Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.corridor.dev/llms.txt

Use this file to discover all available pages before exploring further.

Corridor integrates with VS Code and Cursor through the Corridor extension, providing real-time security guardrails as you code with AI assistants.

Prerequisites

  • VS Code or Cursor installed
  • A Corridor account with a team created
  • GitHub Copilot users (VS Code): GitHub Copilot with agent mode enabled. If your organization manages Copilot through GitHub Enterprise, an admin must enable external MCP servers in the Copilot policy settings (see Enable MCP for GitHub Copilot below).

Installation

1

Open the Extensions panel

In VS Code or Cursor, open the Extensions panel by pressing Cmd+Shift+X (macOS) or Ctrl+Shift+X (Windows/Linux).
2

Search for Corridor

Type “Corridor” in the search box.
3

Install the extension

Click Install on the Corridor extension.
4

Reload your editor

Reload your editor when prompted, or restart it manually.
After installation, you’ll see the Corridor icon in your sidebar.

Authentication

1

Open the Corridor panel

Click the Corridor icon in the activity bar.
2

Sign in

Click Sign in to Corridor and complete the browser authentication flow.
3

Verify connection

After authentication, your team name appears in the Corridor panel. Your AI assistant will now consult Corridor’s guardrails as you generate code.

Enable MCP for GitHub Copilot

Corridor’s MCP server is automatically registered with VS Code when you install and authenticate the Corridor extension. However, GitHub Copilot must have MCP support enabled to use it.

Personal accounts

MCP support in GitHub Copilot requires agent mode. Verify it’s enabled:
  1. Open VS Code Settings (Cmd+, on macOS or Ctrl+, on Windows/Linux)
  2. Search for chat.agent.enabled
  3. Ensure the setting is checked

GitHub Enterprise / Organization accounts

If your organization manages GitHub Copilot through GitHub Enterprise, an organization or enterprise admin must explicitly allow external MCP servers. Without this, Copilot will silently ignore MCP tools — including Corridor.
1

Open your GitHub organization settings

Go to your organization on GitHub and navigate to Settings → Copilot → Policies (or for enterprise accounts, Enterprise settings → Policies → Copilot).
2

Enable agent mode

Under Copilot in the IDE, find the Agent mode policy and set it to Enabled (or No policy to let individual members choose).
3

Allow external MCP servers

Under Copilot in the IDE, find the MCP servers policy. Set it to Enabled to allow members to use external MCP servers like Corridor, or select No policy to let individual members choose.
If external MCP servers are disabled in your organization’s Copilot policy, the Corridor MCP server will not appear in GitHub Copilot’s tool list — even though the extension is installed and authenticated. This is the most common setup issue for enterprise users.
After changing organization policies, team members may need to reload VS Code for the new settings to take effect.

Hooks

Hooks are deterministic scripts that run at specific points in the code generation process, enabling real-time security reviews and policy enforcement without interrupting your development flow. Hooks are automatically enabled in the latest version of the Corridor extension.

MCP compliance

Corridor tracks which MCP servers are active in your workspace and enforces your team’s policies. Unlike MCP relays, this approach integrates directly without adding latency or complexity. To configure MCP compliance settings, navigate to the Compliance tab in the Corridor dashboard and choose Allowlist Mode (allow only specific MCP servers) or Blocklist Mode (block specific MCP servers).

Stop hooks (experimental)

When an AI agent generates code, Corridor can automatically evaluate the diff at the moment of creation, identify potential security issues, and guide the agent to remediate problems iteratively—all in the background without disrupting your flow. By default, hooks run in monitoring mode and won’t block code generation. To enable blocking behavior:
  1. Open the Command Palette with Cmd+Shift+P (macOS) or Ctrl+Shift+P (Windows/Linux)
  2. Search for Corridor: Enable Stop Hooks and select it
  3. Hooks will now prevent code with critical security issues from being applied

Troubleshooting hooks

If hooks are not running:
  • Verify you’re using the latest version of the Corridor extension
  • Check that the extension is properly authenticated
  • Ensure that you’ve enabled hooks in the extension

Troubleshooting GitHub Copilot MCP

If Corridor’s MCP tools are not appearing in GitHub Copilot:
  • Check agent mode: Ensure agent mode is enabled in VS Code settings (chat.agent.enabled). Corridor’s MCP tools only work in agent mode.
  • Check organization policies: If you’re on a GitHub Enterprise or Organization-managed Copilot plan, verify that your admin has enabled both Agent mode and MCP servers in the Copilot policy settings. See Enable MCP for GitHub Copilot above.
  • Reload VS Code: After enabling policies or installing the extension, reload VS Code (Cmd+Shift+PDeveloper: Reload Window).
  • Verify extension authentication: Open the Corridor panel and ensure you’re signed in. The MCP server is only registered after successful authentication.

Next steps

Claude Code

Set up Corridor with Claude Code CLI

Guardrails

Learn how guardrails protect your code