Security Risk
AI can execute arbitrary commands on your host machine, including destructive ones like rm -rf or git push --force.
What is SCC?
SCC (Sandboxed Claude CLI) runs Claude Code (Anthropic’s AI coding CLI) inside Docker containers with organization-managed team profiles and git worktree support.
The Problem SCC Solves
Section titled “The Problem SCC Solves”When teams use AI coding assistants, several challenges emerge:
Configuration Drift
Each developer sets up their environment differently, leading to inconsistent behavior and hard-to-reproduce issues.
Plugin Chaos
Without governance, developers install random plugins that may conflict or introduce security vulnerabilities.
Branch Pollution
AI experiments can pollute your main branch with commits that break the build or introduce bugs.
How SCC Helps
Section titled “How SCC Helps”Docker Isolation
Section titled “Docker Isolation”Every Claude Code session runs inside a Docker container. The AI can only access files you explicitly mount, and it cannot affect your host system directly.
Centralized Configuration
Section titled “Centralized Configuration”Organization admins define a single JSON config that specifies:
- Which plugins are allowed/blocked
- Which MCP servers teams can use
- Security policies (network access, base images)
- Team-specific profiles
Developers just run scc setup once and they’re ready.
Git Worktree Integration
Section titled “Git Worktree Integration”SCC uses git worktrees to create isolated branches for each task:
scc worktree create ~/project feature-auth# Creates isolated branch scc/feature-auth# Claude experiments here without touching mainSafety Net Plugin
Section titled “Safety Net Plugin”The official scc-safety-net plugin blocks dangerous git commands:
git push --forcegit reset --hardgit branch -D(force delete)git clean -fdgit checkout/restore(potential data loss)
Who Uses SCC?
Section titled “Who Uses SCC?”| Role | What SCC Provides |
|---|---|
| Developers | Instant setup, protected main branch, isolated experiments |
| Team Leaders | Approved plugin sets, consistent configs across the team |
| Org Admins | Security policies, blocked plugins, audit trails |
Requirements
Section titled “Requirements”- Python 3.10+
- Docker Desktop 4.50+ (requires sandbox support) — must be running with Docker Engine active
- Git 2.30+
- uv (recommended for installation)
Next Steps
Section titled “Next Steps”Quick Start
Ready to try it? Install and run in 30 seconds →
Core Concepts
Want to understand more? Learn the key concepts →