From c6ebd5f180a69be52bc314daa66de4f47a32865c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 12:39:46 +0000
Subject: [PATCH 1/2] Initial plan


From c3af5c187b2be0f905f2f4f6853c29cfffd3d628 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 12:41:37 +0000
Subject: [PATCH 2/2] Fix: use least-privilege permissions in CI workflow

---
 .github/workflows/build.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fccb398ec..634429bcb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,7 +14,7 @@ env:
   BRANCH_NAME: master
 
 permissions:
-  contents: write
+  contents: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }}
@@ -824,6 +824,9 @@ jobs:
   release:
     if: ${{ github.event_name == 'schedule' || github.event.inputs.create_release == 'true' }}
 
+    permissions:
+      contents: write
+
     runs-on: ubuntu-latest
 
     needs: