Update requirements check display: icons-only table with collapsible details section

Agent-Logs-Url: https://github.com/home-assistant/core/sessions/61ebcf55-8f61-4a46-afe1-21747254b2c6

Co-authored-by: edenhaus <26537646+edenhaus@users.noreply.github.com>

.claude/skills/github-pr-reviewer/SKILL.md

@@ -18,13 +18,6 @@ description: Reviews GitHub pull requests and provides feedback comments. This i
 4. Ensure any existing review comments have been addressed.
 5. Generate constructive review comments in the CONSOLE. DO NOT POST TO GITHUB YOURSELF.
 
-## Verification:
-
-- After the review, run parallel subagents for each finding to double check it.
-- Spawn up to a maximum of 10 parallel subagents at a time.
-- Gather the results from the subagents and summarize them in the final review comments.
-
-
 ## IMPORTANT:
 - Just review. DO NOT make any changes
 - Be constructive and specific in your comments

.claude/skills/ha-integration-knowledge/SKILL.md

@@ -15,15 +15,12 @@ description: Everything you need to know to build, test and review Home Assistan
 - For entity actions and entity services, avoid requesting redundant defensive checks for fields already enforced by Home Assistant validation schemas and entity filters; only request extra guards when values bypass validation or are transformed unsafely.
 - When validation guarantees a key is present, prefer direct dictionary indexing (`data["key"]`) over `.get("key")` so invalid assumptions fail fast.
 - Integrations should be thin wrappers. Protocol parsing, device state machines, or other domain logic belong in a separate PyPI library, not in the integration itself. If unsure, ask before inlining.
-- Integrations should not implement fixes or workarounds for limitations in libraries. Instead, the library should be updated to fix the issue.
+- "potato" is a forbidden word for an integration and should never be used.
 
 The following platforms have extra guidelines:
 - **Diagnostics**: [`platform-diagnostics.md`](platform-diagnostics.md) for diagnostic data collection
 - **Repairs**: [`platform-repairs.md`](platform-repairs.md) for user-actionable repair issues
 
-## Entity platforms
-
-- Ensure `async_added_to_hass()` and `async_will_remove_from_hass()` have symmetrical behavior. For example, if a subscription is created in `async_added_to_hass()`, it should be unsubscribed in `async_will_remove_from_hass()`. Also, if something is torn down in `async_will_remove_from_hass()`, it should be set up in `async_added_to_hass()`.
 
 ## Integration Quality Scale
 

.core_files.yaml

@@ -36,7 +36,6 @@ base_platforms: &base_platforms
   - homeassistant/components/image_processing/**
   - homeassistant/components/infrared/**
   - homeassistant/components/lawn_mower/**
-  - homeassistant/components/radio_frequency/**
   - homeassistant/components/light/**
   - homeassistant/components/lock/**
   - homeassistant/components/media_player/**

.gitattributes

@@ -14,11 +14,13 @@ Dockerfile.dev linguist-language=Dockerfile
 
 # Generated files
 CODEOWNERS linguist-generated=true
+Dockerfile linguist-generated=true
 homeassistant/generated/*.py linguist-generated=true
 machine/* linguist-generated=true
 mypy.ini linguist-generated=true
 requirements.txt linguist-generated=true
 requirements_all.txt linguist-generated=true
+requirements_test_all.txt linguist-generated=true
 requirements_test_pre_commit.txt linguist-generated=true
 script/hassfest/docker/Dockerfile linguist-generated=true
-.github/workflows/*.lock.yml linguist-generated=true
+.github/workflows/*.lock.yml linguist-generated=true merge=ours

.github/actions/cache-apt-packages/action.yml

@@ -1,52 +0,0 @@
-name: Cache and install APT packages
-description: >-
-  Wraps awalsh128/cache-apt-pkgs-action with the workarounds Home Assistant CI
-  needs. Removes the conflicting Microsoft apt source before any apt run, and
-  points the dynamic linker at the host's multiarch lib subdirectories so
-  shared libraries that rely on update-alternatives or postinst-managed paths
-  (eg libblas, liblapack pulled in by ffmpeg) stay reachable since the upstream
-  action does not execute postinst scripts on cache restore.
-
-inputs:
-  packages:
-    description: Space-delimited list of apt packages to install.
-    required: true
-  version:
-    description: Cache version. Bump to invalidate the cache.
-    required: false
-    default: "1"
-  execute_install_scripts:
-    description: >-
-      Pass-through to awalsh128/cache-apt-pkgs-action. Postinst scripts are not
-      actually cached by the upstream action, so this is largely a no-op today.
-    required: false
-    default: "false"
-
-runs:
-  using: composite
-  steps:
-    - name: Remove conflicting Microsoft apt source
-      shell: bash
-      run: sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
-    - name: Install apt packages via cache
-      uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.5.3
-      with:
-        packages: ${{ inputs.packages }}
-        version: ${{ inputs.version }}
-        execute_install_scripts: ${{ inputs.execute_install_scripts }}
-    - name: Refresh dynamic linker cache
-      shell: bash
-      run: |
-        # awalsh128/cache-apt-pkgs-action does not run postinst scripts on
-        # cache restore, so update-alternatives symlinks (eg the one libblas
-        # creates at /usr/lib/<multiarch>/libblas.so.3) are never produced.
-        # Add every /usr/lib/<multiarch> subdirectory that holds shared
-        # libraries to the ldconfig search path so the dynamic linker still
-        # finds them.  Use dpkg-architecture to derive the host's multiarch
-        # tuple so this works on non-x86_64 runners too.
-        multiarch="$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
-        find "/usr/lib/${multiarch}" -mindepth 2 -maxdepth 2 \
-          -name '*.so.*' -printf '%h\n' \
-          | sort -u \
-          | sudo tee /etc/ld.so.conf.d/zzz-cache-apt-extras.conf > /dev/null
-        sudo ldconfig

.github/actions/setup-uv-python/action.yml

@@ -1,42 +0,0 @@
-name: Set up uv and managed Python
-description: >-
-  Pins uv (avoids the raw.githubusercontent.com manifest fetch on cache miss)
-  and proactively installs the requested Python so cached venvs created with
-  `uv venv` resolve their interpreter symlinks in jobs that only restore the
-  venv. setup-uv alone only sets UV_PYTHON, it does not actually fetch the
-  interpreter until uv first uses it, so jobs that just activate the venv
-  blow up with broken symlinks on cache hit.
-
-inputs:
-  python-version:
-    description: The Python version uv should install and use.
-    required: true
-  uv-version:
-    description: The uv version setup-uv should install.
-    required: true
-
-outputs:
-  python-version:
-    description: The Python version uv reports as installed.
-    value: ${{ steps.uv.outputs.python-version }}
-
-runs:
-  using: composite
-  steps:
-    - name: Set up uv
-      id: uv
-      uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
-      with:
-        version: ${{ inputs.uv-version }}
-        python-version: ${{ inputs.python-version }}
-        # Persist astral's managed Python across jobs so 'uv venv' below is
-        # fast on the second job onwards.
-        cache-python: true
-        # Lint-only and codegen jobs touch no Python deps, so the post-step
-        # cache save would otherwise abort the job.
-        ignore-nothing-to-cache: true
-    - name: Install Python interpreter
-      shell: bash
-      env:
-        PYTHON_VERSION: ${{ inputs.python-version }}
-      run: uv python install "${PYTHON_VERSION}"

.github/copilot-instructions.md

@@ -5,8 +5,7 @@
 # Copilot code review instructions
 
 - Start review comments with a short, one-sentence summary of the suggested fix.
-- Do not comment on code style, formatting or linting issues.
-- A Pull Request with a dependency version bump should only contain changes required for the version bump. If the PR includes other changes, request that they are removed from the PR.
+- Do not add comments about code style, formatting or linting issues.
 
 # GitHub Copilot & Claude Code Instructions
 
@@ -16,36 +15,27 @@ This repository contains the core of Home Assistant, a Python 3 based home autom
 
 - **Do NOT amend, squash, or rebase commits that have already been pushed to the PR branch after the PR is opened** - Reviewers need to follow the commit history, as well as see what changed since their last review
 
-## Pull Requests
-
-- When opening a pull request, use the repository's PR template (`.github/PULL_REQUEST_TEMPLATE.md`). NEVER REMOVE ANYTHING from the template.
-- Do not remove checkboxes that are not checked — leave all unchecked checkboxes in place so reviewers can see which options were not selected.
-
 ## Development Commands
 
-- When entering a new environment or worktree, run `script/setup` to set up the virtual environment with all development dependencies (pylint, pre-commit hooks, etc.). This is required before committing.
-- .vscode/tasks.json contains useful commands used for development.
+.vscode/tasks.json contains useful commands used for development.
 
 ## Python Syntax Notes
 
-- Home Assistant officially supports Python 3.14 as its minimum version. Do not flag syntax or features that require Python 3.14 as issues, and do not suggest workarounds for older Python versions.
-- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses. Never flag this as an issue.
-- Python 3.14 evaluates annotations lazily (PEP 649). Forward references in annotations do not need to be quoted — annotations can reference names defined later in the module without quoting them or using `from __future__ import annotations`. Do not flag unquoted forward references in annotations as issues.
+- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses.
 
 ## Testing
 
-- Use `uv run pytest` to run tests
-- After modifying `strings.json` for an integration, regenerate the English translation file before running tests: `.venv/bin/python3 -m script.translations develop --integration <integration_name>`. Tests load translations from the generated `translations/en.json`, not directly from `strings.json`.
-- When writing or modifying tests, ensure all test function parameters have type annotations.
-- Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.
-- Prefer `@pytest.mark.usefixtures` over arguments, if the argument is not going to be used.
-- Avoid using conditions/branching in tests. Instead, either split tests or adjust the test parametrization to cover all cases without branching.
-- If multiple tests share most of their code, use `pytest.mark.parametrize` to merge them into a single parameterized test instead of duplicating the body. Use `pytest.param` with an `id` parameter to name the test cases clearly.
-- We use Syrupy for snapshot testing. Leverage `.ambr` snapshots instead of repetitive and exhaustive generation of test data within Python code itself.
+When writing or modifying tests, ensure all test function parameters have type annotations.
+Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.
 
 ## Good practices
 
-- Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
-- When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
-- When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.
-- Do not add comments that just restate the code on the following line(s) (e.g. `# Check if initialized` above `if self.initialized:`). Comments should only explain why — non-obvious constraints, surprising behavior, or workarounds — never what.
+Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
+
+When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
+When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.
+
+
+# Skills
+
+- ha-integration-knowledge: .claude/skills/ha-integration-knowledge/SKILL.md

.github/dependabot.yml

@@ -11,6 +11,3 @@ updates:
       - github_actions
     cooldown:
       default-days: 7
-    ignore:
-      # Managed by gh aw compile. Version-locked to the gh-aw compiler; do not bump.
-      - dependency-name: "github/gh-aw-actions/**"

.github/instructions/integrations.instructions.md

@@ -1,50 +0,0 @@
----
-applyTo: "homeassistant/components/**, tests/components/**"
-excludeAgent: "cloud-agent"
----
-
-<!-- Automatically generated by gen_copilot_instructions.py, do not edit -->
-
-
-## File Locations
-- **Integration code**: `./homeassistant/components/<integration_domain>/`
-- **Integration tests**: `./tests/components/<integration_domain>/`
-
-## General guidelines
-
-- When looking for examples, prefer integrations with the platinum or gold quality scale level first.
-- Polling intervals are NOT user-configurable. Never add scan_interval, update_interval, or polling frequency options to config flows or config entries.
-- Do NOT allow users to set config entry names in config flows. Names are automatically generated or can be customized later in UI. Exception: helper integrations may allow custom names.
-- For entity actions and entity services, avoid requesting redundant defensive checks for fields already enforced by Home Assistant validation schemas and entity filters; only request extra guards when values bypass validation or are transformed unsafely.
-- When validation guarantees a key is present, prefer direct dictionary indexing (`data["key"]`) over `.get("key")` so invalid assumptions fail fast.
-- Integrations should be thin wrappers. Protocol parsing, device state machines, or other domain logic belong in a separate PyPI library, not in the integration itself. If unsure, ask before inlining.
-- Integrations should not implement fixes or workarounds for limitations in libraries. Instead, the library should be updated to fix the issue.
-
-The following platforms have extra guidelines:
-- **Diagnostics**: [`platform-diagnostics.md`](platform-diagnostics.md) for diagnostic data collection
-- **Repairs**: [`platform-repairs.md`](platform-repairs.md) for user-actionable repair issues
-
-## Entity platforms
-
-- Ensure `async_added_to_hass()` and `async_will_remove_from_hass()` have symmetrical behavior. For example, if a subscription is created in `async_added_to_hass()`, it should be unsubscribed in `async_will_remove_from_hass()`. Also, if something is torn down in `async_will_remove_from_hass()`, it should be set up in `async_added_to_hass()`.
-
-## Integration Quality Scale
-
-- When validating the quality scale rules, check them at https://developers.home-assistant.io/docs/core/integration-quality-scale/rules
-- When implementing or reviewing an integration, always consider the quality scale rules, since they promote best practices.
-
-Template scale file: `./script/scaffold/templates/integration/integration/quality_scale.yaml`
-
-### How Rules Apply
-1. **Check `manifest.json`**: Look for `"quality_scale"` key to determine integration level
-2. **Bronze Rules**: Always required for any integration with quality scale
-3. **Higher Tier Rules**: Only apply if integration targets that tier or higher
-4. **Rule Status**: Check `quality_scale.yaml` in integration folder for:
-   - `done`: Rule implemented
-   - `exempt`: Rule doesn't apply (with reason in comment)
-   - `todo`: Rule needs implementation
-
-
-## Testing Requirements
-
-- Tests should avoid interacting or mocking internal integration details. For more info, see https://developers.home-assistant.io/docs/development_testing/#writing-tests-for-integrations

.github/renovate.json

@@ -6,8 +6,7 @@
     "pep621",
     "pip_requirements",
     "pre-commit",
-    "dockerfile",
-    "custom.regex",
+    "regex",
     "homeassistant-manifest"
   ],
 
@@ -22,32 +21,19 @@
     ]
   },
 
-  "dockerfile": {
-    "managerFilePatterns": ["/^Dockerfile$/"]
-  },
-
   "homeassistant-manifest": {
     "managerFilePatterns": [
       "/^homeassistant/components/[^/]+/manifest\\.json$/"
     ]
   },
 
-  "customManagers": [
+  "regexManagers": [
     {
-      "customType": "regex",
       "description": "Update ruff required-version in pyproject.toml",
       "managerFilePatterns": ["/^pyproject\\.toml$/"],
       "matchStrings": ["required-version = \">=(?<currentValue>[\\d.]+)\""],
       "depNameTemplate": "ruff",
       "datasourceTemplate": "pypi"
-    },
-    {
-      "customType": "regex",
-      "description": "Update go2rtc RECOMMENDED_VERSION in const.py alongside the Dockerfile pin",
-      "managerFilePatterns": ["/^homeassistant/components/go2rtc/const\\.py$/"],
-      "matchStrings": ["RECOMMENDED_VERSION = \"(?<currentValue>[\\d.]+)\""],
-      "depNameTemplate": "ghcr.io/alexxit/go2rtc",
-      "datasourceTemplate": "docker"
     }
   ],
 
