Config Setup
This guide walks through creating your organization’s SCC configuration file.
Configuration File Structure
Section titled “Configuration File Structure”The org config is a JSON file with these main sections:
{ "schema_version": "1.0.0", "organization": { "name": "Acme Corp", "id": "acme" }, "marketplaces": { }, "security": { }, "defaults": { }, "delegation": { }, "profiles": { }}Creating Your Config
Section titled “Creating Your Config”-
Start with the basics
org-config.json {"schema_version": "1.0.0","organization": {"name": "Your Company","id": "your-company"}} -
Add plugin marketplaces
{"marketplaces": {"sandboxed-code-official": {"source": "github","owner": "CCimen","repo": "sandboxed-code-plugins"},"internal": {"source": "github","owner": "your-org","repo": "scc-plugins"}}} -
Define security policies
{"security": {"blocked_plugins": ["*experimental*", "*beta*"],"blocked_base_images": ["*:latest"],"allow_stdio_mcp": false}} -
Set organization defaults
{"defaults": {"enabled_plugins": ["scc-safety-net@sandboxed-code-official"],"session": {"timeout_hours": 12,"auto_resume": true}}} -
Create team profiles
{"profiles": {"backend": {"description": "Backend development team","additional_plugins": ["java-analyzer@internal"]},"frontend": {"description": "Frontend development team","additional_plugins": ["react-tools@internal"]}}} -
Validate
Terminal window scc org validate org-config.json
Complete Example
Section titled “Complete Example”{ "schema_version": "1.0.0", "organization": { "name": "Acme Corp", "id": "acme" }, "marketplaces": { "sandboxed-code-official": { "source": "github", "owner": "CCimen", "repo": "sandboxed-code-plugins" }, "internal": { "source": "github", "owner": "acme", "repo": "scc-plugins" } }, "security": { "blocked_plugins": ["*experimental*"], "blocked_mcp_servers": ["*.untrusted.com"], "blocked_base_images": ["*:latest"], "allow_stdio_mcp": false }, "defaults": { "enabled_plugins": [ "scc-safety-net@sandboxed-code-official" ], "session": { "timeout_hours": 12, "auto_resume": true } }, "delegation": { "teams": { "allow_additional_plugins": ["*"], "allow_additional_mcp_servers": ["platform", "data"] } }, "profiles": { "backend": { "description": "Backend development", "additional_plugins": ["java-analyzer@internal"], "delegation": { "allow_project_overrides": true } }, "frontend": { "description": "Frontend development", "additional_plugins": ["react-tools@internal"], "delegation": { "allow_project_overrides": true } }, "platform": { "description": "Platform engineering", "additional_plugins": ["k8s-tools@internal"], "additional_mcp_servers": { "monitoring": { "type": "http", "url": "https://monitoring.internal/mcp" } } } }}Hosting Your Config
Section titled “Hosting Your Config”Host in a public GitHub repository:
https://raw.githubusercontent.com/your-org/scc-config/main/org-config.jsonDevelopers configure with:
scc setup --org-url https://raw.githubusercontent.com/your-org/scc-config/main/org-config.jsonHost in a private repository with token auth:
export SCC_ORG_TOKEN="ghp_xxxxx"scc setup --org-url https://api.github.com/repos/your-org/scc-config/contents/org-config.jsonHost on any HTTPS server:
https://config.your-company.com/scc/org-config.jsonDevelopers configure with:
scc setup --org-url https://config.your-company.com/scc/org-config.jsonEnvironment Variable
Section titled “Environment Variable”Developers can set the org URL as an environment variable:
export SCC_ORG_URL="https://config.your-company.com/scc/org-config.json"This avoids needing to specify --org-url on every command.
Config Caching
Section titled “Config Caching”SCC caches the org config locally:
| Setting | Value |
|---|---|
| Cache location | ~/.cache/scc/org-config/ |
| Cache TTL | 24 hours |
| Force refresh | scc update --force |
Validation Commands
Section titled “Validation Commands”# Validate config syntaxscc org validate org-config.json
# Check org status and cachescc org status
# Force refresh from remotescc org update --force