Skip to main content
Guardrails are at the core of Corridor’s approach—they are security rules and best practices that Corridor enforces in your code. Guardrails give AI coding agents the context they need to write secure code from the start, proactively ensuring that vulnerable patterns are never introduced. Guardrails also run as checks on code diffs in pull requests—if code in a PR violates a guardrail, Corridor catches it and flags it for review.

Why guardrails matter

Traditional security tools run after code is committed—by then, the vulnerability exists and requires remediation. Corridor’s guardrails shift security left by integrating directly into the AI code generation process:
  • Prevention over detection: Security context guides the AI to avoid vulnerable patterns
  • Zero developer friction: No separate security review step—it happens during coding
  • Reduced remediation costs: Fixing a vulnerability before it’s written costs nothing

How guardrails work

Guardrails operate through MCP and Hooks, which allow Corridor to participate in AI interactions:
  1. Developer prompts AI: “Write a function to query the database”
  2. Corridor analyzes context: Project type, existing code patterns, security policies
  3. Security context provided: Guardrails inform the AI about relevant risks (e.g., SQL injection, parameterized queries)
  4. AI generates secure code: The response incorporates security best practices
  5. Activity logged: The interaction is recorded for audit and analytics
Guardrails function at two levels:
  • During code generation: Guardrails provide additional context to AI models (via MCP) so the AI avoids insecure suggestions. This happens invisibly as you code
  • During code review: Guardrails run as checks on code diffs in pull requests. If code in a PR violates a guardrail, Corridor catches it and flags it for review

Configuring guardrails

By default, Corridor applies the Corridor Default Security Pack: a comprehensive pack of essential security guardrails covering common vulnerability classes including injection attacks, authentication issues, and access control flaws. Corridor also provides pre-loaded security packs tailored to specific languages, app types, and standards. Teams can create custom packs on the Team Guardrails page comprised of guardrails unique to their needs. See Configuring Guardrails for detailed instructions on setting up default packs, custom guardrails, and custom context.

Managing guardrails via AI assistant

If you have the Corridor MCP integration set up, your AI assistant can interact with guardrails directly:
  • View guardrails: Ask your AI “What guardrails should I follow?” and it will call Corridor’s getGuardrails tool to retrieve security guardrails and context documents for the project
  • Create guardrails: Tell your AI “Create a guardrail for SQL injection prevention” and it will call createGuardrail to create a new guardrail programmatically
See Corridor MCP for the full list of available tools and requirements.

Next steps

Configuring Guardrails

Set up and customize guardrails for your projects

PR Reviews

Automated security reviews on pull requests

Findings

Track and remediate security issues