
Standardized Configs
Organization-managed profiles distributed via a single URL. No manual setup for developers.
Built-in Safety Engine
Fail-closed wrappers block destructive git commands and intercept network tools inside every container, even if an agent-native plugin is missing or disabled.
If the main concern is what an agent can reach on your network, start with Security Model or Why Sandbox AI Coding Agents. Containers help, but they are not the whole boundary.
Quick Start
Section titled “Quick Start”-
Install SCC CLI
Terminal window uv tool install scc-cliTerminal window pipx install scc-cliTerminal window pip install scc-cli -
Verify your environment
Terminal window scc doctor -
Configure and launch
Terminal window scc setup # Paste your org config URL, connect providersscc start # Launch in current directory
SCC setup can connect Claude, Codex, or both. If your organization allows both, developers can keep a default or ask each time and choose the right provider per task.
Who Controls What
Section titled “Who Controls What”| Setting | Org Admin | Team Lead | Developer |
|---|---|---|---|
| Block dangerous plugins | ✅ Sets | ❌ Cannot override | ❌ Cannot override |
| Default plugins for all teams | ✅ Sets | — | — |
| Team-specific plugins | ✅ Approves | ✅ Chooses | — |
| Project-local config (.scc.yaml) | ✅ Can restrict | ✅ Can restrict | ✅ Extends |
| Safety-net policy | ✅ Sets | ❌ Cannot override | ❌ Cannot override |
| Provider choice | ✅ Sets allowed list | — | ✅ Chooses from allowed |
Learn more about governance Understand the full delegation and security model