Feature/m8 f 159 cleanup ticket

sample.env

@@ -1,4 +1,4 @@
-# Copy to .env and replace <LOCAL_IP> with your machine IP (see README).
+# Copy to .env (see README).
 # Backend accepts both M8FLOW_BACKEND_* and SPIFFWORKFLOW_BACKEND_* for mapped vars (see extensions/env_var_mapper.py).
 #
 # --- Postgres (required for m8flow-db; set POSTGRES_PASSWORD). ---
@@ -19,31 +19,31 @@ WATCHFILES_FORCE_POLLING=true
 
 # --- Database (SQLAlchemy URI) ---
 M8FLOW_BACKEND_DATABASE_TYPE=postgres
-M8FLOW_BACKEND_DATABASE_URI=postgresql://postgres:postgres@<LOCAL_IP>:1111/postgres
+M8FLOW_BACKEND_DATABASE_URI=postgresql://postgres:postgres@localhost:1111/postgres
 # M8FLOW and Spiff DB migrations on startup.
 M8FLOW_BACKEND_UPGRADE_DB=true
 M8FLOW_BACKEND_SW_UPGRADE_DB=true
 
 
-# --- Ports / URLs (replace <LOCAL_IP> with your machine IP) ---
+# --- Ports / URLs ---
 # M8FLOW_FRONTEND_PORT=7001  # default; matches start_dev.sh and docker/m8flow-docker-compose.yml
 M8FLOW_BACKEND_PORT=7000
-M8FLOW_BACKEND_URL=http://<LOCAL_IP>:7000
-M8FLOW_BACKEND_URL_FOR_FRONTEND=http://<LOCAL_IP>:7001
+M8FLOW_BACKEND_URL=http://localhost:7000
+M8FLOW_BACKEND_URL_FOR_FRONTEND=http://localhost:7001
 SPIFFWORKFLOW_BACKEND_API_PATH_PREFIX=/v1.0
 # CORS: comma-separated frontend origins (host:port).
-M8FLOW_BACKEND_CORS_ALLOW_ORIGINS=localhost:7001,localhost:5173,127.0.0.1:7001,<LOCAL_IP>:7001
+M8FLOW_BACKEND_CORS_ALLOW_ORIGINS=localhost:7001,localhost:5173,127.0.0.1:7001,localhost:7001
 
 # BPMN and templates paths (container or host).
 M8FLOW_BACKEND_BPMN_SPEC_ABSOLUTE_DIR=./process_models
 M8FLOW_TEMPLATES_STORAGE_DIR=./templates
 
 # --- Auth (OIDC / Keycloak) ---
 # KEYCLOAK_HOSTNAME=http://localhost:7002  # URL used to reach Keycloak; set to http://<host>:7002 when accessing from another machine
-# KEYCLOAK_HOSTNAME_URL=http://<LOCAL_IP>:7002  # Public Keycloak base URL; tokens use this as issuer (iss)
+# KEYCLOAK_HOSTNAME_URL=http://localhost:7002  # Public Keycloak base URL; tokens use this as issuer (iss)
 # With Docker Compose, KEYCLOAK_URL is set to http://keycloak-proxy:7002 so the backend uses the proxy.
-M8FLOW_KEYCLOAK_URL=http://<LOCAL_IP>:7002
-M8FLOW_BACKEND_OPEN_ID_SERVER_URL=http://<LOCAL_IP>:7002/realms/spiffworkflow
+M8FLOW_KEYCLOAK_URL=http://localhost:7002
+M8FLOW_BACKEND_OPEN_ID_SERVER_URL=http://localhost:7002/realms/spiffworkflow
 M8FLOW_BACKEND_OPEN_ID_CLIENT_ID=spiffworkflow-backend
 M8FLOW_BACKEND_OPEN_ID_CLIENT_SECRET_KEY=
 M8FLOW_BACKEND_OPEN_ID_IS_AUTHORITY_FOR_USER_GROUPS=true
@@ -58,26 +58,26 @@ M8FLOW_KEYCLOAK_SPOKE_KEYSTORE_PASSWORD=
 # For master-realm super-admin browser access, add a second config: identifier=master, uri=.../realms/master.
 # If you also use API-style admin-cli tokens, add additional_valid_client_ids=admin-cli; the backend can map
 # matching M8Flow realm roles from realm_access.roles when no groups claim is present.
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__identifier=spiffworkflow-local
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__label=Keycloak
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__uri=http://localhost:7002/realms/spiffworkflow-local
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_id=spiffworkflow-backend
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_secret=JXeQExm0JhQPLumgHtIIqf52bDalHz0q
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__identifier=master
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__uri=http://localhost:7002/realms/master
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_id=spiffworkflow-backend
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_secret=JXeQExm0JhQPLumgHtIIqf52bDalHz0q
-# SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__additional_valid_client_ids=admin-cli
-# SPIFFWORKFLOW_BACKEND_OPEN_ID_ADDITIONAL_VALID_ISSUERS=http://localhost:7002/realms/master,http://localhost:7002/realms/m8flow
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__identifier=spiffworkflow-local
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__label=Keycloak
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__uri=http://localhost:7002/realms/spiffworkflow-local
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_id=spiffworkflow-backend
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__0__client_secret=JXeQExm0JhQPLumgHtIIqf52bDalHz0q
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__identifier=master
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__uri=http://localhost:7002/realms/master
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_id=spiffworkflow-backend
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__client_secret=JXeQExm0JhQPLumgHtIIqf52bDalHz0q
+SPIFFWORKFLOW_BACKEND_AUTH_CONFIGS__1__additional_valid_client_ids=admin-cli
+SPIFFWORKFLOW_BACKEND_OPEN_ID_ADDITIONAL_VALID_ISSUERS=http://localhost:7002/realms/master,http://localhost:7002/realms/m8flow
 # Optional local-development bootstrap for the master realm browser client and global admin user.
 # M8FLOW_KEYCLOAK_MASTER_CLIENT_SECRET=JXeQExm0JhQPLumgHtIIqf52bDalHz0q
 # KEYCLOAK_SUPER_ADMIN_USER=super-admin
 # KEYCLOAK_SUPER_ADMIN_PASSWORD=super-admin
 
