From efb8539c0a1261fdb8b466449063503c0b59e2b1 Mon Sep 17 00:00:00 2001
From: pureliture <tkdgur1756@naver.com>
Date: Sun, 21 Jun 2026 09:19:24 +0900
Subject: [PATCH] =?UTF-8?q?fix(deploy):=20personal=20user=20unit=20?=
 =?UTF-8?q?=EC=8B=A4=ED=96=89=20=EC=9D=B8=EC=9E=90=20=EB=B3=B4=EC=A0=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

scan-worker CLI에 없는 --notification-log 인자를 제거해 user worker daemon이 정상 기동되게 한다.

lease-reaper timer는 OnActiveSec를 추가해 enable 직후 첫 schedule이 생기도록 보정한다.

검증: uv run pytest tests/test_personal_prod_systemd_units.py -q && uv run pytest -q && uv run python -m governance.autopilot_gate --base origin/main

Co-Authored-By: Codex GPT-5 <noreply@openai.com>
---
 .../systemd/user/security-scanner-personal-lease-reaper.timer  | 1 +
 .../user/security-scanner-personal-scan-worker@.service        | 3 +--
 tests/test_personal_prod_systemd_units.py                      | 2 ++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/deploy/systemd/user/security-scanner-personal-lease-reaper.timer b/deploy/systemd/user/security-scanner-personal-lease-reaper.timer
index 2be0c9e..d8747d8 100644
--- a/deploy/systemd/user/security-scanner-personal-lease-reaper.timer
+++ b/deploy/systemd/user/security-scanner-personal-lease-reaper.timer
@@ -3,6 +3,7 @@ Description=Scheduler for security-scanner personal lease reaper
 Documentation=https://github.com/source-security-dev/security-scanner
 
 [Timer]
+OnActiveSec=2min
 OnUnitActiveSec=2min
 Persistent=true
 RandomizedDelaySec=15
diff --git a/deploy/systemd/user/security-scanner-personal-scan-worker@.service b/deploy/systemd/user/security-scanner-personal-scan-worker@.service
index ed6c70e..3d6868f 100644
--- a/deploy/systemd/user/security-scanner-personal-scan-worker@.service
+++ b/deploy/systemd/user/security-scanner-personal-scan-worker@.service
@@ -18,8 +18,7 @@ Environment=SECURITY_SCANNER_DYNAMO_TABLE=security_scanner_personal
 Environment=SECURITY_SCANNER_CACHE_ROOT=%h/.cache/security-scanner-personal/repos
 ExecStart=%h/.local/bin/uv run security-scanner scan-worker \
     --daemon \
-    --worker-id security-scanner-personal-scan-worker@%i \
-    --notification-log %h/.local/state/security-scanner/personal-scan-worker.log.jsonl
+    --worker-id security-scanner-personal-scan-worker@%i
 Restart=on-failure
 RestartSec=10
 
diff --git a/tests/test_personal_prod_systemd_units.py b/tests/test_personal_prod_systemd_units.py
index 624525b..4b1db28 100644
--- a/tests/test_personal_prod_systemd_units.py
+++ b/tests/test_personal_prod_systemd_units.py
@@ -70,6 +70,7 @@ def test_personal_worker_template_is_capped_and_instanced() -> None:
     assert "scan-worker" in service["ExecStart"]
     assert "--daemon" in service["ExecStart"]
     assert "security-scanner-personal-scan-worker@%i" in service["ExecStart"]
+    assert "--notification-log" not in service["ExecStart"]
     assert service["Restart"] == "on-failure"
     assert parser.get("Install", "WantedBy") == "security-scanner-personal-workers.target"
 
@@ -101,6 +102,7 @@ def test_personal_periodic_units_are_user_level_and_scheduled(
     timer_section = dict(timer.items("Timer"))
     assert timer_section["Unit"] == service_name
     if calendar is None:
+        assert timer_section["OnActiveSec"] == "2min"
         assert timer_section["OnUnitActiveSec"] == "2min"
     else:
         assert timer_section["OnCalendar"] == calendar