[Unit]
Description=Lakehouse Claim Auditor — polls Gitea for open PRs + hard-blocks placeholder merges
Documentation=file:///home/profit/lakehouse/auditor/README.md
After=network.target lakehouse.service
Wants=lakehouse.service

[Service]
Type=simple
WorkingDirectory=/home/profit/lakehouse
# Runs as root to match the other lakehouse-* services on this host
# (gateway, mcp-server, observer). The auditor reads the git PAT out
# of /home/profit/.git-credentials which is 0600 profit:profit —
# root can read it, which is why the service runs as root.
# Alternative: run as `profit` and ensure bun binary is on PATH;
# left for a follow-up hardening PR.
ExecStart=/home/profit/.bun/bin/bun run /home/profit/lakehouse/auditor/index.ts
Restart=on-failure
RestartSec=30
# Stop responds to SIGTERM cleanly — no in-flight cycle survives a
# restart; the poller is idempotent so a mid-cycle restart just
# re-audits from state.json on next start.
KillSignal=SIGTERM
TimeoutStopSec=10

# Optional env toggles documented in auditor/index.ts:
#   LH_AUDITOR_RUN_DYNAMIC=1      — include hybrid fixture on every audit
#                                   (default off — mutates live playbook)
#   LH_AUDITOR_SKIP_INFERENCE=1   — skip cloud inference for fast runs

# Pause file — operator can `touch /home/profit/lakehouse/auditor.paused`
# to skip the next cycle without stopping the service.

[Install]
WantedBy=multi-user.target