Initiate backend setup

.env.example

@@ -1,4 +1,4 @@
-# Copy to `.env.local` for local development (never commit real secrets).
+# Copy to `.env` for local development (never commit real secrets).
 
 # PostgreSQL — use `docker compose up -d postgres` and match user/db/password.
 DATABASE_URL="postgresql://communityrule:communityrule@localhost:5432/communityrule"

CONTRIBUTING.md

@@ -2,8 +2,8 @@
 
 ## Backend (local)
 
-1. Copy [`.env.example`](.env.example) to `.env.local` and set `SESSION_SECRET` (at least 16 characters).
-2. Start Postgres (and optional Mailhog): `docker compose up -d postgres mailhog`. On Apple Silicon, Mailhog is configured for `linux/amd64` in [`docker-compose.yml`](docker-compose.yml) (clear emulation path). You can use `docker compose up -d postgres` only and read OTPs from the dev server log instead of Mailhog (see `.env.example`).
+1. Copy [`.env.example`](.env.example) to `.env` and set `SESSION_SECRET` (at least 16 characters).
+2. `docker compose up -d postgres mailhog` — omit `mailhog` if you only need Postgres; with `SMTP_URL` unset, OTPs are printed in the dev server log (see `.env.example`).
 3. Install dependencies: `npm ci`
 4. Apply migrations: `npx prisma migrate dev`
 5. Run the app: `npm run dev`
@@ -30,7 +30,7 @@ Use `npx prisma studio` to inspect the database.
 
 ### Optional draft sync
 
-Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env.local` so the create flow saves drafts to the server when a user is logged in.
+Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env` so the create flow saves drafts to the server when a user is logged in.
 
 ## Frontend / tests
 

docs/backend-linear-tickets.md

@@ -16,7 +16,7 @@ Use this if you **do not** have SSH or hosting access yet. Most engineering tick
 
 ### You do **not** need the server admin for
 
-- **Tickets 1–8, 10:** Everything runs on your machine: `docker compose up -d postgres mailhog`, `.env.local`, `npm run dev`, `npx prisma migrate dev`. OTP email can use Mailhog or dev log (no real SMTP).
+- **Tickets 1–8, 10:** Everything runs on your machine: `docker compose up -d postgres mailhog`, `.env`, `npm run dev`, `npx prisma migrate dev`. OTP email can use Mailhog or dev log (no real SMTP).
 - **Verifying APIs:** Use `localhost` and the same Docker Postgres—no production host.
 
 ### The **first** time you need someone with hosting access
@@ -34,7 +34,7 @@ Ask the admin to provide (or do for you) the items below—**Ticket 12** turns t
 | **DNS for mail**     | Often **SPF/DKIM** so OTP messages are not spam—admin or whoever owns DNS.                                                                                       |
 | **TLS + hostname**   | HTTPS URL for the site; reverse proxy (nginx, Caddy, etc.) in front of Node.                                                                                     |
 | **Health check**     | Load balancer or platform should probe **`GET /api/health`** (or your chosen path).                                                                              |
-| **Secrets storage**  | Env vars or secret manager—never commit `.env.local`.                                                                                                            |
+| **Secrets storage**  | Env vars or secret manager—never commit `.env` with secrets.                                                                                                     |
 | **Backups**          | Postgres backup/restore for production (and ideally staging).                                                                                                    |
 
 Optional: **Docker image deploy** using the repo [Dockerfile](Dockerfile)—admin builds/pushes/runs the container with the env vars above.

docs/backend-roadmap.md

@@ -126,7 +126,7 @@ Match the current API behavior; tighten as product evolves:
 
 ---
 
-**Step 1.** Copy `.env.example` to `.env.local`. Set `DATABASE_URL` and secrets (see file comments).
+**Step 1.** Copy `.env.example` to `.env`. Set `DATABASE_URL` and secrets (see file comments).
 
 **Step 2.** Start Postgres locally:
 
@@ -162,7 +162,7 @@ npm run dev
 
 **Step 9.** **Templates** (when ready): seed `RuleTemplate` rows; `GET /api/templates` is implemented.
 
-**Step 10.** **Frontend sync**: Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env.local` for server drafts when logged in; `localStorage` remains fallback when off or anonymous.
+**Step 10.** **Frontend sync**: Set `NEXT_PUBLIC_ENABLE_BACKEND_SYNC=true` in `.env` for server drafts when logged in; `localStorage` remains fallback when off or anonymous.
 
 **Step 11.** **Web vitals:** Move off `.next` files—**prefer an external analytics or logging pipeline** (see §7). Use Postgres for vitals only as a deliberate ops choice.
 
@@ -173,7 +173,7 @@ npm run dev
 - **HTTPS** in staging/production; session cookie **Secure**.
 - **Rate-limit** OTP (in-memory OK for one instance; **shared store before multi-instance**—see §5).
 - **Hash** OTP codes and session tokens before storing; short OTP expiry.
-- **Secrets** only in env / secret store — never commit `.env.local`.
+- **Secrets** only in env / secret store — never commit `.env` with real values.
 - **CORS:** prefer **same-origin** `/api/*`; if cross-origin, configure CORS and CSRF carefully.
 
 ---

package.json

@@ -40,10 +40,7 @@
     "analyze:server": "ANALYZE=true npm run build",
     "analyze:browser": "BUNDLE_ANALYZE=true npm run build",
     "bundle:analyze": "node scripts/bundle-analyzer.js",
-    "db:generate": "prisma generate",
-    "db:migrate": "prisma migrate dev",
-    "db:deploy": "prisma migrate deploy",
-    "db:studio": "prisma studio"
+    "db:deploy": "prisma migrate deploy"
   },
   "dependencies": {
     "@mdx-js/loader": "^3.1.1",