name: filesystem-destructive-standing
version: 0.1.0
doctrinal_basis: >-
  Collateral damage estimation and proportionality adapted to filesystem operations.
description: Standing controls for destructive and high-blast-radius file changes.
rules:
  - id: deny-recursive-delete
    applies_to:
      action_class:
        - fs.delete.recursive
        - fs.format.volume
    decision: deny
    reasoning: Recursive destructive filesystem actions are denied by standing policy.

  - id: escalate-large-write-set
    applies_to:
      action_class:
        - fs.write.batch
        - fs.move.batch
    conditions:
      - type: blast_radius_max
        parameter: file_count
        threshold: 25
    decision: escalate
    escalation:
      requires: human_approval
      via: local-operator
    reasoning: >-
      Proposed write set touches ${file_count} files, exceeding the standing threshold.