diff --git a/.gitea/workflows/gost.yaml b/.gitea/workflows/gost.yaml
index 1a9892e5..c41e477d 100644
--- a/.gitea/workflows/gost.yaml
+++ b/.gitea/workflows/gost.yaml
@@ -27,7 +27,7 @@ chains:
 bypasses:
   - name: tim-whitelist
     whitelist: true
-    matchers: &tim_matchers
+    matchers:
       - ".webzavod.ru"
       - ".devwebzavod.ru"
       - ".aeroflot.ru"
@@ -41,4 +41,14 @@ bypasses:
 
   - name: tim-blacklist
     whitelist: false
-    matchers: *tim_matchers
+    matchers:
+      - ".webzavod.ru"
+      - ".devwebzavod.ru"
+      - ".aeroflot.ru"
+      - "webzavod.ru"
+      - "devwebzavod.ru"
+      - "aeroflot.ru"
+      - "46.235.186.67"
+      - "195.209.66.54"
+      - "195.209.82.146"
+      - "46.235.189.158"
diff --git a/AGENTS.md b/AGENTS.md
index 458ddf14..5cb3f6fa 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -174,3 +174,9 @@ The following are contractual hard constraints for the remote frontend component
 - Never add `Co-Authored-By` lines to commit messages.
 - Commit messages in English, concise, focused on "why" not "what".
 - Commit autonomously when changes are complete and stable — no need to ask for permission. Group related edits into logical commits. Still ask before pushing, force-pushing, or any destructive git operation.
+
+## Gitea / Tea Command Rules
+
+- Use `tea` command to check Gitea workflow runs: `tea run list --limit 5` to see last 5 runs
+- Use `tea run view <run-id>` to inspect a specific run
+- Use `tea run rerun <run-id>` to re-run a failed workflow