feat: enable bank config API by default

.github/workflows/test.yml

@@ -1332,7 +1332,6 @@ jobs:
         HINDSIGHT_API_LLM_MODEL=${{ env.HINDSIGHT_API_LLM_MODEL }}
         HINDSIGHT_API_LLM_VERTEXAI_SERVICE_ACCOUNT_KEY=/tmp/gcp-credentials.json
         HINDSIGHT_API_LLM_VERTEXAI_PROJECT_ID=$HINDSIGHT_API_LLM_VERTEXAI_PROJECT_ID
-        HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true
         EOF
 
     - name: Start API server

CLAUDE.md

@@ -323,4 +323,4 @@ Optional (uses local models by default):
 - `HINDSIGHT_API_EMBEDDINGS_PROVIDER`: local (default) or tei
 - `HINDSIGHT_API_RERANKER_PROVIDER`: local (default) or tei
 - `HINDSIGHT_API_DATABASE_URL`: External PostgreSQL (uses embedded pg0 by default)
-- `HINDSIGHT_API_ENABLE_BANK_CONFIG_API`: Enable per-bank config API (default: false, disabled for security)
+- `HINDSIGHT_API_ENABLE_BANK_CONFIG_API`: Enable per-bank config API (default: true)

hindsight-api/hindsight_api/api/http.py

@@ -3563,7 +3563,7 @@ async def api_get_bank_config(bank_id: str, request_context: RequestContext = De
         if not get_config().enable_bank_config_api:
             raise HTTPException(
                 status_code=404,
-                detail="Bank configuration API is disabled. Set HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true to enable.",
+                detail="Bank configuration API is disabled. Set HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true to re-enable.",
             )
         try:
             # Authenticate and set schema context for multi-tenant DB queries
@@ -3601,7 +3601,7 @@ async def api_update_bank_config(
         if not get_config().enable_bank_config_api:
             raise HTTPException(
                 status_code=404,
-                detail="Bank configuration API is disabled. Set HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true to enable.",
+                detail="Bank configuration API is disabled. Set HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true to re-enable.",
             )
         try:
             # Authenticate and set schema context for multi-tenant DB queries
@@ -3641,7 +3641,7 @@ async def api_reset_bank_config(bank_id: str, request_context: RequestContext =
         if not get_config().enable_bank_config_api:
             raise HTTPException(
                 status_code=404,
-                detail="Bank configuration API is disabled. Set HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true to enable.",
+                detail="Bank configuration API is disabled. Set HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true to re-enable.",
             )
         try:
             # Authenticate and set schema context for multi-tenant DB queries

hindsight-api/hindsight_api/config.py

@@ -396,7 +396,7 @@ def normalize_config_dict(config: dict[str, Any]) -> dict[str, Any]:
 DEFAULT_LOG_FORMAT = "text"  # Options: "text", "json"
 DEFAULT_WORKERS = 1
 DEFAULT_MCP_ENABLED = True
-DEFAULT_ENABLE_BANK_CONFIG_API = False  # Disabled by default for security
+DEFAULT_ENABLE_BANK_CONFIG_API = True
 DEFAULT_GRAPH_RETRIEVER = "link_expansion"  # Options: "link_expansion", "mpfp", "bfs"
 DEFAULT_MPFP_TOP_K_NEIGHBORS = 20  # Fan-out limit per node in MPFP graph traversal
 DEFAULT_RECALL_MAX_CONCURRENT = 32  # Max concurrent recall operations per worker

hindsight-api/tests/test_hierarchical_config.py

@@ -15,9 +15,6 @@
 from hindsight_api.extensions.tenant import TenantExtension
 from hindsight_api.models import RequestContext
 
-# Enable bank config API for all tests in this module
-os.environ["HINDSIGHT_API_ENABLE_BANK_CONFIG_API"] = "true"
-
 
 class MockTenantExtension(TenantExtension):
     """Mock tenant extension for testing tenant-level config."""

hindsight-cli/src/errors.rs

@@ -67,7 +67,7 @@ fn format_error_message(err: &anyhow::Error, api_url: &str) -> String {
                 "Bank configuration API is disabled".bright_red().bold(),
                 "API URL:".bright_yellow(),
                 api_url.bright_white(),
-                "This feature is disabled by default for security.".bright_yellow(),
+                "This feature has been disabled on the server.".bright_yellow(),
                 "To enable, set HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true on the API server".bright_white(),
                 "Note:".bright_cyan(),
                 "This allows per-bank LLM configuration overrides via API".bright_white()

hindsight-clients/python/hindsight_client/hindsight_client.py

@@ -1021,7 +1021,7 @@ def get_bank_config(self, bank_id: str) -> dict[str, Any]:
         """
         Get the resolved configuration for a bank, including any bank-level overrides.
 
-        Requires ``HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true`` on the server.
+        Can be disabled on the server by setting ``HINDSIGHT_API_ENABLE_BANK_CONFIG_API=false``.
 
