Skip to content
Sonomos Docs

Canary commands & dashboard

Canary exposes its data in three places: slash commands inside Claude Code, an interactive HTML dashboard, and a small set of CLI tools you can run from any shell. This page covers all of them.

Slash commands

These run inside a Claude Code session.

/canary:leaked

Opens the interactive HTML dashboard in your default browser. The dashboard shows:

  • Total detections, with a colour-coded severity breakdown.
  • Per-category counts (credit cards, AWS keys, names, medical records, …).
  • A timeline of detection events.
  • A redacted value column so you can spot repeated leaks of the same identifier.

If your environment doesn’t have a browser available, Canary falls back to the text stats view.

/canary:leaked stats

Prints a text summary to the Claude Code transcript without opening the browser. Useful inside a remote SSH session, CI environment, or any TTY-only setup.

/canary:scan

Runs a deep scan of the current conversation history. This is the command to use when you’ve just installed Canary on top of an active project and want to know what’s already been shared. The deep scan is more thorough than the inline async scan and can pick up patterns that earlier turns missed.

/canary:leaked reset

Clears local detection data — it wipes ~/.sonomos/leaks.jsonl and the cumulative status-line counter starts fresh. You’d typically only use this after a smoke test or when handing a machine to someone else.

The HTML dashboard

The interactive dashboard is the easiest way to spot patterns over time. A few things worth knowing:

  • Severity colouring matches the status-line colouring: green / yellow / red.
  • Categories are grouped to make scanning easy: identifiers, credentials, healthcare, legal, financial, contact, crypto.
  • Redacted values are clickable — clicking copies the redacted form, never the original (which Canary doesn’t store).
  • No network requests — the dashboard is rendered from local data; it doesn’t load fonts, analytics, or any third-party resources.

CLI tools

Canary also installs a small set of standalone CLI tools for scripting and integration. They read the same local data the slash commands do.

canary-stats

Prints a plain-text summary, equivalent to /canary:leaked stats.

Terminal window
canary-stats

canary-stats --json

Prints the same data as machine-readable JSON. Pipe it into jq, log shippers, or your own reporting:

Terminal window
canary-stats --json | jq '.totals_by_category'

CSV export

For loading findings into a spreadsheet or BI tool, the same CLI can emit CSV. Combine with the standard Unix toolbox however you’d like.

Terminal window
canary-stats --csv > canary-leaks.csv

The statusline counter

If you wired up the optional statusline, it shows:

  • Total detection count since you started using Canary (or since the last reset).
  • A colour indicating the highest-severity category currently represented in your history (green / yellow / red).

The counter is monotonic in normal use — it only goes up. That’s deliberate; the whole point is to give you an honest cumulative picture.

Suggested workflows

Right after install:

  1. Install Canary.
  2. Run /canary:scan to seed it with what’s already in the current conversation.
  3. Open /canary:leaked to see the picture.

Weekly:

  1. Glance at the statusline counter — surprised by the number?
  2. Run /canary:leaked to find the top categories.
  3. Use that signal to decide whether to change your habits, switch to placeholders, or invest in a masking layer like the Sonomos browser extension or Sonomos Desktop.

Before sharing a machine:

  1. Run /canary:leaked stats and screenshot if you want a record.
  2. Run /canary:leaked reset to clear local history.
  3. Optionally rm -rf ~/.sonomos/ to remove the directory entirely.

Next steps