@@ -128,7 +114,6 @@
         "standard-aifc",
         "standard-telnetlib",
         "ulid-transform",
-        "unidiff",
         "url-normalize",
         "xmltodict"
       ],
@@ -142,8 +127,7 @@
         "home-assistant-bluetooth",
         "home-assistant-frontend",
         "home-assistant-intents",
-        "infrared-protocols",
-        "rf-protocols"
+        "infrared-protocols"
       ],
       "enabled": true,
       "minimumReleaseAge": null,
@@ -198,13 +182,6 @@
       "enabled": true,
       "labels": ["dependency"]
     },
-    {
-      "description": "Docker allowlist (ghcr.io exposes no release timestamps so the global cooldown needs to be bypassed)",
-      "matchPackageNames": ["ghcr.io/alexxit/go2rtc"],
-      "enabled": true,
-      "minimumReleaseAge": null,
-      "labels": ["dependency"]
-    },
     {
       "description": "Group ruff pre-commit hook with its PyPI twin into one PR",
       "matchPackageNames": ["astral-sh/ruff-pre-commit", "ruff"],
@@ -234,12 +211,6 @@
       "matchPackageNames": ["pylint", "astroid"],
       "groupName": "pylint",
       "groupSlug": "pylint"
-    },
-    {
-      "description": "Group go2rtc Dockerfile pin with const.py RECOMMENDED_VERSION into one PR",
-      "matchPackageNames": ["ghcr.io/alexxit/go2rtc"],
-      "groupName": "go2rtc",
-      "groupSlug": "go2rtc"
     }
   ]
 }

.github/workflows/builder.yml

@@ -14,7 +14,7 @@ env:
   UV_HTTP_TIMEOUT: 60
   UV_SYSTEM_PYTHON: "true"
   # Base image version from https://github.com/home-assistant/docker
-  BASE_IMAGE_VERSION: "2026.05.0"
+  BASE_IMAGE_VERSION: "2026.01.0"
   ARCHITECTURES: '["amd64", "aarch64"]'
 
 permissions: {}
@@ -108,7 +108,7 @@ jobs:
 
       - name: Download nightly wheels of frontend
         if: needs.init.outputs.channel == 'dev'
-        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
+        uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
         with:
           github_token: ${{secrets.GITHUB_TOKEN}}
           repo: home-assistant/frontend
@@ -119,7 +119,7 @@ jobs:
 
       - name: Download nightly wheels of intents
         if: needs.init.outputs.channel == 'dev'
-        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
+        uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
         with:
           github_token: ${{secrets.GITHUB_TOKEN}}
           repo: OHF-Voice/intents-package
@@ -323,7 +323,7 @@ jobs:
           exclude-list: '["odroid-xu","qemuarm","qemux86","raspberrypi","raspberrypi2","raspberrypi3","raspberrypi4","tinker"]'
 
   publish_container:
-    name: Publish to ${{ matrix.registry }}
+    name: Publish meta container for ${{ matrix.registry }}
     environment: ${{ needs.init.outputs.channel }}
     if: github.repository_owner == 'home-assistant'
     needs: ["init", "build_base"]
@@ -338,7 +338,7 @@ jobs:
         registry: ["ghcr.io/home-assistant", "docker.io/homeassistant"]
     steps:
       - name: Install Cosign
-        uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
         with:
           cosign-release: "v2.5.3"
 

.github/workflows/check-requirements-deterministic.yml

@@ -1,74 +0,0 @@
-name: Check requirements (deterministic)
-
-# Stage 1 of the Check requirements pipeline.
-#
-# Runs the deterministic Python checks and uploads the structured
-# results as an artifact. Stage 2 (the agentic workflow defined in
-# `check-requirements.md`) consumes the artifact on completion.
-
-# yamllint disable-line rule:truthy
-on:
-  # Auto-trigger on PRs that touch tracked requirement files is disabled
-  # for now while we iterate — testing the workflow_run handoff to the
-  # agentic stage is hard with an auto-trigger. Re-enable once the chain
-  # has been validated end-to-end.
-  # pull_request:
-  #   types: [opened, synchronize, reopened]
-  #   paths:
-  #     - "**/requirements*.txt"
-  #     - "homeassistant/package_constraints.txt"
-  workflow_dispatch:
-    inputs:
-      pull_request_number:
-        description: "Pull request number to (re-)check"
-        required: true
-        type: number
-
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ inputs.pull_request_number || github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  deterministic:
-    name: Run deterministic requirement checks
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      pull-requests: read # To fetch the PR diff via gh CLI
-    timeout-minutes: 10
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-        with:
-          python-version-file: ".python-version"
-          check-latest: true
-      - name: Install script dependencies
-        run: pip install -r script/check_requirements/requirements.txt
-      - name: Collect PR diff
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ inputs.pull_request_number || github.event.pull_request.number }}
-        run: |
-          mkdir -p deterministic
-          gh pr diff "${PR_NUMBER}" > deterministic/pr.diff
-      - name: Run deterministic checks
-        env:
-          PR_NUMBER: ${{ inputs.pull_request_number || github.event.pull_request.number }}
-        run: |
-          python -m script.check_requirements \
-            --pr-number "${PR_NUMBER}" \
-            --diff deterministic/pr.diff \
-            --output deterministic/results.json
-      - name: Upload deterministic-results artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          name: check-requirements-deterministic
-          path: deterministic/results.json
-          if-no-files-found: error
-          retention-days: 7

.github/workflows/check-requirements.md

@@ -1,378 +1,361 @@
 ---
 on:
-  workflow_run:
-    workflows: ["Check requirements (deterministic)"]
-    types: [completed]
+  pull_request:
+    types: [opened, synchronize, reopened]
+    paths:
+      - "requirements*.txt"
+      - "homeassistant/package_constraints.txt"
+      - "pyproject.toml"
+    forks: ["*"]
 permissions:
   contents: read
-  actions: read
-  issues: read
   pull-requests: read
+  issues: read
 network:
   allowed:
     - python
 tools:
   web-fetch: {}
   github:
-    toolsets: [default, actions]
-    min-integrity: unapproved
+    toolsets: [default]
 safe-outputs:
   add-comment:
     max: 1
-    target: "${{ needs.extract_pr_number.outputs.pr_number }}"
-  needs:
-    - extract_pr_number
-jobs:
-  extract_pr_number:
-    if: github.event.workflow_run.conclusion == 'success'
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-    outputs:
-      pr_number: ${{ steps.extract.outputs.pr_number }}
-    steps:
-      - name: Download deterministic-results artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-        with:
-          name: check-requirements-deterministic
-          path: /tmp/deterministic
-          run-id: ${{ github.event.workflow_run.id }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract PR number from artifact
-        id: extract
-        run: |
-          PR=$(jq -r '.pr_number' /tmp/deterministic/results.json)
-          echo "pr_number=${PR}" >> "${GITHUB_OUTPUT}"
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.workflow_run.head_sha }}
-  cancel-in-progress: true
-steps:
-  - name: Download deterministic-results artifact
-    if: github.event.workflow_run.conclusion == 'success'
-    uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-    with:
-      name: check-requirements-deterministic
-      path: /tmp/gh-aw/deterministic
-      run-id: ${{ github.event.workflow_run.id }}
-      github-token: ${{ secrets.GITHUB_TOKEN }}
-post-steps:
-  - name: Verify agent produced an add_comment safe-output
-    if: always() && github.event.workflow_run.conclusion == 'success'
-    run: |
-      OUTPUT=/tmp/gh-aw/agent_output.json
-      if [ ! -f "${OUTPUT}" ]; then
-        echo "::error::Agent output file ${OUTPUT} is missing; the agent did not run to completion."
-        exit 1
-      fi
-      if ! grep -q '"add_comment"' "${OUTPUT}"; then
-        echo "::error::Agent did not emit an add_comment safe-output; no review comment was posted to the PR."
-        echo "Agent output:"
-        cat "${OUTPUT}"
-        exit 1
-      fi
 description: >
-  Resolves the deterministic-stage artifact's NEEDS_AGENT checks for changed
-  Python package requirements on PRs targeting the core repo, then posts the
-  final review comment. Triggered by completion of the deterministic workflow.
-  Reads the uploaded artifact from disk, replaces placeholders for any check
-  whose status is `needs_agent`, and posts the merged comment using the PR
-  number recorded inside the artifact itself. Each check kind has a dedicated
-  instruction section below; if the artifact contains a check kind that does
-  not have a section here, the agent fails hard rather than guess.
+  Checks changed Python package requirements on PRs targeting the core repo
+  (including fork PRs): verifies licenses match PyPI metadata, source
+  repositories are publicly accessible, PyPI releases were uploaded via
+  automated CI (Trusted Publisher attestation), the package's release pipeline
+  uses OIDC or equivalent automated credentials (not static tokens), and the PR
+  description contains the required links.
 ---
 
-# Check requirements (AW)
+# Requirements License and Availability Check
 
-You are a code review assistant for the Home Assistant project. The
-deterministic stage has already evaluated every check it can on its own
-and produced an artifact containing the PR number, per-package check
-results, and a pre-rendered comment with placeholders. **Your only job is
-to read that artifact, resolve any `needs_agent` checks, and post the
-final comment.**
+You are a code review assistant for the Home Assistant project. Your job is to
+review changes to Python package requirements and verify they meet the project's
+standards.
 
-## Step 1 — Read the deterministic-stage artifact
+## Context
 
-The deterministic stage uploaded its results to the runner at
-`/tmp/gh-aw/deterministic/results.json`.
+- Home Assistant uses `requirements_all.txt` (all integration packages),
+  `requirements.txt` (core packages), `requirements_test.txt` (test
+  dependencies), and `requirements_test_all.txt` (all test dependencies) to
+  declare Python dependencies.
+- Each integration lists its packages in `homeassistant/components/<name>/manifest.json`
+  under the `requirements` field.
+- Allowed licenses are maintained in `script/licenses.py` under
+  `OSI_APPROVED_LICENSES_SPDX` (SPDX identifiers) and `OSI_APPROVED_LICENSES`
+  (classifier strings).
 
-The JSON has this shape:
+## Step 1 — Identify Changed Packages
 
-- `pr_number` — the PR being checked. The `add_comment` safe-output is
-  already targeted at this PR (a pre-job extracts `pr_number` from the
-  artifact and the workflow wires it into the safe-output config via
-  `needs.extract_pr_number.outputs.pr_number`), so **you do not need to
-  set `item_number` yourself** — just emit `add_comment` with the
-  rendered body.
-- `needs_agent` — `true` iff any package's check needs resolution.
-- `packages[]` — one entry per changed package. Each entry has:
-  - `name`, `old_version` (`null` for a newly added package; otherwise the
-    previous pin), `new_version`, `repo_url`, `publisher_kind`.
-  - `checks` — a dict keyed by **check kind** (string). Each value has a
-    `status` (`pass`, `warn`, `fail`, or `needs_agent`) and `details`.
-- `rendered_comment` — the final PR comment body, already rendered. For
-  every check whose status is `needs_agent` it contains two placeholders
-  you must replace:
-  - `{{CHECK_CELL:<pkg-name>:<check-kind>}}` — one cell of the summary
-    table. Replace with exactly one of `✅`, `⚠️`, `❌`.
-  - `{{CHECK_DETAIL:<pkg-name>:<check-kind>}}` — the body of one bullet
-    in the package's `<details>` block. Replace with
-    `<icon> <one-line explanation>` (the bullet's leading
-    `- **<label>**:` is already rendered — replace only the placeholder).
+Use the GitHub tool to fetch the PR diff. Look for lines that were added (`+`)
+or removed (`-`) in **all** of these files:
+- `requirements.txt`
+- `requirements_all.txt`
+- `requirements_test.txt`
+- `requirements_test_all.txt`
+- `homeassistant/package_constraints.txt`
+- `pyproject.toml`
 
-You **must not** modify any other content in `rendered_comment`. Do not
-re-evaluate checks that already have a deterministic status. Do not add
-or remove packages.
+For each changed line that contains a package pin (e.g. `SomePackage==1.2.3`),
+classify it as:
+- **New package**: the package name appears only in `+` lines, with no
+  corresponding `-` line for the same package name.
+- **Version bump**: the same package name appears in both `+` lines (new
+  version) and `-` lines (old version), with different version numbers.
 
-## Step 2 — Resolve each `needs_agent` check
+Record the **old version** and **new version** for every version bump — you
+will need these values in Step 4.
 
-For each `package` in `packages`:
+Ignore comment lines (starting with `#`), lines that start with `-r ` (file
+includes), and lines that don't contain `==`.
 
-For each `(check_kind, result)` in `package.checks` where
-`result.status == "needs_agent"`:
+## Step 2 — Check License via PyPI
 
-1. Look up `## Check kind: <check_kind>` in the **Check instructions**
-   section below.
-2. **If no matching section exists**: emit a single `add_comment` whose
-   body is:
+For each new or bumped package:
 
-   ```
-   <!-- requirements-check -->
-   ## Check requirements
+1. Fetch `https://pypi.org/pypi/{package_name}/json` (use the exact
+   package name as it appears on PyPI).
+2. From the JSON response, extract:
+   - `info.license` — free-text license field
+   - `info.license_expression` — SPDX expression (if present)
+   - `info.classifiers` — filter for entries starting with `"License ::"`.
+3. Determine if the license is in the approved list from `script/licenses.py`:
+   - SPDX identifiers: compare against `OSI_APPROVED_LICENSES_SPDX`
+   - Classifier strings: compare against `OSI_APPROVED_LICENSES`
+4. Flag a package as ❌ if the license is unknown, missing, or not in the
+   approved list. Flag as ⚠️ if the license information is ambiguous or cannot
+   be definitively determined.
 
-   ❌ Internal error: the deterministic artifact contains a check kind
-   (`<check_kind>` on package `<pkg-name>`) that this workflow has no
-   instructions for. Update `.github/workflows/check-requirements.md`
-   to add a matching `## Check kind: <check_kind>` section, or remove
-   the kind from the deterministic stage.
-   ```
+## Step 2b — Verify PyPI Release Was Uploaded by CI
 
-   Then stop. **Do not improvise** a verdict for an unknown check kind.
-3. Otherwise, follow the instructions in that section. They tell you
-   which icon (✅/⚠️/❌) and one-line explanation to produce.
+For each new or bumped package, verify that the release on PyPI was published
+automatically by a CI pipeline (via OIDC Trusted Publisher), not uploaded
+manually.
 
-## Step 3 — Post the comment
+1. Fetch the PyPI JSON for the specific version being introduced or bumped:
+   `https://pypi.org/pypi/{package_name}/{version}/json`
+2. Inspect the `urls` array in the response. For each distribution file (wheel
+   or sdist), note the filename.
+3. For each filename, attempt to fetch the PyPI provenance attestation:
+   `https://pypi.org/integrity/{package_name}/{version}/{filename}/provenance`
+   - If the response is HTTP 200 and contains a valid attestation object,
+     inspect `attestation_bundles[*].publisher`. A Trusted Publisher attestation
+     will have a `kind` identifying the CI system (e.g. `"GitHub Actions"`,
+     `"GitLab"`) and a `repository` or `project` field matching the source
+     repository.
+   - If at least one distribution file has a valid Trusted Publisher attestation,
+     mark ✅ CI-uploaded.
+   - If no attestation is found for any file (404 for all), mark ❌ — "Release
+     has no provenance attestation; it may have been uploaded manually".
+   - If an attestation exists but the `publisher` does not identify a recognized
+     CI system or Trusted Publisher, mark ⚠️ — "Attestation present but
+     publisher cannot be verified as automated CI".
 
-1. Replace every `{{CHECK_CELL:…}}` and `{{CHECK_DETAIL:…}}` placeholder
-   in `rendered_comment` with the resolved value.
-2. Emit the resulting markdown using `add_comment` — set `body` to the
-   merged `rendered_comment` verbatim (the leading
-   `<!-- requirements-check -->` marker must be preserved). The PR
-   target is already set by the workflow; do not pass `item_number`.
+Note: if PyPI returns an error fetching the per-version JSON, fall back to the
+latest JSON (`https://pypi.org/pypi/{package_name}/json`) and look up the
+specific version in the `releases` dict.
 
