MCP compliance is currently supported with Cursor and Claude Code via Hooks.
Why control MCP servers?
MCP servers can access local files, make network requests, execute code, and read environment variables. Without controls, developers might use MCP servers that leak sensitive code to unauthorized services or introduce security vulnerabilities.How it works
MCP compliance is enforced via Hooks—deterministic scripts that run before MCP calls are made. When an AI agent attempts to use an MCP server, Corridor’s hook intercepts the call, checks it against your team’s policies, and allows or blocks it accordingly. This happens transparently without adding latency to permitted requests.- See what’s being used: Every MCP server invocation is logged via hooks
- Enforce policies: Hooks block unauthorized servers before they can execute
- Audit trail: Full history of AI tool usage for compliance
Compliance modes
Configure MCP compliance at the team level:| Mode | Description |
|---|---|
| Disabled | No restrictions—all MCP servers allowed |
| Allowlist | Only specified servers are permitted (most secure) |
| Blocklist | All servers except specified ones are permitted (flexible) |
Configuring policies
- Navigate to the Compliance tab in the Corridor dashboard
- Select a compliance mode (Allowlist or Blocklist)
- Add servers to your allow or block list
- Click Save
How policies are enforced
When a developer uses an AI assistant in Cursor or Claude Code:- MCP call intercepted: The AI attempts to call an MCP server and Corridor’s hook triggers
- Policy checked: The hook evaluates the server against your team’s compliance policy
- Action taken: The request is allowed through or blocked with a compliance error
- Logged: All invocations are recorded for audit