Core concepts
Projects
A project represents a codebase that Corridor monitors. Projects are typically linked to a GitHub repository and track:- Guardrail invocations: Real-time security analysis during AI code generation
- PR reviews: Automated security analysis of pull requests
- Findings: Security issues discovered in your code
Teams
A team is a group of users who share projects, security policies, and billing. Every project belongs to exactly one team.Team roles
| Role | Permissions |
|---|---|
| Admin | Full access, manage members, projects, billing, and guardrail settings |
| Member | View projects, use IDE extension, respond to findings |
| IDE-Only User | Use IDE extension only—no dashboard access |
Guardrails
Guardrails are security rules that analyze AI interactions in real-time. Corridor integrates directly into your AI coding workflow via MCP and Hooks. When developers use agents such as Claude Code, Cursor, or VS Code with AI assistants, Corridor evaluates code generation requests and provides security context back to the AI. Unlike traditional static analysis that runs after code is written, guardrails operate during the AI generation process itself—security context is provided before code is generated, allowing the AI to avoid vulnerable patterns and prevent vulnerabilities rather than detect them after the fact.Findings
A finding is a security issue discovered by Corridor. Findings can come from PR reviews, guardrail violations, or code scans. Enterprises can use the Corridor chat feature to scan existing code. Each finding includes severity, state, code location, and actionable remediation steps. Track findings through resolution and monitor your security posture over time.PR reviews
Every pull request is automatically reviewed for security issues. When enabled, Corridor receives a webhook when a PR is opened or updated, analyzes the code changes for security vulnerabilities, and posts a review with specific findings and remediation guidance directly on GitHub. You can also configure Corridor to block PRs with critical issues from merging.MCP Compliance
MCP (Model Context Protocol) is the standard that allows AI assistants to use external tools. Corridor lets teams control which MCP servers are allowed through compliance policies. MCP servers can access files, make network requests, and execute code. Without oversight:- Sensitive data could leak to unauthorized services
- Unapproved tools could introduce security risks
- Shadow AI usage becomes invisible to security teams
Tier comparison
| Feature | Pro | Team | Enterprise |
|---|---|---|---|
| Team members | 1 | Up to 20 | Custom |
| Projects | 5 | 20 | Unlimited |
| PR reviews | 100/month | 100/dev/month | Unlimited |
| Guardrails | Standard | Standard + Custom | Standard + Custom |
| MCP compliance | ✓ | ✓ | ✓ |
| Team visibility | - | ✓ | ✓ |
| Chats | - | - | ✓ |
| SSO | - | - | ✓ |
| Zero data retention | - | - | ✓ |