diff --git a/.github/actions/setup-hugo/action.yml b/.github/actions/setup-hugo/action.yml
index d4733c9e0..44c7c9695 100644
--- a/.github/actions/setup-hugo/action.yml
+++ b/.github/actions/setup-hugo/action.yml
@@ -24,7 +24,7 @@ runs:
 
     - uses: oven-sh/setup-bun@v2
       with:
-        bun-version: latest
+        bun-version: 1.3.13
 
     - name: Cache Bun dependencies
       uses: actions/cache@v5
diff --git a/.github/workflows/_hugo.yml b/.github/workflows/_hugo.yml
index 213e657b3..5294ac98f 100644
--- a/.github/workflows/_hugo.yml
+++ b/.github/workflows/_hugo.yml
@@ -42,7 +42,7 @@ jobs:
 
       - uses: oven-sh/setup-bun@v2
         with:
-          bun-version: latest
+          bun-version: 1.3.13
       - run: bun install --frozen-lockfile
 
       # Use Bun as the "node" runtime for Hugo's PostCSS pipeline.
diff --git a/postcss.config.js b/postcss.config.js
index dd6756af8..4e716eceb 100644
--- a/postcss.config.js
+++ b/postcss.config.js
@@ -27,6 +27,14 @@ const purgecss = createPurgeCss({
       "jt-active",
 
       "comment-link",
+
+      // Brand CTA buttons — MUST NEVER be purged. These rules live in
+      // navigation.css and define the JT Ruby red (#cc342d) override
+      // for .btn-primary and a.fl-button (homepage hero, Contact Us nav,
+      // free-consultation CTAs). PurgeCSS in CI has been observed
+      // removing them despite hugo_stats.json containing the class —
+      // explicit safelist guards against that drift.
+      "btn", "btn-primary", "fl-button", "fl-button-wrap", "action-button",
     ],
 
     deep: [