> ## Documentation Index > Fetch the complete documentation index at: https://docs.corridor.dev/llms.txt > Use this file to discover all available pages before exploring further. # Core Concepts > Understand how Corridor works and the key concepts used throughout the platform. This page explains how Corridor helps secure AI-assisted development and the fundamental concepts you'll encounter when using the platform. ## Core concepts ### Projects A **project** represents a codebase that Corridor monitors. Projects are typically linked to a GitHub repository and track: * **Guardrail invocations**: Real-time security analysis during AI code generation * **PR reviews**: Automated security analysis of pull requests * **Findings**: Security issues discovered in your code ### Teams A **team** is a group of users who share projects, security policies, and billing. Every project belongs to exactly one team. #### Team roles | Role | Permissions | | ----------------- | ---------------------------------------------------------------------- | | **Admin** | Full access, manage members, projects, billing, and guardrail settings | | **Member** | View projects, use IDE extension, respond to findings | | **IDE-Only User** | Use IDE extension only—no dashboard access | ### Guardrails **Guardrails** are security rules that analyze AI interactions in real-time. Corridor integrates directly into your AI coding workflow via MCP and Hooks. When developers use agents such as Claude Code, Cursor, or VS Code with AI assistants, Corridor evaluates code generation requests and provides security context back to the AI. Unlike traditional static analysis that runs after code is written, guardrails operate during the AI generation process itself—security context is provided before code is generated, allowing the AI to avoid vulnerable patterns and prevent vulnerabilities rather than detect them after the fact. ### Findings A **finding** is a security issue discovered by Corridor. Findings can come from PR reviews, guardrail violations, or code scans. Enterprises can use the Corridor chat feature to scan existing code. Each finding includes severity, state, code location, and actionable remediation steps. Track findings through resolution and monitor your security posture over time. ### PR reviews Every pull request is automatically reviewed for security issues. When enabled, Corridor receives a webhook when a PR is opened or updated, analyzes the code changes for security vulnerabilities, and posts a review with specific findings and remediation guidance directly on GitHub. You can also configure Corridor to block PRs with critical issues from merging. ### MCP Compliance **MCP (Model Context Protocol)** is the standard that allows AI assistants to use external tools. Corridor lets teams control which MCP servers are allowed through compliance policies. MCP servers can access files, make network requests, and execute code. Without oversight: * Sensitive data could leak to unauthorized services * Unapproved tools could introduce security risks * Shadow AI usage becomes invisible to security teams ## Tier comparison | Feature | Pro | Team | Enterprise | | ----------------------- | --------- | ----------------- | ----------------- | | **Team members** | 1 | Up to 20 | Custom | | **Projects** | 5 | 20 | Unlimited | | **PR reviews** | 100/month | 100/dev/month | Unlimited | | **Guardrails** | Standard | Standard + Custom | Standard + Custom | | **MCP compliance** | ✓ | ✓ | ✓ | | **Team visibility** | - | ✓ | ✓ | | **Chats** | - | - | ✓ | | **SSO** | - | - | ✓ | | **Zero data retention** | - | - | ✓ | ## Next steps Set up Corridor for your team Learn about real-time security analysis