Free & Open Source · Claude Code Plugin

You have no idea how much PII you've fed to Claude.

Canary is a silent Claude Code plugin that tracks every piece of sensitive data exposed in your coding sessions — SSNs, API keys, medical records, credentials, and 70+ other categories. The counter only goes up.

Think of it as a mirror. Canary doesn't prevent exposure — it shows you exactly what's already happened, so you understand why Sonomos Desktop exists.

View on GitHubGet Sonomos Desktop (coming soon)

Install in two commands

No API keys. No configuration. No external services. Just paste these into any Claude Code session.

Step 1 — Add from the plugin marketplace

/plugin marketplace add sonomos-ai/Canary-Plugin

Step 2 — Install the plugin

/plugin install canary@sonomos

That's it. Canary starts running as a background hook on every future session. Run /canary:leaked to open your dashboard.

How Canary works

Canary runs as an asynchronous stop hook inside Claude Code — it never touches your actual workflow.

01

Hook fires after every message

After each Claude Code response, Canary's stop hook runs silently in the background — no interruption to your session.

02

Two detection layers run in parallel

16 regex patterns (with real checksum validation, not just shape-matching) catch structured PII. Claude then scans for 70+ semantic categories — names, medical records, tokens, and more.

03

Findings are stored locally with redaction

Only the first and last two characters of each detected value are saved, with the middle replaced by ••. Everything goes to ~/.sonomos/leaks.jsonl with owner-only permissions.

04

Counter persists across sessions

Your exposure count survives restarts. Every session adds to the total — a running record of what's already left your machine.

What Canary tracks

Regex detectors (16)

  • Credit cards (Luhn validated)
  • Social Security Numbers
  • AWS access keys
  • Phone numbers & emails
  • Bitcoin & Ethereum addresses
  • Bank routing numbers
  • VINs & driver's licenses
  • URLs with embedded credentials

Semantic detectors (70+)

  • Full names & dates of birth
  • Physical addresses
  • Medical records & diagnoses
  • OAuth tokens & JWTs
  • Crypto seed phrases
  • Financial records & tax IDs
  • Passport & government IDs
  • And 60+ more categories

See what you've already exposed

A persistent counter tracks every PII hit across all sessions. The number only goes up — because the exposure already happened.

Runs silently in the background

Canary hooks into every Claude Code message as an asynchronous stop hook. It never blocks your workflow or slows you down.

Fully local, zero telemetry

No network requests. No external services. Findings are stored only in ~/.sonomos/leaks.jsonl with owner-only file permissions.

Interactive dashboard

Run /canary:leaked to open an HTML visualization of everything Canary has detected across your sessions.

Export your exposure data

Export findings as CSV or JSON for audits, compliance reviews, or your own analysis.

Smart redaction, not raw storage

Canary stores only the first and last two characters of each detected value, with the middle replaced by ••. Your actual data never persists.

NEXT STEP

Coming Soon

Stop counting. Start preventing.

Canary shows you the damage. Sonomos Desktop stops it from happening — across every AI tool on your machine, not just Claude Code. System-wide, 100% local, zero data leaving your device.

Learn about Sonomos Desktop