diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index 1af63e5..f7c69e7 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -140,117 +140,20 @@ jobs:
           python -m pytest tests/bqas/ -v --tb=short || true
 
   # ========================================
-  # Build & Deploy auf Hetzner (nur main, kein PR)
+  # Deploy via Coolify (nur main, kein PR)
   # ========================================
 
-  deploy-hetzner:
+  deploy-coolify:
+    name: Deploy
     runs-on: docker
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     needs:
       - test-go-consent
-    container: docker:27-cli
+    container:
+      image: alpine:latest
     steps:
-      - name: Deploy
+      - name: Trigger Coolify deploy
         run: |
-          set -euo pipefail
-          DEPLOY_DIR="/opt/breakpilot-core"
-          COMPOSE_FILES="-f docker-compose.yml -f docker-compose.hetzner.yml"
-          COMMIT_SHA="${GITHUB_SHA:-unknown}"
-          SHORT_SHA="${COMMIT_SHA:0:8}"
-          REPO_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
-
-          # Services die deployed werden
-          SERVICES="postgres valkey qdrant minio ollama mailpit embedding-service rag-service backend-core consent-service health-aggregator"
-
-          echo "=== BreakPilot Core Deploy ==="
-          echo "Commit: ${SHORT_SHA}"
-          echo "Deploy Dir: ${DEPLOY_DIR}"
-          echo "Services: ${SERVICES}"
-          echo ""
-
-          # 1. Repo auf dem Host erstellen/aktualisieren via Helper-Container
-          echo "=== Updating code on host ==="
-          docker run --rm \
-            -v "${DEPLOY_DIR}:${DEPLOY_DIR}" \
-            --entrypoint sh \
-            alpine/git:latest \
-            -c "
-              if [ ! -d '${DEPLOY_DIR}/.git' ]; then
-                echo 'Erstmaliges Klonen nach ${DEPLOY_DIR}...'
-                git clone '${REPO_URL}' '${DEPLOY_DIR}'
-              else
-                cd '${DEPLOY_DIR}'
-                git fetch origin main
-                git reset --hard origin/main
-              fi
-            "
-          echo "Code aktualisiert auf ${SHORT_SHA}"
-
-          # 2. .env sicherstellen
-          docker run --rm -v "${DEPLOY_DIR}:${DEPLOY_DIR}" alpine \
-            sh -c "
-              if [ ! -f '${DEPLOY_DIR}/.env' ]; then
-                echo 'WARNUNG: ${DEPLOY_DIR}/.env fehlt!'
-                echo 'Erstelle .env aus .env.example mit Defaults...'
-                if [ -f '${DEPLOY_DIR}/.env.example' ]; then
-                  cp '${DEPLOY_DIR}/.env.example' '${DEPLOY_DIR}/.env'
-                  echo '.env aus .env.example erstellt'
-                else
-                  echo 'Kein .env.example gefunden — Services starten mit Defaults'
-                fi
-              else
-                echo '.env vorhanden'
-              fi
-            "
-
-          # 3. Shared Network erstellen (falls noch nicht vorhanden)
-          docker network create breakpilot-network 2>/dev/null || true
-
-          # 4. Build + Deploy via Helper-Container
-          echo ""
-          echo "=== Building + Deploying ==="
-          docker run --rm \
-            -v /var/run/docker.sock:/var/run/docker.sock \
-            -v "${DEPLOY_DIR}:${DEPLOY_DIR}" \
-            -w "${DEPLOY_DIR}" \
-            docker:27-cli \
-            sh -c "
-              set -e
-              COMPOSE_FILES='-f docker-compose.yml -f docker-compose.hetzner.yml'
-
-              echo '=== Building Docker Images ==='
-              docker compose \${COMPOSE_FILES} build --parallel \
-                backend-core consent-service rag-service embedding-service health-aggregator
-
-              echo ''
-              echo '=== Starting infrastructure ==='
-              docker compose \${COMPOSE_FILES} up -d postgres valkey qdrant minio mailpit
-
-              echo 'Warte auf DB + Cache...'
-              sleep 10
-
-              echo ''
-              echo '=== Starting Ollama + pulling bge-m3 ==='
-              docker compose \${COMPOSE_FILES} up -d ollama
-              sleep 5
-
-              # bge-m3 Modell pullen (nur beim ersten Mal ~670MB)
-              echo 'Pulling bge-m3 model (falls noch nicht vorhanden)...'
-              docker exec bp-core-ollama ollama pull bge-m3 2>&1 || echo 'WARNUNG: bge-m3 pull fehlgeschlagen (wird spaeter nachgeholt)'
-
-              echo ''
-              echo '=== Starting application services ==='
-              docker compose \${COMPOSE_FILES} up -d \
-                embedding-service rag-service backend-core consent-service health-aggregator
-
-              echo ''
-              echo '=== Health Checks ==='
-              sleep 15
-              for svc in bp-core-postgres bp-core-valkey bp-core-qdrant bp-core-ollama bp-core-embedding-service bp-core-rag-service bp-core-backend bp-core-consent-service bp-core-health; do
-                STATUS=\$(docker inspect --format='{{.State.Status}}' \"\${svc}\" 2>/dev/null || echo 'not found')
-                echo \"\${svc}: \${STATUS}\"
-              done
-            "
-
-          echo ""
-          echo "=== Deploy abgeschlossen: ${SHORT_SHA} ==="
+          apk add --no-cache curl
+          curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
+            -H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"