From 666f15d1f57363d6366a2acdd7c71140a9d8207b Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 21:34:07 -0400
Subject: [PATCH 1/2] Scope down GitHub token permissions for repo-sync.yml

---
 .github/workflows/repo-sync.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml
index e3776d399..09c617ad2 100644
--- a/.github/workflows/repo-sync.yml
+++ b/.github/workflows/repo-sync.yml
@@ -3,6 +3,11 @@ name: Repo Sync
 on:
   workflow_dispatch:     # allows triggering this manually through the Actions UI
 
+
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   repo-sync:
     name: Repo Sync

From e9a06326ac666f9239376d70c25c06979fbc3127 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 21:34:12 -0400
Subject: [PATCH 2/2] Scope down GitHub token permissions for clang-format.yml

---
 .github/workflows/clang-format.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml
index 7a8900dee..3d4311948 100644
--- a/.github/workflows/clang-format.yml
+++ b/.github/workflows/clang-format.yml
@@ -3,6 +3,10 @@ name: test-clang-format
 on:
   workflow_call:
 
+
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest