Skip to content

Dev Environment Bridge

Run host-owned dev environment bridge actions that are already approved by the effective org/team/project configuration.

Terminal window
scc dev run <name> [workspace] [options]
scc dev logs <name> [workspace] [options]
scc dev health <name> [workspace] [options]
scc dev status [workspace] [options]

scc dev run <name> executes one accepted dev_environment.commands entry from the effective config. SCC runs only the configured fixed argv list; it does not accept shell strings or ad hoc command text.

Terminal window
scc config explain --field dev_environment
scc dev run test .
scc dev run test . --json

Options:

OptionDescription
--team TEAMTeam profile to use for effective config resolution
--provider PROVIDERProvider identity to include in audit metadata
--jsonOutput the command result as a JSON envelope
--prettyPretty-print JSON output
--output-limit-bytes NMaximum stdout/stderr tail bytes to retain per stream

Execution rules:

  • SCC resolves effective config for the selected team and workspace.
  • Unknown command names are denied and audited.
  • SCC writes a pre-execution audit event before starting the host process. If that audit write fails, the command does not run.
  • working_directory must be relative and remain inside the workspace after symlink resolution.
  • stdout/stderr are returned as bounded stdout/stderr tails.
  • Durable audit metadata stores status, duration, cwd, timeout, and byte counts; it does not store stdout/stderr content.

This command does not run inside the SCC agent container, does not mount the Docker socket into the agent container, and does not attach agent containers to project Compose or devcontainer networks.

scc dev logs <name> executes one accepted dev_environment.logs entry from the effective config. This section is intended for policy-approved, bounded service log retrieval such as docker compose logs --tail 100 api; SCC enforces the fixed argv, cwd, timeout, output bounds, and audit contract, not semantic read-only behavior inside the tool you choose.

Terminal window
scc dev logs api .
scc dev logs api . --json --output-limit-bytes 4096

The same execution rules as scc dev run apply: fixed argv, no shell strings, workspace-bounded cwd, pre-execution audit, timeout, and bounded stdout/stderr tails. Durable audit events use dev_environment.log.* event names and store byte counts, not log content.

scc dev health <name> executes one accepted dev_environment.health_checks entry from the effective config. This section is intended for policy-approved, bounded health checks such as an HTTP health endpoint or container status check; SCC enforces the fixed argv, cwd, timeout, output bounds, and audit contract, not semantic read-only behavior inside the tool you choose.

Terminal window
scc dev health api .
scc dev health api . --json

Health checks return the same JSON result shape as commands and logs. A non-zero exit code or timeout marks the result as failed. Durable audit events use dev_environment.health_check.* event names.

scc dev status shows the effective dev-environment bridge contract for the workspace and team. It does not execute any host process.

Terminal window
scc dev status .
scc dev status . --json

The JSON envelope uses kind DevEnvironmentStatus and lists accepted commands, logs, and health_checks with their fixed argv, working_directory, timeout_seconds, and descriptions. This is the preferred machine-readable surface for Claude and Codex sessions to inspect what the project allows before requesting an action.