diff --git a/.gitea/workflows/ci-cd.yml b/.gitea/workflows/ci-cd.yml
index 839cf8d..0f9102e 100644
--- a/.gitea/workflows/ci-cd.yml
+++ b/.gitea/workflows/ci-cd.yml
@@ -71,3 +71,34 @@ jobs:
           DEPLOY_PATH: ${{ secrets.PROD_DEPLOY_PATH }}
           DEPLOY_SSH_OPTS: -o StrictHostKeyChecking=accept-new
         run: bash scripts/deploy_ams_dev01.sh
+
+  deploy-beta:
+    if: github.ref_name == 'beta'
+    needs: verify
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Configure SSH key
+        env:
+          PROD_SSH_PRIVATE_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
+          PROD_SSH_KNOWN_HOSTS: ${{ secrets.PROD_SSH_KNOWN_HOSTS }}
+        run: |
+          set -euo pipefail
+          mkdir -p ~/.ssh
+          chmod 700 ~/.ssh
+          printf '%s' "$PROD_SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          if [ -n "${PROD_SSH_KNOWN_HOSTS:-}" ]; then
+            printf '%s\n' "$PROD_SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+            chmod 644 ~/.ssh/known_hosts
+          fi
+
+      - name: Deploy beta to AMS-DEV01
+        env:
+          DEPLOY_HOST: ${{ secrets.PROD_SSH_HOST }}
+          DEPLOY_USER: ${{ secrets.PROD_SSH_USER }}
+          PROD_DEPLOY_PATH: ${{ secrets.PROD_DEPLOY_PATH }}
+          DEPLOY_SSH_OPTS: -o StrictHostKeyChecking=accept-new
+        run: bash scripts/deploy_beta_ams_dev01.sh
diff --git a/docker-compose.beta.yml b/docker-compose.beta.yml
new file mode 100644
index 0000000..89fa125
--- /dev/null
+++ b/docker-compose.beta.yml
@@ -0,0 +1,28 @@
+name: magent-beta
+
+services:
+  magent:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    env_file:
+      - ./.env
+    environment:
+      APP_NAME: Magent Beta
+      CORS_ALLOW_ORIGIN: https://beta.magent.grizzlyflix.co.nz
+      MAGENT_APPLICATION_URL: https://beta.magent.grizzlyflix.co.nz
+      MAGENT_API_URL: https://beta.magent.grizzlyflix.co.nz/api
+      AUTH_COOKIE_NAME: magent_beta_auth
+      AUTH_STATE_COOKIE_NAME: magent_beta_logged_in
+      AUTH_COOKIE_DOMAIN: beta.magent.grizzlyflix.co.nz
+      SQLITE_PATH: /app/data/magent.db
+      LOG_FILE: /app/data/magent.log
+      SITE_BANNER_ENABLED: "true"
+      SITE_BANNER_MESSAGE: "Beta environment"
+      SITE_BANNER_TONE: warning
+    ports:
+      - "127.0.0.1:3100:3000"
+      - "127.0.0.1:8100:8000"
+    volumes:
+      - ./data:/app/data
+    restart: unless-stopped
diff --git a/scripts/deploy_beta_ams_dev01.sh b/scripts/deploy_beta_ams_dev01.sh
new file mode 100755
index 0000000..585ebf2
--- /dev/null
+++ b/scripts/deploy_beta_ams_dev01.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$repo_root"
+
+deploy_host="${DEPLOY_HOST:-AMS-DEV01}"
+deploy_user="${DEPLOY_USER:-zak}"
+prod_path="${PROD_DEPLOY_PATH:-/home/${deploy_user}/magent}"
+deploy_path="${BETA_DEPLOY_PATH:-/home/${deploy_user}/magent-beta}"
+ssh_opts="${DEPLOY_SSH_OPTS:-"-o StrictHostKeyChecking=accept-new"}"
+timestamp="$(date -u +%Y%m%dT%H%M%SZ)"
+
+remote="${deploy_user}@${deploy_host}"
+
+echo "Deploying tracked beta repository contents to ${remote}:${deploy_path}"
+
+git archive --format=tar HEAD | ssh ${ssh_opts} "${remote}" "
+  set -e
+  mkdir -p '${deploy_path}'
+  backup_root=\"\${HOME}/magent-beta-backups/${timestamp}\"
+  mkdir -p \"\${backup_root}\"
+  cd '${deploy_path}'
+  for path in backend frontend docker-compose.yml docker-compose.hub.yml docker-compose.beta.yml Dockerfile README.md docker scripts .build_number .gitattributes .gitignore; do
+    if [ -e \"\$path\" ]; then
+      cp -a \"\$path\" \"\${backup_root}/\"
+    fi
+  done
+  tar -xf - -C '${deploy_path}'
+
+  if [ ! -f '${deploy_path}/.env' ] && [ -f '${prod_path}/.env' ]; then
+    cp '${prod_path}/.env' '${deploy_path}/.env'
+  fi
+
+  mkdir -p '${deploy_path}/data'
+  if [ ! -f '${deploy_path}/data/magent.db' ] && [ -d '${prod_path}/data' ]; then
+    cp -a '${prod_path}/data/.' '${deploy_path}/data/'
+  fi
+
+  cd '${deploy_path}'
+  docker compose -p magent-beta -f docker-compose.beta.yml up -d --build
+"
+
+echo "Running remote beta smoke checks"
+ssh ${ssh_opts} "${remote}" "
+  set -e
+  python3 - <<'PY'
+from urllib import request
+
+checks = [
+    ('http://127.0.0.1:8100/health', 200),
+    ('http://127.0.0.1:3100/login', 200),
+]
+
+for url, expected in checks:
+    with request.urlopen(url, timeout=20) as response:
+        if response.status != expected:
+            raise SystemExit(f'{url} returned {response.status}, expected {expected}')
+        print(url, response.status)
+PY
+"
+
+echo "Beta deployment completed successfully"