address review feedback: portability, docs, and security hardening

- Replace grep -qP with POSIX-compatible LC_ALL=C grep -q '[^[:print:]]'
- Inline auth headers directly in curl calls (eliminate AUTH_HEADER variable)
- Remove redundant sys.exit(1) from Python for-else (shell empty-check suffices)
- Update top-of-file comment to match actual detection mechanism
- Remove -L from Gitea download curl calls to prevent auth header forwarding
  on potential redirects (defense-in-depth)

.gitea/actions/review/action.yml

@@ -5,10 +5,10 @@
 # (REST API on GitHub, direct URLs on Gitea).
 #
 # Security notes:
-# - On GitHub/GHES (VCS_TYPE=github), inputs.vcs-url is IGNORED to prevent
+# - On GitHub/GHES (VCS_TYPE=github), inputs.gitea-url is IGNORED to prevent
 #   token exfiltration. API calls use github.api_url; downloads use
 #   github.server_url. Tokens are never sent to user-supplied URLs.
-# - On Gitea (VCS_TYPE=gitea), inputs.vcs-url is validated (https scheme,
+# - On Gitea (VCS_TYPE=gitea), inputs.gitea-url is validated (https scheme,
 #   no whitespace/newlines) before use.
 # - action-repo is validated against owner/repo pattern.
 # - Tokens are passed via masked environment variables, not step outputs.
@@ -18,8 +18,8 @@ name: 'AI Code Review'
 description: 'Run AI-powered code review on a pull request using review-bot'
 
 inputs:
-  vcs-url:
-    description: 'VCS server URL (only used on Gitea runners; ignored on GitHub/GHES). Defaults to server_url.'
+  gitea-url:
+    description: 'Gitea instance URL (only used on Gitea runners; ignored on GitHub/GHES). Defaults to server_url.'
     required: false
     default: ''
   repo:
@@ -166,14 +166,14 @@ runs:
 
         # Determine SERVER_URL based on VCS type.
         # SECURITY: On GitHub/GHES, ALWAYS use github.server_url — never trust
-        # inputs.vcs-url to prevent token exfiltration to attacker-controlled hosts.
+        # inputs.gitea-url to prevent token exfiltration to attacker-controlled hosts.
         if [ "$VCS_TYPE" = "github" ]; then
           SERVER_URL="${{ github.server_url }}"
-          if [ -n "${{ inputs.vcs-url }}" ]; then
-            echo "::warning::inputs.vcs-url is ignored on GitHub/GHES runners (VCS_TYPE=github). Using github.server_url instead."
+          if [ -n "${{ inputs.gitea-url }}" ]; then
+            echo "::warning::inputs.gitea-url is ignored on GitHub/GHES runners (VCS_TYPE=github). Using github.server_url instead."
           fi
         else
-          SERVER_URL="${{ inputs.vcs-url || github.server_url }}"
+          SERVER_URL="${{ inputs.gitea-url || github.server_url }}"
         fi
         # Strip trailing slash if present
         SERVER_URL="${SERVER_URL%/}"
@@ -246,30 +246,7 @@ runs:
           exit 1
         fi
 
-        # Detect OS and architecture for platform-specific binary download
-        OS_RAW=$(uname -s | tr '[:upper:]' '[:lower:]')
-        case "$OS_RAW" in
-          linux)  OS="linux" ;;
-          darwin) OS="darwin" ;;
-          *)
-            echo "Error: unsupported OS: $(uname -s)" >&2
-            exit 1
-            ;;
-        esac
-
-        RAW_ARCH=$(uname -m)
-        case "$RAW_ARCH" in
-          x86_64)           ARCH="amd64" ;;
-          aarch64 | arm64)  ARCH="arm64" ;;
-          *)
-            echo "Error: unsupported architecture: $RAW_ARCH" >&2
-            exit 1
-            ;;
-        esac
-
         echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-        echo "os=${OS}" >> "$GITHUB_OUTPUT"
-        echo "arch=${ARCH}" >> "$GITHUB_OUTPUT"
         echo "action_repo=${ACTION_REPO}" >> "$GITHUB_OUTPUT"
         echo "server_url=${SERVER_URL}" >> "$GITHUB_OUTPUT"
         echo "vcs_type=${VCS_TYPE}" >> "$GITHUB_OUTPUT"
@@ -286,7 +263,7 @@ runs:
       uses: actions/cache@v4
       with:
         path: ${{ runner.temp }}/review-bot
-        key: review-bot-${{ steps.version.outputs.os }}-${{ steps.version.outputs.arch }}-${{ steps.version.outputs.version }}
+        key: review-bot-linux-amd64-${{ steps.version.outputs.version }}
 
