diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..5564578
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,27 @@
+# Git
+.git
+.gitignore
+
+# Docker
+docker
+
+# Symfony
+var/cache/*
+var/log/*
+var/sessions/*
+!var/cache/.gitkeep
+!var/log/.gitkeep
+!var/sessions/.gitkeep
+
+# Node
+node_modules
+npm-debug.log
+
+# Other
+.env.local
+.env.local.php
+.env.dev.local
+.env.test.local
+.env.prod.local
+vendor
+public/build
diff --git a/.env b/.env
index ba5541e..a485d01 100644
--- a/.env
+++ b/.env
@@ -30,7 +30,7 @@ DB_SERVER_VERSION=8.0.32
 DB_CHARSET=utf8mb4
 DB_USER=escapepage
 DB_PASSWORD="b.0nqrxJ/D*Luf9N"
-DB_HOST=localhost
+DB_HOST=database
 DB_PORT=3306
 DB_NAME=escapepage
 DATABASE_URL="${DB_DRIVER}://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?serverVersion=${DB_SERVER_VERSION}&charset=${DB_CHARSET}"
@@ -52,7 +52,7 @@ MAILER_DSN=smtp://mailer:1025
 # MAILER_DSN="smtp://apikey:%env(SENDGRID_API_KEY)%@smtp.sendgrid.net:587?encryption=tls"
 # Optional default sender (used by test command if --from not passed):
 # MAILER_FROM=no-reply@your-domain.tld
-# SENDGRID_API_KEY=your_real_key_goes_here   # Do NOT commit this; set in .env.local or deployment env
+SENDGRID_API_KEY=your_real_key_goes_here
 ###< symfony/mailer ###
 
