better gh auth, git username/email, expanded permissions

Author: bhouston

.github/workflows/issue-comment.yml

@@ -4,18 +4,27 @@ on:
   issue_comment:
     types: [created]
 
+# Top-level permissions apply to all jobs - this is the maximum allowed for GITHUB_TOKEN
 permissions:
-  contents: write
-  issues: write
-  pull-requests: write
+  contents: write # Required for checkout, commit, push
+  issues: write # Required for issue comments
+  pull-requests: write # Required for creating PRs
+  discussions: write # Added for more interaction capabilities
+  statuses: write # Added for creating commit statuses
+  checks: write # Added for creating check runs
+  actions: read # Added for inspecting workflow runs
+  packages: read # Added in case you need to access GitHub packages
 
 env:
   PNPM_VERSION: 10.2.1
 
 jobs:
   process-comment:
     runs-on: ubuntu-latest
-    if: contains(github.event.comment.body, '/mycoder')
+    # Only run if comment contains '/mycoder' AND commenter is in AUTHORIZED_USERS list
+    if: |
+      contains(github.event.comment.body, '/mycoder') && 
+      contains(format(',{0},', 'bhouston'), format(',{0},', github.event.comment.user.login))
     steps:
       - name: Extract prompt from comment
         id: extract-prompt
@@ -34,7 +43,21 @@ jobs:
         with:
           node-version-file: .nvmrc
 
-      - run: pnpm install -g mycoder
+      - name: Configure Git
+        run: |
+          git config --global user.name "MyCoder (On behalf of ${{ github.event.comment.user.login }})"
+          git config --global user.email "[email protected]"
+
+      - run:
+          pnpm install -g mycoder
+
+          # Auth GitHub CLI with the token
+      - name: Configure GitHub CLI
+        run: |
+          # First try with GITHUB_TOKEN
+          echo "${{ secrets.GITHUB_TOKEN }}" | gh auth login --with-token
+          # Verify auth status
+          gh auth status
 
       - env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}