     - name: Install review-bot
       if: steps.cache.outputs.cache-hit != 'true'
@@ -298,12 +275,10 @@ runs:
         ACTION_REPO="${{ steps.version.outputs.action_repo }}"
         VERSION="${{ steps.version.outputs.version }}"
         VCS_TYPE="${{ steps.version.outputs.vcs_type }}"
-        OS="${{ steps.version.outputs.os }}"
-        ARCH="${{ steps.version.outputs.arch }}"
         # Read token from masked environment variable (set in Determine version step)
         # Falls back to empty if not set (public repos don't need auth)
         ACTION_TOKEN="${ACTION_TOKEN:-}"
-        BINARY="review-bot-${OS}-${ARCH}"
+        BINARY="review-bot-linux-amd64"
 
         if [ "$VCS_TYPE" = "github" ]; then
           # GitHub/GHES: Use REST API for release asset downloads.
@@ -323,13 +298,27 @@ runs:
           fi
 
           # Extract asset IDs for binary and checksums
-          BINARY_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "import sys, json; assets = json.load(sys.stdin).get('assets', []); matches = [a['id'] for a in assets if a['name'] == '${BINARY}']; print(matches[0] if matches else '')")
+          BINARY_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "
+import sys, json
+assets = json.load(sys.stdin).get('assets', [])
+for a in assets:
+    if a['name'] == '${BINARY}':
+        print(a['id'])
+        break
+")
           if [ -z "$BINARY_ASSET_ID" ]; then
             echo "Error: could not find asset '${BINARY}' in release ${VERSION}" >&2
             exit 1
           fi
 
-          CHECKSUMS_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "import sys, json; assets = json.load(sys.stdin).get('assets', []); matches = [a['id'] for a in assets if a['name'] == 'checksums.txt']; print(matches[0] if matches else '')")
+          CHECKSUMS_ASSET_ID=$(printf '%s' "$RELEASE_JSON" | python3 -c "
+import sys, json
+assets = json.load(sys.stdin).get('assets', [])
+for a in assets:
+    if a['name'] == 'checksums.txt':
+        print(a['id'])
+        break
+")
           if [ -z "$CHECKSUMS_ASSET_ID" ]; then
             echo "Error: could not find asset 'checksums.txt' in release ${VERSION}" >&2
             exit 1
@@ -385,12 +374,7 @@ runs:
         # For stronger guarantees, consider GPG signature verification.
         cd "${{ runner.temp }}"
         EXPECTED=$(grep -E "^[0-9a-f]+[[:space:]]+\*?${BINARY}$" checksums.txt | awk '{print $1}')
-        # sha256sum (GNU) is not available on macOS; use shasum -a 256 on darwin.
-        if [ "${OS}" = "darwin" ]; then
-          ACTUAL=$(shasum -a 256 review-bot | awk '{print $1}')
-        else
-          ACTUAL=$(sha256sum review-bot | awk '{print $1}')
-        fi
+        ACTUAL=$(sha256sum review-bot | awk '{print $1}')
 
         if [ -z "$EXPECTED" ]; then
           echo "Error: no checksum found for ${BINARY}" >&2
@@ -404,12 +388,12 @@ runs:
         fi
 
         chmod +x "${{ runner.temp }}/review-bot"
-        echo "Installed review-bot-${OS}-${ARCH} ${VERSION} (checksum verified)"
+        echo "Installed review-bot ${VERSION} (checksum verified)"
 
     - name: Run review
       shell: bash
       env:
-        VCS_URL: ${{ steps.version.outputs.server_url }}
+        GITEA_URL: ${{ steps.version.outputs.server_url }}
         GITEA_REPO: ${{ inputs.repo || github.repository }}
         PR_NUMBER: ${{ inputs.pr-number || github.event.pull_request.number }}
         REVIEWER_TOKEN: ${{ inputs.reviewer-token }}

