Release v0.17.3

Author: jumpbetweenrows

CHANGELOG.md

@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.17.3] - 2026-04-26
+
+### Changed
+
+- **[Both] Drop `client_ip` from audit log** — the recorded value was the Fly edge proxy address, not the real client, so it was misleading. The field is removed from the admin API response (`AuditLogResponse`) and the React audit page; the proxy stops writing it (always `None`) on both the deny path and the query-completed path.
+  - DB column kept for backward compatibility but no longer populated
+  - Public docs (`guides/audit-debugging.md`) updated
+
 ## [0.17.2] - 2026-04-24
 
 ### Changed

Cargo.lock

@@ -1,7 +1,7 @@
 {
   "name": "admin-ui",
   "private": true,
-  "version": "0.17.2",
+  "version": "0.17.3",
   "type": "module",
   "scripts": {
     "dev": "vite",

admin-ui/package.json

@@ -14,4 +14,4 @@ export const OG_IMAGE_URL = `${WWW_URL}/og-image.png`
 // Current released proxy version. Bumped by /release alongside Cargo.toml
 // and admin-ui/package.json. Substituted into markdown via the {{VERSION}}
 // token — see the markdown.config hook in .vitepress/config.ts.
-export const VERSION = '0.17.2'
+export const VERSION = '0.17.3'

docs-site/docs/.vitepress/constants.ts

@@ -43,7 +43,6 @@ A row is written for every query that reaches the proxy, including denied querie
 | `rewritten_query` | string (nullable) | The SQL actually executed against the upstream database, with all row filters and column masks applied. This is the key debugging field — compare it with `original_query` to see what BetweenRows changed. NULL if the query was denied before rewriting. |
 | `policies_applied` | JSON string | Array of `{policy_id, version, name}` objects — a snapshot of which policies fired for this query, including decision function results. Use this to answer "which policies affected this query?" |
 | `execution_time_ms` | integer (nullable) | Wall-clock time for the upstream query execution, in milliseconds. NULL for denied queries. |
-| `client_ip` | string (nullable) | Client IP address from the pgwire connection |
 | `client_info` | string (nullable) | Application name from pgwire startup parameters (e.g. `psql`, `DBeaver`, your app's connection string) |
 | `status` | string | One of: `success` (query completed), `error` (query failed), `denied` (query blocked by policy or read-only enforcement) |
 | `error_message` | string (nullable) | Error details when `status` is `error` or `denied`. For denied queries, does **not** reveal which policy caused the denial (404-not-403 principle). |

docs-site/docs/guides/audit-debugging.md

@@ -1,6 +1,6 @@
 [package]
 name = "migration"
-version = "0.17.2"
+version = "0.17.3"
 edition = "2024"
 
 [dependencies]

migration/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "proxy"
-version = "0.17.2"
+version = "0.17.3"
 edition = "2024"
 
 [dependencies]