From a1f5c8ff60f69cfe26f098b4565dc1d16e31d584 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 19 Jun 2026 05:48:31 +0000
Subject: [PATCH 1/2] Initial plan


From 11addaec98640d50173818d6e918ea7757367ca2 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Fri, 19 Jun 2026 05:56:32 +0000
Subject: [PATCH 2/2] fix: expand Network Mapping and Pattern Heuristics tables
 in agentic-workflow-designer SKILL.md

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .../skills/agentic-workflow-designer/SKILL.md | 34 +++++++++++++++++++
 .../data/agentic_workflow_designer_skill.md   | 34 +++++++++++++++++++
 2 files changed, 68 insertions(+)

diff --git a/.github/skills/agentic-workflow-designer/SKILL.md b/.github/skills/agentic-workflow-designer/SKILL.md
index 42e9fd93583..eadac2bf659 100644
--- a/.github/skills/agentic-workflow-designer/SKILL.md
+++ b/.github/skills/agentic-workflow-designer/SKILL.md
@@ -157,9 +157,30 @@ Present a structured summary and ask for approval before generation.
 | User says... | Maps to |
 |---|---|
 | "calls an external API" | ask for exact FQDN/wildcard, then add to `network.allowed` |
+| "reads GitHub data / clones repos" | include `github` in `network.allowed` |
+| "uses GitHub Actions artifacts or cache" | include `github-actions` in `network.allowed` |
 | "installs npm packages" | include `node` in `network.allowed` |
 | "runs pip install" | include `python` in `network.allowed` |
 | "builds Go code" | include `go` in `network.allowed` |
+| "installs gems / uses Bundler" | include `ruby` in `network.allowed` |
+| "runs cargo build" | include `rust` in `network.allowed` |
+| "uses NuGet / .NET restore" | include `dotnet` in `network.allowed` |
+| "builds with Maven / Gradle" | include `java` in `network.allowed` |
+| "uses Docker / pulls container images / pushes to GHCR" | include `containers` in `network.allowed` |
+| "runs Playwright browser tests" | include `playwright` in `network.allowed` |
+| "runs apt install / yum / apk" | include `linux-distros` in `network.allowed` |
+| "uses Terraform / HashiCorp registry" | include `terraform` in `network.allowed` |
+| "connects to localhost / loopback / local services" | include `local` in `network.allowed` |
+| "uses Swift Package Manager" | include `swift` in `network.allowed` |
+| "uses Composer / PHP packages" | include `php` in `network.allowed` |
+| "uses pub.dev / Dart packages" | include `dart` in `network.allowed` |
+| "uses Hackage / Haskell packages" | include `haskell` in `network.allowed` |
+| "uses CPAN / Perl packages" | include `perl` in `network.allowed` |
+| "serves or loads web fonts" | include `fonts` in `network.allowed` |
+| "uses Deno or JSR packages" | include `deno` in `network.allowed` |
+| "uses Elixir / Hex packages" | include `elixir` in `network.allowed` |
+| "uses Bazel build" | include `bazel` in `network.allowed` |
+| "uses R / CRAN packages" | include `r` in `network.allowed` |
 | "no external access" | `network.allowed: [defaults]` (or `[]` if explicitly zero network) |
 
 ### Tool Mapping
@@ -184,6 +205,19 @@ Present a structured summary and ask for approval before generation.
 | "monitor workflow failures and trends" | `MonitorOps` |
 | "process a big backlog in chunks" | `BatchOps` |
 | "run manually with input parameters" | `DispatchOps` |
+| "apply a label-based workflow" | `LabelOps` |
+| "operate across multiple repositories" | `MultiRepoOps` |
+| "coordinate multiple sub-agents" | `Orchestration` |
+| "manage project board items" | `ProjectOps` |
+| "research, plan, and assign issues" | `ResearchPlanAssignOps` |
+| "self-correcting / retry on failure" | `CorrectionOps` |
+| "run in a side/fork repo" | `SideRepoOps` |
+| "write a spec before implementing" | `SpecOps` |
+| "A/B test workflow variants" | `TrialOps` |
+| "process items from a queue" | `WorkQueueOps` |
+| "deterministic, no LLM needed" | `DeterministicOps` |
+| "manage from a central repo" | `CentralRepoOps` |
+| "track work via GitHub Projects" | `Monitoring with Projects` |
 
