[Unit]
Description=ICSAC Editorial System — twice-daily batch workflow (model check + watch tick + summary)
Documentation=https://github.com/ICSAC/editorial-system
After=network-online.target
Wants=network-online.target

[Service]
Type=oneshot
User=icsac
Group=icsac
WorkingDirectory=/opt/icsac/editorial-system
EnvironmentFile=/etc/icsac/editorial.env
ExecStart=/usr/bin/python3 /opt/icsac/editorial-system/editorial_workflow.py batch-tick
ExecStartPost=-/usr/bin/curl -fsS --max-time 10 "${KUMA_PUSH_URL}?status=up&msg=OK&ping="
# Batch tick reviews all pending submissions in one shot with 3 passes each —
# worst case multiple papers × 3 passes × up to 5 slots + RQC. Extended timeout
# covers peak load.
TimeoutStartSec=3600
StandardOutput=journal
StandardError=journal
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=read-only
ReadWritePaths=/opt/icsac/editorial-system /var/lib/icsac/site

[Install]
WantedBy=multi-user.target