Glossary
Core Concepts
Section titled “Core Concepts”Claude Code
Section titled “Claude Code”Anthropic’s AI coding CLI. SCC CLI runs the official Claude Code inside Docker sandboxes with team-managed policies and profiles.
Session
Section titled “Session”A Claude Code work session running inside a Docker container. Sessions persist across restarts and can be resumed with scc start --resume.
Sandboxed Coding CLI
Section titled “Sandboxed Coding CLI”A CLI that runs AI coding sessions inside an isolated environment (such as Docker) with controlled file, network, and policy access. SCC is a sandboxed coding CLI for Claude Code.
Sandbox
Section titled “Sandbox”The Docker container that isolates Claude Code from the host system. Sandboxes provide security through containerization while allowing workspace access.
Profile (Team Profile)
Section titled “Profile (Team Profile)”A configuration set for a specific team. Profiles define plugins, MCP servers, session settings, and delegation rules.
Worktree
Section titled “Worktree”A git worktree created for parallel development. Each worktree has its own working directory and can run independent Claude sessions.
Workspace
Section titled “Workspace”The directory mounted into the sandbox. Typically a git repository root where Claude Code operates.
Configuration
Section titled “Configuration”Organization Config (org-config.json)
Section titled “Organization Config (org-config.json)”The top-level configuration file hosted by an organization. Defines security policies, marketplaces, defaults, and team profiles.
Team Config
Section titled “Team Config”Configuration specific to a team. Can be inline (in org config) or federated (external repository).
Project Config (.scc.yaml)
Section titled “Project Config (.scc.yaml)”Optional per-repository configuration. Allows projects to add plugins and MCP servers within team-allowed boundaries.
Federation (Federated Teams)
Section titled “Federation (Federated Teams)”Teams that store their configuration in external repositories, enabling independent management while respecting organization security policies.
Config Source
Section titled “Config Source”The location of a federated team’s configuration (GitHub, GitLab, HTTPS URL).
Security & Governance
Section titled “Security & Governance”Security Block
Section titled “Security Block”Glob patterns that absolutely prevent usage of certain plugins, MCP servers, or Docker images. Cannot be overridden.
Delegation
Section titled “Delegation”The system controlling which teams can add resources and whether projects can extend team configurations.
Exception
Section titled “Exception”A time-bounded override for governance controls. Local overrides bypass delegation; policy exceptions bypass security blocks.
Trust Grant
Section titled “Trust Grant”Permissions given to federated teams, controlling marketplace inheritance and additional marketplace definitions.
Safety Net
Section titled “Safety Net”The scc-safety-net plugin that blocks destructive git commands like push --force and reset --hard.
Plugins & Tools
Section titled “Plugins & Tools”Plugin
Section titled “Plugin”An extension that adds capabilities to Claude Code. Installed from marketplaces.
Marketplace
Section titled “Marketplace”A repository containing plugins. Can be official, organization-internal, or team-specific.
MCP Server (Model Context Protocol)
Section titled “MCP Server (Model Context Protocol)”External services that provide context or tools to Claude. Types: HTTP, SSE (Server-Sent Events), or stdio (local process).
Stdio MCP
Section titled “Stdio MCP”An MCP server running as a local process. Disabled by default due to elevated privileges.
Operations
Section titled “Operations”Dry Run
Section titled “Dry Run”Preview mode that shows what would happen without actually executing. Used with scc start --dry-run.
Config Explain
Section titled “Config Explain”Command that shows effective configuration with source tracking. Run with scc config explain.
Inspection of installed plugins and their status. Run with scc audit plugins.
Cleanup of stopped containers or stale worktree entries.
Technical Terms
Section titled “Technical Terms”TTL (Time To Live)
Section titled “TTL (Time To Live)”Duration before an exception expires. Specified as 8h, 30m, 1d, etc.
Glob Pattern
Section titled “Glob Pattern”Wildcard pattern using * for matching. For example, *experimental* matches any string containing “experimental”.
Cache TTL
Section titled “Cache TTL”How long SCC caches remote configurations before re-fetching. Default: 24 hours.
Exit Code
Section titled “Exit Code”Numeric code returned by commands indicating success or failure type. See CLI Overview.
AI Development Terms
Section titled “AI Development Terms”AI Code Sandbox
Section titled “AI Code Sandbox”An isolated environment for running AI coding assistants safely. SCC provides an AI code sandbox using Docker containers, preventing AI from accessing files or systems outside the designated workspace.
Claude Code Guardrails
Section titled “Claude Code Guardrails”Policy controls that prevent Claude Code from executing dangerous commands or accessing restricted resources. SCC implements guardrails through Docker isolation, Safety Net (git protection), plugin governance, and network policies. See AI Coding Guardrails.
Docker Sandbox
Section titled “Docker Sandbox”A container-based isolation environment for secure code execution. SCC uses Docker sandboxes to run Claude Code in an isolated environment where the AI can only access mounted directories and approved resources.
AI Coding Security
Section titled “AI Coding Security”Practices and tools for safe AI-assisted development. Includes isolation (sandboxing), access control (plugin governance), history protection (Safety Net), and configuration management (team profiles). SCC provides comprehensive AI coding security for Claude Code.
AI Coding Assistant Isolation
Section titled “AI Coding Assistant Isolation”Separating AI coding assistant execution from the host system to limit potential damage. SCC achieves isolation through Docker containers, controlled mounts, and policy enforcement.