diff --git a/docs/07_PUBLIC_LAUNCH_CHECKLIST.md b/docs/07_PUBLIC_LAUNCH_CHECKLIST.md
index fdac3e6..2e3d4ad 100644
--- a/docs/07_PUBLIC_LAUNCH_CHECKLIST.md
+++ b/docs/07_PUBLIC_LAUNCH_CHECKLIST.md
@@ -8,19 +8,23 @@
 - [ ] Postgres port `5432` is not public.
 
 ## B) App and Deployment
-- [ ] Dokploy project connected to Gitea repo.
-- [ ] Secrets configured:
+- [ ] SSH deployment host is prepared (`/opt/fiddy`, Docker Engine, Compose plugin).
+- [ ] Deploy host runtime env is configured in `/opt/fiddy/.env`:
   - [ ] `DATABASE_URL`
   - [ ] `DATABASE_SSL`
   - [ ] `ALLOWED_DB_NAMES`
   - [ ] `SESSION_COOKIE_NAME`
   - [ ] `SESSION_TTL_DAYS`
-  - [ ] `DEBUG_API=0`
-  - [ ] `DOKPLOY_DEPLOY_HOOK`
-  - [ ] `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
-  - [ ] `DOKPLOY_HEALTHCHECK_URL`
+  - [ ] `DEBUG_API`
+- [ ] Gitea Actions secrets configured:
+  - [ ] `REGISTRY_USER`
+  - [ ] `REGISTRY_PASS`
+  - [ ] `DEPLOY_KEY`
+  - [ ] `DEPLOY_HOST`
+  - [ ] `DEPLOY_USER`
+  - [ ] `DEPLOY_HEALTHCHECK_URL`
 - [ ] Deploy workflow passes build/test/push/deploy.
-- [ ] Scheduler deploy workflow step passes.
+- [ ] Deploy guard confirms `web` and `scheduler` are running.
 - [ ] Post-deploy health gate passes (`scripts/wait-for-health.sh`).
 - [ ] Manual smoke passes (`scripts/smoke-public-launch.sh`).
 
@@ -47,6 +51,6 @@
 - [ ] Measured RTO is acceptable.
 
 ## F) Rollback Readiness
-- [ ] Previous stable release retained in Dokploy.
-- [ ] Rollback runbook tested once in staging or low-risk window.
+- [ ] Previous stable image tags retained in registry (for rollback).
+- [ ] Rollback runbook tested once in staging or low-risk window (SSH Compose deploy by older image tag).
 - [ ] Rollback smoke check verified.
diff --git a/docs/09_DEPLOYMENT_EXECUTION_PLAYBOOK.md b/docs/09_DEPLOYMENT_EXECUTION_PLAYBOOK.md
index 6c6e9f2..02e9762 100644
--- a/docs/09_DEPLOYMENT_EXECUTION_PLAYBOOK.md
+++ b/docs/09_DEPLOYMENT_EXECUTION_PLAYBOOK.md
@@ -25,28 +25,30 @@ Use these in execution updates for fast scanning:
   - [ ] `docs/08_NGINX_PROXY_MANAGER_SETUP.md`
   - [ ] `docs/06_SECURITY_REVIEW.md`
 
-## Phase 1: Registry + Dokploy Wiring (Operator Needed)
-First-time reference: `docs/11_DOKPLOY_FIRST_TIME_WALKTHROUGH.md`.
+## Phase 1: Registry + SSH Compose Wiring (Operator Needed)
 
 Hands-on checkpoints:
 1. Create/verify secrets in Gitea:
   - `REGISTRY_USER`
   - `REGISTRY_PASS`
-  - `DOKPLOY_DEPLOY_HOOK`
-  - `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
-  - `DOKPLOY_HEALTHCHECK_URL`
-2. In Dokploy app settings (Web):
-  - image source points to `git.nicosaya.com/nalalangan/fiddy/web`
-  - health endpoint is `/api/health/ready`
-  - release history retention is enabled
-3. In Dokploy app settings (Scheduler):
-  - image source points to `git.nicosaya.com/nalalangan/fiddy/scheduler`
-  - no public port exposed
-  - env vars set: `DATABASE_URL`, `DATABASE_SSL`, `ALLOWED_DB_NAMES`
+  - `DEPLOY_KEY`
+  - `DEPLOY_HOST`
+  - `DEPLOY_USER`
+  - `DEPLOY_HEALTHCHECK_URL`
+2. Prepare deploy host for SSH Compose:
+  - install Docker Engine + Compose plugin
+  - create `/opt/fiddy/.env` with production variables
+  - run `docker login git.nicosaya.com` as deploy user
+3. Confirm production compose contract:
+  - web image source: `git.nicosaya.com/nalalangan/fiddy/web`
+  - scheduler image source: `git.nicosaya.com/nalalangan/fiddy/scheduler`
+  - web publishes `3010:3000`
+  - scheduler has no public port
 
