diff --git a/.github/workflows/agent-ci.yml b/.github/workflows/agent-ci.yml
index 71c1b07..db4aa0a 100644
--- a/.github/workflows/agent-ci.yml
+++ b/.github/workflows/agent-ci.yml
@@ -29,7 +29,7 @@ jobs:
       framework: ${{ steps.detect.outputs.framework }}
       has_tests: ${{ steps.detect.outputs.has_tests }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Detect Framework
         id: detect
@@ -104,7 +104,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'push' || github.event_name == 'schedule'
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Run CodeQL
         uses: github/codeql-action/init@v3
         with:
@@ -133,7 +133,7 @@ jobs:
     if: github.event_name == 'pull_request'
     needs: detect-and-build
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Auto-approve safe PRs
         if: github.actor == 'dependabot[bot]' || github.actor == 'github-actions[bot]'
         run: gh pr review ${{ github.event.pull_request.number }} --approve --body "🤖 Auto-approved (trusted bot)"