diff --git a/.gitignore b/.gitignore
index 7d9ee43..ca1888b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 # Downloaded dependency tarballs
 charts/*.tgz
+.playwright-mcp/
+.claude/settings.local.json
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index 8127448..b09d2e3 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -31,14 +31,14 @@ Complete reference for all `values.yaml` parameters in the Citadel Helm chart.
 | Parameter | Description | Default | Env Var |
 |-----------|-------------|---------|---------|
 | `citadel.guardrails.enabled` | Enable the guardrails system | `true` | `GUARDRAILS_ENABLED` |
-| `citadel.guardrails.openaiModeration` | Enable OpenAI moderation API guardrail | `false` | `GUARDRAIL_OPENAI_MODERATION` |
+| `citadel.guardrails.openaiModeration` | Enable OpenAI moderation API guardrail | `true` | `GUARDRAIL_OPENAI_MODERATION` |
 | `citadel.guardrails.piiFilter` | Enable PII detection and filtering | `false` | `GUARDRAIL_PII_FILTER` |
 
 ### Passthrough
 
 | Parameter | Description | Default | Env Var |
 |-----------|-------------|---------|---------|
-| `citadel.passthrough.enabled` | Enable passthrough mode for client-provided auth | `false` | `PASSTHROUGH_ENABLED` |
+| `citadel.passthrough.enabled` | Enable passthrough mode for client-provided auth | `true` | `PASSTHROUGH_ENABLED` |
 
 When passthrough is enabled, clients can send their own LLM provider credentials via the `Authorization` header while using a Citadel key in `x-citadel-api-key` for gateway authentication. Useful for Claude Code Max users.
 
@@ -73,8 +73,8 @@ Rate limits can also be set per-key when creating API keys via the management AP
 
 | Parameter | Description | Default | Env Var |
 |-----------|-------------|---------|---------|
-| `logging.requestBody` | Store full request bodies in logs | `false` | `LOG_REQUEST_BODY` |
-| `logging.responseBody` | Store full response bodies in logs | `false` | `LOG_RESPONSE_BODY` |
+| `logging.requestBody` | Store full request bodies in logs | `true` | `LOG_REQUEST_BODY` |
+| `logging.responseBody` | Store full response bodies in logs | `true` | `LOG_RESPONSE_BODY` |
 
 Enabling body logging significantly increases storage usage but provides a full audit trail.
 
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index ea3a44d..e817926 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -16,6 +16,7 @@ spec:
       annotations:
         checksum/env: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+        checksum/models: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
       {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}
diff --git a/values.yaml b/values.yaml
index 0bfa0bc..7010420 100644
--- a/values.yaml
+++ b/values.yaml
@@ -48,8 +48,8 @@ rateLimiting:
 
 # -- Request/response body logging (increases storage usage)
 logging:
-  requestBody: false
-  responseBody: false
+  requestBody: true
+  responseBody: true
 
 # -- SocketZero JWT authentication (keyless)
 socketzero: