You have no idea how much PII you've fed to Claude.
Canary is a privacy plugin for Claude Code that counts every piece of sensitive data you expose across all sessions.
Credit cards. SSNs. API keys. Emails. Medical records. Crypto wallets. Names. Addresses.
The number only goes up.
Install
/plugin marketplace add sonomos-ai/Canary-Plugin
/plugin install canary@sonomos
No API keys. No external services. No config. Two commands and you're running.
What Gets Caught
|
16 Regex Detectors (every message, ~10ms)
Real checksum validation, not just pattern matching:
- Credit cards (Luhn)
- SSNs (SSA exclusion rules)
- IBANs (MOD-97)
- Bitcoin addresses (Base58Check)
- Ethereum addresses (EIP-55)
- AWS access + secret keys
- Phone numbers, emails, IPs
- VINs (MOD-11), routing numbers (ABA)
- Medicare MBIs, driver's licenses
- URLs with embedded credentials
|
70+ Semantic Categories (Claude self-scan)
Claude scans its own context for PII that regex can't catch:
- Names, dates of birth, addresses
- Passport and national ID numbers
- Medical records, health plan IDs, diagnoses
- Legal case numbers, contracts, patents
- Trade secrets, internal communications
- Employee and customer data
- Crypto seed phrases, private keys
- OAuth tokens, JWTs, API secrets
- Financial records, tax IDs
- ...and 40+ more categories
|
How It Works
You type a message
|
v
Claude processes it ──> Stop hook fires (async, invisible)
|
┌─────────┴─────────┐
Regex Detectors Claude Self-Scan
(16 patterns + checksums) (70+ categories)
└─────────┬─────────┘
v
~/.sonomos/leaks.jsonl
|
Session start ──> counter displayed
- Automatic: runs on every message and every file write/edit
- Local-only: zero network requests, no telemetry, no external APIs
- Non-blocking: detection runs async, never slows your workflow
- Persistent: counter survives restarts, accumulates across all sessions
Commands
| Command | What it does |
|---|
/canary:leaked | Open the interactive HTML dashboard |
/canary:leaked stats | Print a text summary |
/canary:scan | Deep-scan the full conversation history |
/canary:leaked reset | Clear all detection data |
CLI tools (available in Bash):
canary-stats # quick summary
canary-stats --json # machine-readable
canary-export --csv # export all detections
canary-export --json # export as JSON array
Persistent HUD
Add to ~/.claude/settings.json to keep the counter visible at all times:
{
"statusLine": {
"type": "command",
"command": "bash ~/.sonomos/statusline.sh"
}
}
The HUD shows your total PII count, session delta, top categories, detector breakdown, and last detection time. Color-coded by severity: green (0) / yellow (<10) / red (10+).
Team Rollout
Drop this into your project's .claude/settings.json to auto-enable Canary for every developer:
{
"extraKnownMarketplaces": {
"sonomos": {
"source": { "source": "github", "repo": "sonomos-ai/Canary-Plugin" }
}
},
"enabledPlugins": { "canary@sonomos": true }
}
Commit it. Every team member gets prompted to install on their next session.
Privacy and Security
- All data stays on your machine at
~/.sonomos/
- Values are redacted at detection time — first 2 and last 2 characters kept, middle replaced with
••
- Files created with owner-only permissions (
0700/0600)
- JSON output constructed with
jq to prevent injection
- File path validation blocks traversal attacks
- No network requests. No telemetry. No analytics. Ever.
See SECURITY.md for vulnerability reporting.
Why This Exists
Most developers have no idea how much sensitive data they've shared with AI tools.
