From ceefa4c2e0e450f67ccdd993e293812343477cdf Mon Sep 17 00:00:00 2001
From: Rodin <rodin@forgedthought.ai>
Date: Sat, 2 May 2026 07:25:43 -0700
Subject: [PATCH] ci: use separate SECURITY_REVIEW_TOKEN for security reviewer

The security-review-bot Gitea user now has its own token. This
completes the token separation so each reviewer role posts under
its own identity, enabling native Gitea multi-reviewer blocking.
---
 .gitea/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index b429c56..3c95082 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -33,7 +33,7 @@ jobs:
             token_secret: GPT_REVIEW_TOKEN
             model: gpt-4.1
           - name: security
-            token_secret: SONNET_REVIEW_TOKEN
+            token_secret: SECURITY_REVIEW_TOKEN
             model: gpt-5
             system_prompt_file: SECURITY_REVIEW.md
     steps: