diff --git a/.github/workflows/carmel-judgment.yml b/.github/workflows/carmel-judgment.yml
index 2123c44..6f459b6 100644
--- a/.github/workflows/carmel-judgment.yml
+++ b/.github/workflows/carmel-judgment.yml
@@ -1,8 +1,16 @@
 name: Carmel Judgment Protocol 😼
 
+permissions:
+  contents: read
+  pull-requests: write
+  issues: write
+
 on:
   pull_request:
     types: [opened, synchronize, reopened]
+  push:
+    branches:
+      - "**"
 
 jobs:
   judgment:
@@ -27,26 +35,24 @@ jobs:
         run: npm run test:run
 
       - name: 😼 Carmel Judgment Stamp
-        if: always()
+        if: ${{ always() && github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false }}
         uses: actions/github-script@v7
-        env:
-          TESTS_OUTCOME: ${{ steps.tests.outcome }}
         with:
           script: |
             const passed = process.env.TESTS_OUTCOME == "success";
-
+  
             const body = passed
               ? "😼✨ **Carmel Approval Stamp™**\n\n> *Adequate work, human.*"
               : "😼🔥 **Carmel Chaos Stamp™**\n\n> *I sense weakness in these tests.*";
-
+  
             await github.rest.issues.createComment({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: context.issue.number,
               body
             });
-
+  
             if (!passed) core.setFailed("Carmel has rejected this PR.");
 
       - name: 😼 Carmel Observes the Results
-        run: echo "Verdict delivered."
+        run: echo "Verdict delivered. "