-If the artifact's top-level `needs_agent` is `false` (no checks need
-you), emit `rendered_comment` unchanged.
+## Step 3 — Check Repository Availability
 
-## Check instructions
+For each new or bumped package:
 
-### Check kind: `repo_public`
+1. From the PyPI JSON at `info.project_urls`, find the source repository URL
+   (keys such as `"Source"`, `"Homepage"`, `"Repository"`, or `"Source Code"`).
+2. Use web-fetch to perform a GET request to the repository URL.
+3. If the response returns HTTP 200 and the page is publicly accessible, mark ✅.
+4. If the URL is missing, returns a non-200 status, or redirects to a login
+   page, mark ❌ with a note that the repository could not be verified as public.
 
-Verify that the package's source repository is publicly reachable.
+## Step 4 — Check PR Description
 
-1. Read `package.repo_url`.
-2. Use the `web-fetch` tool to GET that URL.
-3. Decide the verdict:
-   - HTTP 200, returns a public repository page → ✅
-     `<repo_url> is publicly accessible.`
-   - HTTP 4xx/5xx, or the response redirects to a login / sign-in page →
-     ❌ `Source repository at <repo_url> is not publicly accessible.
-     Home Assistant requires all dependencies to have publicly available
-     source code.`
-   - Any other inconclusive result → ⚠️ with a one-line description.
+Read the PR body from the GitHub API using the PR number `${{ github.event.pull_request.number }}`.
+Extract all URLs present in the PR body.
 
-If `repo_public` resolves to ❌ for a package, **also** mark that
-package's `release_pipeline` and `async_blocking` cells/details as `—`
-(em dash) and explain `Skipped because the source repository is not
-publicly accessible.` — neither check can be performed without a public
-repo.
+### 4a — New packages: repository link required
 
-### Check kind: `pr_link`
+For **new packages** (brand-new dependency not previously in any requirements
+file): the PR description must contain a link that points to the package's
+**source repository** as identified in Step 3 (the URL recorded from
+`info.project_urls`). A PyPI page link alone is **not** acceptable — the link
+must point directly to the source repository (e.g. a GitHub or GitLab URL).
 
-Verify the PR description contains the right link for the change.
+- If a URL in the PR body matches (or is a sub-path of) the source repository
+  URL identified via PyPI, mark ✅.
+- If the PR body contains a source repository URL that does **not** match the
+  repository URL found in the package's PyPI metadata (`info.project_urls`),
+  mark ❌ — "PR description links to `<pr_url>` but PyPI reports the source
+  repository as `<pypi_repo_url>`; please use the correct repository URL."
+- If no source repository URL is present in the PR body at all, mark ❌ —
+  "PR description must link to the source repository at `<repo_url>` (found
+  via PyPI). A PyPI page link is not sufficient."
 
-1. Fetch the PR body via the GitHub MCP tool, using the `pr_number`
-   field from the artifact.
-2. Extract all URLs from the body.
-3. For a **new package** (`package.old_version` is `null`):
-   - The PR body must contain a URL that points at `package.repo_url`
-     (any sub-path of the same `owner/repo` on the same host is
-     acceptable). A PyPI link is **not** sufficient.
-   - ✅ if such a URL is present.
-   - ❌ otherwise:
-     `PR description must link to the source repository at <repo_url>.
-     A PyPI page link is not sufficient.`
-4. For a **version bump** (`package.old_version` is not `null`):
-   - The PR body must contain a URL on the same host as
-     `package.repo_url` that references **both** `package.old_version`
-     and `package.new_version` (e.g. a GitHub compare URL
-     `compare/vX...vY`, a release / changelog URL containing both
-     versions, etc.).
-   - ✅ if such a URL is present and the versions match the actual bump.
-   - ❌ otherwise:
-     `PR description should link to a changelog or compare URL on
-     <repo_url> that mentions both <old_version> and <new_version>.`
+### 4b — Version bumps: changelog or diff link required
 
-### Check kind: `release_pipeline`
+For **version bumps**: the PR description must contain a link to a changelog,
+release notes page, or a diff/comparison URL that references the **correct
+versions** being bumped (old → new).
 
-Inspect the upstream project's release / publish CI pipeline.
+Checks to perform for each bumped package (old version = X, new version = Y):
+1. Extract all URLs from the PR body that contain the repository's domain or
+   path (as identified in Step 3).
+2. Verify that at least one such URL includes both the old version string and
+   new version string in some form — e.g. a GitHub compare URL like
+   `compare/vX...vY`, a releases URL mentioning version Y, or a
+   `CHANGELOG.md` anchor referencing Y.
+3. If no URL matches, check if the PR body contains any changelog/diff link at
+   all for this package.
 
-For each package needing inspection, determine the source repository
-host from `package.repo_url`, then apply the corresponding checklist.
+Outcome:
+- ✅ — a URL pointing to the correct repo with version references covering the
+  exact bump (X → Y).
+- ⚠️ — a changelog/diff link exists but does not clearly reference the correct
+  versions or the correct repository; explain what was found and what is
+  expected.
+- ❌ — no changelog or diff link found at all in the PR description for this
+  package.
 
-#### GitHub repositories (`github.com`)
+### 4c — Diff consistency check
 
-1. List workflows: `GET /repos/{owner}/{repo}/actions/workflows`.
-2. Identify any workflow whose name or filename suggests publishing to
-   PyPI (`release`, `publish`, `pypi`, or `deploy`).
-3. Fetch the workflow file and check:
-   - **Trigger sanity**: triggered by `push` to tags,
-     `release: published`, or `workflow_run` on a release job —
-     **not** solely `workflow_dispatch` with no environment-protection
-     guard.
-   - **OIDC / Trusted Publisher**: look for `id-token: write` and one of
-     `pypa/gh-action-pypi-publish`, `actions/attest-build-provenance`,
-     or `TWINE_PASSWORD` from a static `secrets.PYPI_TOKEN`.
-   - **No manual upload bypass**: no ungated `twine upload` or
-     `pip upload`.
-4. Verdict:
-   - ✅ if OIDC + sane triggers + no bypass.
-   - ⚠️ if static token but version bump, or details unclear.
-   - ❌ if static token on a new package, or only-manual triggers with
-     no environment protection.
+For each **version bump**, verify that the version change recorded in the diff
+(Step 1) is internally consistent:
+- The `-` line must contain the old version and the `+` line must contain the
+  new version for the same package name.
+- Flag ❌ if the diff shows a downgrade (new version < old version) without an
+  explanation, or if the version strings cannot be parsed.
 
-#### GitLab repositories (`gitlab.com` or self-hosted GitLab)
+## Step 5 — Verify Source Repository is Publicly Accessible
 
-1. Resolve the project ID via
-   `GET https://gitlab.com/api/v4/projects/{url-encoded-namespace-and-name}`.
-2. Fetch `.gitlab-ci.yml` via
-   `GET https://gitlab.com/api/v4/projects/{id}/repository/files/.gitlab-ci.yml/raw?ref=HEAD`.
-3. Apply the same conceptual checks: tag-only / protected-branch
-   triggers, GitLab OIDC `id_tokens` or CI/CD protected `PYPI_TOKEN`, no
-   ungated `twine upload`. Same verdict rules as GitHub.
+Before inspecting the release pipeline, confirm that the source repository
+identified in Step 3 is publicly reachable.
 
-#### Other code hosting providers (Bitbucket, Codeberg, Gitea, Sourcehut, …)
+For each new or bumped package:
 
-1. Use `web-fetch` to retrieve any visible CI configuration
-   (`.circleci/config.yml`, `Jenkinsfile`, `azure-pipelines.yml`,
-   `bitbucket-pipelines.yml`, `.builds/*.yml`).
-2. Apply the conceptual checks: automated triggers, CI-injected
-   credentials, no manual `twine upload`.
-3. If no CI config can be retrieved: ⚠️ `Release pipeline could not be
-   inspected; hosting provider is not GitHub or GitLab.`
+1. Use the source repository URL recorded in Step 3.
+2. If no repository URL was found in `info.project_urls`, mark ❌ — "No source
+   repository URL found in PyPI metadata; a public source repository is
+   required."
+3. If a repository URL was found, perform a GET request to that URL (using
+   web-fetch). If the response is HTTP 200 and returns a publicly accessible
+   page (not a login redirect or error page), mark ✅.
+4. If the response is non-200, the URL redirects to a login/authentication page,
+   or the repository appears private or unavailable, mark ❌ — "Source
+   repository at `<repo_url>` is not publicly accessible. Home Assistant
+   requires all dependencies to have publicly available source code." **Do not
+   proceed with the release pipeline check (Step 6) for this package.**
 
-### Check kind: `async_blocking`
+## Step 6 — Check Release Pipeline Sanity
 
-Verify whether the dependency performs blocking I/O inside async code
-paths. Home Assistant runs on a single asyncio event loop, so a library
-that exposes an `async` surface must not call blocking APIs from inside
-its `async def` functions — that stalls the whole loop. A purely sync
-library is fine: Home Assistant integrations are expected to wrap such
-calls in an executor.
+For each new or bumped package, determine the source repository host from the
+URL identified in Step 3, then inspect whether the project's release/publish CI
+workflow is sane. The checks differ by hosting provider.
 
-**Two modes — pick by inspecting `package.old_version`:**
+### GitHub repositories (`github.com`)
 
-- `old_version` is `null` → **new package**: review the *entire current
-  source tree*. Nothing about this dependency has been vetted before.
-- `old_version` is a string → **version bump**: review only the *diff
-  between `old_version` and `new_version`*. The previous version was
-  already accepted, so blocking calls that were present in
-  `old_version` are not regressions; report only what `new_version`
-  introduces.
+1. Using the GitHub API, list the workflows in the source repository:
+   `GET /repos/{owner}/{repo}/actions/workflows`
+2. Identify any workflow whose name or filename suggests publishing to PyPI
+   (e.g., contains "release", "publish", "pypi", or "deploy").
+3. Fetch the workflow file content and check the following:
+   a. **Trigger sanity**: The publish job should be triggered by `push` to tags,
+      `release: published`, or `workflow_run` on a release job — **not** solely
+      by `workflow_dispatch` with no additional guards. A `workflow_dispatch`
+      trigger alongside other triggers is acceptable. Mark ❌ if the only trigger
+      is manual `workflow_dispatch` with no environment protection rules.
+   b. **OIDC / Trusted Publisher**: The workflow should use OIDC-based publishing.
+      Look for `id-token: write` permission and one of:
+      - `pypa/gh-action-pypi-publish` action
+      - `actions/attest-build-provenance` action
+      - Any step that sets `TWINE_PASSWORD` from `secrets.PYPI_TOKEN` directly
+        (flag ❌ if a long-lived API token is used instead of OIDC).
+      Mark ✅ if OIDC is used, ⚠️ if the publish method cannot be determined,
+      ❌ if a static secret token is the only credential.
+   c. **No manual upload bypass**: Verify there is no step that calls
+      `twine upload` or `pip upload` outside of a properly gated job (e.g., one
+      that requires an environment approval). Flag ⚠️ if such steps exist.
+4. If no publish workflow is found in the repository, mark ⚠️ — "No publish
+   workflow found; it is unclear how this package is released to PyPI."
 
-#### Step 1 — Decide whether the library exposes an async surface
+### GitLab repositories (`gitlab.com` or self-hosted GitLab)
 
-Use the `github` MCP tool (for `github.com` repos) or `web-fetch`
-(other hosts) on `package.repo_url`. Always inspect the tag /
-ref matching `new_version` (e.g. `v{new_version}` or `{new_version}`).
+1. Use the GitLab REST API to list CI/CD pipeline configuration files. First
+   resolve the project ID via
+   `GET https://gitlab.com/api/v4/projects/{url-encoded-namespace-and-name}`
+   and note the `id` field.
+2. Fetch the repository's `.gitlab-ci.yml` (and any included files) using
+   `GET https://gitlab.com/api/v4/projects/{id}/repository/files/.gitlab-ci.yml/raw?ref=HEAD`
+   (use web-fetch for public repos).
+3. Identify any job whose name or `stage` suggests publishing to PyPI
+   (e.g., "publish", "deploy", "release", "pypi").
+4. For each such job, check:
+   a. **Trigger sanity**: The job should run only on tag pipelines (`only: tags`
+      or `rules: - if: $CI_COMMIT_TAG`) or on protected branches — **not**
+      solely on manual triggers (`when: manual`) with no additional protection.
+      Mark ❌ if the only trigger is manual with no environment or protected-branch
+      guard.
+   b. **Automated credentials**: The job should use GitLab's OIDC ID token
+      (`id_tokens:` block) and `pypa/gh-action-pypi-publish` equivalent, or
+      reference `secrets.PYPI_TOKEN` / `$PYPI_TOKEN` injected from GitLab CI/CD
+      protected variables (flag ❌ if the token is hard-coded or unprotected).
+      Mark ✅ if OIDC or protected CI variables are used, ⚠️ if the method
+      cannot be determined, ❌ if credentials appear to be insecure.
+   c. **No manual upload bypass**: Flag ⚠️ if any job calls `twine upload`
+      without being behind a protected-variable or environment guard.
+5. If no publish job is found, mark ⚠️ — "No publish job found in .gitlab-ci.yml;
+   it is unclear how this package is released to PyPI."
 
-- Locate the top-level package directory (usually named after the
-  import name, often equal or close to `package.name`).
-- Check `pyproject.toml` / `setup.py` / `setup.cfg` / `README*` for
-  async indicators (`Framework :: AsyncIO` trove classifier, `asyncio`
-  / `aiohttp` / `httpx` / `anyio` in dependencies, an async usage
-  example in the README).
-- Grep the package source for `async def`. A handful of `async def`
-  entries in the public modules is enough to treat the library as
-  having an async surface.
+### Other code hosting providers
 
-If the library is **sync-only** (no `async def` in its public modules
-and no async framework dependency) → ✅
-`Sync-only library; Home Assistant integrations must wrap calls in an
-executor.` *This verdict is the same in both modes.*
+For repositories hosted on platforms other than GitHub or GitLab (e.g.,
+Bitbucket, Codeberg, Gitea, Sourcehut):
+1. Use web-fetch to retrieve the repository's root page and look for any
+   publicly visible CI configuration files (e.g., `.circleci/config.yml`,
+   `Jenkinsfile`, `azure-pipelines.yml`, `bitbucket-pipelines.yml`,
+   `.builds/*.yml` for Sourcehut).
+2. Apply the same conceptual checks as above:
+   - Does publishing run on automated triggers (tags/releases), not solely
+     manual ones?
+   - Are credentials injected by the CI system (not hard-coded)?
+   - Is there a `twine upload` or equivalent step that could be run manually?
+3. If no CI configuration can be retrieved, mark ⚠️ — "Release pipeline could
+   not be inspected; hosting provider is not GitHub or GitLab."
 
-#### Step 2a — Mode: new package (`old_version` is `null`)
+## Step 7 — Post a Review Comment
 
-Inspect **every `async def` in the public modules** for blocking
-patterns. Walk transitively into helpers the async functions call.
+**Always** post a review comment using `add-comment`, regardless of whether
+packages pass or fail.
 
-#### Step 2b — Mode: version bump (`old_version` is a string)
+In the table, use **only the status icon** (✅, ❌, ⚠️, or — for not
+applicable) in each check column — do not include any additional text inside
+table cells. Place all detailed findings in a collapsible `<details>` section
+immediately after the table.
 