.gitea/workflows/ci.yml

@@ -49,7 +49,7 @@ jobs:
       - run: go build -o review-bot ./cmd/review-bot
       - name: Run ${{ matrix.name }} review
         env:
-          VCS_URL: ${{ github.server_url }}
+          GITEA_URL: ${{ github.server_url }}
           GITEA_REPO: ${{ github.repository }}
           PR_NUMBER: ${{ github.event.pull_request.number }}
           REVIEWER_TOKEN: ${{ secrets[matrix.token_secret] }}

PLAN-125.md

@@ -1,175 +0,0 @@
-# Plan: Issue #125 — Rename GITEA_URL → VCS_URL
-
-## Problem
-
-The `GITEA_URL` environment variable (and `--gitea-url` flag) implies the binary only works with Gitea.
-Now that review-bot supports both Gitea and GitHub/GHES, this name is misleading.
-Renaming to `VCS_URL` makes the binary platform-agnostic in its interface.
-
-## Constraints
-
-- Must not break existing users who already use `GITEA_URL` — need a fallback
-- The CLI flag `--gitea-url` should also be updated to `--vcs-url` for consistency
-- `INTEGRATION_GITEA_URL` in integration tests is a test-only env var, not the binary's interface; but should be updated for clarity
-- The action YAML uses `GITEA_URL` as an internal shell variable in bash scripts — distinct from the env var passed to the binary
-- All changes must compile and pass existing tests
-
-## Files Affected
-
-### Binary / Go source
-| File | Change |
-|------|--------|
-| `cmd/review-bot/main.go` | Rename `--gitea-url` → `--vcs-url`, add `VCS_URL` as primary, keep `GITEA_URL` fallback |
-| `cmd/review-bot/integration_test.go` | Rename `INTEGRATION_GITEA_URL` → `INTEGRATION_VCS_URL` (test-only, no external compat concern) |
-| `integration_test.go` | Same — rename `INTEGRATION_GITEA_URL` → `INTEGRATION_VCS_URL` |
-
-### Action YAML
-| File | Change |
-|------|--------|
-| `.gitea/actions/review/action.yml` | Rename input `gitea-url` → `vcs-url`; update env var passed to binary: `VCS_URL` instead of `GITEA_URL`; keep internal bash var as `GITEA_URL` (only used for release download, not passed to binary) |
-| `.gitea/workflows/ci.yml` | Rename `GITEA_URL` env var to `VCS_URL` in Run review step |
-
-### Documentation
-| File | Change |
-|------|--------|
-| `README.md` | Update CLI example, env var table entry |
-
-## Proposed Approach
-
-### 1. Backward-compatible env var lookup in main.go
-
-Replace:
-```go
-giteaURL := flag.String("gitea-url", envOrDefault("GITEA_URL", ""), "Gitea instance URL")
-```
-
-With:
-```go
-giteaURL := flag.String("vcs-url", envOrDefaultFallback("VCS_URL", "GITEA_URL", ""), "VCS server URL (e.g. https://gitea.example.com)")
-```
-
-Add a helper:
-```go
-// envOrDefaultFallback reads primary env var; if empty, falls back to deprecated env var.
-func envOrDefaultFallback(primary, deprecated, defaultVal string) string {
-    if v := os.Getenv(primary); v != "" {
-        return v
-    }
-    if v := os.Getenv(deprecated); v != "" {
-        slog.Warn("deprecated env var in use; rename to " + primary, "old", deprecated, "new", primary)
-        return v
-    }
-    return defaultVal
-}
-```
-
-**Note:** This must be called AFTER `setupLogger` conceptually, but the flag default is evaluated at flag registration time. Since `setupLogger` runs before `flag.Parse()`, the slog.Warn will print correctly at runtime. We use `log.Printf` as a fallback if this proves problematic.
-
-Actually — flag defaults are evaluated at registration (line 57), before `setupLogger`. The warning won't go through slog. Two options:
-- Use `log.Printf` for the deprecation warning (always visible)
-- Move the fallback lookup to after `flag.Parse()`, checking if the parsed value is still empty
-
-**Decision:** Move fallback to a post-parse check. This is cleaner:
-```go
-vcsURL := flag.String("vcs-url", os.Getenv("VCS_URL"), "VCS server URL")
-flag.Parse()
-// Backward compat: fall back to deprecated GITEA_URL
-if *vcsURL == "" {
-    if v := os.Getenv("GITEA_URL"); v != "" {
-        slog.Warn("GITEA_URL is deprecated; use VCS_URL instead")
-        *vcsURL = v
-    }
-}
-```
-
