For anyone using GitKraken and Claude code - GitKraken has (or probably will in an update), modified
claude copilot
| Source: Mastodon | Original article
GitKraken’s desktop client has quietly altered the configuration file used by Anthropic’s Claude Code, inserting a series of command‑line hooks that forward every prompt entered into Claude through the GitKraken CLI. The change, discovered in the %appdata%/.claude/settings.json file, appears to route user input to an unspecified endpoint before the response is returned, effectively inserting an invisible middleman into the AI‑assisted coding workflow.
The modification matters because Claude Code is marketed as a secure, on‑premise assistant for generating and refactoring code. By piping requests through GitKraken’s own tooling, the company could be logging, caching, or even transmitting proprietary snippets to servers outside the user’s control. For developers in regulated industries—or any team that treats source code as confidential—this raises immediate compliance and data‑privacy concerns, especially under GDPR and Nordic data‑protection statutes. It also blurs the line between a convenience feature and a potential data‑exfiltration vector, echoing recent scrutiny of AI integrations in development environments.
GitKraken has not yet issued a public statement, but the change is likely tied to its broader AI rollout that bundles Claude, Copilot, Cursor and other assistants into a single “AI surface” within the UI. Users can expect a rapid response: a patch to revert the hooks, clarification of where the data is sent, and possibly new opt‑out settings. Anthropic may also weigh in to reassure customers that Claude’s privacy guarantees remain intact when accessed via third‑party tools.
What to watch next includes GitKraken’s official communication, any updates to the Claude‑Code plugin, and whether other IDEs or Git GUIs adopt similar hidden routing. Regulators in the EU and Scandinavia could also probe the practice if it is deemed a breach of user consent, making the next few weeks critical for both developers and the vendors involved.
Sources
Back to AIPULSEN