v2.0.0

SCC 2.0.0

SCC 2.0.0 makes SCC a provider-neutral runtime for AI coding agents.

It now supports Claude Code and Codex through the same governed launch path, with containerized onboarding, runtime safety, network controls, and team-managed configuration.

Highlights

• Multi-provider onboarding and launch: scc setup and scc start can connect and run Claude, Codex, or both. Added scc provider show|set and provider-aware session flows.
• OCI-first runtime: portable container runtime and SCC-owned images for Claude, Codex, the shared base image, and the egress proxy. Docker Desktop is supported, but no longer required.
• Real network controls: truthful network modes open, web-egress-enforced, and locked-down-web. Enforced web egress now uses an internal-only network plus a Squid proxy sidecar.
• Built-in safety engine: provider-neutral runtime safety for destructive git commands and explicit network tools. Added scc support safety-audit.
• Better org/team rollout: central org config, delegated team ownership, cleaner onboarding, worktree-aware workflows, and stronger diagnostics.
• Docs and branding refresh: SCC is now consistently Sandboxed Coding CLI across the README, docs, and product surfaces.

Why 2.0.0

This is a major release because SCC is no longer a Claude-shaped wrapper. It is now a multi-provider, governed runtime with new onboarding, runtime, safety, and network behavior.

Upgrade Notes

• Package version is now 2.0.0.
• Preferred runtimes remain Docker-compatible OCI environments such as Docker Engine, OrbStack, and Colima.
• If you use older network mode names, update them to:
  • open
  • web-egress-enforced
  • locked-down-web
• scc-safety-net remains Claude-focused today. SCC’s built-in safety engine is the provider-neutral baseline for both Claude and Codex.

Install or upgrade

uv tool install --upgrade scc-cli

Then run:

scc setup
scc doctor
scc

Read More

• Documentation: https://scc-cli.dev
• Architecture: https://scc-cli.dev/architecture/overview/
• Security model: https://scc-cli.dev/architecture/security-model/

v1.7.3

Release 1.7.3

Highlights

• Improve Claude plugin startup reliability by pre-seeding marketplace cache entries from injected
  settings, preventing transient "Plugin not found in marketplace" errors.

Fixes

• Use ISO-8601 timestamps for known_marketplaces.json entries to match Claude's schema and avoid startup
  stalls.
• Avoid writing plugin cache files to root-owned paths inside the container, reducing warnings.

Compatibility

• No breaking changes.

Tests

• pytest
• ruff check
• ruff format --check
• mypy src/scc_cli

What's Changed

• Seed container plugin marketplaces before startup by @CCimen in #96
• Bump version to 1.7.3 by @CCimen in #97

Full Changelog: v1.7.2...v1.7.3

v1.7.2

What’s Changed

• Polish config enforcement output and update examples by @CCimen in https://github.com/CCimen/scc/
  pull/94
• Release 1.7.2 by @CCimen in #95

Full Changelog: v1.7.1...v1.7.2

v1.7.1

SCC v1.7.1

Highlights

This release completes the v1 enforcement model, ensuring organization security policies are respected across all configuration layers, including personal profiles.

New Features

Personal Profile Enforcement

• Org security blocks now apply to personal profiles
  When applying a personal profile, SCC filters out plugins and MCP servers that are blocked by organization security policy.

• Skipped items warning
  Clear feedback when items are filtered, for example:
  Skipped plugin 'tool-name': blocked by org policy (*pattern*)

• Stdio MCP gating
  Personal profile stdio MCP servers are blocked when allow_stdio_mcp: false in org configuration.

Network Policy Improvements

• Proxy environment injection
  HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables are now correctly passed to containers when network_policy: corp-proxy-only.

Bug Fixes

• Fixed profile apply to respect org security policies (previously personal profiles could bypass blocks).
• Fixed proxy environment propagation in legacy launch path.

Test Coverage

• Added test_personal_profile_blocks_org_blocked_plugins
• Added test_personal_profile_blocks_org_blocked_mcp
• Added test_personal_profile_blocks_stdio_mcp_when_disabled
• Added test_launch_sandbox_passes_proxy_env

Documentation

• Updated security model documentation with accurate enforcement states.

• Added missing schema fields to org-schema reference:

  • min_cli_version
  • organization.contact
  • extra_marketplaces
  • cache_ttl_hours

• Clarified personal profile drift detection behavior.

• Documented skipped items warning output.

---

What's Changed

• Implement v1 enforcement wiring by @CCimen in #92
• Release 1.7.1: Personal profile enforcement and proxy env improvements by @CCimen in #93

Full Changelog:
v1.7.0...v1.7.1

v1.7.0

Release Notes — 1.7.0

Summary

This release focuses on stability, maintainability, and reliability, with several important bug fixes and a major internal refactor.
No breaking changes, but upgrading is recommended.

Highlights

• Fixed workspace/worktree switching issues that caused plugin marketplace errors.
• Improved Docker sandbox reliability on Docker Desktop (VirtioFS).
• Setup wizard now launches automatically when no organization is configured.
• Large internal architecture refactor to improve code quality, testability, and future development speed.

Bug Fixes

• Resolved stale plugin cache issues across workspace switches.
• Fixed broken “Switch team” navigation in Quick Resume.
• Stabilized Docker policy mounting and worktree cleanup.

Developer Notes

• Major internal refactor (ports & adapters, typed config models, application-layer use cases).
• Extensive new test coverage added.
• No user-facing breaking changes.