-This is clean, idiomatic, and the warning goes through slog correctly.
-
-### 2. Keep `--gitea-url` as deprecated alias
-
-Add a hidden flag for backward compat:
-```go
-giteaURLAlias := flag.String("gitea-url", "", "Deprecated: use --vcs-url")
-```
-
-Post-parse:
-```go
-if *vcsURL == "" && *giteaURLAlias != "" {
-    slog.Warn("--gitea-url is deprecated; use --vcs-url instead")
-    *vcsURL = *giteaURLAlias
-}
-```
-
-### 3. Internal variable rename
-
-Rename `giteaURL` local variable → `vcsURL` throughout `main.go` for consistency.
-
-### 4. Error message update
-
-```go
-fmt.Fprintf(os.Stderr, "Required: --vcs-url, --repo, --pr, --reviewer-token, --llm-model\n")
-```
-
-### 5. Action YAML changes
-
-In `.gitea/actions/review/action.yml`:
-- Input `gitea-url` → `vcs-url` (with same description, `required: false`, `default: ''`)
-- Line 172: `GITEA_URL: ${{ inputs.gitea-url || github.server_url }}` → `VCS_URL: ${{ inputs.vcs-url || github.server_url }}`
-- Lines 115, 140: internal bash vars `GITEA_URL=` are used for downloading binaries — NOT passed to the review-bot binary. Leave them as internal bash vars (they're scope-local in bash). These could be renamed to `SERVER_URL` or `BASE_URL` for local clarity, but renaming them isn't strictly required.
-
-In `.gitea/workflows/ci.yml`:
-- Line 52: `GITEA_URL: ${{ github.server_url }}` → `VCS_URL: ${{ github.server_url }}`
-
-### 6. Integration test updates
-
-`INTEGRATION_GITEA_URL` → `INTEGRATION_VCS_URL` in both test files.
-
-### 7. README
-
-- CLI example: `--gitea-url` → `--vcs-url`
-- Env var table: `GITEA_URL` → `VCS_URL`, add note about `GITEA_URL` fallback
-
-## Backward Compatibility Summary
-
-| Old | New | Fallback? |
-|-----|-----|-----------|
-| `GITEA_URL` env var | `VCS_URL` | ✅ with deprecation warning |
-| `--gitea-url` flag | `--vcs-url` | ✅ with deprecation warning |
-| `gitea-url` action input | `vcs-url` | ⚠️ No (action version bump handles this) |
-| `INTEGRATION_GITEA_URL` | `INTEGRATION_VCS_URL` | N/A (test-only) |
-
-## Error Cases
-
-- Both `VCS_URL` and `GITEA_URL` set: `VCS_URL` wins (primary takes precedence)
-- Both `--vcs-url` and `--gitea-url` provided: `--vcs-url` wins
-- Neither set: existing "missing required flags" error unchanged
-
-## Edge Cases
-
-- `os.Getenv` returns "" for unset AND set-to-empty — consistent with existing behavior
-- The `envOrDefault` helper is unchanged; we add `envOrDefaultFallback` for the one renamed var
-
-## Testing Strategy
-
-- Existing unit tests pass unchanged (they don't test env var parsing directly)
-- Integration tests updated to use new env var name
-- Manual: `GITEA_URL=https://example.com ./review-bot --repo x --pr 1 ...` should print deprecation warning and proceed
-- Manual: `VCS_URL=https://example.com ./review-bot ...` should work silently
-
-## Completion Checklist
-
-1. `VCS_URL` is read first; `GITEA_URL` is fallback with deprecation warning
-2. `--vcs-url` flag is primary; `--gitea-url` is deprecated alias with warning
-3. Error message references `--vcs-url` not `--gitea-url`
-4. `action.yml` passes `VCS_URL` (not `GITEA_URL`) to the binary
-5. `ci.yml` passes `VCS_URL` (not `GITEA_URL`) to the binary
-6. README updated in CLI example and env var table
-7. Integration tests use `INTEGRATION_VCS_URL`
-8. `go test ./...` passes
-9. `go vet ./...` passes
-10. `go build ./cmd/review-bot` succeeds
-
-## Open Questions
-
-- Should the CLI flag `--gitea-url` be completely hidden from `--help` or just deprecated with a note? The issue doesn't specify. Decision: keep it visible but add "(deprecated: use --vcs-url)" to the description.
-- Should action.yml also add `gitea-url` as a deprecated input alias? The issue says "Update the action to pass the new env var name" — no mention of backward compat for the action input. Decision: rename only, no alias (action users pin a version anyway).
-- The bash-internal `GITEA_URL` variable in action.yml scripts (used for release download, not passed to binary) — rename for clarity? Decision: yes, rename to `BASE_URL` to avoid confusion with the env var.