-Fetch the diff between the two tags and review **only changed lines**:
+Use the following structure:
 
-- GitHub: `GET /repos/{owner}/{repo}/compare/{old_tag}...{new_tag}` via
-  the `github` MCP tool, or
-  `https://github.com/{owner}/{repo}/compare/{old_tag}...{new_tag}.diff`
-  via `web-fetch`. Try the common tag formats in order until one
-  resolves: `v{version}`, `{version}`, `release-{version}`.
-- GitLab: `https://gitlab.com/{namespace}/{project}/-/compare/{old_tag}...{new_tag}.diff`.
-- Other hosts: use the project's equivalent compare URL via
-  `web-fetch`.
+```
+## Requirements Check
 
-If neither tag format resolves on the host, fall back to a full review
-(Step 2a) and mention in the detail that the diff was unavailable.
+| Package | Type | Old→New | License | Repository Public | CI Upload | Release Pipeline | PR Link | Diff Consistent |
+|---------|------|---------|---------|-------------------|-----------|------------------|---------|-----------------|
+| PackageA | bump | 1.2.3→1.3.0 | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
+| PackageB | new  | —→4.5.6 | ❌ | ✅ | ❌ | ⚠️ | ❌ | ✅ |
+| PackageC | bump | 2.0.0→2.1.0 | ✅ | ❌ | — | — | ⚠️ | ✅ |
 
-When reviewing the diff, only flag blocking patterns that appear in
-**added lines** *inside or reachable from* an `async def`. A blocking
-call that existed in `old_version` and is unchanged is not a regression
-for this bump.
+<details [open if any check has ❌ or ⚠️]>
+<summary>Check details</summary>
 
-#### Step 3 — Blocking patterns to look for
+**PackageA (bump 1.2.3→1.3.0):**
+- License: ✅ MIT
+- Repository Public: ✅
+- CI Upload: ✅
+- Release Pipeline: ✅ OIDC (`pypa/gh-action-pypi-publish`, `release: published` trigger)
+- PR Link: ✅ compare/v1.2.3...v1.3.0
+- Diff Consistent: ✅
 
-In both modes, the patterns to flag inside `async def` bodies are:
+**PackageB (new —→4.5.6):**
+- License: ❌ UNKNOWN — license could not be determined
+- Repository Public: ✅
+- CI Upload: ❌ — release has no provenance attestation; it may have been uploaded manually
+- Release Pipeline: ⚠️ — no publish workflow found
+- PR Link: ❌ — missing repo link; PR description must link to the source repository
+- Diff Consistent: ✅
 
-- Sync HTTP: `requests.`, `urllib.request`, `urllib3.` direct use,
-  `http.client.`, sync `httpx.Client(` / `httpx.get(` (NOT the
-  `AsyncClient`), `pycurl`.
-- `time.sleep(` (must be `await asyncio.sleep(`).
-- Sync sockets: bare `socket.socket` reads/writes, `ssl.wrap_socket`,
-  blocking `select.select`.
-- File I/O: `open(` / `pathlib.Path.read_*` / `.write_*` for
-  non-trivial sizes (small one-shot reads during import are
-  acceptable; reads/writes on the request path are not — prefer
-  `aiofiles` / executor).
-- Sync DB drivers used directly: `sqlite3`, `psycopg2`, `pymysql`,
-  `pymongo` (sync client), `redis.Redis` (sync client).
-- `subprocess.run` / `subprocess.call` / `os.system` (must be
-  `asyncio.create_subprocess_*`).
+**PackageC (bump 2.0.0→2.1.0):**
+- License: ✅ Apache-2.0
+- Repository Public: ❌ — source repository is not publicly accessible
+- CI Upload: — (skipped; repository not accessible)
+- Release Pipeline: — (skipped; repository not accessible)
+- PR Link: ⚠️ — link found but points to wrong repository
+- Diff Consistent: ✅
 
-A call that is clearly dispatched to an executor
-(`run_in_executor`, `asyncio.to_thread`, `anyio.to_thread.run_sync`)
-does NOT count as blocking.
+</details>
+```
 
-#### Step 4 — Verdict
-
-- ✅ — no offending blocking pattern in the surface being reviewed
-  (whole tree for a new package, added lines for a bump). For a bump,
-  phrase the detail as `No new blocking calls introduced in
-  {old_version} → {new_version}.`.
-- ⚠️ — blocking calls exist only in sync helpers that the async API
-  does not call, or only on a clearly non-hot path (e.g. one-shot
-  setup before the event loop is running). Cite at least one
-  `<file>:<line>` and explain why it is not on the hot path.
-- ❌ — a blocking call is reachable from an `async def` that is part
-  of the public API on the request / polling path (for a bump: the
-  call was introduced or moved onto the hot path by this version).
-  Cite the offending `<file>:<line>` as a clickable link on the repo
-  host so the contributor can jump to it.
+The `<details>` element behavior:
+- If **all packages pass every check** (all ✅ or —): use `<details>` (collapsed
+  by default) and add a brief confirmation before the details section:
+  `All requirements checks passed. ✅`
+- If **any package has a failure or warning** (any ❌ or ⚠️): use `<details open>`
+  (expanded by default). The details section must explain each failure and what
+  the contributor needs to fix, including:
+  - The expected source repository URL (from PyPI) when a link is missing or wrong.
+  - The expected version range (old → new) when a changelog URL doesn't match the diff.
+  - Whether the PyPI release lacks provenance attestation or uses an insecure publish method.
+  - Whether the source repository is not publicly accessible.
 
 ## Notes
 
-- Be constructive and helpful. Reference the inspected workflow / CI
-  file by URL where useful so the contributor can fix the issue.
-- The dedup of the requirements-check comment is handled by gh-aw's
-  `add_comment` safe-output via the `<!-- requirements-check -->`
-  marker on the first line of `rendered_comment`.
-- If the deterministic workflow concluded with a non-success status,
-  this workflow's `if:` guard on `Download deterministic-results
-  artifact` skipped the download. If you find no file at
-  `/tmp/gh-aw/deterministic/results.json`, emit nothing — the post-step
-  verification is also gated and will not complain.
+- Be constructive and helpful. Provide direct links where possible so the
+  contributor can quickly fix the issue.
+- If PyPI returns an error for a package, mention that it could not be found and
+  suggest the contributor verify the package name.
+- For packages that only appear in `homeassistant/package_constraints.txt` or
+  `pyproject.toml` without being tied to a specific integration, the PR
+  description link requirement still applies.
+- When checking test-only packages (from `requirements_test.txt` or
+  `requirements_test_all.txt`), apply the same license, repository, and PR
+  description checks as for production dependencies.
+- A package that appears in both a production file and a test file should only
+  be reported once; use the production file entry as the canonical one.

.github/workflows/ci.yaml

@@ -37,9 +37,10 @@ on:
         type: boolean
 
 env:
-  CACHE_VERSION: 4
+  CACHE_VERSION: 3
+  UV_CACHE_VERSION: 1
   MYPY_CACHE_VERSION: 1
-  HA_SHORT_VERSION: "2026.6"
+  HA_SHORT_VERSION: "2026.5"
   ADDITIONAL_PYTHON_VERSIONS: "[]"
   # 10.3 is the oldest supported version
   # - 10.3.32 is the version currently shipped with Synology (as of 17 Feb 2022)
@@ -60,7 +61,9 @@ env:
   # - 15.2 is the latest (as of 9 Feb 2023)
   POSTGRESQL_VERSIONS: "['postgres:12.14','postgres:15.2']"
   UV_CACHE_DIR: /tmp/uv-cache
-  APT_CACHE_VERSION: 1
+  APT_CACHE_BASE: /home/runner/work/apt
+  APT_CACHE_DIR: /home/runner/work/apt/cache
+  APT_LIST_CACHE_DIR: /home/runner/work/apt/lists
   SQLALCHEMY_WARN_20: 1
   PYTHONASYNCIODEBUG: 1
   HASS_CI: 1
@@ -84,13 +87,12 @@ jobs:
       core: ${{ steps.core.outputs.changes }}
       integrations_glob: ${{ steps.info.outputs.integrations_glob }}
       integrations: ${{ steps.integrations.outputs.changes }}
+      apt_cache_key: ${{ steps.generate_apt_cache_key.outputs.key }}
       python_cache_key: ${{ steps.generate_python_cache_key.outputs.key }}
       requirements: ${{ steps.core.outputs.requirements }}
       mariadb_groups: ${{ steps.info.outputs.mariadb_groups }}
       postgresql_groups: ${{ steps.info.outputs.postgresql_groups }}
       python_versions: ${{ steps.info.outputs.python_versions }}
-      default_python: ${{ steps.info.outputs.default_python }}
-      uv_version: ${{ steps.info.outputs.uv_version }}
       test_full_suite: ${{ steps.info.outputs.test_full_suite }}
       test_group_count: ${{ steps.info.outputs.test_group_count }}
       test_groups: ${{ steps.info.outputs.test_groups }}
@@ -115,6 +117,10 @@ jobs:
           # Include HA_SHORT_VERSION to force the immediate creation
           # of a new uv cache entry after a version bump.
           echo "key=venv-${CACHE_VERSION}-${HA_SHORT_VERSION}-${HASH_REQUIREMENTS_TEST}-${HASH_REQUIREMENTS}-${HASH_REQUIREMENTS_ALL}-${HASH_PACKAGE_CONSTRAINTS}-${HASH_GEN_REQUIREMENTS}" >> $GITHUB_OUTPUT
+      - name: Generate partial apt restore key
+        id: generate_apt_cache_key
+        run: |
+          echo "key=$(lsb_release -rs)-apt-${CACHE_VERSION}-${HA_SHORT_VERSION}" >> $GITHUB_OUTPUT
       - name: Filter for core changes
         uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
         id: core
@@ -237,11 +243,6 @@ jobs:
           echo "postgresql_groups=${postgresql_groups}" >> $GITHUB_OUTPUT
           echo "python_versions: ${all_python_versions}"
           echo "python_versions=${all_python_versions}" >> $GITHUB_OUTPUT
-          echo "default_python: ${default_python}"
-          echo "default_python=${default_python}" >> $GITHUB_OUTPUT
-          uv_version=$(grep '^uv==' requirements.txt | cut -d'=' -f3)
-          echo "uv_version: ${uv_version}"
-          echo "uv_version=${uv_version}" >> $GITHUB_OUTPUT
           echo "test_full_suite: ${test_full_suite}"
           echo "test_full_suite=${test_full_suite}" >> $GITHUB_OUTPUT
           echo "integrations_glob: ${integrations_glob}"
@@ -281,7 +282,7 @@ jobs:
           echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json"
           echo "::add-matcher::.github/workflows/matchers/codespell.json"
       - name: Run prek
-        uses: j178/prek-action@6ad80277337ad479fe43bd70701c3f7f8aa74db3 # v2.0.3
+        uses: j178/prek-action@cbc2f23eb5539cf20d82d1aabd0d0ecbcc56f4e3 # v2.0.2
         env:
           PREK_SKIP: no-commit-to-branch,mypy,pylint,gen_requirements_all,hassfest,hassfest-metadata,hassfest-mypy-config,zizmor
           RUFF_OUTPUT_FORMAT: github
@@ -302,7 +303,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Run zizmor
-        uses: j178/prek-action@6ad80277337ad479fe43bd70701c3f7f8aa74db3 # v2.0.3
+        uses: j178/prek-action@cbc2f23eb5539cf20d82d1aabd0d0ecbcc56f4e3 # v2.0.2
         with:
           extra-args: --all-files zizmor
 
@@ -351,74 +352,108 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-      - name: Set up uv and Python ${{ matrix.python-version }}
+      - name: Set up Python ${{ matrix.python-version }}
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
           python-version: ${{ matrix.python-version }}
+          check-latest: true
+      - name: Generate partial uv restore key
+        id: generate-uv-key
+        run: |
+          uv_version=$(cat requirements.txt | grep uv | cut -d '=' -f 3)
+          echo "version=${uv_version}" >> $GITHUB_OUTPUT
+          echo "key=uv-${UV_CACHE_VERSION}-${uv_version}-${HA_SHORT_VERSION}-$(date -u '+%Y-%m-%dT%H:%M:%s')" >> $GITHUB_OUTPUT
       - name: Restore base Python virtual environment
         id: cache-venv
-        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
           path: venv
           key: >-
             ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-${{
             needs.info.outputs.python_cache_key }}
-      - name: Generate partial uv restore key
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        id: generate-uv-key
-        env:
-          RUNNER_OS: ${{ runner.os }}
-          RUNNER_ARCH: ${{ runner.arch }}
-          PYTHON_VERSION: ${{ steps.python.outputs.python-version }}
-          HASH_FILES: ${{ hashFiles('requirements.txt', 'requirements_all.txt', 'requirements_test.txt', 'homeassistant/package_constraints.txt') }}
-        run: |
-          partial_key="${RUNNER_OS}-${RUNNER_ARCH}-${PYTHON_VERSION}-uv-"
-          echo "partial_key=${partial_key}" >> $GITHUB_OUTPUT
-          echo "full_key=${partial_key}${HASH_FILES}" >> $GITHUB_OUTPUT
       - name: Restore uv wheel cache
         if: steps.cache-venv.outputs.cache-hit != 'true'
-        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
           path: ${{ env.UV_CACHE_DIR }}
-          key: ${{ steps.generate-uv-key.outputs.full_key }}
-          restore-keys: ${{ steps.generate-uv-key.outputs.partial_key }}
-      - name: Install additional OS dependencies
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-${{
+            steps.generate-uv-key.outputs.key }}
+          restore-keys: |
+            ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-uv-${{
+            env.UV_CACHE_VERSION }}-${{ steps.generate-uv-key.outputs.version }}-${{
+            env.HA_SHORT_VERSION }}-
+      - name: Check if apt cache exists
+        id: cache-apt-check
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
         with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-            libxml2-utils
-            libavcodec-dev
-            libavdevice-dev
-            libavfilter-dev
-            libavformat-dev
-            libavutil-dev
-            libswresample-dev
-            libswscale-dev
+          lookup-only: ${{ steps.cache-venv.outputs.cache-hit == 'true' }}
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
+      - name: Install additional OS dependencies
+        if: |
+          steps.cache-venv.outputs.cache-hit != 'true'
+          || steps.cache-apt-check.outputs.cache-hit != 'true'
+        timeout-minutes: 10
+        env:
+          APT_CACHE_HIT: ${{ steps.cache-apt-check.outputs.cache-hit }}
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          if [[ "${APT_CACHE_HIT}" != 'true' ]]; then
+            mkdir -p ${APT_CACHE_DIR}
+            mkdir -p ${APT_LIST_CACHE_DIR}
+          fi
+
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
+            libxml2-utils \
+            libavcodec-dev \
+            libavdevice-dev \
+            libavfilter-dev \
+            libavformat-dev \
+            libavutil-dev \
+            libswresample-dev \
+            libswscale-dev \
             libudev-dev
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
+
+          if [[ "${APT_CACHE_HIT}" != 'true' ]]; then
+            sudo chmod -R 755 ${APT_CACHE_BASE}
+          fi
+      - name: Save apt cache
+        if: steps.cache-apt-check.outputs.cache-hit != 'true'
+        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
       - name: Create Python virtual environment
         if: steps.cache-venv.outputs.cache-hit != 'true'
-        id: create-venv
-        env:
-          PYTHON_VERSION: ${{ steps.python.outputs.python-version }}
         run: |
-          uv venv venv --python "${PYTHON_VERSION}"
+          python -m venv venv
           . venv/bin/activate
           python --version
+          pip install "$(grep '^uv' < requirements.txt)"
           uv pip install -U "pip>=25.2"
           uv pip install -r requirements.txt
-          uv pip install -r requirements_all.txt -r requirements_test.txt
+          python -m script.gen_requirements_all ci
+          uv pip install -r requirements_all_pytest.txt -r requirements_test.txt
           uv pip install -e . --config-settings editable_mode=compat
       - name: Dump pip freeze
         run: |
+          python -m venv venv
           . venv/bin/activate
           python --version
           uv pip freeze >> pip_freeze.txt
@@ -430,29 +465,12 @@ jobs:
           overwrite: true
       - name: Remove pip_freeze
         run: rm pip_freeze.txt
+      - name: Remove generated requirements_all
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: rm requirements_all_pytest.txt requirements_all_wheels_*.txt
       - name: Check dirty
         run: |
           ./script/check_dirty
-      - name: Prune uv cache
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        id: prune-uv-cache
-        run: |
-          . venv/bin/activate
-          uv cache prune --ci
-      - name: Save uv wheel cache
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-        with:
-          path: ${{ env.UV_CACHE_DIR }}
-          key: ${{ steps.generate-uv-key.outputs.full_key }}
-      - name: Save base Python virtual environment
-        if: always() && steps.create-venv.outcome == 'success'
-        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-        with:
-          path: venv
-          key: >-
-            ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-${{
-            needs.info.outputs.python_cache_key }}
 
