From 39052733c96a5896f5422a7c708e4968bca554c4 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 17:06:03 -0400
Subject: [PATCH 1/3] ci: scope down permissions for release.yml

---
 .github/workflows/release.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 32e878d..bb3c514 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,6 +11,9 @@ on:
         description: "Information about the release"
         required: true
         default: "New release"
+permissions:
+  contents: write
+
 jobs:
   Release:
     environment: Release

From 8c9bfccdf52eaa80d837ba96326bad331479852b Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 17:06:05 -0400
Subject: [PATCH 2/3] ci: scope down permissions for integ-tests.yml

---
 .github/workflows/integ-tests.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/integ-tests.yml b/.github/workflows/integ-tests.yml
index 92be22e..46c487c 100644
--- a/.github/workflows/integ-tests.yml
+++ b/.github/workflows/integ-tests.yml
@@ -6,6 +6,9 @@ on:
       - develop
       - main
 
+permissions:
+  contents: read
+
 jobs:
   go-tests:
     runs-on: ubuntu-latest

From 8b46063f3cb9ad16fd911a36bda234e9e484b8f8 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 17:06:07 -0400
Subject: [PATCH 3/3] ci: scope down permissions for check-binaries.yml

---
 .github/workflows/check-binaries.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/check-binaries.yml b/.github/workflows/check-binaries.yml
index 75fa28f..fd12637 100644
--- a/.github/workflows/check-binaries.yml
+++ b/.github/workflows/check-binaries.yml
@@ -5,6 +5,9 @@ on:
   schedule:
    - cron: "0 16 * * 1-5"  # min h d Mo DoW / 9am PST M-F
 
+permissions:
+  issues: write
+
 jobs:
   check-for-vulnerabilities:
     runs-on: ubuntu-latest