diff --git a/.github/workflows/stale-branches.yml b/.github/workflows/stale-branches.yml
index 94f51b23..bb0b4376 100644
--- a/.github/workflows/stale-branches.yml
+++ b/.github/workflows/stale-branches.yml
@@ -1,16 +1,18 @@
 name: stale-branches.yml – Delete Stale Branches
 
 on:
-  #workflow_dispatch:  # Manual trigger from GitHub UI
+  workflow_dispatch:  # Manual trigger from GitHub UI
   schedule:
     - cron: '0 6 * * 0'
 
-permissions: read-all
+permissions: 
+  contents: read
 
 jobs:
   stale_branches:
     runs-on: ubuntu-latest
     permissions:
+      contents: write
       issues: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
@@ -35,4 +37,4 @@ jobs:
             # include-protected-branches: false
             # include-ruleset-branches: false
             # ignore-commit-messages: ''
-            # ignore-committers: ''
\ No newline at end of file
+            # ignore-committers: ''