diff --git a/.github/workflows/pr-gate.yml b/.github/workflows/pr-gate.yml
index 7fd5d6b4..31a8c37e 100644
--- a/.github/workflows/pr-gate.yml
+++ b/.github/workflows/pr-gate.yml
@@ -4,7 +4,42 @@ on:
   pull_request_target:
     types: [opened, synchronize, reopened, labeled]
 
+permissions:
+  contents: read
+  pull-requests: read
+
 jobs:
-  gate:
-    uses: host-uk/.github/.github/workflows/pr-gate.yml@dev
-    secrets: inherit
+  org-gate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check org membership or approval label
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const author = context.payload.pull_request.user.login;
+            const association = context.payload.pull_request.author_association;
+
+            // Trusted accounts
+            const trustedAuthors = ['google-labs-jules[bot]', 'Snider'];
+            if (trustedAuthors.includes(author)) {
+              core.info(`${author} is trusted — gate passed`);
+              return;
+            }
+
+            // Check author association
+            const trustedAssociations = ['MEMBER', 'OWNER', 'COLLABORATOR'];
+            if (trustedAssociations.includes(association)) {
+              core.info(`${author} is ${association} — gate passed`);
+              return;
+            }
+
+            // Check for external-approved label
+            const labels = context.payload.pull_request.labels.map(l => l.name);
+            if (labels.includes('external-approved')) {
+              core.info('external-approved label present — gate passed');
+              return;
+            }
+
+            core.setFailed(
+              `External PR from ${author} requires an org member to add the "external-approved" label before merge.`
+            );