Org Config Wizard

The org config wizard helps you create, edit, and migrate SCC organization configurations with a success-first approach.

Quick Start

/scc-wizard:org

Choose Quickstart to get a working config in ~60 seconds.

Setup Modes

Quickstart (Recommended)

Get a minimal working config with just 2 inputs:

Select “Create new org config (Quickstart)”
Provide your organization name
Review the generated config
Optionally add features via the add-ons menu

What you get:

Official plugins marketplace configured
scc-safety-net enabled
Balanced security defaults
Ready to host and use

Guided Setup

Same baseline as Quickstart, then choose add-ons:

Add teams/profiles
Add an internal marketplace
Allow project overrides
Generate onboarding instructions
Customize security settings

Advanced Mode

Full control over every setting from the start:

Security presets (Balanced/Strict/Open/Custom)
Delegation rules
Allowlists and blocklists
All team/profile options

The Baseline Config

Every new config starts with this minimal, working baseline:

{
  "$schema": "https://scc-cli.dev/schemas/org-v1.json",
  "schema_version": "1.0.0",
  "organization": {
    "name": "Your Org",
    "id": "your-org"
  },
  "marketplaces": {
    "sandboxed-code-official": {
      "source": "github",
      "owner": "CCimen",
      "repo": "sandboxed-code-plugins",
      "branch": "main",
      "path": "/"
    }
  },
  "defaults": {
    "enabled_plugins": ["scc-safety-net@sandboxed-code-official"]
  },
  "security": {
    "safety_net": { "action": "block" }
  }
}

Adding Teams

When you choose “Add teams/profiles”, you’ll decide the governance model:

Org-managed (Recommended to Start)

The org admin controls plugin lists for all teams. No extra files needed.

{
  "profiles": {
    "backend": {
      "description": "Backend team",
      "additional_plugins": ["java-analyzer@internal"]
    }
  }
}

Benefits:

Single file to manage
Fast onboarding
Teams can still own plugin content via internal marketplaces

Team-managed (Recommended for Scale)

Each team maintains their own team-config.json file.

{
  "profiles": {
    "platform": {
      "config_source": {
        "source": "github",
        "owner": "your-org",
        "repo": "scc-team-configs",
        "branch": "main",
        "path": "teams/platform/team-config.json"
      }
    }
  }
}

Benefits:

Teams self-service their plugin lists
Org still enforces security boundaries
Better for large organizations

Update Mode

To edit an existing config:

Run /scc-wizard:org
Select “Update an existing org config file”
Provide the path (default: ./org-config.json)
Choose which section to edit
Save when done

Migration Mode

To move teams from org-managed to team-managed:

Run /scc-wizard:org
Select “Migrate org-managed teams → team-managed configs”
Load your existing config
Select which teams to migrate
Provide hosting details (GitHub/GitLab/HTTPS)
Wizard generates:
- Updated org config with config_source entries
- Starter team-config.json files for each team

Onboarding Instructions

After creating your config, generate onboarding instructions:

Select “Generate onboarding instructions”
Choose where you’ll host the config (GitHub/GitLab/HTTPS)
Indicate if the repo is public or private
Get the hosting URL and setup command

Example output (public GitHub):

1. Host org-config.json at:
   https://raw.githubusercontent.com/your-org/scc-config/main/org-config.json

2. Users run:
   scc setup --org https://raw.githubusercontent.com/your-org/scc-config/main/org-config.json

For private repos:

GITHUB_TOKEN=<token> scc setup --org https://raw.githubusercontent.com/your-org/scc-config/main/org-config.json

Tips

Naming Conventions

Field	Format	Example
`organization.id`	lowercase, hyphens only	`acme-corp`
Team names	lowercase, hyphens only	`backend`, `ai-team`
Marketplace names	lowercase, hyphens	`sandboxed-code-official`, `internal`

Allowlist Gotchas

Intent	JSON
Allow all	Omit the field entirely
Block all	`[]` (empty array)
Allow patterns	`["core-", "@sandboxed-code-official"]`