# ECP-0105: Stable home directory for forge NBC browser workers

## Why

The forge NBC worker runs Chrome under a dedicated service user and a persistent profile, but the
publish unit was not explicitly setting `HOME`.

That leaves browser helper processes free to derive state paths from ambient defaults instead of the
intended service home. On a long-running forge host, that makes the browser worker more vulnerable
to stale locks, crash-report paths, and profile contamination from out-of-band debugging sessions.

## Decision

1. Set `HOME=/var/lib/every-channel` on NBC `wt-publish` units, not only on the Xvfb helper units.
2. Keep the persistent NBC profile and auth artifacts under `/var/lib/every-channel`.
3. Treat the forge NBC browser runtime as a single-service home/profile domain so cleanup and
   troubleshooting stay deterministic.

## Consequences

- Forge NBC launches use the same home directory across the display service and publish service.
- Chrome helper processes no longer need to infer state roots from ambient defaults.
- Manual debugging sessions must either reuse the service home intentionally or use an isolated
  profile path to avoid poisoning the live worker profile.

## Rejected Alternatives

- Keep only `--user-data-dir` and leave `HOME` implicit: rejected because browser helper processes
  still derive ancillary paths outside the intended service state root.
- Give the publish unit a separate home from the display unit: rejected because it makes the forge
  browser runtime harder to reason about and recover.