diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 8dcf125..2a56669 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -34,33 +34,24 @@ jobs:
           fetch-depth: 1
 
       # foundation/el contains the elc compiler that build-stage.sh shells out
-      # to. Cloning it as a sibling matches the local-dev layout the script
-      # already expects: ${LANDING_DIR}/../../foundation/el.
-      - name: Checkout engram-lang (foundation/el — provides the elc compiler)
-        uses: actions/checkout@v4
-        with:
-          repository: neuron-technologies/engram-lang
-          path: engram-lang
-          fetch-depth: 1
-          # Gitea-issued GITHUB_TOKEN is workflow-scoped to the current repo
-          # only. Cross-repo checkout needs a token with read access to
-          # neuron-technologies/engram-lang. CHECKOUT_TOKEN holds Will's
-          # admin API token (sourced from ~/Secrets/api-keys/gitea-api-token).
-          # Long-term: provision a dedicated read-only PAT.
-          token: ${{ secrets.CHECKOUT_TOKEN }}
-
-      - name: Stage engram-lang as foundation/el for build-stage.sh
+      # to. We clone engram-lang directly with git rather than a second
+      # actions/checkout call — act_runner v0.6 in host mode hits a
+      # `permission denied` error on .git/objects/pack/*.idx when running
+      # two checkout steps in the same job. EL_HOME is pinned outside the
+      # workspace so the path build-stage.sh expects (../../foundation/el)
+      # resolves correctly.
+      - name: Clone engram-lang (foundation/el — provides the elc compiler)
+        env:
+          CHECKOUT_TOKEN: ${{ secrets.CHECKOUT_TOKEN }}
         run: |
           set -euo pipefail
-          # build-stage.sh resolves EL_HOME to ${pwd}/../../foundation/el by
-          # default. We override EL_HOME to point inside the workspace so
-          # actions/checkout's same-workspace constraint is respected.
-          mv engram-lang ../foundation-el
-          ls -la ../foundation-el | head -5
-
-      - name: Set EL_HOME for build-stage.sh
-        run: |
-          echo "EL_HOME=${{ github.workspace }}/../foundation-el" >> "$GITHUB_ENV"
+          DEST="${{ github.workspace }}/../foundation-el"
+          rm -rf "$DEST"
+          git clone --depth 1 \
+            "https://will:${CHECKOUT_TOKEN}@git.neuralplatform.ai/neuron-technologies/engram-lang.git" \
+            "$DEST"
+          ls -la "$DEST" | head -5
+          echo "EL_HOME=$DEST" >> "$GITHUB_ENV"
 
       - name: Authenticate to GCP (Workload Identity)
         id: auth