diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
index 530c151..006887b 100644
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@@ -1,40 +1,44 @@
-name: Deploy to Staging
+name: Build & Deploy to Staging
 
 on:
   push:
-    branches: [main]
+    branches: [ main ]
 
 jobs:
-  build-and-deploy:
+  build-and-stage:
+    name: Build & Deploy to Staging
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout code
+    - name: Checkout
       uses: actions/checkout@v4
-
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
-
-    - name: Login to Container Registry
+    - name: Login to Forgejo Registry
       uses: docker/login-action@v3
       with:
         registry: git.cloonar.com
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Build and push Docker image
+        username: openclawd
+        password: ${{ secrets.REGISTRY_TOKEN }}
+    - name: Build and Push
       uses: docker/build-push-action@v5
       with:
         context: .
-        platforms: linux/arm64
         push: true
+        no-cache: true
         tags: |
-          git.cloonar.com/openclawd/snapapi:staging
+          git.cloonar.com/openclawd/snapapi:latest
           git.cloonar.com/openclawd/snapapi:${{ github.sha }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-
-    - name: Deploy to staging
+        platforms: linux/arm64
+    - name: Deploy to Staging
       run: |
-        echo "Triggering staging deployment..."
-        # The actual deployment is handled by ArgoCD or similar GitOps tool
-        # This would typically update a helm chart or kubernetes manifest repo
\ No newline at end of file
+        curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+        chmod +x kubectl
+        echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig.yaml
+        ./kubectl set image deployment/snapapi \
+          snapapi=git.cloonar.com/openclawd/snapapi:${{ github.sha }} \
+          -n snapapi-staging --kubeconfig=/tmp/kubeconfig.yaml
+        ./kubectl rollout status deployment/snapapi \
+          -n snapapi-staging --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s
+        echo "✅ Staging deploy complete!"
diff --git a/.forgejo/workflows/promote.yml b/.forgejo/workflows/promote.yml
index 9455694..419b0ce 100644
--- a/.forgejo/workflows/promote.yml
+++ b/.forgejo/workflows/promote.yml
@@ -6,40 +6,39 @@ on:
 
 jobs:
   promote:
+    name: Promote to Production
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout code
+    - name: Checkout
       uses: actions/checkout@v4
-
-    - name: Login to Container Registry
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Login to Forgejo Registry
       uses: docker/login-action@v3
       with:
         registry: git.cloonar.com
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Get latest staging image
-      id: get_image
+        username: openclawd
+        password: ${{ secrets.REGISTRY_TOKEN }}
+    - name: Build and Push Production
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        no-cache: true
+        tags: |
+          git.cloonar.com/openclawd/snapapi:prod
+          git.cloonar.com/openclawd/snapapi:${{ github.ref_name }}
+        platforms: linux/arm64
+    - name: Deploy to Production
       run: |
-        # Get the latest staging image digest
-        STAGING_DIGEST=$(docker manifest inspect git.cloonar.com/openclawd/snapapi:staging --verbose | jq -r '.Descriptor.digest')
-        echo "staging_digest=$STAGING_DIGEST" >> $GITHUB_OUTPUT
-        
-        # Extract version from tag
-        VERSION=${GITHUB_REF#refs/tags/}
-        echo "version=$VERSION" >> $GITHUB_OUTPUT
-
-    - name: Re-tag for production
-      run: |
-        # Pull staging image and re-tag for production
-        docker buildx imagetools create \
-          --tag git.cloonar.com/openclawd/snapapi:latest \
-          --tag git.cloonar.com/openclawd/snapapi:${{ steps.get_image.outputs.version }} \
-          --tag git.cloonar.com/openclawd/snapapi:prod \
-          git.cloonar.com/openclawd/snapapi:staging
-
-    - name: Deploy to production
-      run: |
-        echo "Triggering production deployment for version ${{ steps.get_image.outputs.version }}..."
-        # The actual deployment is handled by ArgoCD or similar GitOps tool
-        # This would typically update a helm chart or kubernetes manifest repo
\ No newline at end of file
+        curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+        chmod +x kubectl
+        echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig.yaml
+        ./kubectl set image deployment/snapapi \
+          snapapi=git.cloonar.com/openclawd/snapapi:${{ github.ref_name }} \
+          -n snapapi --kubeconfig=/tmp/kubeconfig.yaml
+        ./kubectl rollout status deployment/snapapi \
+          -n snapapi --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s
+        echo "✅ Production deploy complete!"