docs: update documentation with Phase 3.8 fixes and production warnings

README.md

@@ -24,22 +24,26 @@ Web application (PWA) enabling dance event participants to:
 - Password reset workflow
 - Real-time username/email availability validation (debounced API calls, visual feedback)
 - Enhanced password validation with visual requirement indicators
-- WSDC integration (auto-fill profile data from worldsdc.com)
+- WSDC integration (auto-fill profile data from worldsdc.com, string ID support)
+- Polish character support in first/last name validation (ąćęłńóśźż)
 - Event slugs (alphanumeric IDs preventing enumeration attacks)
 - Cloudflare Turnstile CAPTCHA (bot protection on registration & contact form)
 - Security: CORS, CSRF, Helmet.js, rate limiting, account lockout
 - Trust proxy for correct client IP detection behind nginx
+- Session persistence with accountTier and isAdmin flags
 
 ### Events & Chat
 - Event list from worldsdc.com
 - Real-time event chat (Socket.IO) with active users sidebar
 - Real-time active users list (instant updates when users join/leave)
+- Private 1:1 match chat with automatic room reconnection
 - Infinite scroll message history
 - Clickable usernames (/@{username}) with country flags
 - Competitor numbers (bib numbers) display
 - Message validation: 2000 character limit with visual counter
 - Spam protection: rate limiting (10 msg/min), duplicate detection, profanity filter
 - Polish + English profanity filtering
+- Mobile-optimized scroll behavior (no page jump on new messages)
 
 ### Auto-matching & Fairness System
 - Smart recording assignment for competition heats
@@ -484,5 +488,39 @@ TBD
 
 ---
 
-**Status:** MVP Complete ✅ | 351/351 tests passing (100%) | Production Ready
-**Last Updated:** 2025-12-06
+**Status:** ✅ **LIVE IN PRODUCTION** | 351/351 tests passing (100%)
+**Last Updated:** 2025-12-09
+**Production URL:** [spotlight.cam](https://spotlight.cam)
+
+---
+
+## ⚠️ Production Notice
+
+**This application is now running in production with real users and data.**
+
+### Development Guidelines for Production Environment
+
+1. **Database Migrations**
+   - ⚠️ **NEVER** run destructive migrations without backup
+   - Test all schema changes in development first
+   - Use Prisma migration preview: `npx prisma migrate dev --create-only`
+   - Review generated SQL before applying to production
+   - Always backup production database before schema changes
+
+2. **Data Safety**
+   - Production database contains real user data
+   - Test data operations in development environment first
+   - Use transactions for multi-step operations
+   - Implement rollback procedures for critical changes
+
+3. **Deployment Process**
+   - Test thoroughly in development before pushing
+   - Run full test suite: `make test`
+   - Review all changes: `git diff origin/master`
+   - Deploy during low-traffic periods when possible
+   - Monitor logs after deployment: `docker compose logs -f`
+
+4. **Emergency Procedures**
+   - Keep previous Docker images for quick rollback
+   - Document all production changes
+   - Have database backup ready before major updates