From 7871ba845fec09117e48c9e19ae2a4aefce7e343 Mon Sep 17 00:00:00 2001
From: Dustin Hilgaertner <dhilgaertner@gmail.com>
Date: Mon, 9 Mar 2026 14:18:19 -0500
Subject: [PATCH 1/2] feat: enable request and response body logging in
 values.yaml and update documentation

---
 .gitignore            | 2 ++
 docs/CONFIGURATION.md | 4 ++--
 values.yaml           | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 7d9ee43..ca1888b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,4 @@
 # Downloaded dependency tarballs
 charts/*.tgz
+.playwright-mcp/
+.claude/settings.local.json
diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index 8127448..987a2b7 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -73,8 +73,8 @@ Rate limits can also be set per-key when creating API keys via the management AP
 
 | Parameter | Description | Default | Env Var |
 |-----------|-------------|---------|---------|
-| `logging.requestBody` | Store full request bodies in logs | `false` | `LOG_REQUEST_BODY` |
-| `logging.responseBody` | Store full response bodies in logs | `false` | `LOG_RESPONSE_BODY` |
+| `logging.requestBody` | Store full request bodies in logs | `true` | `LOG_REQUEST_BODY` |
+| `logging.responseBody` | Store full response bodies in logs | `true` | `LOG_RESPONSE_BODY` |
 
 Enabling body logging significantly increases storage usage but provides a full audit trail.
 
diff --git a/values.yaml b/values.yaml
index 0bfa0bc..7010420 100644
--- a/values.yaml
+++ b/values.yaml
@@ -48,8 +48,8 @@ rateLimiting:
 
 # -- Request/response body logging (increases storage usage)
 logging:
-  requestBody: false
-  responseBody: false
+  requestBody: true
+  responseBody: true
 
 # -- SocketZero JWT authentication (keyless)
 socketzero:

From b221350980bc176da11319be02a3d3614db7f07f Mon Sep 17 00:00:00 2001
From: Dustin Hilgaertner <dhilgaertner@gmail.com>
Date: Mon, 9 Mar 2026 14:47:09 -0500
Subject: [PATCH 2/2] fix: add models ConfigMap checksum and correct docs
 defaults

Add checksum/models annotation to deployment so pods restart when
modelsConfig changes via helm upgrade. Fix CONFIGURATION.md defaults
for guardrails.openaiModeration and passthrough.enabled to match
values.yaml (both are true, not false).

Closes #3
Closes #4

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docs/CONFIGURATION.md     | 4 ++--
 templates/deployment.yaml | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/CONFIGURATION.md b/docs/CONFIGURATION.md
index 987a2b7..b09d2e3 100644
--- a/docs/CONFIGURATION.md
+++ b/docs/CONFIGURATION.md
@@ -31,14 +31,14 @@ Complete reference for all `values.yaml` parameters in the Citadel Helm chart.
 | Parameter | Description | Default | Env Var |
 |-----------|-------------|---------|---------|
 | `citadel.guardrails.enabled` | Enable the guardrails system | `true` | `GUARDRAILS_ENABLED` |
-| `citadel.guardrails.openaiModeration` | Enable OpenAI moderation API guardrail | `false` | `GUARDRAIL_OPENAI_MODERATION` |
+| `citadel.guardrails.openaiModeration` | Enable OpenAI moderation API guardrail | `true` | `GUARDRAIL_OPENAI_MODERATION` |
 | `citadel.guardrails.piiFilter` | Enable PII detection and filtering | `false` | `GUARDRAIL_PII_FILTER` |
 
 ### Passthrough
 
 | Parameter | Description | Default | Env Var |
 |-----------|-------------|---------|---------|
-| `citadel.passthrough.enabled` | Enable passthrough mode for client-provided auth | `false` | `PASSTHROUGH_ENABLED` |
+| `citadel.passthrough.enabled` | Enable passthrough mode for client-provided auth | `true` | `PASSTHROUGH_ENABLED` |
 
 When passthrough is enabled, clients can send their own LLM provider credentials via the `Authorization` header while using a Citadel key in `x-citadel-api-key` for gateway authentication. Useful for Claude Code Max users.
 
diff --git a/templates/deployment.yaml b/templates/deployment.yaml
index ea3a44d..e817926 100644
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -16,6 +16,7 @@ spec:
       annotations:
         checksum/env: {{ include (print $.Template.BasePath "/env.yaml") . | sha256sum }}
         checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+        checksum/models: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
       {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
       {{- end }}