diff --git a/.gitea/workflows/gate-check-v3.yml b/.gitea/workflows/gate-check-v3.yml
index 27aba8798..0ee216a43 100644
--- a/.gitea/workflows/gate-check-v3.yml
+++ b/.gitea/workflows/gate-check-v3.yml
@@ -32,6 +32,24 @@ on:
   # iterating all open PRs when PR_NUMBER is empty.
   workflow_dispatch:
 
+# Serialize per PR (or per repo for schedule/manual ticks) to prevent
+# the fan-out OOM class documented in
+# `reference_operator_host_python3_oom_storm_2026_05_18`. `edited`
+# events fan out on every PR-body edit; combined with the hourly cron
+# and synchronize bursts this workflow can stack runs of the same
+# workflow_id on the same PR (each ~4GB anon-RSS) and trip the
+# `--memory=4g --memory-swap=8g` per-container cap.
+#
+# NO `cancel-in-progress` (defaults to false). Per
+# `feedback_janitor_supersede_must_group_by_workflow_id`, cancelling
+# in-flight runs of any required-check-shaped workflow risks the
+# dismiss_stale_approvals + empty-commit-rerun dance (Gitea 1.22.6 has
+# no REST rerun). The gate-check is `continue-on-error: true` +
+# idempotent (POST/PATCH gate-check comment by context) so sequential
+# ticks are strictly safe.
+concurrency:
+  group: gate-check-v3-${{ github.event.pull_request.number || github.event.issue.number || github.ref }}
+
 permissions:
   # read: contents — for checkout (base ref, not PR head for security)
   # read: pull-requests — for reading PR info via API