 ###> symfony/sendgrid-mailer ###
@@ -66,8 +66,16 @@ MERCURE_URL=http://mercure/.well-known/mercure
 MERCURE_PUBLIC_URL=http://localhost:8090/.well-known/mercure
 # Shared secret for signing JWTs (dev only). In prod, set via real env/secrets.
 MERCURE_JWT_SECRET=!ChangeThisMercureJWTSignedBySymfonySecretKey!
+# Pre-generated JWT tokens for convenience
+MERCURE_PUBLISHER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.E5b7ma4k-kA7lVGOQtICh7r2sspwX4G1iOhwtbxHQck
+MERCURE_SUBSCRIBER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InN1YnNjcmliZSI6WyIqIl19fQ.mwSAjvbm6vOnjMoRSHMdcqapNCwyGZs1s57uLK4T3UM
 # CORS allowed origins (default)
-MERCURE_CORS_ALLOWED_ORIGINS=http://localhost:8080
+MERCURE_CORS_ALLOWED_ORIGINS=https://localhost:8443
 # Base URL for Mercure topics.
 MERCURE_TOPIC_BASE=https://escapepage.dev
 ###< mercure ###
+
+###> docker ###
+USER_ID=1000
+GROUP_ID=1000
+###< docker ###
diff --git a/.env.dev b/.env.dev
new file mode 100644
index 0000000..15b4696
--- /dev/null
+++ b/.env.dev
@@ -0,0 +1,17 @@
+
+###> symfony/framework-bundle ###
+APP_SECRET=620e9ce5f88a714b636179eb39d5be4f
+###< symfony/framework-bundle ###
+
+###> mercure ###
+MERCURE_CORS_ALLOWED_ORIGINS=http://localhost:8080
+MERCURE_TOPIC_BASE=https://escapepage.dev
+MERCURE_PUBLISHER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.E5b7ma4k-kA7lVGOQtICh7r2sspwX4G1iOhwtbxHQck
+MERCURE_SUBSCRIBER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InN1YnNjcmliZSI6WyIqIl19fQ.mwSAjvbm6vOnjMoRSHMdcqapNCwyGZs1s57uLK4T3UM
+###< mercure ###
+
+DB_HOST=database
+DB_PORT=3306
+DB_NAME=escapepage
+DB_USER=escapepage
+DB_PASSWORD="b.0nqrxJ/D*Luf9N"
diff --git a/.env.prod b/.env.prod
new file mode 100644
index 0000000..3bb77bf
--- /dev/null
+++ b/.env.prod
@@ -0,0 +1,34 @@
+APP_ENV=prod
+APP_SECRET=a8f89e179e8c338423697669d6728c2c
+
+### Compiled or real environment variables should be used in production.
+### Configure MAILER_DSN to use SendGrid API transport.
+### Prefer storing SENDGRID_API_KEY using Symfony Secrets or real env vars.
+###> symfony/mailer ###
+MAILER_DSN=sendgrid://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@default
+###< symfony/mailer ###
+
+###> symfony/framework-bundle ###
+TRUSTED_PROXIES=127.0.0.1,172.20.0.0/16
+TRUSTED_HOSTS=^(escapepage\.com|www\.escapepage\.com)$
+###< symfony/framework-bundle ###
+
+###> mercure ###
+# Use the production URL for CORS in production
+MERCURE_JWT_SECRET=55UtgFXsZu09TSTdeIA7ljK4HUo9DLkRzEB7MD5tqOLjRfAb
+MERCURE_PUBLISHER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.qMVdzh7buYK78e-gwCQx7v6qCxk1Js83SAEKK-GZSrI
+MERCURE_SUBSCRIBER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InN1YnNjcmliZSI6WyIqIl19fQ.OCnRPXfCoke27ntAxby2R5jkgpTZdw83DPq1yhvkLbw
+MERCURE_CORS_ALLOWED_ORIGINS=https://escapepage.com
+MERCURE_TOPIC_BASE=https://escapepage.com
+###< mercure ###
+
+DB_HOST=database
+DB_PORT=3306
+DB_NAME=escapepage
+DB_USER=escapepage
+DB_PASSWORD=Zr1aOYU5NpCbS3dhpxa64cZp
+
+###> docker ###
+USER_ID=1000
+GROUP_ID=1000
+###< docker ###
diff --git a/.env.test b/.env.test
new file mode 100644
index 0000000..7cccf6d
--- /dev/null
+++ b/.env.test
@@ -0,0 +1,18 @@
+APP_ENV=test
+
+# define your env variables for the test env here
+KERNEL_CLASS='App\Kernel'
+APP_SECRET='$ecretf0rt3st'
+
+###> mercure ###
+MERCURE_CORS_ALLOWED_ORIGINS=http://localhost:8080
+MERCURE_TOPIC_BASE=http://test
+MERCURE_PUBLISHER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdfX0.E5b7ma4k-kA7lVGOQtICh7r2sspwX4G1iOhwtbxHQck
+MERCURE_SUBSCRIBER_JWT_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InN1YnNjcmliZSI6WyIqIl19fQ.mwSAjvbm6vOnjMoRSHMdcqapNCwyGZs1s57uLK4T3UM
+###< mercure ###
+
+DB_HOST=database
+DB_PORT=3306
+DB_NAME=escapepage_test
+DB_USER=escapepage
+DB_PASSWORD="b.0nqrxJ/D*Luf9N"
diff --git a/docker/compose.yaml b/docker/compose.yaml
index 6b3450e..a904226 100644
--- a/docker/compose.yaml
+++ b/docker/compose.yaml
@@ -6,6 +6,9 @@ services:
     build:
       context: ..
       dockerfile: docker/php/Dockerfile
+      args:
+        USER_ID: ${USER_ID:-1000}
+        GROUP_ID: ${GROUP_ID:-1000}
     container_name: escapepage-php
     volumes:
       - ../:/var/www/html:delegated
@@ -24,6 +27,9 @@ services:
     build:
       context: ..
       dockerfile: docker/php/Dockerfile
+      args:
+        USER_ID: ${USER_ID:-1000}
+        GROUP_ID: ${GROUP_ID:-1000}
     container_name: escapepage-php-worker
     volumes:
       - ../:/var/www/html:delegated
diff --git a/docker/php/Dockerfile b/docker/php/Dockerfile
index 1f11d6c..fb43443 100644
--- a/docker/php/Dockerfile
+++ b/docker/php/Dockerfile
@@ -11,7 +11,8 @@ RUN apk add --no-cache \
     g++ \
     make \
     nodejs \
-    npm
+    npm \
+    shadow
 
 # Install PHP extension installer
 COPY --from=mlocati/php-extension-installer /usr/bin/install-php-extensions /usr/local/bin/
@@ -40,6 +41,18 @@ COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
 # Configure PHP
 COPY docker/php/php.ini $PHP_INI_DIR/conf.d/zz-custom.ini
 
+# Adjust www-data UID/GID to match host user (default 1000)
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+
+RUN if [ ${USER_ID:-0} -ne 0 ] && [ ${GROUP_ID:-0} -ne 0 ]; then \
+    userdel -f www-data &&\
+    if getent group www-data ; then groupdel www-data; fi &&\
+    groupadd -g ${GROUP_ID} www-data &&\
+    useradd -l -u ${USER_ID} -g www-data www-data &&\
+    install -d -m 0755 -o www-data -g www-data /home/www-data \
+;fi
+
 WORKDIR /var/www/html
 
 # Set permissions for Symfony directories