Skip to content
SCC CLI

Safety Net Plugin

The scc-safety-net plugin adds agent-native git protection on top of SCC’s built-in safety engine.

Today the plugin is aimed at Claude Code. Codex support is planned. If your team uses Codex today, you still get SCC’s built-in cross-provider safety engine inside the container.

What It Blocks

Section titled “What It Blocks”
CommandWhy
git push --forceOverwrites remote history
git reset --hardDiscards uncommitted changes
git branch -DForce-deletes branches
git clean -fdDeletes untracked files

Installation

Section titled “Installation”
{
  "defaults": {
    "enabled_plugins": [
      "scc-safety-net@sandboxed-code-official"
    ]
  }
}

Configuration

Section titled “Configuration”

Policy modes:

  • block - Commands blocked (default)
  • warn - Commands allowed with warning
  • allow - Protection disabled

Current Scope

Section titled “Current Scope”
  • Shipped today: Claude Code hook-based protection
  • Planned next: Codex-native support
  • Always available: SCC’s built-in safety engine, which already protects both Claude and Codex at the wrapper/runtime layer

See Safety Net Guide for details.