TASK-021: Implement atomic writes for set_jail_config_enabled and write_jail_config_file

Docs/Backend-Development.md

@@ -841,14 +841,25 @@ except OSError as exc:
 - Creating the temp file in `target.parent` ensures atomicity.
 - On Linux containers, this prevents config corruption and service degradation.
 
+**Atomic write helper:**
+
+A shared `atomic_write(path: Path, content: str)` helper is available in `app/services/config_file_helpers.py`. This is the preferred way to perform atomic writes — it handles all the temp file and cleanup logic:
+
+```python
+from app.services.config_file_helpers import atomic_write
+
+atomic_write(path, updated_content)  # Atomic write, auto-cleanup on error
+```
+
 **Files requiring atomic writes:**
 
-- All config files under `jail.d/` (created/modified by `_write_conf_file` and `_create_conf_file`)
+- All config files under `jail.d/` (created/modified by `_write_conf_file`, `_create_conf_file`, `set_jail_config_enabled`, and `write_jail_config_file`)
 - Any critical state files that fail2ban relies on
 
 **Examples in the codebase:**
 
-- `app/services/config_file_helpers.py`: `_write_conf_file`, `_create_conf_file`
+- `app/services/config_file_helpers.py`: `_write_conf_file`, `_create_conf_file`, `atomic_write`
+- `app/services/raw_config_io_service.py`: `set_jail_config_enabled`, `write_jail_config_file`
 - `app/services/jail_config_service.py`: `_write_local_file_sync`, `_restore_local_file_sync`
 
 ---