release: 0.15.30 — AI-agent guardrail self-protection + audit UTC fix

[maiconburn]

Cuts 0.15.30. Workspace version 0.15.29 → 0.15.30; [Unreleased] rolled into [0.15.30]; agents-install.md guide token + Cargo.lock bumped.

Contents (already merged to main)

• feat(agent-guard): deny commands that disable InnerWarden itself #1127 feat(agent-guard): the command inspector (check-command / MCP / proxy) now denies commands that disable InnerWarden itself — systemctl stop|mask innerwarden, pkill, innerwarden uninstall, rm/truncate of its files/eBPF, plus setenforce 0/auditd/AppArmor disable. Benign status reads + restart stay allowed.
• feat(ctl): innerwarden agent install-hook — enforce the guard in Claude Code #1129 feat(ctl): innerwarden agent install-hook — installs a fail-closed PreToolUse hook so an AI coding agent's shell commands are inspected before they run (the inspector was advisory-only; a raw-shell agent bypassed it).
• fix(core): stamp admin-action audit filename in UTC, not local time #1128 fix(core): admin-action audit filename stamped in UTC (was local time → split the audit trail + flaked tests at the timezone/midnight boundary).

Verified live

All three deployed to a kernel-7 test host and validated end-to-end: the command inspector now returns deny for self-disable (was allow/risk 0); the official hook blocks a maintenance-framed "stop the monitoring" request that previously took InnerWarden down; benign ops stay allowed.

Release mechanics

On merge + v0.15.30 tag, release.yml builds + signs both arches (x86_64 + aarch64) with the local-classifier parity guard.

make test green; fmt clean; agents-install version gate green (0.15.30).

🤖 Generated with Claude Code

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!