Skip to content
SCC CLI

Project Schema

Schema reference for project-level configuration (.scc.yaml).

Location

Section titled “Location”

Place .scc.yaml in your repository root:

my-project/
├── .scc.yaml
├── src/
└── ...

Requirements

Section titled “Requirements”

For .scc.yaml to take effect:

  1. Team must have delegation.allow_project_overrides: true
  2. Resources must not match security blocks
  3. Plugins must match team’s allow_additional_plugins patterns (if specified)

Top-Level Structure

Section titled “Top-Level Structure”
schema_version: "1.0.0"
additional_plugins: []
additional_mcp_servers: []
session: {}

schema_version

Section titled “schema_version”

Schema version for compatibility.

schema_version: "1.0.0"

additional_plugins

Section titled “additional_plugins”

Plugins to add for this project.

additional_plugins:
  - project-linter@internal
  - react-tools@official

Requirements:

  • Team must allow project overrides
  • Plugin must match team’s allow_additional_plugins patterns
  • Plugin must not match org’s blocked_plugins

additional_mcp_servers

Section titled “additional_mcp_servers”

MCP servers for this project.

additional_mcp_servers:
  - name: project-api
    type: http
    url: https://api.myproject.com/mcp

HTTP/SSE Server

Section titled “HTTP/SSE Server”
additional_mcp_servers:
  - name: context7
    type: sse
    url: https://context7.com/api
    auth:
      type: bearer
      token: env:CONTEXT7_TOKEN

Stdio Server

Section titled “Stdio Server”
additional_mcp_servers:
  - name: local-tool
    type: stdio
    command: /usr/local/bin/tool
    args:
      - --config
      - ./tool.conf

Requires:

  • Org to set security.allow_stdio_mcp: true
  • Command path to match security.allowed_stdio_prefixes

session

Section titled “session”

Session settings for this project.

session:
  timeout_hours: 8
  auto_resume: false

Project session settings override team settings.

Plugin Configuration

Section titled “Plugin Configuration”

Some plugins accept project-level configuration:

plugins:
  scc-safety-net:
    allow_force_push: true

Complete Example

Section titled “Complete Example”
schema_version: "1.0.0"


additional_plugins:
  - project-linter@internal
  - react-devtools@official
  - team-formatter@internal


additional_mcp_servers:
  - name: project-api
    type: http
    url: https://api.myproject.com/mcp
  - name: local-analyzer
    type: stdio
    command: /opt/tools/analyzer
    args:
      - --project
      - .


session:
  timeout_hours: 8
  auto_resume: true


plugins:
  scc-safety-net:
    allow_force_push: false

Validation

Section titled “Validation”

Validate your project config:

Terminal window
# In the project directory
scc config explain


# Check for denied additions
scc config explain --field denied_additions

Common Issues

Section titled “Common Issues”

”Team disallows project overrides”

Section titled “”Team disallows project overrides””
denied_additions:
  - my-plugin (reason: team disallows project overrides)

Team has delegation.allow_project_overrides: false.

”Plugin doesn’t match allowed patterns”

Section titled “”Plugin doesn’t match allowed patterns””
denied_additions:
  - custom-tool (reason: doesn't match allow_additional_plugins)

Plugin name doesn’t match team’s delegation.allow_additional_plugins patterns.

”Blocked by security policy”

Section titled “”Blocked by security policy””
blocked_items:
  - experimental-tool (blocked_by: *experimental*, source: org.security)

Plugin matches org’s security.blocked_plugins pattern.