Validate Wizard
The validate wizard checks SCC configuration files for schema compliance and basic semantic checks. When SCC CLI is available, it reports the CLI’s validation output directly.
Quick Start
Section titled “Quick Start”/scc-wizard:validate path/to/org-config.jsonOr run without a path to search common locations.
Validation Pipeline
Section titled “Validation Pipeline”When the CLI is available, validation follows SCC’s current enforcement:
- Schema validation - JSON structure compliance
- Basic semantic check -
organization.default_profilereferences an existing team (org configs only)
When the CLI isn’t available, the wizard performs schema validation and may surface advisory checks (allowlists, delegation, stdio MCP) to prevent runtime surprises.
Using SCC CLI
Section titled “Using SCC CLI”When available, the wizard prefers native SCC validation:
# For org configsscc org validate org-config.json
# For team configsscc team validate --file team-config.jsonError Categories (CLI-enforced)
Section titled “Error Categories (CLI-enforced)”Schema Errors
Section titled “Schema Errors”JSON Schema violations that make the config invalid:
SCHEMA ERROR: Invalid organization.id format Path: organization.id Expected: lowercase letters, numbers, hyphens only Found: "Acme Corp" Fix: Use "acme-corp" insteadCommon schema errors:
- Missing required fields (
schema_version,organization.name,organization.id) - Invalid
organization.idpattern (must match^[a-z0-9-]+$) - Wrong field types
- Invalid enum values
Org Default Profile Errors
Section titled “Org Default Profile Errors”If organization.default_profile points to a team that doesn’t exist, validation fails:
DEFAULT_PROFILE ERROR: default_profile "backend" not found in profiles Fix: Update default_profile or add the team to profilesWizard Advisory Checks (not enforced by SCC CLI)
Section titled “Wizard Advisory Checks (not enforced by SCC CLI)”These warnings help catch runtime denials, but do not block scc org validate today:
- allowlist/delegation mismatches for plugins or MCP servers
- blocked plugins present in defaults
- stdio MCP requirements (allow_stdio_mcp + absolute command path)
- network_policy and session.auto_resume advisories
Results Format
Section titled “Results Format”## Validation Results for: org-config.json
Config type: Org config
### Errors (CLI-enforced)
1. SCHEMA ERROR: ...2. DEFAULT_PROFILE ERROR: ...
### Warnings (advisory)
1. WARNING: ...
### Summary
- Errors: 2- Warnings: 1- Status: INVALIDCommon Fixes
Section titled “Common Fixes”These fixes address advisory warnings and common runtime denials.
”Plugin not in allowlist”
Section titled “”Plugin not in allowlist””{ "defaults": { "allowed_plugins": ["*@sandboxed-code-official", "custom-*"] }}Remove the plugin from profiles.<team>.additional_plugins
Add to defaults.enabled_plugins if all teams need it
”Invalid plugin reference"
Section titled “”Invalid plugin reference"”// Wrong"enabled_plugins": ["scc-safety-net"]
// Correct"enabled_plugins": ["scc-safety-net@sandboxed-code-official"]"Marketplace not found”
Section titled “"Marketplace not found””Ensure the marketplace is defined:
{ "marketplaces": { "sandboxed-code-official": { "source": "github", "owner": "CCimen", "repo": "sandboxed-code-plugins" } }}CI Integration
Section titled “CI Integration”Run validation in CI pipelines:
# Validate org configscc org validate org-config.jsonif [ $? -ne 0 ]; then echo "Org config validation failed" exit 1fi
# Validate team configsfor config in teams/*/team-config.json; do scc team validate --file "$config" if [ $? -ne 0 ]; then echo "Team config validation failed: $config" exit 1 fidone