feat: add opencode configuration (#11)

* feat: add opencode configuration

* feat(ci): restrict opencode workflow to authorized users only

Add author association checks to ensure only repository owners, members,
and collaborators can trigger the opencode workflow. This prevents
unauthorized users from triggering potentially expensive operations.

Changes:
- Check comment.author_association before evaluating commands
- Require OWNER, MEMBER, or COLLABORATOR status
- Use consistent pattern with claude.yml workflow

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* feat(ci): enhance opencode workflow with comprehensive triggers

Expand opencode workflow to support multiple trigger events, add
timeout/concurrency controls, and simplify command syntax. This brings
the workflow to parity with the claude.yml pattern.

Changes:
- Add pull_request_review_comment, issues, and pull_request_review
  triggers
- Add 30-minute timeout to accommodate extended Codex runs
- Add concurrency grouping to prevent duplicate runs
- Expand authorization checks to handle all event types with null
  checks
- Simplify command from /oc-gpt-5-codex to /oc-codex
- Add version pinning documentation comment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* fix: correct typo

---------

Co-authored-by: Claude <[email protected]>

Author: ryderstorm

.github/workflows/opencode-gpt-5-codex.yml

@@ -0,0 +1,55 @@
+name: opencode-gpt-5-codex
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, edited]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  opencode:
+    timeout-minutes: 30 # to accommodate Codex's ability to run for extended periods
+    concurrency:
+      group: opencode-${{ github.event_name }}-${{ github.event.issue.number || github.event.pull_request.number || github.run_id }}
+      cancel-in-progress: true
+    if: |
+      (
+        github.event_name == 'issue_comment' &&
+        contains(github.event.comment.body, '/oc-codex') &&
+        contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
+      ) || (
+        github.event_name == 'pull_request_review_comment' &&
+        contains(github.event.comment.body, '/oc-codex') &&
+        contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.comment.author_association)
+      ) || (
+        github.event_name == 'pull_request_review' &&
+        github.event.review.body != null &&
+        contains(github.event.review.body, '/oc-codex') &&
+        contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.review.author_association)
+      ) || (
+        github.event_name == 'issues' &&
+        (
+          (github.event.issue.body != null && contains(github.event.issue.body, '/oc-codex')) ||
+          contains(github.event.issue.title, '/oc-codex')
+        ) &&
+        contains(fromJson('["OWNER","MEMBER","COLLABORATOR"]'), github.event.issue.author_association)
+      )
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run opencode
+        # They are moving fast at https://github.com/sst/opencode/releases, so pinning the version isn't practical yet. We'll keep it at `latest` for now and monitor the changes for a stable version. Latest version as of this writing is `v0.15.3`.
+        uses: sst/opencode/github@latest
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY_FOR_OPENCODE }}
+        with:
+          model: openai/gpt-5-codex