diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index a9243fe..2b2576c 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -28,35 +28,36 @@ jobs:
     needs: build-and-push
     
     steps:
-      - name: Install Docker Tools
+      - name: Deploy to Production via SSH
         run: |
-          # Instala docker y docker-compose-plugin
-          apt-get update
-          apt-get install -y --no-install-recommends ca-certificates curl
-          install -m 0755 -d /etc/apt/keyrings
-          curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
-          chmod a+r /etc/apt/keyrings/docker.asc
-          echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-          apt-get update
-          apt-get install -y docker-ce-cli docker-compose-plugin
+          echo "Connecting to production server to deploy..."
           
-      - name: Deploy Application Stack
-        run: |
-          echo "Deploying application stack using localhost..."
+          # 1. Preparar el cliente SSH dentro del contenedor del job
+          apt-get update && apt-get install -y openssh-client
+          mkdir -p ~/.ssh
+          echo "${{ secrets.PROD_SERVER_SSH_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.PROD_SERVER_HOST }} >> ~/.ssh/known_hosts
           
-          # Nos movemos al directorio correcto
-          cd /opt/gestion-integral
-
-          # Exportamos los secretos como variables de entorno
-          export DB_SA_PASSWORD='${{ secrets.DB_SA_PASSWORD_SECRET }}'
-          export JWT_KEY='${{ secrets.JWT_KEY_SECRET }}'
-
-          # Hacemos login, pull y up usando la dirección de loopback
-          docker login 127.0.0.1:5000 -u ${{ secrets.REGISTRY_USER }} --password-stdin <<< "${{ secrets.ACTIONS_PAT }}"
-          docker compose pull
-          docker compose up -d
-
-      - name: Cleanup dangling images
-        run: |
-          echo "Cleaning up old images on host..."
-          docker image prune -af
\ No newline at end of file
+          # 2. Conectarse al HOST y ejecutar los comandos de despliegue
+          ssh ${{ secrets.PROD_SERVER_USER }}@${{ secrets.PROD_SERVER_HOST }} << 'EOF'
+            echo "--- CONECTADO AL SERVIDOR DE PRODUCCIÓN ---"
+            
+            # Navegar a la carpeta correcta EN EL HOST
+            cd /opt/gestion-integral
+            
+            # Exportar los secretos para que docker-compose los use
+            export DB_SA_PASSWORD="${{ secrets.DB_SA_PASSWORD_SECRET }}"
+            export JWT_KEY="${{ secrets.JWT_KEY_SECRET }}"
+            
+            # Ejecutar los comandos de Docker en el host, apuntando a sí mismo
+            # Usar --password-stdin es más seguro y evita warnings
+            echo "${{ secrets.ACTIONS_PAT }}" | docker login 127.0.0.1:5000 -u ${{ secrets.REGISTRY_USER }} --password-stdin
+            
+            # El resto de comandos, ahora sí, funcionarán
+            docker compose pull
+            docker compose up -d
+            docker image prune -af
+            
+            echo "--- ¡¡DESPLIEGUE REALIZADO CON ÉXITO!! ---"
+          EOF
\ No newline at end of file