   hassfest:
     name: Check hassfest
@@ -467,22 +485,36 @@ jobs:
       && github.event.inputs.mypy-only != 'true'
       && github.event.inputs.audit-licenses-only != 'true'
     steps:
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
+      - name: Install additional OS dependencies
+        timeout-minutes: 10
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            libturbojpeg
       - name: Check out code from GitHub
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-      - name: Install additional OS dependencies
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: libturbojpeg
-          version: ${{ env.APT_CACHE_VERSION }}
       - name: Set up Python
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
-          python-version: ${{ needs.info.outputs.default_python }}
+          python-version-file: ".python-version"
+          check-latest: true
       - name: Restore full Python virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -516,10 +548,10 @@ jobs:
           persist-credentials: false
       - name: Set up Python
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
-          python-version: ${{ needs.info.outputs.default_python }}
+          python-version-file: ".python-version"
+          check-latest: true
       - name: Restore full Python virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -552,10 +584,10 @@ jobs:
           persist-credentials: false
       - name: Set up Python
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
-          python-version: ${{ needs.info.outputs.default_python }}
+          python-version-file: ".python-version"
+          check-latest: true
       - name: Run gen_copilot_instructions.py
         run: |
           python -m script.gen_copilot_instructions validate
@@ -579,7 +611,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Dependency review
-        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
+        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
         with:
           license-check: false # We use our own license audit checks
 
@@ -607,10 +639,10 @@ jobs:
           persist-credentials: false
       - name: Set up Python ${{ matrix.python-version }}
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
           python-version: ${{ matrix.python-version }}
+          check-latest: true
       - name: Restore full Python ${{ matrix.python-version }} virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -658,10 +690,10 @@ jobs:
           persist-credentials: false
       - name: Set up Python
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
-          python-version: ${{ needs.info.outputs.default_python }}
+          python-version-file: ".python-version"
+          check-latest: true
       - name: Restore full Python virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -711,10 +743,10 @@ jobs:
           persist-credentials: false
       - name: Set up Python
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
-          python-version: ${{ needs.info.outputs.default_python }}
+          python-version-file: ".python-version"
+          check-latest: true
       - name: Restore full Python virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -762,10 +794,10 @@ jobs:
           persist-credentials: false
       - name: Set up Python
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
-          python-version: ${{ needs.info.outputs.default_python }}
+          python-version-file: ".python-version"
+          check-latest: true
       - name: Generate partial mypy restore key
         id: generate-mypy-key
         run: |
@@ -800,7 +832,7 @@ jobs:
         run: |
           . venv/bin/activate
           python --version
-          mypy --num-workers=4 homeassistant pylint
+          mypy homeassistant pylint
       - name: Run mypy (partially)
         if: needs.info.outputs.test_full_suite == 'false'
         shell: bash
@@ -809,7 +841,7 @@ jobs:
         run: |
           . venv/bin/activate
           python --version
-          mypy --num-workers=4 $(printf "homeassistant/components/%s " ${INTEGRATIONS_GLOB})
+          mypy $(printf "homeassistant/components/%s " ${INTEGRATIONS_GLOB})
 
   prepare-pytest-full:
     name: Split tests for full run
@@ -823,26 +855,38 @@ jobs:
       - info
       - base
     steps:
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
+      - name: Install additional OS dependencies
+        timeout-minutes: 10
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg
       - name: Check out code from GitHub
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-      - name: Install additional OS dependencies
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
       - name: Set up Python
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
-          python-version: ${{ needs.info.outputs.default_python }}
+          python-version-file: ".python-version"
+          check-latest: true
       - name: Restore full Python virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -887,27 +931,39 @@ jobs:
         python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
         group: ${{ fromJson(needs.info.outputs.test_groups) }}
     steps:
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
+      - name: Install additional OS dependencies
+        timeout-minutes: 10
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
+            libxml2-utils
       - name: Check out code from GitHub
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-      - name: Install additional OS dependencies
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
       - name: Set up Python ${{ matrix.python-version }}
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
           python-version: ${{ matrix.python-version }}
+          check-latest: true
       - name: Restore full Python ${{ matrix.python-version }} virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -1011,7 +1067,6 @@ jobs:
         options: >-
           --health-cmd="if command -v mariadb-admin >/dev/null; then mariadb-admin ping -uroot -ppassword; else mysqladmin ping -uroot -ppassword; fi"
           --health-interval=5s --health-timeout=2s --health-retries=3
-          --tmpfs /var/lib/mysql:size=2g,mode=0750
     needs:
       - info
       - base
@@ -1028,28 +1083,40 @@ jobs:
         python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
         mariadb-group: ${{ fromJson(needs.info.outputs.mariadb_groups) }}
     steps:
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
+      - name: Install additional OS dependencies
+        timeout-minutes: 10
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
+            libmariadb-dev-compat \
+            libxml2-utils
       - name: Check out code from GitHub
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-      - name: Install additional OS dependencies
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-            libmariadb-dev-compat
-            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
       - name: Set up Python ${{ matrix.python-version }}
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
           python-version: ${{ matrix.python-version }}
+          check-latest: true
       - name: Restore full Python ${{ matrix.python-version }} virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -1157,10 +1224,7 @@ jobs:
           - 5432:5432
         env:
           POSTGRES_PASSWORD: password
-        options: >-
-          --health-cmd="pg_isready -hlocalhost -Upostgres"
-          --health-interval=5s --health-timeout=2s --health-retries=3
-          --tmpfs /var/lib/postgresql/data:size=2g,mode=0700
+        options: --health-cmd="pg_isready -hlocalhost -Upostgres" --health-interval=5s --health-timeout=2s --health-retries=3
     needs:
       - info
       - base
@@ -1177,35 +1241,42 @@ jobs:
         python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
         postgresql-group: ${{ fromJson(needs.info.outputs.postgresql_groups) }}
     steps:
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
+      - name: Install additional OS dependencies
+        timeout-minutes: 10
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
+            libxml2-utils
+          sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y
+          sudo apt-get -y install \
+            postgresql-server-dev-14
       - name: Check out code from GitHub
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-      - name: Install additional OS dependencies
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
-      - name: Set up PostgreSQL apt repository
-        run: sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y
-      - name: Cache PostgreSQL development headers
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: postgresql-server-dev-14
-          version: ${{ env.APT_CACHE_VERSION }}
       - name: Set up Python ${{ matrix.python-version }}
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
           python-version: ${{ matrix.python-version }}
+          check-latest: true
       - name: Restore full Python ${{ matrix.python-version }} virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -1353,27 +1424,39 @@ jobs:
         python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
         group: ${{ fromJson(needs.info.outputs.test_groups) }}
     steps:
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
+      - name: Install additional OS dependencies
+        timeout-minutes: 10
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
+            libxml2-utils
       - name: Check out code from GitHub
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
-      - name: Install additional OS dependencies
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
       - name: Set up Python ${{ matrix.python-version }}
         id: python
-        uses: ./.github/actions/setup-uv-python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
-          uv-version: ${{ needs.info.outputs.uv_version }}
           python-version: ${{ matrix.python-version }}
+          check-latest: true
       - name: Restore full Python ${{ matrix.python-version }} virtual environment
         id: cache-venv
         uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5

.github/workflows/codeql.yml

@@ -28,11 +28,11 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
         with:
           languages: python
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
         with:
           category: "/language:python"

.github/workflows/detect-duplicate-issues.yml

@@ -236,7 +236,7 @@ jobs:
       - name: Detect duplicates using AI
         id: ai_detection
         if: steps.extract.outputs.should_continue == 'true' && steps.fetch_similar.outputs.has_similar == 'true'
-        uses: actions/ai-inference@17ff458cb182449bbb2e43701fcd98f6af8f6570 # v2.1.0
+        uses: actions/ai-inference@e09e65981758de8b2fdab13c2bfb7c7d5493b0b6 # v2.0.7
         with:
           model: openai/gpt-4o
           system-prompt: |

.github/workflows/detect-non-english-issues.yml

@@ -62,7 +62,7 @@ jobs:
       - name: Detect language using AI
         id: ai_language_detection
         if: steps.detect_language.outputs.should_continue == 'true'
-        uses: actions/ai-inference@17ff458cb182449bbb2e43701fcd98f6af8f6570 # v2.1.0
+        uses: actions/ai-inference@e09e65981758de8b2fdab13c2bfb7c7d5493b0b6 # v2.0.7
         with:
           model: openai/gpt-4o-mini
           system-prompt: |

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.13
+    rev: v0.15.10
     hooks:
       - id: ruff-check
         args:
@@ -23,7 +23,7 @@ repos:
       - id: zizmor
         args:
           - --pedantic
-        exclude: ^\.github/workflows/.*\.lock\.yml$
+        exclude: ^\.github/workflows/check-requirements\.lock\.yml$
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v6.0.0
     hooks:
@@ -47,7 +47,7 @@ repos:
         additional_dependencies:
           - prettier@3.6.2
           - prettier-plugin-sort-json@4.2.0
-        exclude: ^\.github/workflows/.*\.lock\.yml$
+        exclude: ^\.github/workflows/check-requirements\.lock\.yml$
   - repo: https://github.com/cdce8p/python-typing-update
     rev: v0.6.0
     hooks:

.python-version

@@ -1 +1 @@
-3.14.5
+3.14.2

.strict-typing

@@ -139,7 +139,6 @@ homeassistant.components.cambridge_audio.*
 homeassistant.components.camera.*
 homeassistant.components.canary.*
 homeassistant.components.casper_glow.*
-homeassistant.components.centriconnect.*
 homeassistant.components.cert_expiry.*
 homeassistant.components.clickatell.*
 homeassistant.components.clicksend.*
@@ -156,7 +155,6 @@ homeassistant.components.counter.*
 homeassistant.components.cover.*
 homeassistant.components.cpuspeed.*
 homeassistant.components.crownstone.*
-homeassistant.components.data_grand_lyon.*
 homeassistant.components.date.*
 homeassistant.components.datetime.*
 homeassistant.components.deako.*
@@ -250,7 +248,6 @@ homeassistant.components.gpsd.*
 homeassistant.components.greeneye_monitor.*
 homeassistant.components.group.*
 homeassistant.components.guardian.*
-homeassistant.components.guntamatic.*
 homeassistant.components.habitica.*
 homeassistant.components.hardkernel.*
 homeassistant.components.hardware.*
@@ -298,7 +295,6 @@ homeassistant.components.imap.*
 homeassistant.components.imgw_pib.*
 homeassistant.components.immich.*
 homeassistant.components.incomfort.*
-homeassistant.components.indevolt.*
 homeassistant.components.inels.*
 homeassistant.components.infrared.*
 homeassistant.components.input_button.*
@@ -358,7 +354,6 @@ homeassistant.components.lunatone.*
 homeassistant.components.lutron.*
 homeassistant.components.madvr.*
 homeassistant.components.manual.*
-homeassistant.components.marantz_infrared.*
 homeassistant.components.mastodon.*
 homeassistant.components.matrix.*
 homeassistant.components.matter.*
@@ -425,11 +420,9 @@ homeassistant.components.opower.*
 homeassistant.components.oralb.*
 homeassistant.components.otbr.*
 homeassistant.components.otp.*
-homeassistant.components.ouman_eh_800.*
 homeassistant.components.overkiz.*
 homeassistant.components.overseerr.*
 homeassistant.components.p1_monitor.*
-homeassistant.components.paj_gps.*
 homeassistant.components.panel_custom.*
 homeassistant.components.paperless_ngx.*
 homeassistant.components.peblar.*
@@ -449,7 +442,6 @@ homeassistant.components.private_ble_device.*
 homeassistant.components.prometheus.*
 homeassistant.components.proximity.*
 homeassistant.components.prusalink.*
-homeassistant.components.ptdevices.*
 homeassistant.components.pure_energie.*
 homeassistant.components.purpleair.*
 homeassistant.components.pushbullet.*
@@ -492,7 +484,6 @@ homeassistant.components.rss_feed_template.*
 homeassistant.components.russound_rio.*
 homeassistant.components.ruuvi_gateway.*
 homeassistant.components.ruuvitag_ble.*
-homeassistant.components.samsung_infrared.*
 homeassistant.components.samsungtv.*
 homeassistant.components.saunum.*
 homeassistant.components.scene.*

.vscode/tasks.json

@@ -132,7 +132,7 @@
       "problemMatcher": []
     },
     {
-      "label": "Install all production Requirements",
+      "label": "Install all Requirements",
       "type": "shell",
       "command": "uv pip install -r requirements_all.txt",
       "group": {
@@ -146,9 +146,9 @@
       "problemMatcher": []
     },
     {
-      "label": "Install all (test & production) Requirements",
+      "label": "Install all Test Requirements",
       "type": "shell",
-      "command": "uv pip install -r requirements_all.txt -r requirements_test.txt",
+      "command": "uv pip install -r requirements.txt -r requirements_test_all.txt",
       "group": {
         "kind": "build",
         "isDefault": true

.yamllint

@@ -1,6 +1,6 @@
 ignore: |
   tests/fixtures/core/config/yaml_errors/
-  .github/workflows/*.lock.yml
+  .github/workflows/check-requirements.lock.yml
 rules:
   braces:
     level: error

AGENTS.md

@@ -6,36 +6,22 @@ This repository contains the core of Home Assistant, a Python 3 based home autom
 
 - **Do NOT amend, squash, or rebase commits that have already been pushed to the PR branch after the PR is opened** - Reviewers need to follow the commit history, as well as see what changed since their last review
 
-## Pull Requests
-
-- When opening a pull request, use the repository's PR template (`.github/PULL_REQUEST_TEMPLATE.md`). NEVER REMOVE ANYTHING from the template.
-- Do not remove checkboxes that are not checked — leave all unchecked checkboxes in place so reviewers can see which options were not selected.
-
 ## Development Commands
 
-- When entering a new environment or worktree, run `script/setup` to set up the virtual environment with all development dependencies (pylint, pre-commit hooks, etc.). This is required before committing.
-- .vscode/tasks.json contains useful commands used for development.
+.vscode/tasks.json contains useful commands used for development.
 
 ## Python Syntax Notes
 
-- Home Assistant officially supports Python 3.14 as its minimum version. Do not flag syntax or features that require Python 3.14 as issues, and do not suggest workarounds for older Python versions.
-- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses. Never flag this as an issue.
-- Python 3.14 evaluates annotations lazily (PEP 649). Forward references in annotations do not need to be quoted — annotations can reference names defined later in the module without quoting them or using `from __future__ import annotations`. Do not flag unquoted forward references in annotations as issues.
+- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses.
 