 Validation:
-- [ ] Push-to-main triggers `.gitea/workflows/deploy-dokploy.yml`
-- [ ] Web and Scheduler deploy hooks fire successfully
+- [ ] Push-to-main triggers `.gitea/workflows/deploy-ssh-compose.yml`
+- [ ] SSH deploy updates both web and scheduler containers
+- [ ] Deploy guard confirms web and scheduler are running
 - [ ] Health gate completes via `scripts/wait-for-health.sh`
 
 ## Phase 2: NPM Edge Setup (Operator Needed)
diff --git a/docs/public-launch-runbook.md b/docs/public-launch-runbook.md
index 6983ee3..d929e03 100644
--- a/docs/public-launch-runbook.md
+++ b/docs/public-launch-runbook.md
@@ -1,4 +1,4 @@
-# Public Launch Runbook (Self-Hosted + Dokploy)
+# Public Launch Runbook (Self-Hosted + SSH Compose)
 
 ## 1) Goals
 - Deploy Fiddy publicly without stack rewrite.
@@ -6,14 +6,14 @@
 - Enable fast rollback and basic operational visibility.
 - Keep security baseline enforceable for direct home-IP exposure.
 
-## 2) Deploy Control Plane (Dokploy)
-1. Install Dokploy on your Proxmox Docker host.
-2. Add project in Dokploy and connect Gitea repository.
+## 2) Deploy Host (SSH Compose)
+1. Prepare Linux deploy host with Docker Engine + Compose plugin.
+2. Ensure deploy target directory exists (`/opt/fiddy`).
 3. Configure web image source: `git.nicosaya.com/nalalangan/fiddy/web`.
 4. Configure scheduler image source: `git.nicosaya.com/nalalangan/fiddy/scheduler`.
-4. Deploy by immutable tag (`github.sha`) and keep `main` as convenience tag.
-5. Configure health check endpoint: `/api/health/ready`.
-6. Keep previous releases for rollback and verify rollback button path.
+5. Deploy by immutable tag (`github.sha`) and keep `main` as convenience tag.
+6. Configure health check endpoint: `/api/health/ready`.
+7. Keep previous image tags for rollback.
 
 ### Required secrets/variables
 - `DATABASE_URL`
@@ -26,15 +26,16 @@
 - `SCHEDULER_BATCH_SIZE` (scheduler app, optional)
 
 ## 3) CI/CD (Gitea Actions)
-- Use `.gitea/workflows/deploy-dokploy.yml`.
+- Use `.gitea/workflows/deploy-ssh-compose.yml`.
 - Required secrets:
   - `REGISTRY_USER`
   - `REGISTRY_PASS`
-  - `DOKPLOY_DEPLOY_HOOK`
-  - `DOKPLOY_SCHEDULER_DEPLOY_HOOK`
-  - `DOKPLOY_HEALTHCHECK_URL`
+  - `DEPLOY_KEY`
+  - `DEPLOY_HOST`
+  - `DEPLOY_USER`
+  - `DEPLOY_HEALTHCHECK_URL`
 - Health gate:
-  - workflow calls `scripts/wait-for-health.sh` against `DOKPLOY_HEALTHCHECK_URL`
+  - workflow calls `scripts/wait-for-health.sh` against `DEPLOY_HEALTHCHECK_URL`
   - default retry window: 5 minutes (30 attempts x 10s)
 
 ## 4) Reverse Proxy + Network Hardening
@@ -100,12 +101,12 @@
 1. Identify failing request and `request_id`.
 2. Correlate application logs (Loki) by `request_id`.
 3. Check `/api/health/ready` status and DB connectivity.
-4. Roll back to previous known-good Dokploy release if needed.
+4. Roll back to previous known-good image tag via SSH Compose if needed.
 5. Capture root cause and update this runbook/checklist.
 
 ## 8) Rollback Checklist
-1. Select previous healthy image in Dokploy release history.
-2. Trigger rollback and wait for deployment completion.
+1. Select previous healthy image tag for both `web` and `scheduler`.
+2. Trigger rollback deploy and wait for completion.
 3. Run `scripts/smoke-public-launch.sh https://your-domain`.
 4. Verify error-rate drop in Grafana/Loki and confirm no DB migration mismatch.
 5. Log the rolled back version, timestamp, and reason.