# Lakehouse systemd units

Service definitions for long-running Lakehouse sidecars that aren't the
Rust gateway itself. The gateway has its own pre-existing unit
(`lakehouse.service`) that was configured at initial deploy time and
isn't tracked here.

## Units

| File | Service | Port | Purpose |
|---|---|---|---|
| `lakehouse-auditor.service` | `lakehouse-auditor` | n/a | Polls Gitea for open PRs, runs four checks (static / dynamic / inference / KB query), posts commit-status + review comment. Hard-blocks merges when claims aren't backed. |
| `lakehouse-context7-bridge.service` | `lakehouse-context7-bridge` | `:3900` | HTTP wrapper around context7's public API for Phase 45 doc-drift detection. |

## Install

```bash
sudo bash ops/systemd/install.sh
```

Idempotent. Copies units to `/etc/systemd/system/`, reloads, enables + (re)starts both services.

## Operate

```bash
# Status
systemctl status lakehouse-auditor
systemctl status lakehouse-context7-bridge

# Live logs
journalctl -u lakehouse-auditor -f

# Restart
systemctl restart lakehouse-auditor

# Stop (won't restart until enable + start again)
systemctl stop lakehouse-auditor
```

## Pause the auditor without stopping

```bash
touch /home/profit/lakehouse/auditor.paused   # skip cycles until removed
rm    /home/profit/lakehouse/auditor.paused   # resume
```

## Env toggles on the auditor (edit the unit file, `systemctl daemon-reload`, restart)

```
LH_AUDITOR_RUN_DYNAMIC=1    # include the hybrid fixture on every audit
                            # default off — fixture mutates live playbook state
LH_AUDITOR_SKIP_INFERENCE=1 # skip cloud inference for fast/cheap runs
```

## Why both services run as root

To match the existing `lakehouse.service` + `mcp-server` + `observer` conventions on this host. Hardening to a dedicated unprivileged user is a follow-up: would need PATH adjustment for `bun`, credential file accessibility (the auditor reads `/home/profit/.git-credentials` which is `0600 profit:profit` — root reads fine, a non-profit non-root user wouldn't).