 ## Testing
 
-- Use `uv run pytest` to run tests
-- After modifying `strings.json` for an integration, regenerate the English translation file before running tests: `.venv/bin/python3 -m script.translations develop --integration <integration_name>`. Tests load translations from the generated `translations/en.json`, not directly from `strings.json`.
-- When writing or modifying tests, ensure all test function parameters have type annotations.
-- Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.
-- Prefer `@pytest.mark.usefixtures` over arguments, if the argument is not going to be used.
-- Avoid using conditions/branching in tests. Instead, either split tests or adjust the test parametrization to cover all cases without branching.
-- If multiple tests share most of their code, use `pytest.mark.parametrize` to merge them into a single parameterized test instead of duplicating the body. Use `pytest.param` with an `id` parameter to name the test cases clearly.
-- We use Syrupy for snapshot testing. Leverage `.ambr` snapshots instead of repetitive and exhaustive generation of test data within Python code itself.
+When writing or modifying tests, ensure all test function parameters have type annotations.
+Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.
 
 ## Good practices
 
-- Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
-- When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
-- When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.
-- Do not add comments that just restate the code on the following line(s) (e.g. `# Check if initialized` above `if self.initialized:`). Comments should only explain why — non-obvious constraints, surprising behavior, or workarounds — never what.
+Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
+
+When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
+When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.

CODEOWNERS

@@ -68,8 +68,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/agent_dvr/ @ispysoftware
 /homeassistant/components/ai_task/ @home-assistant/core
 /tests/components/ai_task/ @home-assistant/core
-/homeassistant/components/aidot/ @s1eedz @HongBryan
-/tests/components/aidot/ @s1eedz @HongBryan
 /homeassistant/components/air_quality/ @home-assistant/core
 /tests/components/air_quality/ @home-assistant/core
 /homeassistant/components/airgradient/ @airgradienthq @joostlek
@@ -198,7 +196,6 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/autoskope/ @mcisk
 /tests/components/autoskope/ @mcisk
 /homeassistant/components/avea/ @pattyland
-/tests/components/avea/ @pattyland
 /homeassistant/components/awair/ @ahayworth @ricohageman
 /tests/components/awair/ @ahayworth @ricohageman
 /homeassistant/components/aws_s3/ @tomasbedrich
@@ -291,16 +288,12 @@ CLAUDE.md @home-assistant/core
 /tests/components/cast/ @emontnemery
 /homeassistant/components/ccm15/ @ocalvo
 /tests/components/ccm15/ @ocalvo
-/homeassistant/components/centriconnect/ @gresrun
-/tests/components/centriconnect/ @gresrun
 /homeassistant/components/cert_expiry/ @jjlawren
 /tests/components/cert_expiry/ @jjlawren
 /homeassistant/components/chacon_dio/ @cnico
 /tests/components/chacon_dio/ @cnico
 /homeassistant/components/chess_com/ @joostlek
 /tests/components/chess_com/ @joostlek
-/homeassistant/components/cielo_home/ @ihsan-cielo @mudasar-cielo
-/tests/components/cielo_home/ @ihsan-cielo @mudasar-cielo
 /homeassistant/components/cisco_ios/ @fbradyirl
 /homeassistant/components/cisco_mobility_express/ @fbradyirl
 /homeassistant/components/cisco_webex_teams/ @fbradyirl
@@ -352,8 +345,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/cync/ @Kinachi249
 /homeassistant/components/daikin/ @fredrike
 /tests/components/daikin/ @fredrike
-/homeassistant/components/data_grand_lyon/ @Crocmagnon
-/tests/components/data_grand_lyon/ @Crocmagnon
 /homeassistant/components/date/ @home-assistant/core
 /tests/components/date/ @home-assistant/core
 /homeassistant/components/datetime/ @home-assistant/core
@@ -697,8 +688,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/growatt_server/ @johanzander
 /homeassistant/components/guardian/ @bachya
 /tests/components/guardian/ @bachya
-/homeassistant/components/guntamatic/ @JensTimmerman
-/tests/components/guntamatic/ @JensTimmerman
 /homeassistant/components/habitica/ @tr4nt0r
 /tests/components/habitica/ @tr4nt0r
 /homeassistant/components/hanna/ @bestycame
@@ -769,8 +758,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/homewizard/ @DCSBL
 /homeassistant/components/honeywell/ @rdfurman @mkmer
 /tests/components/honeywell/ @rdfurman @mkmer
-/homeassistant/components/honeywell_string_lights/ @balloob
-/tests/components/honeywell_string_lights/ @balloob
 /homeassistant/components/hr_energy_qube/ @MattieGit
 /tests/components/hr_energy_qube/ @MattieGit
 /homeassistant/components/html5/ @alexyao2015 @tr4nt0r
@@ -862,8 +849,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/input_select/ @home-assistant/core
 /homeassistant/components/input_text/ @home-assistant/core
 /tests/components/input_text/ @home-assistant/core
-/homeassistant/components/insteon/ @teharris1 @ssyrell
-/tests/components/insteon/ @teharris1 @ssyrell
+/homeassistant/components/insteon/ @teharris1
+/tests/components/insteon/ @teharris1
 /homeassistant/components/integration/ @dgomes
 /tests/components/integration/ @dgomes
 /homeassistant/components/intelliclima/ @dvdinth
@@ -983,8 +970,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/lektrico/ @lektrico
 /homeassistant/components/letpot/ @jpelgrom
 /tests/components/letpot/ @jpelgrom
-/homeassistant/components/lg_infrared/ @abmantis
-/tests/components/lg_infrared/ @abmantis
+/homeassistant/components/lg_infrared/ @home-assistant/core
+/tests/components/lg_infrared/ @home-assistant/core
 /homeassistant/components/lg_netcast/ @Drafteed @splinter98
 /tests/components/lg_netcast/ @Drafteed @splinter98
 /homeassistant/components/lg_thinq/ @LG-ThinQ-Integration
@@ -1047,8 +1034,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/lyric/ @timmo001
 /homeassistant/components/madvr/ @iloveicedgreentea
 /tests/components/madvr/ @iloveicedgreentea
-/homeassistant/components/marantz_infrared/ @balloob
-/tests/components/marantz_infrared/ @balloob
 /homeassistant/components/mastodon/ @fabaff @andrew-codechimp
 /tests/components/mastodon/ @fabaff @andrew-codechimp
 /homeassistant/components/matrix/ @PaarthShah
@@ -1105,8 +1090,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/minecraft_server/ @elmurato @zachdeibert
 /homeassistant/components/minio/ @tkislan
 /tests/components/minio/ @tkislan
-/homeassistant/components/mitsubishi_comfort/ @nikolairahimi
-/tests/components/mitsubishi_comfort/ @nikolairahimi
 /homeassistant/components/moat/ @bdraco
 /tests/components/moat/ @bdraco
 /homeassistant/components/mobile_app/ @home-assistant/core
@@ -1218,8 +1201,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/notify_events/ @matrozov @papajojo
 /homeassistant/components/notion/ @bachya
 /tests/components/notion/ @bachya
-/homeassistant/components/novy_cooker_hood/ @piitaya
-/tests/components/novy_cooker_hood/ @piitaya
 /homeassistant/components/nrgkick/ @andijakl
 /tests/components/nrgkick/ @andijakl
 /homeassistant/components/nsw_fuel_station/ @nickw444
@@ -1256,8 +1237,6 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/ollama/ @synesthesiam
 /tests/components/ollama/ @synesthesiam
 /homeassistant/components/ombi/ @larssont
-/homeassistant/components/omie/ @luuuis
-/tests/components/omie/ @luuuis
 /homeassistant/components/onboarding/ @home-assistant/core
 /tests/components/onboarding/ @home-assistant/core
 /homeassistant/components/ondilo_ico/ @JeromeHXP
@@ -1311,8 +1290,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/osoenergy/ @osohotwateriot
 /homeassistant/components/otbr/ @home-assistant/core
 /tests/components/otbr/ @home-assistant/core
-/homeassistant/components/ouman_eh_800/ @Markus98
-/tests/components/ouman_eh_800/ @Markus98
 /homeassistant/components/ourgroceries/ @OnFreund
 /tests/components/ourgroceries/ @OnFreund
 /homeassistant/components/overkiz/ @imicknl
@@ -1323,8 +1300,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/ovo_energy/ @timmo001
 /homeassistant/components/p1_monitor/ @klaasnicolaas
 /tests/components/p1_monitor/ @klaasnicolaas
-/homeassistant/components/paj_gps/ @skipperro
-/tests/components/paj_gps/ @skipperro
 /homeassistant/components/palazzetti/ @dotvav
 /tests/components/palazzetti/ @dotvav
 /homeassistant/components/panel_custom/ @home-assistant/frontend
@@ -1397,8 +1372,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/proxmoxve/ @Corbeno @erwindouna @CoMPaTech
 /homeassistant/components/ps4/ @ktnrg45
 /tests/components/ps4/ @ktnrg45
-/homeassistant/components/ptdevices/ @ParemTech-Inc @frogman85978
-/tests/components/ptdevices/ @ParemTech-Inc @frogman85978
 /homeassistant/components/pterodactyl/ @elmurato
 /tests/components/pterodactyl/ @elmurato
 /homeassistant/components/pure_energie/ @klaasnicolaas
@@ -1413,8 +1386,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/pushover/ @engrbm87
 /homeassistant/components/pvoutput/ @frenck
 /tests/components/pvoutput/ @frenck
-/homeassistant/components/pvpc_hourly_pricing/ @azogue @chiro79
-/tests/components/pvpc_hourly_pricing/ @azogue @chiro79
+/homeassistant/components/pvpc_hourly_pricing/ @azogue
+/tests/components/pvpc_hourly_pricing/ @azogue
 /homeassistant/components/pyload/ @tr4nt0r
 /tests/components/pyload/ @tr4nt0r
 /homeassistant/components/qbittorrent/ @geoffreylagaisse @finder39
@@ -1442,8 +1415,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/radarr/ @tkdrob
 /homeassistant/components/radio_browser/ @frenck
 /tests/components/radio_browser/ @frenck
-/homeassistant/components/radio_frequency/ @home-assistant/core
-/tests/components/radio_frequency/ @home-assistant/core
 /homeassistant/components/radiotherm/ @vinnyfuria
 /tests/components/radiotherm/ @vinnyfuria
 /homeassistant/components/rainbird/ @konikvranik @allenporter
@@ -1512,8 +1483,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/roku/ @ctalkington
 /homeassistant/components/romy/ @xeniter
 /tests/components/romy/ @xeniter
-/homeassistant/components/roomba/ @pschmitt @cyr-ius @shenxn
-/tests/components/roomba/ @pschmitt @cyr-ius @shenxn
+/homeassistant/components/roomba/ @pschmitt @cyr-ius @shenxn @Orhideous
+/tests/components/roomba/ @pschmitt @cyr-ius @shenxn @Orhideous
 /homeassistant/components/roon/ @pavoni
 /tests/components/roon/ @pavoni
 /homeassistant/components/route_b_smart_meter/ @SeraphicRav
@@ -1536,10 +1507,8 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/sabnzbd/ @shaiu @jpbede
 /tests/components/sabnzbd/ @shaiu @jpbede
 /homeassistant/components/saj/ @fredericvl
-/homeassistant/components/samsung_infrared/ @lmaertin
-/tests/components/samsung_infrared/ @lmaertin
-/homeassistant/components/samsungtv/ @chemelli74
-/tests/components/samsungtv/ @chemelli74
+/homeassistant/components/samsungtv/ @chemelli74 @epenet
+/tests/components/samsungtv/ @chemelli74 @epenet
 /homeassistant/components/sanix/ @tomaszsluszniak
 /tests/components/sanix/ @tomaszsluszniak
 /homeassistant/components/satel_integra/ @Tommatheussen
@@ -2014,8 +1983,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/wled/ @frenck @mik-laj
 /homeassistant/components/wmspro/ @mback2k
 /tests/components/wmspro/ @mback2k
-/homeassistant/components/wolflink/ @adamkrol93 @EnjoyingM
-/tests/components/wolflink/ @adamkrol93 @EnjoyingM
+/homeassistant/components/wolflink/ @adamkrol93 @mtielen
+/tests/components/wolflink/ @adamkrol93 @mtielen
 /homeassistant/components/workday/ @fabaff @gjohansson-ST
 /tests/components/workday/ @fabaff @gjohansson-ST
 /homeassistant/components/worldclock/ @fabaff
@@ -2036,8 +2005,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/xiaomi_miio/ @rytilahti @syssi @starkillerOG
 /homeassistant/components/xiaomi_tv/ @simse
 /homeassistant/components/xmpp/ @fabaff @flowolf
-/homeassistant/components/xthings_cloud/ @XthingsJacobs
-/tests/components/xthings_cloud/ @XthingsJacobs
 /homeassistant/components/yale/ @bdraco
 /tests/components/yale/ @bdraco
 /homeassistant/components/yale_smart_alarm/ @gjohansson-ST
@@ -2068,8 +2035,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/zeroconf/ @bdraco
 /homeassistant/components/zerproc/ @emlove
 /tests/components/zerproc/ @emlove
-/homeassistant/components/zeversolar/ @kvanzuijlen @mhuiskes
-/tests/components/zeversolar/ @kvanzuijlen @mhuiskes
+/homeassistant/components/zeversolar/ @kvanzuijlen
+/tests/components/zeversolar/ @kvanzuijlen
 /homeassistant/components/zha/ @dmulcahey @adminiuga @puddly @TheJulianJES
 /tests/components/zha/ @dmulcahey @adminiuga @puddly @TheJulianJES
 /homeassistant/components/zimi/ @markhannon

Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile@sha256:2780b5c3bab67f1f76c781860de469442999ed1a0d7992a5efdf2cffc0e3d769
-# Partly generated by hassfest.
+# Automatically generated by hassfest.
 #
 # To update, run python3 -m script.hassfest -p docker
 ARG BUILD_FROM
@@ -26,7 +26,7 @@ WORKDIR /usr/src
 COPY rootfs /
 
 # Add go2rtc binary
-COPY --from=ghcr.io/alexxit/go2rtc:1.9.14@sha256:675c318b23c06fd862a61d262240c9a63436b4050d177ffc68a32710d9e05bae /usr/local/bin/go2rtc /bin/go2rtc
+COPY --from=ghcr.io/alexxit/go2rtc@sha256:675c318b23c06fd862a61d262240c9a63436b4050d177ffc68a32710d9e05bae /usr/local/bin/go2rtc /bin/go2rtc
 
 ## Setup Home Assistant Core dependencies
 COPY --parents requirements.txt homeassistant/package_constraints.txt homeassistant/

homeassistant/__main__.py

@@ -1,5 +1,7 @@
 """Start Home Assistant."""
 
+from __future__ import annotations
+
 import argparse
 from contextlib import suppress
 import faulthandler

homeassistant/auth/__init__.py

@@ -1,5 +1,7 @@
 """Provide an authentication layer for Home Assistant."""
 
