1/9 The most interesting thing about the Claude Code leak for devtool companies: Anthropic hardcoded 120+ vendor names across 7 different systems in the source. Anthropic explicitly included your tool name in the code (or they didn’t 🤷🏻‍♂️) Thread 👇

2/9 (MCP UI Allowlist) 37 MCP servers get first-class UI treatment. Their search + read operations collapse into clean one-liners. Everyone else dumps raw JSON. @github leads with 56 classified tools. Others include @Grafana (38), @datadoghq (30), @asana (29), @pagerduty (28), @sentry (18), @supabase (15), @todoist (16), @playwrightweb (13), @exaailabs (9), @firecrawl, @tavilyai (5). Every name is explicitly listed in a Set inside classifyForCollapse.ts.

3/9 (Hosted Proxy) 6 vendors don’t just get UI polish. They run on Anthropic’s own infrastructure via mcp-proxy.anthropic.com: @slackhq, Gmail, Google Calendar, Google Drive, BigQuery, @pubmed. Users click “Connect” in claude.ai settings. Everyone else follows the 8-step README.

4/9 (WebFetch Preapproval) 89 documentation domains are preapproved for automatic fetching. Claude Code can read them without the user pasting a URL. @reactjs, @nextjs, @djangoproject, @fastapi, @awscloud, @docker, @Docker, @vercel, @netlify, @pytorch, etc. If your docs aren’t on the list (like @vite_js, @langchain, @rails), the agent only sees them when a developer manually shares a link.

5/9 (Environment Detection) 29 deployment platforms are detected by name in telemetry: @vercel, @railway, @render, @netlify, @flydotio, @cloudflare Pages, @awscloud, @googlecloud, plus @github Actions, @GitLab CI, @circleci, @buildkite. If you’re not detected, your sessions just show up as “unknown-linux” in Anthropic’s analytics.

6/9 (Secret Scanner) 36 credential patterns across 23 vendor families are blocked from entering team memory. @gitlab, @slackhq, @stripe, @shopify, @openai, @railway, @render, @buildkite GitHub alone has 5 specific rules (PAT, fine-grained PAT, app token, OAuth, refresh token). A safety feature, but missing coverage means no vendor-specific protection.

7/9 (API Gateways) 7 third-party AI gateways are fingerprinted in analytics: @litellm, @helicone_ai, @portkeyai, @Cloudflare AI Gateway, @kong, @braintrust, @databricks, but no sigin of @langfuse, @OpenRouter, @LangChain's Langsmith. Detected via headers or hostnames. Purely observational… but it means Anthropic *could* see how much Claude Code traffic flows through your proxy.

8/9 (Plugin Tips) @vercel is the only third-party vendor with a proactive plugin install tip. When Claude Code detects vercel.json or the Vercel CLI, it suggests: /plugin install vercel@claude-plugins-official No MCP collapsing, but a different distribution channel: your tool is recommended before the developer even starts.