> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corridor.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# MCP Compliance

> Control which AI tools and MCP servers your team can use for secure AI-assisted development.

Corridor's MCP Compliance features ensure that AI coding assistants are used in a controlled, auditable way. This addresses questions like: "Are developers only using approved AI tools? Can we prove we're enforcing policies during AI-assisted development?"

<Note>
  MCP compliance is currently supported with **Cursor** and **Claude Code** via Hooks.
</Note>

## Why control MCP servers?

MCP servers can access local files, make network requests, execute code, and read environment variables. Without controls, developers might use MCP servers that leak sensitive code to unauthorized services or introduce security vulnerabilities.

## How it works

MCP compliance is enforced via **Hooks**—deterministic scripts that run before MCP calls are made. When an AI agent attempts to use an MCP server, Corridor's hook intercepts the call, checks it against your team's policies, and allows or blocks it accordingly. This happens transparently without adding latency to permitted requests.

* **See what's being used**: Every MCP server invocation is logged via hooks
* **Enforce policies**: Hooks block unauthorized servers before they can execute
* **Audit trail**: Full history of AI tool usage for compliance

### Compliance modes

Configure MCP compliance at the team level:

| Mode          | Description                                                |
| ------------- | ---------------------------------------------------------- |
| **Disabled**  | No restrictions—all MCP servers allowed                    |
| **Allowlist** | Only specified servers are permitted (most secure)         |
| **Blocklist** | All servers except specified ones are permitted (flexible) |

### Configuring policies

1. Navigate to the **Compliance** tab in the Corridor dashboard
2. Select a compliance mode (**Allowlist** or **Blocklist**)
3. Add servers to your allow or block list
4. Click **Save**

### How policies are enforced

When a developer uses an AI assistant in Cursor or Claude Code:

1. **MCP call intercepted**: The AI attempts to call an MCP server and Corridor's hook triggers
2. **Policy checked**: The hook evaluates the server against your team's compliance policy
3. **Action taken**: The request is allowed through or blocked with a compliance error
4. **Logged**: All invocations are recorded for audit

When a user belongs to multiple teams, the most restrictive policy applies—allowlist intersection and blocklist union.

## Next steps

<CardGroup cols={2}>
  <Card title="Guardrails" icon="shield-check" href="/features/guardrails">
    Configure security guardrails
  </Card>

  <Card title="Corridor MCP" icon="plug" href="/features/corridor-mcp">
    Explore Corridor's MCP tools
  </Card>
</CardGroup>