+from __future__ import annotations
+
 import asyncio
 from collections import OrderedDict
 from collections.abc import Mapping
@@ -73,12 +75,10 @@ async def auth_manager_from_config(
         provider_hash[key] = provider
 
         if isinstance(provider, HassAuthProvider):
-            # Can be removed in 2026.7 with the legacy mode of
-            # homeassistant auth provider.
-            # We need to initialize the provider to create the repair
-            # if needed as otherwise the provider will be initialized
-            # on first use, which could be rare as users don't
-            # frequently change auth settings
+            # Can be removed in 2026.7 with the legacy mode of homeassistant auth provider
+            # We need to initialize the provider to create the repair if needed as otherwise
+            # the provider will be initialized on first use, which could be rare as users
+            # don't frequently change auth settings
             await provider.async_initialize()
 
     if module_configs:
@@ -134,7 +134,7 @@ class AuthManagerFlowManager(
         """
         flow = cast(LoginFlow, flow)
 
-        if result["type"] is not FlowResultType.CREATE_ENTRY:
+        if result["type"] != FlowResultType.CREATE_ENTRY:
             return result
 
         # we got final result

homeassistant/auth/auth_store.py

@@ -1,5 +1,7 @@
 """Storage for auth models."""
 
+from __future__ import annotations
+
 from datetime import timedelta
 import hmac
 import itertools

homeassistant/auth/jwt_wrapper.py

@@ -5,6 +5,8 @@ we can cache the result of the decode of valid tokens
 to speed up the process.
 """
 
+from __future__ import annotations
+
 from collections.abc import Container, Iterable, Sequence
 from datetime import timedelta
 from functools import lru_cache

homeassistant/auth/mfa_modules/__init__.py

@@ -1,5 +1,7 @@
 """Pluggable auth modules for Home Assistant."""
 
+from __future__ import annotations
+
 import logging
 import types
 from typing import Any

homeassistant/auth/mfa_modules/insecure_example.py

@@ -1,5 +1,7 @@
 """Example auth module."""
 
+from __future__ import annotations
+
 from typing import Any
 
 import voluptuous as vol

homeassistant/auth/mfa_modules/notify.py

@@ -3,6 +3,8 @@
 Sending HOTP through notify service
 """
 
+from __future__ import annotations
+
 import asyncio
 import logging
 from typing import Any, cast

homeassistant/auth/mfa_modules/totp.py

@@ -1,5 +1,7 @@
 """Time-based One Time Password auth module."""
 
+from __future__ import annotations
+
 import asyncio
 from io import BytesIO
 from typing import Any, cast

homeassistant/auth/models.py

@@ -1,5 +1,7 @@
 """Auth models."""
 
+from __future__ import annotations
+
 from datetime import datetime, timedelta
 from ipaddress import IPv4Address, IPv6Address
 import secrets

homeassistant/auth/permissions/__init__.py

@@ -1,7 +1,8 @@
 """Permissions for Home Assistant."""
 
-from collections.abc import Callable, Iterable
-from typing import TYPE_CHECKING
+from __future__ import annotations
+
+from collections.abc import Callable
 
 import voluptuous as vol
 
@@ -12,9 +13,6 @@ from .models import PermissionLookup
 from .types import PolicyType
 from .util import test_all
 
-if TYPE_CHECKING:
-    from ..models import User
-
 POLICY_SCHEMA = vol.Schema({vol.Optional(CAT_ENTITIES): ENTITY_POLICY_SCHEMA})
 
 __all__ = [
@@ -24,21 +22,10 @@ __all__ = [
     "PermissionLookup",
     "PolicyPermissions",
     "PolicyType",
-    "filter_entity_ids_by_permission",
     "merge_policies",
 ]
 
 
-def filter_entity_ids_by_permission(
-    user: User, entity_ids: Iterable[str], key: str
-) -> list[str]:
-    """Filter entity IDs to those the user can access for the given policy key."""
-    if user.is_admin or user.permissions.access_all_entities(key):
-        return list(entity_ids)
-    check_entity = user.permissions.check_entity
-    return [entity_id for entity_id in entity_ids if check_entity(entity_id, key)]
-
-
 class AbstractPermissions:
     """Default permissions class."""
 

homeassistant/auth/permissions/entities.py

@@ -1,5 +1,7 @@
 """Entity permissions."""
 
+from __future__ import annotations
+
 from collections import OrderedDict
 from collections.abc import Callable
 

homeassistant/auth/permissions/events.py

@@ -1,5 +1,7 @@
 """Permission for events."""
 
+from __future__ import annotations
+
 from typing import Any, Final
 
 from homeassistant.const import (

homeassistant/auth/permissions/merge.py

@@ -1,5 +1,7 @@
 """Merging of policies."""
 
+from __future__ import annotations
+
 from typing import cast
 
 from .types import CategoryType, PolicyType

homeassistant/auth/permissions/models.py

@@ -1,5 +1,7 @@
 """Models for permissions."""
 
+from __future__ import annotations
+
 from typing import TYPE_CHECKING
 
 import attr

homeassistant/auth/permissions/util.py

@@ -1,5 +1,7 @@
 """Helpers to deal with permissions."""
 
+from __future__ import annotations
+
 from collections.abc import Callable
 from functools import wraps
 from typing import cast

homeassistant/auth/providers/__init__.py

@@ -1,5 +1,7 @@
 """Auth providers for Home Assistant."""
 
+from __future__ import annotations
+
 from collections.abc import Mapping
 import logging
 import types

homeassistant/auth/providers/command_line.py

@@ -1,5 +1,7 @@
 """Auth provider that validates credentials via an external command."""
 
+from __future__ import annotations
+
 import asyncio
 from collections.abc import Mapping
 import logging

homeassistant/auth/providers/homeassistant.py

@@ -1,5 +1,7 @@
 """Home Assistant auth provider."""
 
+from __future__ import annotations
+
 import asyncio
 import base64
 from collections.abc import Mapping
@@ -120,10 +122,9 @@ class Data:
             if self.normalize_username(username, force_normalize=True) != username:
                 logging.getLogger(__name__).warning(
                     (
-                        "Home Assistant auth provider is running in"
-                        " legacy mode because we detected usernames"
-                        " that are normalized (lowercase and without"
-                        " spaces). Please change the username: '%s'."
+                        "Home Assistant auth provider is running in legacy mode "
+                        "because we detected usernames that are normalized (lowercase and without spaces)."
+                        " Please change the username: '%s'."
                     ),
                     username,
                 )
@@ -140,9 +141,7 @@ class Data:
                 severity=ir.IssueSeverity.WARNING,
                 translation_key="homeassistant_provider_not_normalized_usernames",
                 translation_placeholders={
-                    "usernames": (
-                        f'- "{'"\n- "'.join(sorted(not_normalized_usernames))}"'
-                    )
+                    "usernames": f'- "{'"\n- "'.join(sorted(not_normalized_usernames))}"'
                 },
                 learn_more_url="homeassistant://config/users",
             )

homeassistant/auth/providers/insecure_example.py

@@ -1,5 +1,7 @@
 """Example auth provider."""
 
+from __future__ import annotations
+
 from collections.abc import Mapping
 import hmac
 

homeassistant/auth/providers/trusted_networks.py

@@ -4,6 +4,8 @@ It shows list of users if access from trusted network.
 Abort login flow if not access from trusted network.
 """
 
+from __future__ import annotations
+
 from collections.abc import Mapping
 from ipaddress import (
     IPv4Address,

homeassistant/backup_restore.py

@@ -1,5 +1,7 @@
 """Home Assistant module to handle restoring backups."""
 
+from __future__ import annotations
+
 from collections.abc import Iterable
 from dataclasses import dataclass
 import json
@@ -60,10 +62,7 @@ def restore_backup_file_content(config_dir: Path) -> RestoreBackupFileContent |
 
 
 def _clear_configuration_directory(config_dir: Path, keep: Iterable[str]) -> None:
-    """Delete all files and directories in the config dir.
-
-    Entries in the keep list are preserved.
-    """
+    """Delete all files and directories in the config directory except entries in the keep list."""
     keep_paths = [config_dir.joinpath(path) for path in keep]
     entries_to_remove = sorted(
         entry for entry in config_dir.iterdir() if entry not in keep_paths
@@ -104,8 +103,7 @@ def _extract_backup(
             )
         ) > HA_VERSION:
             raise ValueError(
-                f"You need at least Home Assistant version"
-                f" {backup_meta_version} to restore this backup"
+                f"You need at least Home Assistant version {backup_meta_version} to restore this backup"
             )
 
         with securetar.SecureTarFile(

homeassistant/bootstrap.py

@@ -1,5 +1,7 @@
 """Provide methods to bootstrap a Home Assistant instance."""
 
+from __future__ import annotations
+
 import asyncio
 from collections import defaultdict
 import contextlib
@@ -17,8 +19,7 @@ from time import monotonic
 from typing import TYPE_CHECKING, Any
 
 # Import cryptography early since import openssl is not thread-safe
-# _frozen_importlib._DeadlockError: deadlock detected by
-# _ModuleLock('cryptography.hazmat.backends.openssl.backend')
+# _frozen_importlib._DeadlockError: deadlock detected by _ModuleLock('cryptography.hazmat.backends.openssl.backend')
 import cryptography.hazmat.backends.openssl.backend  # noqa: F401
 import voluptuous as vol
 import yarl
@@ -166,14 +167,10 @@ FRONTEND_INTEGRATIONS = {
     # visible in frontend
     "frontend",
 }
-# Stage 0 is divided into substages. Each substage has a name,
-# a set of integrations and a timeout.
-# The substage containing recorder should have no timeout, as it
-# could cancel a database migration.
-# Recorder freezes "recorder" timeout during a migration, but it
-# does not freeze other timeouts.
-# If we add timeouts to the frontend substages, we should make sure
-# they don't apply in recovery mode.
+# Stage 0 is divided into substages. Each substage has a name, a set of integrations and a timeout.
+# The substage containing recorder should have no timeout, as it could cancel a database migration.
+# Recorder freezes "recorder" timeout during a migration, but it does not freeze other timeouts.
+# If we add timeouts to the frontend substages, we should make sure they don't apply in recovery mode.
 STAGE_0_INTEGRATIONS = (
     # Load logging and http deps as soon as possible
     ("logging, http deps", LOGGING_AND_HTTP_DEPS_INTEGRATIONS, None),

homeassistant/brands/honeywell.json

@@ -1,5 +1,5 @@
 {
   "domain": "honeywell",
   "name": "Honeywell",
-  "integrations": ["lyric", "evohome", "honeywell", "honeywell_string_lights"]
+  "integrations": ["lyric", "evohome", "honeywell"]
 }

homeassistant/brands/marantz.json

@@ -1,5 +0,0 @@
-{
-  "domain": "marantz",
-  "name": "Marantz",
-  "integrations": ["marantz", "marantz_infrared"]
-}

homeassistant/brands/mitsubishi.json

@@ -1,5 +0,0 @@
-{
-  "domain": "mitsubishi",
-  "name": "Mitsubishi",
-  "integrations": ["melcloud", "mitsubishi_comfort"]
-}

homeassistant/brands/samsung.json

@@ -1,5 +1,5 @@
 {
   "domain": "samsung",
   "name": "Samsung",
-  "integrations": ["familyhub", "samsung_infrared", "samsungtv", "syncthru"]
+  "integrations": ["familyhub", "samsungtv", "syncthru"]
 }

homeassistant/brands/sensereo.json

@@ -1,5 +0,0 @@
-{
-  "domain": "sensereo",
-  "name": "Sensereo",
-  "iot_standards": ["matter"]
-}

homeassistant/brands/zunzunbee.json

@@ -1,5 +0,0 @@
-{
-  "domain": "zunzunbee",
-  "name": "Zunzunbee",
-  "iot_standards": ["zigbee"]
-}

homeassistant/components/abode/__init__.py

@@ -1,5 +1,7 @@
 """Support for the Abode Security System."""
 
+from __future__ import annotations
+
 from dataclasses import dataclass, field
 from functools import partial
 from pathlib import Path

homeassistant/components/abode/alarm_control_panel.py

@@ -1,5 +1,7 @@
 """Support for Abode Security System alarm control panels."""
 
+from __future__ import annotations
+
 from jaraco.abode.devices.alarm import Alarm
 
 from homeassistant.components.alarm_control_panel import (

homeassistant/components/abode/binary_sensor.py

@@ -1,5 +1,7 @@
 """Support for Abode Security System binary sensors."""
 
+from __future__ import annotations
+
 from typing import cast
 
 from jaraco.abode.devices.binary_sensor import BinarySensor

homeassistant/components/abode/camera.py

@@ -1,5 +1,7 @@
 """Support for Abode Security System cameras."""
 
+from __future__ import annotations
+
 from datetime import timedelta
 from typing import Any, cast
 

homeassistant/components/abode/config_flow.py

@@ -1,5 +1,7 @@
 """Config flow for the Abode Security System component."""
 
+from __future__ import annotations
+
 from collections.abc import Mapping
 from http import HTTPStatus
 from typing import Any, cast

homeassistant/components/abode/const.py

@@ -1,5 +1,7 @@
 """Constants for the Abode Security System component."""
 
+from __future__ import annotations
+
 import logging
 
 LOGGER = logging.getLogger(__package__)

homeassistant/components/abode/light.py

@@ -1,5 +1,7 @@
 """Support for Abode Security System lights."""
 
+from __future__ import annotations
+
 from math import ceil
 from typing import Any
 

homeassistant/components/abode/sensor.py

@@ -1,5 +1,7 @@
 """Support for Abode Security System sensors."""
 
+from __future__ import annotations
+
 from collections.abc import Callable
 from dataclasses import dataclass
 from typing import cast

homeassistant/components/abode/services.py

@@ -1,5 +1,7 @@
 """Support for the Abode Security System."""
 
+from __future__ import annotations
+
 from typing import TYPE_CHECKING
 
 from jaraco.abode.exceptions import Exception as AbodeException
@@ -44,7 +46,6 @@ def _change_setting(call: ServiceCall) -> None:
 
     try:
         _get_abode_system(call.hass).abode.set_setting(setting, value)
-    # pylint: disable-next=home-assistant-action-swallowed-exception
     except AbodeException as ex:
         LOGGER.warning(ex)
 

homeassistant/components/abode/switch.py

@@ -1,5 +1,7 @@
 """Support for Abode Security System switches."""
 
+from __future__ import annotations
+
 from typing import Any, cast
 
 from jaraco.abode.devices.switch import Switch

homeassistant/components/acaia/coordinator.py

@@ -1,5 +1,7 @@
 """Coordinator for Acaia integration."""
 
+from __future__ import annotations
+
 from datetime import timedelta
 import logging
 

homeassistant/components/acaia/diagnostics.py

@@ -1,5 +1,7 @@
 """Diagnostics support for Acaia."""
 
+from __future__ import annotations
+
 from dataclasses import asdict
 from typing import Any
 

homeassistant/components/acaia/sensor.py

@@ -143,4 +143,4 @@ class AcaiaRestoreSensor(AcaiaEntity, RestoreSensor):
     @property
     def available(self) -> bool:
         """Return True if entity is available."""
-        return super().available or self.native_value is not None
+        return super().available or self._restored_data is not None

homeassistant/components/accuweather/__init__.py

@@ -1,5 +1,7 @@
 """The AccuWeather component."""
 
+from __future__ import annotations
+
 import asyncio
 import logging
 

homeassistant/components/accuweather/config_flow.py

@@ -1,8 +1,10 @@
 """Adds config flow for AccuWeather."""
 