Full Changelog

v1.6.4...v1.7.0

v1.6.4

Release Notes — 1.6.4

Highlights

• Enforces strict schema_version: 1.0.0 for org and team configs; all legacy schema compatibility has been removed.
• $schema metadata is now ignored during validation, preventing org configs with JSON Schema hints from breaking marketplace sync.
• Wide-screen TUI alignment improvements across onboarding, launch panels, marketplace sync output, and protected-branch prompts.
• Clearer Docker preflight error when Docker Desktop is installed but not running.

Behavior Changes

• Org and team configs without schema_version or with versions other than 1.0.0 are now rejected.
• Federated team config remains limited to schema_version, enabled_plugins, disabled_plugins, and marketplaces.

Fixes & Improvements

• Marketplace sync and team validation now normalize org config data before Pydantic validation.
• Prompt and confirmation alignment respects layout padding on large terminals.
• Example configs and JSON schemas updated to reflect strict 1.0.0 semantics.

Developer / Internal

• Removed legacy config and marketplace compatibility layers and adapter logic.
• Validation paths simplified and test coverage updated to reflect stricter schema enforcement and layout helpers.

What’s Changed

• Org Config Schema Normalization & Legacy Cleanup (PR #87)
• chore(release): bump version to 1.6.4 (PR #88)

Full Changelog

v1.6.3...v1.6.4

v1.6.3

v1.6.3

Bug Fixes

• Windows: prevent crash on startup when readchar lacks SHIFT_TAB.
• Added fallback backtab sequences so Shift+Tab works where terminals emit them.
  Improvements
• Keymap initialization is now defensive on Windows, keeping Tab navigation stable across terminals.
  Full Changelog: v1.6.2...v1.6.3

v1.6.2

v1.6.2

New Features

• Unified TUI layout framing across setup, dashboard, pickers, settings, and help with gutter-based centering and consistent widths.
• GitLab/GitHub URL detection during setup with smarter token defaults and optional auth header support.
• Custom auth header persisted for org config fetches (e.g., PRIVATE-TOKEN) and used by doctor/update flows.

Improvements

• Cleaner, more consistent separators and spacing across interactive screens.
• Compact spacing on short terminal heights to reduce vertical clutter.
• Help overlay now respects shared layout sizing for a more polished presentation.

Bug Fixes

• Fixed setup navigation jitter by switching to Rich Live rendering for option lists.
• Allowed Enter key on Settings row in Status tab.

What's Changed

• fix(dashboard): allow Enter key on Settings row in Status tab by @CCimen in #80
• feat(tui): improve dashboard clarity and filter safety by @CCimen in #81
• feat(setup): polish wizard flow and layout by @CCimen in #82
• fix(setup): remove navigation jitter by @CCimen in #83
• chore(release): bump version to 1.6.2 by @CCimen in #84

Full Changelog: v1.6.1...v1.6.2

v1.6.1

v1.6.1

New Features

Sync Profiles TUI

A new Sync Profiles overlay in Settings → Profiles for managing profile synchronization without CLI commands:

• Export: Save profiles to a local folder

• Import: Load profiles from a local folder (includes a preview of changes)

• Full sync: Load then save (bidirectional)

• Configurable folder path (remembered for next time)

• Import preview shows:

  • + new
  • ~ updated
  • · unchanged

Profile Quick Menu

Press p from the dashboard to open a quick profile menu:

• Save current settings
• Apply saved profile
• Show diff
• Open in Settings

Bug Fixes

• Fixed action menu crashes: Container, Session, and Worktree action menus now work correctly (previously crashed with unhandled exceptions)
• Fixed session resume feedback: Resume action now shows “Resumed session” or “Resume failed” instead of silently failing
• Fixed Status tab hint: Removed non-functional “Space details” hint that didn’t apply to Status tab items

Documentation

• Updated README with the p keyboard shortcut and TUI profile integration
• Added Profile Commands to the CLI Reference navigation
• Added comprehensive profile documentation including TUI workflows

---

Full Changelog: v1.6.0...v1.6.1

v1.6.0

Release v1.6.0

Highlights

This release introduces a Refined Industrial aesthetic for the TUI dashboard, delivering a more polished and cohesive visual experience. The setup wizard now supports arrow-key navigation, and Docker Desktop sandbox containers are properly discovered and displayed.

New Features

Refined Industrial TUI Aesthetic

• Pill-style tabs: Active tab uses inverse styling (black on cyan) for improved visibility
• Rounded panel borders: Consistent box.ROUNDED styling across panels
• Monospace indicators: Clean text-friendly status markers (e.g., running/stopped, pinned, current branch)
• Improved separators: Uses · instead of │ for better scannability
• Consistent info formatting: Items now display as Team: draken, Containers: 3/3 running

Action Menus on Resource Tabs

• Enter on Containers: Opens an action menu (attach shell, view logs, stop/resume, delete)
• Enter on Sessions: Resumes the selected session
• Enter on Worktrees: Starts a session in the selected worktree
• a key: Quick access to the actions menu from any resource tab

Enhanced Setup Wizard

• Arrow-key navigation: All selection prompts support ↑↓
• Visible cursor: › indicates the current selection
• Consistent styling: Rounded panels with refined typography

Bug Fixes

Docker Desktop Sandbox Discovery

• Fixed container discovery to include Docker Desktop managed sandboxes
• Containers tab now correctly shows all SCC-managed containers regardless of Docker environment

Documentation

Updated Keyboard Shortcuts

The README now documents the complete dashboard keyboard shortcuts:

• ↑↓ — Navigate list
• Enter — Open action menu (containers/sessions/worktrees)
• Tab — Switch between tabs
• n — Start new session
• t — Switch team
• r — Refresh
• s — Settings & maintenance
• ? — Help
• q — Quit

Breaking Changes

None — all changes are backward compatible.

Upgrade

uv tool upgrade scc-cli
# or
pip install --upgrade scc-cli