From 68569a3750644e11f2e0569d16f511ff037b40d1 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 16:51:00 -0400
Subject: [PATCH 1/2] ci: scope down permissions for build-and-test.yaml

---
 .github/workflows/build-and-test.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
index 65140e00..80a84b6a 100755
--- a/.github/workflows/build-and-test.yaml
+++ b/.github/workflows/build-and-test.yaml
@@ -18,6 +18,9 @@ env:
   GITHUB_TOKEN: ${{ secrets.EC2_BOT_GITHUB_TOKEN }}
   WEBHOOK_URL: ${{ secrets.WEBHOOK_URL }}
 
+permissions:
+  contents: read
+
 jobs:
   fastTests:
     name: Fast Test

From 398a4de02ae3bee864b564070d50e2a5d7fc8686 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 16:51:02 -0400
Subject: [PATCH 2/2] ci: scope down permissions for stale.yml

---
 .github/workflows/stale.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 49057618..08fae7d9 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -4,6 +4,10 @@ on:
   schedule:
     - cron: "0 17 * * *"  # Runs every day at 12:00PM CST
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   stale:
     runs-on: ubuntu-24.04