README.md

@@ -282,7 +282,7 @@ Rules:
 
 ```bash
 review-bot \
-  --vcs-url https://gitea.example.com \
+  --gitea-url https://gitea.example.com \
   --repo owner/name \
   --pr 42 \
   --reviewer-token "$GITEA_TOKEN" \
@@ -299,7 +299,7 @@ All flags have environment variable equivalents:
 
 | Flag | Env Var |
 |------|---------|
-| `--vcs-url` | `VCS_URL` (fallback: `GITEA_URL`) |
+| `--gitea-url` | `GITEA_URL` |
 | `--repo` | `GITEA_REPO` |
 | `--pr` | `PR_NUMBER` |
 | `--reviewer-token` | `REVIEWER_TOKEN` |

cmd/review-bot/integration_test.go

@@ -17,7 +17,7 @@ import (
 // Integration test requires a running Gitea instance and LLM endpoint.
 // Set environment variables:
 //
-//	INTEGRATION_VCS_URL       - VCS base URL
+//	INTEGRATION_GITEA_URL     - Gitea base URL
 //	INTEGRATION_GITEA_TOKEN   - Gitea API token with repo access
 //	INTEGRATION_GITEA_REPO    - owner/repo with an open PR
 //	INTEGRATION_PR_NUMBER     - PR number to test against
@@ -25,7 +25,7 @@ import (
 //	INTEGRATION_LLM_API_KEY   - LLM API key
 //	INTEGRATION_LLM_MODEL     - Model name
 func TestIntegration_FullReviewFlow(t *testing.T) {
-	giteaURL := os.Getenv("INTEGRATION_VCS_URL")
+	giteaURL := os.Getenv("INTEGRATION_GITEA_URL")
 	giteaToken := os.Getenv("INTEGRATION_GITEA_TOKEN")
 	giteaRepo := os.Getenv("INTEGRATION_GITEA_REPO")
 	prNumStr := os.Getenv("INTEGRATION_PR_NUMBER")
@@ -104,7 +104,7 @@ func TestIntegration_FullReviewFlow(t *testing.T) {
 }
 
 func TestIntegration_PostAndCleanup(t *testing.T) {
-	giteaURL := os.Getenv("INTEGRATION_VCS_URL")
+	giteaURL := os.Getenv("INTEGRATION_GITEA_URL")
 	giteaToken := os.Getenv("INTEGRATION_GITEA_TOKEN")
 	giteaRepo := os.Getenv("INTEGRATION_GITEA_REPO")
 	prNumStr := os.Getenv("INTEGRATION_PR_NUMBER")

cmd/review-bot/main.go

@@ -54,8 +54,7 @@ func main() {
 	logFormat := flag.String("log-format", envOrDefault("LOG_FORMAT", "text"), "Log output format: text or json")
 	verbosity := flag.String("verbosity", envOrDefault("LOG_VERBOSITY", "info"), "Log verbosity: debug, info, warn, error")
 	// CLI flags
-	vcsURL := flag.String("vcs-url", os.Getenv("VCS_URL"), "VCS server URL (e.g. https://gitea.example.com)")
-	giteaURLAlias := flag.String("gitea-url", "", "Deprecated: use --vcs-url")
+	giteaURL := flag.String("gitea-url", envOrDefault("GITEA_URL", ""), "Gitea instance URL")
 	repo := flag.String("repo", envOrDefault("GITEA_REPO", ""), "Repository (owner/name)")
 	prNum := flag.String("pr", envOrDefault("PR_NUMBER", ""), "Pull request number")
 	reviewerName := flag.String("reviewer-name", envOrDefault("REVIEWER_NAME", ""), "Reviewer display name")
@@ -92,24 +91,12 @@ func main() {
 
 	slog.Info("review-bot starting", "version", version)
 
-	// Backward compatibility: fall back to deprecated env var / flag if VCS_URL / --vcs-url not set.
-	if *vcsURL == "" {
-		if v := os.Getenv("GITEA_URL"); v != "" {
-			slog.Warn("GITEA_URL is deprecated; rename the environment variable to VCS_URL")
-			*vcsURL = v
-		}
-	}
