Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.corridor.dev/llms.txt

Use this file to discover all available pages before exploring further.

Corridor has two integrations for Cursor. They serve different workflows and can be used independently or side-by-side.
  • Cursor Plugin — a Cursor Marketplace Agent that uses the /corridor skill to review code in the background as Cursor Agents work. Use this if you want a frictionless, Cursor-native experience with the least setup.
  • Corridor extension — a VS Code-style extension that registers Corridor as an MCP server and runs deterministic hooks. Use this if you want MCP-based tool access, MCP compliance enforcement, or stop hooks that can block code with critical findings.

Prerequisites

  • Cursor installed
  • A Corridor account with a team created

Option 1: Corridor Cursor Plugin

The Corridor Cursor Plugin layers real-time security reviews directly into Cursor. As Cursor plans and generates code, Corridor reviews the plan and proactively guides the coding agent to prevent vulnerabilities before code is written.

Installation

1

Open the Marketplace in Cursor

Inside Cursor, open the Agents tab and navigate to the Marketplace.
2

Install the Corridor plugin

Find Corridor in the Marketplace and click Get.
3

Create a Local Agent

Click New Agent and make sure the agent is configured as Local. Once configured, Corridor begins operating alongside your Cursor workflows automatically.

Using the Corridor skill

Start using Corridor by invoking the skill with /corridor in any Cursor chat. The skill reviews your code for vulnerabilities and enforces security best practices in your coding agent.
The /corridor skill is a lightweight subset of Corridor’s full capabilities. To unlock team-level guardrails, finding history, and the full Corridor knowledge base, authenticate with the Corridor API as described below.

Authenticate with the Corridor API (optional)

1

Create a Corridor API key

Generate an API key from Profile > API Tokens in the Corridor dashboard. See the API reference for details on token scope.
2

Add the API key to your shell profile

Add the following line to your ~/.zshrc (or ~/.bashrc):
export CORRIDOR_API_KEY=your_api_key_here
3

Restart Cursor

Restart Cursor so the new environment variable is picked up by the Local Agent.
Treat your CORRIDOR_API_KEY like any other secret. Don’t commit it to source control, and don’t paste it into shared chat threads or AI prompts.

Option 2: Corridor extension

The Corridor extension installs through Cursor’s Extensions panel and provides MCP server registration plus deterministic hooks (file edits, stops, MCP compliance enforcement).

Installation

1

Open the Extensions panel

In Cursor, open the Extensions panel by pressing Cmd+Shift+X (macOS) or Ctrl+Shift+X (Windows/Linux).
2

Search for Corridor

Type “Corridor” in the search box.
3

Install the extension

Click Install on the Corridor extension.
4

Reload Cursor

Reload Cursor when prompted, or restart it manually.
After installation, you’ll see the Corridor icon in your sidebar.

Authentication

1

Open the Corridor panel

Click the Corridor icon in the activity bar.
2

Sign in

Click Sign in to Corridor and complete the browser authentication flow.
3

Verify connection

After authentication, your team name appears in the Corridor panel. Cursor will now consult Corridor’s guardrails as you generate code, and a Cursor rule is written to .cursor/rules/corridor-mcp-server-usage.mdc to direct your AI assistant to Corridor’s MCP tools.

Hooks

Hooks are deterministic scripts that run at specific points in the code generation process, enabling real-time security reviews and policy enforcement without interrupting your development flow. Hooks are automatically enabled in the latest version of the Corridor extension.

MCP compliance

Corridor tracks which MCP servers are active in your workspace and enforces your team’s policies. Unlike MCP relays, this approach integrates directly without adding latency or complexity. To configure MCP compliance settings, navigate to the Compliance tab in the Corridor dashboard and choose Allowlist Mode (allow only specific MCP servers) or Blocklist Mode (block specific MCP servers).

Stop hooks (experimental)

When an AI agent generates code, Corridor can automatically evaluate the diff at the moment of creation, identify potential security issues, and guide the agent to remediate problems iteratively — all in the background without disrupting your flow. By default, hooks run in monitoring mode and won’t block code generation. To enable blocking behavior:
  1. Open the Command Palette with Cmd+Shift+P (macOS) or Ctrl+Shift+P (Windows/Linux)
  2. Search for Corridor: Enable Stop Hooks and select it
  3. Hooks will now prevent code with critical security issues from being applied

Troubleshooting

If hooks are not running:
  • Verify you’re using the latest version of the Corridor extension
  • Check that the extension is properly authenticated
  • Ensure that you’ve enabled hooks in the extension
If Corridor’s MCP tools are not appearing in Cursor:
  • Reload Cursor (Cmd+Shift+PDeveloper: Reload Window)
  • Open the Corridor panel and confirm you’re signed in — the MCP server is only registered after successful authentication
  • Confirm Cursor’s MCP support is enabled in Cursor Settings → MCP

Next steps

VS Code

Install the Corridor extension in VS Code with MCP and hooks support.

Guardrails

Learn how Corridor’s guardrails review and harden AI-generated code.