diff --git a/compliance-agent/src/api/routes.rs b/compliance-agent/src/api/routes.rs
index c715df4..efa3370 100644
--- a/compliance-agent/src/api/routes.rs
+++ b/compliance-agent/src/api/routes.rs
@@ -2,7 +2,6 @@ use axum::routing::{delete, get, patch, post};
 use axum::Router;
 
 use crate::api::handlers;
-use crate::webhooks;
 
 pub fn build_router() -> Router {
     Router::new()
@@ -175,17 +174,10 @@ pub fn build_router() -> Router {
             "/api/v1/pentest/stats",
             get(handlers::pentest::pentest_stats),
         )
-        // Webhook endpoints (proxied through dashboard)
-        .route(
-            "/webhook/github/{repo_id}",
-            post(webhooks::github::handle_github_webhook),
-        )
-        .route(
-            "/webhook/gitlab/{repo_id}",
-            post(webhooks::gitlab::handle_gitlab_webhook),
-        )
-        .route(
-            "/webhook/gitea/{repo_id}",
-            post(webhooks::gitea::handle_gitea_webhook),
-        )
+    // Webhook routes live on the separate webhook server (port 3002,
+    // see crate::webhooks::server). The M7.2-C tenant-in-URL form is
+    // `/webhook/{tenant_id}/{platform}/{repo_id}` and the handlers
+    // expect a (tenant_id, repo_id) path tuple. Anything mounting
+    // them here on the API server would mismatch the handler
+    // signature, so the routes are not exported.
 }