What is Canary? Open-Source PII Monitor for Claude Code

Canary is Sonomos’s open-source privacy monitor for Claude Code. It runs locally, scans every message and file operation for personally identifiable information (PII), and keeps a redacted, persistent count of what you’ve shared with the AI.

It’s the simplest possible version of the Sonomos thesis: you can’t manage what you can’t see. Most developers have no idea how much PII they’ve fed to Claude over months of coding sessions. Canary turns that invisible exposure into a number.

Open source and free

Canary is MIT-licensed and lives at github.com/sonomos-ai/Canary. There’s no subscription, no telemetry, and no account — just a plugin you install into Claude Code.

Why it matters

When you use an AI coding assistant, sensitive data leaks happen quietly:

• You paste a stack trace that includes a customer’s email.
• You ask Claude to refactor a script that has an AWS access key hard-coded.
• You hand Claude a SQL dump to “summarize the schema” and it sees every SSN in the sample data.
• You troubleshoot a webhook by pasting a payload with OAuth tokens, JWTs, or phone numbers.

None of these feel like a “privacy event” in the moment. But over a year of daily Claude Code use, they add up to thousands of disclosures — and you have no record of what was shared, with whom, or when. Canary fixes the visibility problem. It doesn’t block or rewrite your prompts; it counts and categorises what you sent, so you can make informed decisions about what to share next.

How Canary fits with the rest of Sonomos

Sonomos protects PII across the channels people actually use to talk to AI:

Product	Channel it protects	Status
Sonomos browser extension	Web AI chat (Claude.ai, Gemini, Grok, ChatGPT, others)	Prototype, available today
Canary	Claude Code (AI coding in your terminal)	Available today, open source
Sonomos Desktop	Native AI apps, IDE assistants, local LLMs, clipboard, screenshots, OS-wide	Coming soon

Canary is the first piece of the developer story. The browser extension covers web AI. Sonomos Desktop will eventually cover system-wide protection including IDE assistants. Canary covers the channel that’s growing fastest right now — agentic AI inside the terminal — and it ships today.

What Canary detects

Canary combines two complementary detection strategies. Together they cover the long tail of PII categories that show up in real coding workflows.

Regex detectors with checksum validation (16 patterns)

Fast, deterministic matchers with built-in validators so they produce very few false positives:

• Credit cards (Luhn)
• US Social Security Numbers (with SSA exclusion rules)
• IBANs (MOD-97)
• Bitcoin addresses (Base58Check)
• Ethereum addresses (EIP-55)
• AWS access keys and secret keys
• Phone numbers
• Email addresses
• IP addresses
• VINs (MOD-11)
• US bank routing numbers (ABA)
• Medicare beneficiary identifiers (MBIs)
• US driver’s license numbers
• URLs with embedded credentials (e.g. https://user:password@host/...)

Semantic detection via Claude itself (70+ categories)

Claude scans its own context for unstructured PII that pure pattern matching can’t catch:

• Names, dates of birth, physical addresses
• Passport and national ID numbers
• Medical records, health plan IDs, diagnoses
• Legal case numbers, contracts, patents
• Trade secrets and internal communications
• Employee and customer data
• Crypto seed phrases, private keys, OAuth tokens, JWTs, API secrets
• Financial records, tax IDs

This runs asynchronously, so it doesn’t slow your workflow down.

What Canary does not do

Be explicit about the scope so there are no surprises:

• Canary doesn’t block. Your prompts go to Claude as-is. Canary observes; it doesn’t intervene.
• Canary doesn’t redact in transit. It records redacted findings after detection — the values themselves still left your machine in the original prompt.
• Canary doesn’t share data. No network calls. No telemetry. No account. Everything stays in ~/.sonomos/.

If you want automatic masking of outgoing prompts in the browser, that’s the Sonomos browser extension. If you want masking in your IDE, native AI clients, and local LLMs, that’s Sonomos Desktop. Canary is the visibility-and-counting layer for Claude Code specifically.

Next steps

• Install Canary — two commands inside Claude Code.
• How Canary works — the detection pipeline, async scanning, and where data is stored.
• Commands & dashboard — /canary:leaked, /canary:scan, the HTML dashboard, and CLI tools.
• Privacy & security — what’s stored, how it’s redacted, and the threat model.