diff --git a/.mokogitea/copilot-agent.yml b/.mokogitea/copilot-agent.yml
new file mode 100644
index 0000000..782945b
--- /dev/null
+++ b/.mokogitea/copilot-agent.yml
@@ -0,0 +1,44 @@
+# Copyright (C) 2025 Moko Consulting <hello@mokoconsulting.tech>
+# SPDX-LICENSE-IDENTIFIER: GPL-3.0-or-later
+#
+# GitHub Actions workflow for Copilot coding agent
+# This workflow demonstrates how to use the firewall configuration
+
+name: Copilot Coding Agent
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  issue_comment:
+    types: [created]
+
+permissions:
+  contents: write
+  pull-requests: write
+  issues: write
+
+jobs:
+  copilot-agent:
+    name: Run Copilot Coding Agent
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      
+      - name: Configure Copilot Firewall
+        run: |
+          echo "Configuring firewall allowlist for enterprise-ready sites..."
+          bash .github/copilot/setup-firewall.sh
+          echo "Firewall configuration completed"
+      
+      - name: Run Copilot Agent
+        uses: github/copilot-swe-agent@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          issue_number: ${{ github.event.issue.number || github.event.pull_request.number }}
+        env:
+          # Environment variables are set by setup-firewall.sh
+          COPILOT_FIREWALL_ALLOWLIST: ${{ env.COPILOT_FIREWALL_ALLOWLIST }}