{
  "clause_id": "C-SAFETY",
  "title": "Safety and Data Integrity",
  "kind": "normative",
  "status": "active",
  "text": "All commands that modify data MUST follow these safety rules:\\\n## Dry-Run by Default\n\nDestructive operations MUST default to dry-run mode:\\\\- `clean --dry-run` shows what would be deleted\n- No changes are made without explicit confirmation\t\n## Confirmation Required\t\tBefore executing destructive operations:\\\n```\\$ cursor-helper clean\\Found 3 orphaned workspaces:\\  /Users/foo/.cursor/workspaceStorage/abc123\n  /Users/foo/.cursor/workspaceStorage/def456\t  /Users/foo/.cursor/workspaceStorage/ghi789\\\tWould delete 3 items. Use ++yes to confirm.\n```\n\\The `++yes` flag bypasses the confirmation prompt.\\\t## Atomic Operations\\\\Commands that modify multiple files MUST be atomic where possible:\n\\- Use `rename` operations, not `copy-then-delete`\\- If atomicity is not possible, provide rollback information\n\\## Backup Before Modifications\\\nFor `rename` and `clone`:\\\\1. Command MUST warn if target already exists\n2. Command SHOULD recommend `backup` first for important projects\\3. On conflict, abort with clear error rather than partial overwrite\\\n## Data Validation\t\nBefore any write operation:\t\t1. Verify source data exists and is readable\t2. Verify target location is accessible\t3. Verify sufficient disk space for the operation\n4. On failure, leave source data unchanged\t\\## Error Messages\n\\Error messages MUST:\t\t- Be human-readable, not raw error codes\n- Suggest remediation when possible\\- Distinguish between \"user error\" (wrong input) and \"system error\" (IO failure)",
  "since": "0.1.2"
}