diff --git a/.forgejo/workflows/ci-cd-web-desktop.yml b/.forgejo/workflows/ci-cd-web-desktop.yml
index f228cd7..f564d73 100644
--- a/.forgejo/workflows/ci-cd-web-desktop.yml
+++ b/.forgejo/workflows/ci-cd-web-desktop.yml
@@ -21,7 +21,6 @@ on:
 env:
   APP_DIR: /srv/apps/sistema
   VPS_UPDATES_DIR: /var/www/updates
-  RUN_MACHINE_SMOKE: ${{ vars.RUN_MACHINE_SMOKE || 'false' }}
 
 jobs:
   changes:
@@ -47,7 +46,7 @@ jobs:
               - 'prisma/**'
               - 'next.config.ts'
               - 'package.json'
-              - 'pnpm-lock.yaml'
+              - 'bun.lock'
               - 'tsconfig.json'
               - 'middleware.ts'
               - 'stack.yml'
@@ -71,59 +70,11 @@ jobs:
           echo "Using APP_DIR (fallback)=$FALLBACK_DIR"
           echo "EFFECTIVE_APP_DIR=$FALLBACK_DIR" >> "$GITHUB_ENV"
 
-      - name: Setup pnpm
-        uses: https://github.com/pnpm/action-setup@v4
-        with:
-          version: 10.20.0
-
-      - name: Setup Node.js
-        uses: https://github.com/actions/setup-node@v4
-        with:
-          node-version: 20
-
       - name: Setup Bun
         uses: https://github.com/oven-sh/setup-bun@v2
         with:
           bun-version: 1.3.1
 
-      - name: Verify Bun runtime
-        run: bun --version
-
-      - name: Permissions diagnostic (server paths)
-        run: |
-          set +e
-          echo "== Basic context =="
-          whoami || true
-          id || true
-          groups || true
-          umask || true
-          echo "HOME=$HOME"
-          echo "APP_DIR(default)=${APP_DIR:-/srv/apps/sistema}"
-          echo "EFFECTIVE_APP_DIR=$EFFECTIVE_APP_DIR"
-
-          echo "\n== Permissions check =="
-          check_path() {
-            P="$1"
-            echo "-- $P"
-            if [ -e "$P" ]; then
-              stat -c '%A %U:%G %n' "$P" 2>/dev/null || ls -ld "$P" || true
-              echo -n "WRITABLE? "; [ -w "$P" ] && echo yes || echo no
-              if command -v namei >/dev/null 2>&1; then
-                namei -l "$P" || true
-              fi
-              TMP="$P/.permtest.$$"
-              (echo test > "$TMP" 2>/dev/null && echo "CREATE_FILE: ok" && rm -f "$TMP") || echo "CREATE_FILE: failed"
-            else
-              echo "(missing)"
-            fi
-          }
-          check_path "/srv/apps/sistema"
-          check_path "/srv/apps/sistema/src/app/machines/handshake"
-          check_path "/srv/apps/sistema/apps/desktop/node_modules"
-          check_path "/srv/apps/sistema/node_modules"
-          check_path "$EFFECTIVE_APP_DIR"
-          check_path "$EFFECTIVE_APP_DIR/node_modules"
-
       - name: Sync workspace to APP_DIR (preserving local env)
         run: |
           mkdir -p "$EFFECTIVE_APP_DIR"
@@ -194,11 +145,6 @@ jobs:
             cp -f "$DEFAULT_DIR/.env" "$EFFECTIVE_APP_DIR/.env"
           fi
 
-      - name: Prune workspace for server-only build
-        run: |
-          cd "$EFFECTIVE_APP_DIR"
-          printf "packages:\n  - .\n\nignoredBuiltDependencies:\n  - '@prisma/client'\n  - '@prisma/engines'\n  - '@tailwindcss/oxide'\n  - esbuild\n  - prisma\n  - sharp\n  - unrs-resolver\n" > pnpm-workspace.yaml
-
       - name: Ensure Next.js cache directory exists and is writable
         run: |
           cd "$EFFECTIVE_APP_DIR"
@@ -209,9 +155,10 @@ jobs:
         uses: https://github.com/actions/cache@v4
         with:
           path: ${{ env.EFFECTIVE_APP_DIR }}/.next/cache
-          key: ${{ runner.os }}-nextjs-${{ hashFiles('pnpm-lock.yaml', 'bun.lock') }}-${{ hashFiles('src/**/*.ts', 'src/**/*.tsx', 'src/**/*.js', 'src/**/*.jsx', 'next.config.ts') }}
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('bun.lock') }}-${{ hashFiles('next.config.ts') }}
           restore-keys: |
-            ${{ runner.os }}-nextjs-${{ hashFiles('pnpm-lock.yaml', 'bun.lock') }}-
+            ${{ runner.os }}-nextjs-${{ hashFiles('bun.lock') }}-
+            ${{ runner.os }}-nextjs-
 
