diff --git a/.github/workflows/sql-runner.yml b/.github/workflows/sql-runner.yml
index 4a0574b2..ac0c25e2 100644
--- a/.github/workflows/sql-runner.yml
+++ b/.github/workflows/sql-runner.yml
@@ -41,7 +41,7 @@ jobs:
           READ_RE='^(select |with |explain |\\d|\\df|\\di|\\dt)'
 
           # Mutating allowed if confirm=true: targeted UPDATE/DELETE on specific tables
-          MUTATING_RE='^(update supplier_leads|update failed_webhook_jobs|update scheduler_heartbeats|delete from failed_webhook_jobs|delete from incidents_log) '
+          MUTATING_RE='^(update supplier_leads|update supplier_projects|update failed_webhook_jobs|update scheduler_heartbeats|delete from failed_webhook_jobs|delete from incidents_log) '
 
           if [[ "$SQL_LOWER" =~ $READ_RE ]]; then
             echo "::notice::SELECT/read-only — allowed."