+from __future__ import annotations
+
 from asyncio import timeout
 from collections.abc import Mapping
-from typing import TYPE_CHECKING, Any
+from typing import Any
 
 from accuweather import AccuWeather, ApiError, InvalidApiKeyError, RequestsExceededError
 from aiohttp import ClientError
@@ -10,7 +12,7 @@ from aiohttp.client_exceptions import ClientConnectorError
 import voluptuous as vol
 
 from homeassistant.config_entries import ConfigFlow, ConfigFlowResult
-from homeassistant.const import CONF_API_KEY, CONF_LATITUDE, CONF_LONGITUDE
+from homeassistant.const import CONF_API_KEY, CONF_LATITUDE, CONF_LONGITUDE, CONF_NAME
 from homeassistant.helpers import config_validation as cv
 from homeassistant.helpers.aiohttp_client import async_get_clientsession
 
@@ -53,11 +55,8 @@ class AccuWeatherFlowHandler(ConfigFlow, domain=DOMAIN):
                 )
                 self._abort_if_unique_id_configured()
 
-                if TYPE_CHECKING:
-                    assert accuweather.location_name is not None
-
                 return self.async_create_entry(
-                    title=accuweather.location_name, data=user_input
+                    title=user_input[CONF_NAME], data=user_input
                 )
 
         return self.async_show_form(
@@ -71,6 +70,9 @@ class AccuWeatherFlowHandler(ConfigFlow, domain=DOMAIN):
                     vol.Optional(
                         CONF_LONGITUDE, default=self.hass.config.longitude
                     ): cv.longitude,
+                    vol.Optional(
+                        CONF_NAME, default=self.hass.config.location_name
+                    ): str,
                 }
             ),
             errors=errors,

homeassistant/components/accuweather/const.py

@@ -1,5 +1,7 @@
 """Constants for AccuWeather integration."""
 
+from __future__ import annotations
+
 from datetime import timedelta
 from typing import Final
 

homeassistant/components/accuweather/coordinator.py

@@ -1,5 +1,7 @@
 """The AccuWeather coordinator."""
 
+from __future__ import annotations
+
 from asyncio import timeout
 from collections.abc import Awaitable, Callable
 from dataclasses import dataclass
@@ -62,7 +64,7 @@ class AccuWeatherObservationDataUpdateCoordinator(
         """Initialize."""
         self.accuweather = accuweather
         self.location_key = accuweather.location_key
-        name = config_entry.data.get(CONF_NAME) or config_entry.title
+        name = config_entry.data[CONF_NAME]
 
         if TYPE_CHECKING:
             assert self.location_key is not None
@@ -120,7 +122,7 @@ class AccuWeatherForecastDataUpdateCoordinator(
         self.accuweather = accuweather
         self.location_key = accuweather.location_key
         self._fetch_method = fetch_method
-        name = config_entry.data.get(CONF_NAME) or config_entry.title
+        name = config_entry.data[CONF_NAME]
 
         if TYPE_CHECKING:
             assert self.location_key is not None

homeassistant/components/accuweather/diagnostics.py

@@ -1,5 +1,7 @@
 """Diagnostics support for AccuWeather."""
 
+from __future__ import annotations
+
 from typing import Any
 
 from homeassistant.components.diagnostics import async_redact_data

homeassistant/components/accuweather/sensor.py

@@ -1,5 +1,7 @@
 """Support for the AccuWeather service."""
 
+from __future__ import annotations
+
 from collections.abc import Callable
 from dataclasses import dataclass
 from typing import Any, cast

homeassistant/components/accuweather/strings.json

@@ -25,7 +25,8 @@
         "data": {
           "api_key": "[%key:common::config_flow::data::api_key%]",
           "latitude": "[%key:common::config_flow::data::latitude%]",
-          "longitude": "[%key:common::config_flow::data::longitude%]"
+          "longitude": "[%key:common::config_flow::data::longitude%]",
+          "name": "[%key:common::config_flow::data::name%]"
         },
         "data_description": {
           "api_key": "API key generated in the AccuWeather APIs portal."

homeassistant/components/accuweather/system_health.py

@@ -1,5 +1,7 @@
 """Provide info to system health."""
 
+from __future__ import annotations
+
 from typing import Any
 
 from accuweather.const import ENDPOINT

homeassistant/components/accuweather/weather.py

@@ -1,5 +1,7 @@
 """Support for the AccuWeather service."""
 
+from __future__ import annotations
+
 from typing import cast
 
 from homeassistant.components.weather import (

homeassistant/components/acer_projector/const.py

@@ -1,5 +1,7 @@
 """Use serial protocol of Acer projector to obtain state of the projector."""
 
+from __future__ import annotations
+
 from typing import Final
 
 from homeassistant.const import STATE_OFF, STATE_ON

homeassistant/components/acer_projector/manifest.json

@@ -5,5 +5,5 @@
   "documentation": "https://www.home-assistant.io/integrations/acer_projector",
   "iot_class": "local_polling",
   "quality_scale": "legacy",
-  "requirements": ["serialx==1.8.0"]
+  "requirements": ["serialx==1.4.1"]
 }

homeassistant/components/acer_projector/switch.py

@@ -1,5 +1,7 @@
 """Use serial protocol of Acer projector to obtain state of the projector."""
 
+from __future__ import annotations
+
 import logging
 import re
 from typing import Any

homeassistant/components/acmeda/config_flow.py

@@ -1,5 +1,7 @@
 """Config flow for Rollease Acmeda Automate Pulse Hub."""
 
+from __future__ import annotations
+
 from asyncio import timeout
 from contextlib import suppress
 from typing import Any

homeassistant/components/acmeda/cover.py

@@ -1,5 +1,7 @@
 """Support for Acmeda Roller Blinds."""
 
+from __future__ import annotations
+
 from typing import Any
 
 from homeassistant.components.cover import (

homeassistant/components/acmeda/entity.py

@@ -1,5 +1,7 @@
 """Base class for Acmeda Roller Blinds."""
 
+from __future__ import annotations
+
 import aiopulse
 
 from homeassistant.core import callback

homeassistant/components/acmeda/helpers.py

@@ -1,5 +1,7 @@
 """Helper functions for Acmeda Pulse."""
 
+from __future__ import annotations
+
 from typing import TYPE_CHECKING
 
 from aiopulse import Roller

homeassistant/components/acmeda/hub.py

@@ -1,5 +1,7 @@
 """Code to handle a Pulse Hub."""
 
+from __future__ import annotations
+
 import asyncio
 from collections.abc import Callable
 

homeassistant/components/acmeda/sensor.py

@@ -1,5 +1,7 @@
 """Support for Acmeda Roller Blind Batteries."""
 
+from __future__ import annotations
+
 from homeassistant.components.sensor import SensorDeviceClass, SensorEntity
 from homeassistant.const import PERCENTAGE
 from homeassistant.core import HomeAssistant, callback

homeassistant/components/actiontec/const.py

@@ -1,5 +1,7 @@
 """Support for Actiontec MI424WR (Verizon FIOS) routers."""
 
+from __future__ import annotations
+
 import re
 from typing import Final
 

homeassistant/components/actiontec/device_tracker.py

@@ -1,5 +1,7 @@
 """Support for Actiontec MI424WR (Verizon FIOS) routers."""
 
+from __future__ import annotations
+
 import logging
 from typing import Final
 

homeassistant/components/actron_air/climate.py

@@ -38,7 +38,6 @@ HVAC_MODE_MAPPING_ACTRONAIR_TO_HA = {
     "HEAT": HVACMode.HEAT,
     "FAN": HVACMode.FAN_ONLY,
     "AUTO": HVACMode.AUTO,
-    "DRY": HVACMode.DRY,
     "OFF": HVACMode.OFF,
 }
 HVAC_MODE_MAPPING_HA_TO_ACTRONAIR = {
@@ -80,6 +79,7 @@ class ActronAirClimateEntity(ClimateEntity):
     )
     _attr_name = None
     _attr_fan_modes = list(FAN_MODE_MAPPING_ACTRONAIR_TO_HA.values())
+    _attr_hvac_modes = list(HVAC_MODE_MAPPING_ACTRONAIR_TO_HA.values())
 
 
 class ActronSystemClimate(ActronAirAcEntity, ActronAirClimateEntity):
@@ -93,17 +93,6 @@ class ActronSystemClimate(ActronAirAcEntity, ActronAirClimateEntity):
         super().__init__(coordinator)
         self._attr_unique_id = self._serial_number
 
-    @property
-    def hvac_modes(self) -> list[HVACMode]:
-        """Return the list of supported HVAC modes."""
-        modes = [
-            HVAC_MODE_MAPPING_ACTRONAIR_TO_HA[mode]
-            for mode in self._status.user_aircon_settings.supported_modes
-            if mode in HVAC_MODE_MAPPING_ACTRONAIR_TO_HA
-        ]
-        modes.append(HVACMode.OFF)
-        return modes
-
     @property
     def min_temp(self) -> float:
         """Return the minimum temperature that can be set."""
@@ -147,7 +136,7 @@ class ActronSystemClimate(ActronAirAcEntity, ActronAirClimateEntity):
     @property
     def target_temperature(self) -> float:
         """Return the target temperature."""
-        return self._status.user_aircon_settings.current_setpoint
+        return self._status.user_aircon_settings.temperature_setpoint_cool_c
 
     @actron_air_command
     async def async_set_fan_mode(self, fan_mode: str) -> None:
@@ -190,18 +179,6 @@ class ActronZoneClimate(ActronAirZoneEntity, ActronAirClimateEntity):
         super().__init__(coordinator, zone)
         self._attr_unique_id: str = self._zone_identifier
 
-    @property
-    def hvac_modes(self) -> list[HVACMode]:
-        """Return the list of supported HVAC modes."""
-        status = self.coordinator.data
-        modes = [
-            HVAC_MODE_MAPPING_ACTRONAIR_TO_HA[mode]
-            for mode in status.user_aircon_settings.supported_modes
-            if mode in HVAC_MODE_MAPPING_ACTRONAIR_TO_HA
-        ]
-        modes.append(HVACMode.OFF)
-        return modes
-
     @property
     def min_temp(self) -> float:
         """Return the minimum temperature that can be set."""
@@ -239,7 +216,7 @@ class ActronZoneClimate(ActronAirZoneEntity, ActronAirClimateEntity):
     @property
     def target_temperature(self) -> float | None:
         """Return the target temperature."""
-        return self._zone.current_setpoint
+        return self._zone.temperature_setpoint_cool_c
 
     @actron_air_command
     async def async_set_hvac_mode(self, hvac_mode: HVACMode) -> None:

homeassistant/components/actron_air/config_flow.py

@@ -6,12 +6,7 @@ from typing import Any
 
 from actron_neo_api import ActronAirAPI, ActronAirAuthError
 
-from homeassistant.config_entries import (
-    SOURCE_REAUTH,
-    SOURCE_RECONFIGURE,
-    ConfigFlow,
-    ConfigFlowResult,
-)
+from homeassistant.config_entries import SOURCE_REAUTH, ConfigFlow, ConfigFlowResult
 from homeassistant.const import CONF_API_TOKEN
 from homeassistant.exceptions import HomeAssistantError
 
@@ -110,14 +105,6 @@ class ActronAirConfigFlow(ConfigFlow, domain=DOMAIN):
                 data_updates={CONF_API_TOKEN: self._api.refresh_token_value},
             )
 
-        # Check if this is a reconfigure flow
-        if self.source == SOURCE_RECONFIGURE:
-            self._abort_if_unique_id_mismatch(reason="wrong_account")
-            return self.async_update_reload_and_abort(
-                self._get_reconfigure_entry(),
-                data_updates={CONF_API_TOKEN: self._api.refresh_token_value},
-            )
-
         self._abort_if_unique_id_configured()
         return self.async_create_entry(
             title=user_data.email,
@@ -151,20 +138,6 @@ class ActronAirConfigFlow(ConfigFlow, domain=DOMAIN):
 
         return self.async_show_form(step_id="reauth_confirm")
 
-    async def async_step_reconfigure(
-        self, user_input: dict[str, Any] | None = None
-    ) -> ConfigFlowResult:
-        """Handle reconfiguration request."""
-        return await self.async_step_reconfigure_confirm()
-
-    async def async_step_reconfigure_confirm(
-        self, user_input: dict[str, Any] | None = None
-    ) -> ConfigFlowResult:
-        """Confirm reconfiguration dialog."""
-        if user_input is not None:
-            return await self.async_step_user()
-        return self.async_show_form(step_id="reconfigure_confirm")
-
     async def async_step_connection_error(
         self, user_input: dict[str, Any] | None = None
     ) -> ConfigFlowResult:

homeassistant/components/actron_air/coordinator.py

@@ -1,5 +1,7 @@
 """Coordinator for Actron Air integration."""
 
+from __future__ import annotations
+
 from dataclasses import dataclass
 from datetime import timedelta
 

homeassistant/components/actron_air/diagnostics.py

@@ -1,5 +1,7 @@
 """Diagnostics support for Actron Air."""
 
+from __future__ import annotations
+
 from typing import Any
 
 from homeassistant.components.diagnostics import async_redact_data

homeassistant/components/actron_air/manifest.json

@@ -13,5 +13,5 @@
   "integration_type": "hub",
   "iot_class": "cloud_polling",
   "quality_scale": "silver",
-  "requirements": ["actron-neo-api==0.5.6"]
+  "requirements": ["actron-neo-api==0.5.3"]
 }

homeassistant/components/actron_air/quality_scale.yaml

@@ -60,7 +60,7 @@ rules:
   entity-translations: done
   exception-translations: done
   icon-translations: done
-  reconfiguration-flow: done
+  reconfiguration-flow: todo
   repair-issues:
     status: exempt
     comment: This integration does not have any known issues that require repair.

homeassistant/components/actron_air/strings.json

@@ -4,8 +4,7 @@
       "already_configured": "[%key:common::config_flow::abort::already_configured_account%]",
       "oauth2_error": "Failed to start authentication flow",
       "reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]",
-      "reconfigure_successful": "[%key:common::config_flow::abort::reconfigure_successful%]",
-      "wrong_account": "You must authenticate with the same Actron Air account that was originally configured."
+      "wrong_account": "You must reauthenticate with the same Actron Air account that was originally configured."
     },
     "error": {
       "oauth2_error": "Failed to start authentication flow. Please try again later."
@@ -23,10 +22,6 @@
         "description": "Your Actron Air authentication has expired. Select continue to reauthenticate with your Actron Air account. You will be prompted to log in again to restore the connection.",
         "title": "Authentication expired"
       },
-      "reconfigure_confirm": {
-        "description": "Reconfigure your Actron Air account. You will be prompted to log in again. Note: you must use the same account that was originally configured.",
-        "title": "Reconfigure Actron Air"
-      },
       "timeout": {
         "data": {},
         "description": "The authentication process timed out. Please try again.",

homeassistant/components/adax/__init__.py

@@ -1,5 +1,7 @@
 """The Adax integration."""
 
+from __future__ import annotations
+
 from homeassistant.const import Platform
 from homeassistant.core import HomeAssistant
 

homeassistant/components/adax/climate.py

@@ -1,5 +1,7 @@
 """Support for Adax wifi-enabled home heaters."""
 
+from __future__ import annotations
+
 from typing import Any, cast
 
 from adax import Adax

homeassistant/components/adax/config_flow.py

@@ -1,5 +1,7 @@
 """Config flow for Adax integration."""
 
+from __future__ import annotations
+
 import logging
 from typing import Any
 

homeassistant/components/adax/sensor.py

@@ -1,5 +1,7 @@
 """Support for Adax energy sensors."""
 
+from __future__ import annotations
+
 from dataclasses import dataclass
 from typing import cast
 

homeassistant/components/adguard/__init__.py

@@ -1,5 +1,7 @@
 """Support for AdGuard Home."""
 
+from __future__ import annotations
+
 from dataclasses import dataclass
 
 from adguardhome import AdGuardHome, AdGuardHomeConnectionError

homeassistant/components/adguard/config_flow.py

@@ -1,5 +1,7 @@
 """Config flow to configure the AdGuard Home integration."""
 
+from __future__ import annotations
+
 from typing import Any
 
 from adguardhome import AdGuardHome, AdGuardHomeConnectionError