       - name: Lint check (fail fast before build)
         run: |
@@ -288,32 +235,6 @@ jobs:
           echo "AVISO: Timeout aguardando servicos. Status atual:"
           docker service ls --filter "label=com.docker.stack.namespace=sistema"
 
-      - name: Smoke test - register + heartbeat
-        run: |
-          set -e
-          if [ "${RUN_MACHINE_SMOKE:-false}" != "true" ]; then
-            echo "RUN_MACHINE_SMOKE != true - pulando smoke test"; exit 0
-          fi
-          if [ -f /srv/apps/sistema/.env ]; then
-            set -o allexport
-            . /srv/apps/sistema/.env
-            set +o allexport
-          fi
-          if [ -z "${MACHINE_PROVISIONING_SECRET:-}" ]; then
-            echo "MACHINE_PROVISIONING_SECRET ausente - pulando smoke test"; exit 0
-          fi
-          HOSTNAME_TEST="ci-smoke-$(date +%s)"
-          BODY='{"provisioningSecret":"'"$MACHINE_PROVISIONING_SECRET"'","tenantId":"tenant-atlas","hostname":"'"$HOSTNAME_TEST"'","os":{"name":"Linux","version":"6.1.0","architecture":"x86_64"},"macAddresses":["AA:BB:CC:DD:EE:FF"],"serialNumbers":[],"metadata":{"inventory":{"cpu":"i7","ramGb":16}},"registeredBy":"ci-smoke"}'
-          HTTP=$(curl -sS -o resp.json -w "%{http_code}" -H 'Content-Type: application/json' -d "$BODY" https://tickets.esdrasrenan.com.br/api/machines/register || true)
-          echo "Register HTTP=$HTTP"
-          if [ "$HTTP" != "201" ]; then
-            echo "Register failed:"; tail -c 600 resp.json || true; exit 1; fi
-          TOKEN=$(node -e 'try{const j=require("fs").readFileSync("resp.json","utf8");process.stdout.write(JSON.parse(j).machineToken||"");}catch(e){process.stdout.write("")}' )
-          if [ -z "$TOKEN" ]; then echo "Missing token in register response"; exit 1; fi
-          HB=$(curl -sS -o /dev/null -w "%{http_code}" -H 'Content-Type: application/json' -d '{"machineToken":"'"$TOKEN"'","status":"online","metrics":{"cpuPct":5,"memFreePct":70}}' https://tickets.esdrasrenan.com.br/api/machines/heartbeat || true)
-          echo "Heartbeat HTTP=$HB"
-          if [ "$HB" != "200" ]; then echo "Heartbeat failed"; exit 1; fi
-
       - name: Cleanup old build workdirs (keep last 2)
         run: |
           set -e
diff --git a/.forgejo/workflows/quality-checks.yml b/.forgejo/workflows/quality-checks.yml
index ee9a02f..cf85afe 100644
--- a/.forgejo/workflows/quality-checks.yml
+++ b/.forgejo/workflows/quality-checks.yml
@@ -22,19 +22,11 @@ jobs:
       - name: Checkout
         uses: https://github.com/actions/checkout@v4
 
-      - name: Setup Node.js
-        uses: https://github.com/actions/setup-node@v4
-        with:
-          node-version: 20
-
       - name: Setup Bun
         uses: https://github.com/oven-sh/setup-bun@v2
         with:
           bun-version: 1.3.1
 
-      - name: Verify Bun
-        run: bun --version
-
       - name: Install dependencies
         run: bun install --frozen-lockfile
 
@@ -43,9 +35,9 @@ jobs:
         with:
           path: |
             ${{ github.workspace }}/.next/cache
-          key: ${{ runner.os }}-nextjs-${{ hashFiles('pnpm-lock.yaml', 'bun.lock') }}-${{ hashFiles('**/*.{js,jsx,ts,tsx}') }}
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('bun.lock') }}-${{ hashFiles('**/*.{js,jsx,ts,tsx}') }}
           restore-keys: |
-            ${{ runner.os }}-nextjs-${{ hashFiles('pnpm-lock.yaml', 'bun.lock') }}-
+            ${{ runner.os }}-nextjs-${{ hashFiles('bun.lock') }}-
 
       - name: Generate Prisma client
         env:
diff --git a/docs/FORGEJO-CI-CD.md b/docs/FORGEJO-CI-CD.md
index c3e67d4..8b9372f 100644
--- a/docs/FORGEJO-CI-CD.md
+++ b/docs/FORGEJO-CI-CD.md
@@ -141,9 +141,9 @@ Triggers:
 
 Jobs:
 1. **changes** - Detecta arquivos alterados
-2. **deploy** - Deploy na VPS (Next.js + Docker Swarm)
+2. **deploy** - Deploy na VPS (Next.js + Docker Swarm, usando Bun)
 3. **convex_deploy** - Deploy das functions Convex
-4. **desktop_release** - Build do app desktop (tags `v*`)
+4. ~~**desktop_release**~~ - Build do app desktop (comentado - sem runner Windows)
 
 ### quality-checks.yml