 ### Integration Auth Mapping
 
diff --git a/pkg/cli/data/agentic_workflow_designer_skill.md b/pkg/cli/data/agentic_workflow_designer_skill.md
index 42e9fd93583..eadac2bf659 100644
--- a/pkg/cli/data/agentic_workflow_designer_skill.md
+++ b/pkg/cli/data/agentic_workflow_designer_skill.md
@@ -157,9 +157,30 @@ Present a structured summary and ask for approval before generation.
 | User says... | Maps to |
 |---|---|
 | "calls an external API" | ask for exact FQDN/wildcard, then add to `network.allowed` |
+| "reads GitHub data / clones repos" | include `github` in `network.allowed` |
+| "uses GitHub Actions artifacts or cache" | include `github-actions` in `network.allowed` |
 | "installs npm packages" | include `node` in `network.allowed` |
 | "runs pip install" | include `python` in `network.allowed` |
 | "builds Go code" | include `go` in `network.allowed` |
+| "installs gems / uses Bundler" | include `ruby` in `network.allowed` |
+| "runs cargo build" | include `rust` in `network.allowed` |
+| "uses NuGet / .NET restore" | include `dotnet` in `network.allowed` |
+| "builds with Maven / Gradle" | include `java` in `network.allowed` |
+| "uses Docker / pulls container images / pushes to GHCR" | include `containers` in `network.allowed` |
+| "runs Playwright browser tests" | include `playwright` in `network.allowed` |
+| "runs apt install / yum / apk" | include `linux-distros` in `network.allowed` |
+| "uses Terraform / HashiCorp registry" | include `terraform` in `network.allowed` |
+| "connects to localhost / loopback / local services" | include `local` in `network.allowed` |
+| "uses Swift Package Manager" | include `swift` in `network.allowed` |
+| "uses Composer / PHP packages" | include `php` in `network.allowed` |
+| "uses pub.dev / Dart packages" | include `dart` in `network.allowed` |
+| "uses Hackage / Haskell packages" | include `haskell` in `network.allowed` |
+| "uses CPAN / Perl packages" | include `perl` in `network.allowed` |
+| "serves or loads web fonts" | include `fonts` in `network.allowed` |
+| "uses Deno or JSR packages" | include `deno` in `network.allowed` |
+| "uses Elixir / Hex packages" | include `elixir` in `network.allowed` |
+| "uses Bazel build" | include `bazel` in `network.allowed` |
+| "uses R / CRAN packages" | include `r` in `network.allowed` |
 | "no external access" | `network.allowed: [defaults]` (or `[]` if explicitly zero network) |
 
 ### Tool Mapping
@@ -184,6 +205,19 @@ Present a structured summary and ask for approval before generation.
 | "monitor workflow failures and trends" | `MonitorOps` |
 | "process a big backlog in chunks" | `BatchOps` |
 | "run manually with input parameters" | `DispatchOps` |
+| "apply a label-based workflow" | `LabelOps` |
+| "operate across multiple repositories" | `MultiRepoOps` |
+| "coordinate multiple sub-agents" | `Orchestration` |
+| "manage project board items" | `ProjectOps` |
+| "research, plan, and assign issues" | `ResearchPlanAssignOps` |
+| "self-correcting / retry on failure" | `CorrectionOps` |
+| "run in a side/fork repo" | `SideRepoOps` |
+| "write a spec before implementing" | `SpecOps` |
+| "A/B test workflow variants" | `TrialOps` |
+| "process items from a queue" | `WorkQueueOps` |
+| "deterministic, no LLM needed" | `DeterministicOps` |
+| "manage from a central repo" | `CentralRepoOps` |
+| "track work via GitHub Projects" | `Monitoring with Projects` |
 
 ### Integration Auth Mapping