> ## Documentation Index
> Fetch the complete documentation index at: https://docs.corridor.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring Guardrails

> Enable and configure security guardrails for your team.

After you've added projects, you may want to fine-tune which guardrails are in effect or add new ones. Configuring guardrails ensures Corridor is focusing on relevant issues and enforcing any specific policies your organization needs.

Guardrails can be configured at two levels:

* **Project level** (all plans): Configure guardrails for a specific project by selecting the specific project and then clicking **Guardrails**.
* **Team level** (Enterprise only): Configure guardrails across all projects from the **Team Guardrails** page. Team-level guardrails provide greater control and consistency across projects.

Both levels expose the same settings, but team-level guardrails allow enterprises to enforce policies uniformly without configuring each project individually.

## Default guardrails

By default, Corridor applies the **Corridor Default Security Pack**: a comprehensive pack of essential security guardrails covering common vulnerability classes including injection attacks, authentication issues, and access control flaws.

## Guardrail packs

Corridor provides a menu of pre-loaded security packs tailored to specific languages, app types, and standards. Teams can also create custom packs on the **Team Guardrails** page comprised of guardrails unique to their needs.

## Custom guardrails

<Note>
  Custom guardrails are available on **Team** and **Enterprise** plans.
</Note>

To create a custom guardrail, go to your project → **Guardrails** → **Add Guardrail**. You'll have three options:

* **Auto-Generate Guardrail**: Describe the vulnerability or vulnerability type, and Corridor will automatically create a guardrail for it.
* **Create Manually**: Write your own guardrail from scratch. It's best practice to clearly articulate in plain language the security requirements for the guardrail, including any relevant internal libraries or standards to adhere to. Think of these as the security standards you would share with your engineering team.
* **Import from Document**: Upload a document, and Corridor will automatically generate guardrails based on its contents.

## Adding custom context

<Note>
  Custom context is available on **Team** and **Enterprise** plans.
</Note>

You can add context documents or notes to enhance security reviews:

1. Look for an **Add Context** option in the guardrails settings
2. Paste text (like a policy excerpt) or upload a file
3. Select whether the context applies to **PR Reviews** and/or **MCP Plan** (to guide agentic code generation)

Context expands Corridor's knowledge to include your security expertise, making AI reviews more relevant and reducing false positives.

## Verify guardrails are working

After adjusting guardrails, it's a good idea to test them:

1. Open a project in your IDE with the Corridor extension installed
2. Try writing code that violates a guardrail (e.g., if you added "no eval allowed", use `eval` in a code generation prompt)
3. Corridor should catch and flag it
4. You can also trigger a test pull request that violates a guardrail to ensure Corridor comments appropriately

## Tuning guardrails

Guardrail configuration is key to reducing false positives and false negatives:

* If Corridor is flagging too many things that aren't issues, consider loosening or turning off certain guardrails (or improving context)
* If Corridor misses something important, consider adding a new guardrail or tightening an existing one

## Next steps

<CardGroup cols={2}>
  <Card title="Guardrails" icon="shield-check" href="/features/guardrails">
    Deep dive into how guardrails work
  </Card>

  <Card title="IDE Setup" icon="code" href="/ide-setup/vscode-cursor">
    Install the IDE extension
  </Card>
</CardGroup>