From 9ee33079846ce9affd48b5727d1a3c0be9a3300a Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 14:06:06 -0400
Subject: [PATCH 1/3] ci: scope down permissions for docs.yml

---
 .github/workflows/docs.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 37ac504..2651ecb 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -3,6 +3,9 @@ on:
   release:
     types: [published]
   workflow_dispatch:
+permissions:
+  contents: write
+
 jobs:
     publish:
         runs-on: ubuntu-latest

From 78390c2442d759f851345db5e376071a2636d9ad Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 14:06:08 -0400
Subject: [PATCH 2/3] ci: scope down permissions for pypi.yml

---
 .github/workflows/pypi.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index d73028c..ec12030 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -3,6 +3,9 @@ on:
   release:
     types: [published]
   workflow_dispatch:
+permissions:
+  contents: read
+
 jobs:
     publish:
         runs-on: ubuntu-latest

From 5472fc1193956768ab839620f8f470d8d4f513d1 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 14:06:10 -0400
Subject: [PATCH 3/3] ci: scope down permissions for ci.yml

---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dc3bce3..045176c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,8 @@
 name: CI
 on: [pull_request]
+permissions:
+  contents: read
+
 jobs:
     test:
         runs-on: ubuntu-latest