Add EmailGuard and DomainGuard safety nets for autonomous claw operations

[Copilot]

Autonomous "claw" processes risk permanently deleting emails and making outbound calls to malicious domains. This introduces two composable safety guards that intercept those operations before they cause damage.

EmailGuard

Proxy-wraps any imaplib.IMAP4-compatible connection and blocks deletion paths:

• store("+FLAGS", "\\Deleted") / +FLAGS.SILENT
• expunge() and uid("EXPUNGE")
• uid("STORE", …, "+FLAGS", "\\Deleted")
• delete() / delete_messages() (higher-level library wrappers)

All other operations pass through unchanged. strict=False logs a warning instead of raising.

DomainGuard

Checks URLs and hostnames against a configurable blocklist before any outbound call is made. Blocks at the parent-domain level (subdomain matching), with an allow_list that overrides at any ancestor level.

• Built-in seed list: EICAR, common C2/DynDNS domains
• extra_blocklist / allow_list — constructor or runtime via add_domains() / remove_domains()
• wrap_requests_session(session) — proxies all HTTP verbs on a requests.Session
• wrap_urlopen() — wraps urllib.request.urlopen

import imaplib, requests
from fireclaw import EmailGuard, DomainGuard

# Email: block any deletion attempt
imap = EmailGuard(imaplib.IMAP4_SSL("imap.example.com"))
imap.store("1:*", "+FLAGS", "\\Deleted")  # raises EmailDeletionBlocked

# Network: block known-bad domains
guard = DomainGuard(extra_blocklist=["c2.attacker.io"])
session = guard.wrap_requests_session(requests.Session())
session.get("https://c2.attacker.io/cmd")  # raises MalwareDomainBlocked

Original prompt

Stop your claw from deleting emails, and calling malware domains. The safety net so you can sleep while your claw runs

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.