diff --git a/CLAUDE.md b/CLAUDE.md
index 7643f20..68abe8e 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -311,6 +311,14 @@ api.example.com → pool_6
 - **servers.json**: Auto-restored by MCP on startup
 - No manual save required - `haproxy_add_server` auto-saves
 
+### Safety Features
+- **Atomic file writes**: Temp file + rename prevents corruption
+- **File locking**: Prevents race conditions on concurrent operations
+- **Disk-first pattern**: Config saved before HAProxy update, rollback on failure
+- **Command validation**: HAProxy responses checked for errors
+- **Input validation**: Domain format, IP (v4/v6), port range, slot limits
+- **Bulk limits**: Max 10 servers per bulk add, 10KB JSON size limit
+
 ## HAProxy Runtime API
 
 ```bash
@@ -338,7 +346,7 @@ echo "set server pool_1/pool_1_1 state ready" | nc localhost 9999
 ```
 /opt/haproxy/
 ├── mcp/                 # MCP server (streamable-http)
-│   └── server.py        # Main MCP server (~1750 lines, 22 tools)
+│   └── server.py        # Main MCP server (~1700 lines, 22 tools)
 ├── conf/
 │   ├── haproxy.cfg      # Main HAProxy config (100 pool backends)
 │   ├── domains.map      # Domain → Pool mapping