diff --git a/docker-compose.yml b/docker-compose.yml
index b570cc9..8b8b71c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -20,5 +20,19 @@ services:
       - SMTP_FROM=${SMTP_FROM}
       - SMTP_FROM_NAME=${SMTP_FROM_NAME}
       - SMTP_USE_TLS=${SMTP_USE_TLS}
+      # Paliadin remote routing (t-paliad-151). When PALIADIN_REMOTE_HOST
+      # is set, paliad forwards each turn to mRiver via SSH on port 22022.
+      # The container reaches mRiver over Tailscale via mLake's host-side
+      # tailscale0 + Docker source NAT — no network_mode override needed
+      # (verified Phase A.5: a plain alpine container on Dokploy's
+      # default bridge SSHs to mriver:22022 in 3 s, source IP NAT'd to
+      # mLake's tailnet IP, matches the from="100.99.98.201" clause on
+      # mRiver's authorized_keys).
+      # PRIVATE_KEY and KNOWN_HOSTS are multi-line Dokploy secrets.
+      - PALIADIN_REMOTE_HOST=${PALIADIN_REMOTE_HOST}
+      - PALIADIN_REMOTE_PORT=${PALIADIN_REMOTE_PORT}
+      - PALIADIN_REMOTE_USER=${PALIADIN_REMOTE_USER}
+      - PALIADIN_SSH_PRIVATE_KEY=${PALIADIN_SSH_PRIVATE_KEY}
+      - PALIADIN_KNOWN_HOSTS=${PALIADIN_KNOWN_HOSTS}
       # - ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY}  # Phase H (AI Frist-Extraktion), currently deferred
     restart: unless-stopped