 # --- Celery / Redis ---
 M8FLOW_BACKEND_CELERY_ENABLED=true
-M8FLOW_BACKEND_CELERY_BROKER_URL=redis://<LOCAL_IP>:6379/0
-M8FLOW_BACKEND_CELERY_RESULT_BACKEND=redis://<LOCAL_IP>:6379/0
+M8FLOW_BACKEND_CELERY_BROKER_URL=redis://localhost:6379/0
+M8FLOW_BACKEND_CELERY_RESULT_BACKEND=redis://localhost:6379/0
 # Backend/API should be false; the worker/flower launchers override this inside their own containers.
 # M8FLOW_BACKEND_RUNNING_IN_CELERY_WORKER=false
 M8FLOW_BACKEND_RUN_BACKGROUND_SCHEDULER_IN_CREATE_APP=true
@@ -98,7 +98,7 @@ M8FLOW_BACKEND_CELERY_FLOWER_BASIC_AUTH=admin:admin
 
 # --- Connector proxy ---
 CONNECTOR_PROXY_PORT=8004
-M8FLOW_BACKEND_CONNECTOR_PROXY_URL=http://<LOCAL_IP>:8004
+M8FLOW_BACKEND_CONNECTOR_PROXY_URL=http://localhost:8004
 # --- M8Flow Connector: SMTP ---
 # Local directory for connector to map attachments to.
 M8FLOW_CONNECTOR_SMTP_ATTACHMENTS_DIR=../email_attachments
@@ -137,11 +137,11 @@ M8FLOW_ALLOW_MISSING_TENANT_CONTEXT=true
 # --- Keycloak ---
 KEYCLOAK_ADMIN=admin
 # Keycloak admin app: URL, realm, admin user. Backend accepts KEYCLOAK_URL (or M8FLOW_KEYCLOAK_URL).
-# Set KEYCLOAK_HOSTNAME to the URL users/browser use to reach Keycloak so the backend accepts the token iss claim (e.g. http://localhost:7002 or http://<LOCAL_IP>:7002). Required when using Docker or a proxy.
-KEYCLOAK_HOSTNAME=http://<LOCAL_IP>:7002
+# Set KEYCLOAK_HOSTNAME to the URL users/browser use to reach Keycloak so the backend accepts the token iss claim (e.g. http://localhost:7002 or http://localhost:7002). Required when using Docker or a proxy.
+KEYCLOAK_HOSTNAME=http://localhost:7002
 # When Keycloak and the app are on different hosts, set M8FLOW_APP_PUBLIC_BASE_URL (e.g. https://app.example.com or http://localhost:7001). When not set, KEYCLOAK_HOSTNAME is used.
 # M8FLOW_APP_PUBLIC_BASE_URL=
-KEYCLOAK_URL=http://<LOCAL_IP>:7002
+KEYCLOAK_URL=http://localhost:7002
 KEYCLOAK_REALM=tenant-a
 KEYCLOAK_ADMIN_USER=admin
 # Admin password for create-realm API (KEYCLOAK_ADMIN_PASSWORD or M8FLOW_KEYCLOAK_ADMIN_PASSWORD).