diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index ba4d034..9051b32 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -1,4 +1,4 @@
-name: Deploy to 110 WOOO Server
+name: CI and Production Smoke
 
 on:
   push:
@@ -6,22 +6,29 @@ on:
       - main
 
 jobs:
-  deploy:
+  smoke:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Deploy to 110 over SSH
-        uses: appleboy/ssh-action@v1.0.0
-        with:
-          host: ${{ secrets.SERVER_110_HOST }}
-          username: ${{ secrets.SERVER_110_USER }}
-          key: ${{ secrets.SERVER_110_SSH_KEY }}
-          port: ${{ secrets.SERVER_110_PORT }}
-          script: |
-            cd /opt/agent-bounty-protocol
-            git pull origin main
-            bash scripts/security_scan.sh
-            docker compose down
-            docker compose up -d --build
+      - name: Validate shell scripts
+        run: |
+          set -euo pipefail
+          find scripts -name '*.sh' -print0 | xargs -0 -n1 bash -n
+
+      - name: Validate production compose contract
+        run: |
+          set -euo pipefail
+          test -f docker-compose.yml
+          grep -q 'ADMIN_USERNAME' docker-compose.yml
+          grep -q 'ADMIN_PASSWORD' docker-compose.yml
+          grep -q 'TRAFFIC_MONITOR_TOKEN' docker-compose.yml
+          grep -q 'VIBEWORK_TREASURY_USDC_ADDRESS' docker-compose.yml
+
+      - name: Smoke production health
+        run: |
+          set -euo pipefail
+          curl -fsS https://agent.wooo.work/api/v1/health | grep -q '"status":"ok"'
+          curl -fsS https://agent.wooo.work/api/open-tasks >/tmp/open-tasks.json
+          curl -fsS 'https://agent.wooo.work/api/a2a/growth/kit?agent_id=ci-smoke&register=false' | grep -q 'vibework.wooo.work/propose'