diff --git a/.github/aw/create-agentic-workflow.md b/.github/aw/create-agentic-workflow.md
index 9acd4ffc2ef..5be484cb428 100644
--- a/.github/aw/create-agentic-workflow.md
+++ b/.github/aw/create-agentic-workflow.md
@@ -15,6 +15,7 @@ Create new workflow files under `.github/workflows/` using the installed `gh aw`
 - [workflow-patterns.md](workflow-patterns.md)
 - [safe-outputs.md](safe-outputs.md)
 - [syntax.md](syntax.md)
+- [mcp-clis.md](mcp-clis.md)
 
 Load these topic files only when relevant:
 
@@ -81,15 +82,20 @@ The main agent job must stay read-only.
 ### 4. Select tools
 
 - `bash` and `edit` are enabled by default in sandboxed workflows; do not add them unless you are restricting them.
-- For GitHub API reads, use:
+- For GitHub reads, prefer `tools.github.mode: gh-proxy` and instruct the agent to use `gh` commands.
+- For non-GitHub MCP servers, prefer `tools.cli-proxy: true` and instruct the agent to use the mounted `mcp-clis` commands.
+- Combined configuration example for GitHub reads plus non-GitHub MCP CLI access:
 
   ```yaml
   tools:
     github:
       mode: gh-proxy
       toolsets: [default]
+    cli-proxy: true
   ```
 
+  Omit `cli-proxy: true` when the workflow only needs GitHub reads.
+
 - Suggest `playwright` for browser automation.
 - Suggest dedicated topic files rather than embedding long tutorials in the prompt.
 
@@ -191,6 +197,7 @@ tools:
   github:
     mode: gh-proxy
     toolsets: [default]
+  cli-proxy: true
 safe-outputs:
   add-comment:
 ---
diff --git a/.github/aw/github-agentic-workflows.md b/.github/aw/github-agentic-workflows.md
index 8f17a9a1bad..394171c6390 100644
--- a/.github/aw/github-agentic-workflows.md
+++ b/.github/aw/github-agentic-workflows.md
@@ -47,7 +47,8 @@ See also: [workflow-editing.md](workflow-editing.md)
 
 - Keep the main agent job read-only.
 - Use `safe-outputs:` for GitHub writes.
-- Prefer `tools.github.mode: gh-proxy`.
+- Prefer `tools.github.mode: gh-proxy` and use `gh` for GitHub reads.
+- For non-GitHub MCP servers, prefer `tools.cli-proxy: true` and use mounted `mcp-clis` commands.
 - Use `${{ steps.sanitized.outputs.text }}` for untrusted user content.
 - Set `strict: true` for production workflows.
 - Limit network and bash access to what the workflow actually needs.
diff --git a/.github/aw/workflow-constraints.md b/.github/aw/workflow-constraints.md
index 1107251b860..e5aa56825ad 100644
--- a/.github/aw/workflow-constraints.md
+++ b/.github/aw/workflow-constraints.md
@@ -43,7 +43,8 @@ Suggested response pattern:
 - Keep the main agent job read-only.
 - Do not add GitHub write permissions to the agent job.
 - Route GitHub writes through `safe-outputs:`.
-- Prefer `tools.github.mode: gh-proxy` and `toolsets:` over ad hoc shell access.
+- Prefer `tools.github.mode: gh-proxy` with `gh` for GitHub reads.
+- Prefer `tools.cli-proxy: true` with mounted `mcp-clis` commands for non-GitHub MCP tools.
 - Constrain `network.allowed:` to the minimum required ecosystems or domains.
 - Use `${{ steps.sanitized.outputs.text }}` for untrusted user content.