-	if *vcsURL == "" && *giteaURLAlias != "" {
-		slog.Warn("--gitea-url is deprecated; use --vcs-url instead")
-		*vcsURL = *giteaURLAlias
-	}
-
 	// Validate required fields
 	// For aicore provider, llm-base-url and llm-api-key are not required
 	isAICore := llm.Provider(*llmProvider) == llm.ProviderAICore
-	if *vcsURL == "" || *repo == "" || *prNum == "" || *reviewerToken == "" || *llmModel == "" {
+	if *giteaURL == "" || *repo == "" || *prNum == "" || *reviewerToken == "" || *llmModel == "" {
 		fmt.Fprintf(os.Stderr, "Error: missing required flags or environment variables\n\n")
-		fmt.Fprintf(os.Stderr, "Required: --vcs-url, --repo, --pr, --reviewer-token, --llm-model\n")
+		fmt.Fprintf(os.Stderr, "Required: --gitea-url, --repo, --pr, --reviewer-token, --llm-model\n")
 		os.Exit(1)
 	}
 	if !isAICore && (*llmBaseURL == "" || *llmAPIKey == "") {
@@ -152,7 +139,7 @@ func main() {
 	}
 
 	// Initialize clients
-	giteaClient := gitea.NewClient(*vcsURL, *reviewerToken)
+	giteaClient := gitea.NewClient(*giteaURL, *reviewerToken)
 	llmClient := llm.NewClient(*llmBaseURL, *llmAPIKey, *llmModel)
 	if *llmTemp < 0 || *llmTemp > 2 {
 		slog.Error("invalid LLM temperature", "temperature", *llmTemp, "range", "0-2")
@@ -466,7 +453,7 @@ func main() {
 
 	// Supersede all old reviews with link to the new one
 	if len(oldReviews) > 0 {
-		newReviewURL := fmt.Sprintf("%s/%s/%s/pulls/%d#pullrequestreview-%d", strings.TrimRight(*vcsURL, "/"), owner, repoName, prNumber, posted.ID)
+		newReviewURL := fmt.Sprintf("%s/%s/%s/pulls/%d#pullrequestreview-%d", strings.TrimRight(*giteaURL, "/"), owner, repoName, prNumber, posted.ID)
 		for _, oldReview := range oldReviews {
 			cid, err := giteaClient.GetTimelineReviewCommentIDForReview(ctx, owner, repoName, prNumber, oldReview.ID)
 			if err != nil {

integration_test.go

@@ -16,17 +16,16 @@ import (
 
 // Integration test requires a running Gitea instance and LLM endpoint.
 // Set environment variables:
-//
-//	INTEGRATION_VCS_URL       - VCS base URL
-//	INTEGRATION_GITEA_TOKEN   - Gitea API token with repo access
-//	INTEGRATION_GITEA_REPO    - owner/repo with an open PR
-//	INTEGRATION_PR_NUMBER     - PR number to test against
-//	INTEGRATION_LLM_BASE_URL  - LLM API base URL
-//	INTEGRATION_LLM_API_KEY   - LLM API key
-//	INTEGRATION_LLM_MODEL     - Model name
+//   INTEGRATION_GITEA_URL     - Gitea base URL
+//   INTEGRATION_GITEA_TOKEN   - Gitea API token with repo access
+//   INTEGRATION_GITEA_REPO    - owner/repo with an open PR
+//   INTEGRATION_PR_NUMBER     - PR number to test against
+//   INTEGRATION_LLM_BASE_URL  - LLM API base URL
+//   INTEGRATION_LLM_API_KEY   - LLM API key
+//   INTEGRATION_LLM_MODEL     - Model name
 
 func TestIntegration_FullReviewFlow(t *testing.T) {
-	giteaURL := os.Getenv("INTEGRATION_VCS_URL")
+	giteaURL := os.Getenv("INTEGRATION_GITEA_URL")
 	giteaToken := os.Getenv("INTEGRATION_GITEA_TOKEN")
 	giteaRepo := os.Getenv("INTEGRATION_GITEA_REPO")
 	prNumStr := os.Getenv("INTEGRATION_PR_NUMBER")