feat: strengthen wipe safety checks and confirmation flow

Add mounted/in-use device detection, show detailed device info before confirmation, and require an exact wipe phrase to proceed. Also move status output to stderr and refresh the usage warnings for clearer destructive-action guidance.

.continue/rules/project.md

@@ -9,6 +9,8 @@ description: mtm-ddwipe project conventions
 - Strengthen destructive-action safety checks in `mtm-ddwipe`.
 - Keep `mtm-ddwipe` interactive by default.
 - Require explicit confirmation before destructive actions.
+- Show clear device details before confirmation.
+- Check that target devices are not mounted or in use before wiping.
 - Keep user-facing messages short and clear.
 - Keep error and help messages short and clear.
 - Prefer minimal, focused changes that preserve intent.
@@ -18,12 +20,13 @@ description: mtm-ddwipe project conventions
 - `mtm-ddwipe` must print a usage line and support `-h`/`--help`.
 - Validate that wipe targets are real block devices before operating on them.
 - Keep short, explicit confirmation prompts before destructive operations.
-- Prefer confirmation prompts that require typing the target device path.
+- Prefer confirmation prompts that require typing the target device path or an exact safety phrase.
-- Keep help text concise and usage-first.
+- Keep help text concise, usage-first, and warning-focused.
 - Keep destructive safeguards strict and explicit.
 - If adding non-interactive support, make it an opt-in safety flag.
 - Keep device identification prompts clear and specific.
 - Preserve the fallback wipe flow: secure discard, zero discard, then zero-fill with `dd`.
+- Keep timing and status output short and readable.
 
 # Project identity
 - Main script: `mtm-ddwipe`

mtm-ddwipe

@@ -2,21 +2,28 @@
 set -euo pipefail
 IFS=$'\n\t'
 
-VERSION="0.0.3"
+VERSION="0.0.4"
 STARTDATE=0
 STARTDATESTRING=""
-DEVICE_PATH=""
 
 usage() {
 	cat <<EOF
 Usage: mtm-ddwipe-2 DEVICE
+
 Wipe a block device.
+
+Warnings:
+  - This is destructive and irreversible.
+  - The target device must not be mounted or in use.
+  - blkdiscard support depends on the device and firmware.
+  - dd fallback may take a long time.
+
 Version: ${VERSION}
 EOF
 }
 
 log() {
-	echo "$*"
+	echo "$*" >&2
 }
 
 die() {
@@ -48,14 +55,26 @@ check_device() {
 	[ -b "$dev" ] || die "Not a block device: $dev"
 }
 
+check_device_not_in_use() {
+	local dev="$1"
+
+	if lsblk -nrpo NAME,MOUNTPOINT "$dev" | awk '$2 != "" { found=1 } END { exit !found }'; then
+		die "Device or one of its children is mounted: $dev"
+	fi
+}
+
 confirm_wipe() {
 	local dev="$1"
 	local choice=""
 
-	lsblk "$dev"
+	echo "Selected device:"
+	lsblk -o NAME,SIZE,TYPE,FSTYPE,MOUNTPOINT,MODEL,SERIAL "$dev"
 	echo ""
-	read -r -p "Type the device path to confirm wipe: " choice
+	echo "This will destroy data on: $dev"
-	[ "$choice" = "$dev" ] || die "Canceled"
+	echo "Type exactly: WIPE $dev"
+	echo ""
+	read -r -p "Confirmation: " choice
+	[ "$choice" = "WIPE $dev" ] || die "Canceled"
 	echo ""
 }
 
@@ -65,22 +84,34 @@ confirm_root() {
 	fi
 }
 
+format_duration() {
+	local total="$1"
+	local hours minutes seconds
+
+	hours=$((total / 3600))
+	minutes=$(((total % 3600) / 60))
+	seconds=$((total % 60))
+
+	printf '%02d:%02d:%02d\n' "$hours" "$minutes" "$seconds"
+}
+
 print_time() {
 	local enddate calctime
 
 	echo ""
-	echo "Start date :"
+	log "Start date :"
-	echo "$STARTDATESTRING"
+	log "$STARTDATESTRING"
 
 	enddate=$(date +%s)
-	echo ""
-	echo "End date :"
-	date
-
 	calctime=$((enddate - STARTDATE))
+
 	echo ""
-	echo "Total time :"
+	log "End date :"
-	date -d@"${calctime}" -u +%H:%M:%S
+	date >&2
+
+	echo ""
+	log "Total time :"
+	format_duration "$calctime" >&2
 }
 
 wipe_with_blkdiscard_secure() {
@@ -111,7 +142,6 @@ wipe_dev() {
 
 	STARTDATE=$(date +%s)
 	STARTDATESTRING="$(date)"
-	DEVICE_PATH="$dev"
 
 	log "Begin wiping device $dev"
 	echo ""
@@ -146,6 +176,7 @@ main() {
 	check_args "$@"
 	confirm_root
 	check_device "$1"
+	check_device_not_in_use "$1"
 	confirm_wipe "$1"
 	wipe_dev "$1"
 	print_time