         Args:
             bank_id: The memory bank ID
@@ -1059,7 +1059,7 @@ def update_bank_config(
         """
         Update configuration overrides for a bank.
 
-        Requires ``HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true`` on the server.
+        Can be disabled on the server by setting ``HINDSIGHT_API_ENABLE_BANK_CONFIG_API=false``.
 
         Args:
             bank_id: The memory bank ID
@@ -1111,7 +1111,7 @@ def reset_bank_config(self, bank_id: str) -> dict[str, Any]:
         """
         Reset all bank-level configuration overrides, reverting to server defaults.
 
-        Requires ``HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true`` on the server.
+        Can be disabled on the server by setting ``HINDSIGHT_API_ENABLE_BANK_CONFIG_API=false``.
 
         Args:
             bank_id: The memory bank ID

hindsight-clients/typescript/src/index.ts

@@ -431,7 +431,7 @@ export class HindsightClient {
     /**
      * Get the resolved configuration for a bank, including any bank-level overrides.
      *
-     * Requires `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true` on the server.
+     * Can be disabled on the server by setting `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=false`.
      */
     async getBankConfig(bankId: string): Promise<BankConfigResponse> {
         const response = await sdk.getBankConfig({
@@ -445,7 +445,7 @@ export class HindsightClient {
     /**
      * Update configuration overrides for a bank.
      *
-     * Requires `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true` on the server.
+     * Can be disabled on the server by setting `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=false`.
      *
      * @param bankId - The memory bank ID
      * @param options - Fields to override
@@ -493,7 +493,7 @@ export class HindsightClient {
     /**
      * Reset all bank-level configuration overrides, reverting to server defaults.
      *
-     * Requires `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true` on the server.
+     * Can be disabled on the server by setting `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=false`.
      */
     async resetBankConfig(bankId: string): Promise<BankConfigResponse> {
         const response = await sdk.resetBankConfig({

hindsight-docs/blog/2026-02-13-version-0-4-11.md

@@ -43,7 +43,7 @@ curl -X PATCH http://localhost:8888/v1/default/banks/my-bank/config \
   }'
 ```
 
-Configuration cascades from system defaults (env vars) → tenant overrides → bank-specific settings. The bank config API is disabled by default for security—enable it with `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true`.
+Configuration cascades from system defaults (env vars) → tenant overrides → bank-specific settings. The bank config API is enabled by default and can be disabled with `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=false`.
 
 Type-safe access prevents accidentally using global defaults when bank overrides exist. See the Configuration Guide for details on hierarchical configuration.
 

hindsight-docs/docs/developer/api/memory-banks.mdx

@@ -158,10 +158,6 @@ Disposition traits and `mission` only affect the `reflect` operation. `retain_mi
 
 Bank configuration fields (retain mission, extraction mode, observations mission, etc.) are managed via a **separate config API**, not the `create_bank` call. This lets you change operational settings independently from the bank's identity and disposition.
 
-:::note
-The bank config API must be enabled on the server with `HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true`.
-:::
-
 ### Setting Configuration Overrides
 
 <Tabs>

hindsight-docs/docs/developer/configuration.md

@@ -996,13 +996,7 @@ Configuration fields are categorized for security:
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `HINDSIGHT_API_ENABLE_BANK_CONFIG_API` | Enable per-bank config API | `false` |
-
-**Important:** The bank config API is **disabled by default** for security. Enable it explicitly:
-
-```bash
-export HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true
-```
+| `HINDSIGHT_API_ENABLE_BANK_CONFIG_API` | Enable per-bank config API | `true` |
 
 #### API Endpoints
 

hindsight-docs/examples/api/memory-banks.mjs

@@ -33,8 +33,6 @@ await client.updateBankConfig('architect-bank', {
 
 
 // [docs:update-bank-config]
-// Requires HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true on the server
-
 await client.updateBankConfig('my-bank', {
     retainMission: 'Always include technical decisions, API design choices, and architectural trade-offs. Ignore meeting logistics and social exchanges.',
     retainExtractionMode: 'verbose',

hindsight-docs/examples/api/memory-banks.py

@@ -38,8 +38,6 @@
 
 
 # [docs:update-bank-config]
-# Requires HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true on the server
-
 client.update_bank_config(
     "my-bank",
     retain_mission="Always include technical decisions, API design choices, and architectural trade-offs. Ignore meeting logistics and social exchanges.",

skills/hindsight-docs/references/developer/configuration.md

@@ -929,13 +929,7 @@ Configuration fields are categorized for security:
 
 | Variable | Description | Default |
 |----------|-------------|---------|
-| `HINDSIGHT_API_ENABLE_BANK_CONFIG_API` | Enable per-bank config API | `false` |
-
-**Important:** The bank config API is **disabled by default** for security. Enable it explicitly:
-
-```bash
-export HINDSIGHT_API_ENABLE_BANK_CONFIG_API=true
-```
+| `HINDSIGHT_API_ENABLE_BANK_CONFIG_API` | Enable per-bank config API | `true` |
 
 #### API Endpoints