Include issue tracker link in custom integration analytics data

2026-06-13 20:52:08 +02:00 · 2026-04-30 10:24:44 +02:00
11690 changed files with 77563 additions and 309911 deletions
@@ -8,8 +8,32 @@ description: Reviews GitHub pull requests and provides feedback comments. This i
 ## Follow these steps:
 1. Use 'gh pr view' to get the PR details and description.
 2. Use 'gh pr diff' to see all the changes in the PR.
-3. Review the changes following the `review` skill. It is VERY IMPORTANT to follow the `review` skill instructions.
-4. Check if all existing review comments have been addressed.
+3. Analyze the code changes for:
+   - Code quality and style consistency
+   - Potential bugs or issues
+   - Performance implications
+   - Security concerns
+   - Test coverage
+   - Documentation updates if needed
+4. Ensure any existing review comments have been addressed.
+5. Generate constructive review comments in the CONSOLE. DO NOT POST TO GITHUB YOURSELF.

 ## IMPORTANT:
+- Just review. DO NOT make any changes
+- Be constructive and specific in your comments
+- Suggest improvements where appropriate
 - Only provide review feedback in the CONSOLE. DO NOT ACT ON GITHUB.
+- No need to run tests or linters, just review the code changes.
+- No need to highlight things that are already good.
+
+## Output format:
+- List specific comments for each file/line that needs attention.
+- In the end, summarize with an overall assessment (approve, request changes, or comment) and bullet point list of changes suggested, if any.
+  - Example output:
+    ```
+    Overall assessment: request changes.
+    - [CRITICAL] sensor.py:143 - Memory leak
+    - [PROBLEM] data_processing.py:87 - Inefficient algorithm
+    - [SUGGESTION] test_init.py:45 - Improve x variable name
+    ```
+  - Make sure to include the file and line number when possible in the bullet points.
@@ -15,16 +15,11 @@ description: Everything you need to know to build, test and review Home Assistan
 - For entity actions and entity services, avoid requesting redundant defensive checks for fields already enforced by Home Assistant validation schemas and entity filters; only request extra guards when values bypass validation or are transformed unsafely.
 - When validation guarantees a key is present, prefer direct dictionary indexing (`data["key"]`) over `.get("key")` so invalid assumptions fail fast.
 - Integrations should be thin wrappers. Protocol parsing, device state machines, or other domain logic belong in a separate PyPI library, not in the integration itself. If unsure, ask before inlining.
- Integrations should not implement fixes or workarounds for limitations in libraries. Instead, the library should be updated to fix the issue.

 The following platforms have extra guidelines:
 - **Diagnostics**: [`platform-diagnostics.md`](platform-diagnostics.md) for diagnostic data collection
 - **Repairs**: [`platform-repairs.md`](platform-repairs.md) for user-actionable repair issues

-## Entity platforms
-
- Ensure `async_added_to_hass()` and `async_will_remove_from_hass()` have symmetrical behavior. For example, if a subscription is created in `async_added_to_hass()`, it should be unsubscribed in `async_will_remove_from_hass()`. Also, if something is torn down in `async_will_remove_from_hass()`, it should be set up in `async_added_to_hass()`.
- Entity base class (e.g. `SensorEntity`, `TrackerEntity`) provide a stable API for child classes to inherit from. Do not suggest redeclaring or duplicating attributes, properties, or methods the base class already provides, and do not add guards against the parent's behavior changing — rely on the base class instead.

 ## Integration Quality Scale

@@ -1,38 +0,0 @@
---
-name: review
-description: Reviews code changes and provides constructive feedback. Should be used when a review is requested to provide a consistent review behavior and output format. This skill can be used for code reviews in general, not just for GitHub pull requests.
---
-
-# Review Code Changes
-
-## Analyze the code changes for:
- Code quality and style consistency
- Potential bugs or issues
- Performance implications
- Security concerns
- Test coverage
- Documentation updates if needed
-
-## Verification:
- After the review, run parallel subagents for each finding to double-check it.
- Spawn up to a maximum of 10 parallel subagents at a time.
- Gather the results from the subagents and summarize them in the final review comments.
-
-## IMPORTANT:
- Just review. DO NOT make any changes.
- Be constructive and specific in your comments.
- Suggest improvements where appropriate.
- No need to run tests or linters, just review the code changes.
- No need to highlight things that are already good.
-
-## Output format:
- List specific comments for each file/line that needs attention.
- In the end, summarize with an overall assessment (approve, request changes, or comment) and bullet point list of changes suggested, if any.
-  - Example output:
-    ```
-    Overall assessment: request changes.
-    - [CRITICAL] sensor.py:143 - Memory leak
-    - [PROBLEM] data_processing.py:87 - Inefficient algorithm
-    - [SUGGESTION] test_init.py:45 - Improve x variable name
-    ```
-  - Make sure to include the file and line number when possible in the bullet points.
@@ -1,9 +0,0 @@
-{
-  "features": {
-    "ghcr.io/devcontainers/features/github-cli:1": {
-      "version": "1.1.0",
-      "resolved": "ghcr.io/devcontainers/features/github-cli@sha256:d22f50b70ed75339b4eed1ba9ecde3a1791f90e88d37936517e3bace0bbad671",
-      "integrity": "sha256:d22f50b70ed75339b4eed1ba9ecde3a1791f90e88d37936517e3bace0bbad671"
-    }
-  }
-}
@@ -14,12 +14,12 @@ Dockerfile.dev linguist-language=Dockerfile

 # Generated files
 CODEOWNERS linguist-generated=true
+Dockerfile linguist-generated=true
 homeassistant/generated/*.py linguist-generated=true
-pylint/plugins/pylint_home_assistant/generated/*.py linguist-generated=true
 machine/* linguist-generated=true
 mypy.ini linguist-generated=true
 requirements.txt linguist-generated=true
 requirements_all.txt linguist-generated=true
+requirements_test_all.txt linguist-generated=true
 requirements_test_pre_commit.txt linguist-generated=true
 script/hassfest/docker/Dockerfile linguist-generated=true
-.github/workflows/*.lock.yml linguist-generated=true merge=ours
@@ -1,52 +0,0 @@
-name: Cache and install APT packages
-description: >-
-  Wraps awalsh128/cache-apt-pkgs-action with the workarounds Home Assistant CI
-  needs. Removes the conflicting Microsoft apt source before any apt run, and
-  points the dynamic linker at the host's multiarch lib subdirectories so
-  shared libraries that rely on update-alternatives or postinst-managed paths
-  (eg libblas, liblapack pulled in by ffmpeg) stay reachable since the upstream
-  action does not execute postinst scripts on cache restore.
-
-inputs:
-  packages:
-    description: Space-delimited list of apt packages to install.
-    required: true
-  version:
-    description: Cache version. Bump to invalidate the cache.
-    required: false
-    default: "1"
-  execute_install_scripts:
-    description: >-
-      Pass-through to awalsh128/cache-apt-pkgs-action. Postinst scripts are not
-      actually cached by the upstream action, so this is largely a no-op today.
-    required: false
-    default: "false"
-
-runs:
-  using: composite
-  steps:
-    - name: Remove conflicting Microsoft apt source
-      shell: bash
-      run: sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
-    - name: Install apt packages via cache
-      uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.5.3
-      with:
-        packages: ${{ inputs.packages }}
-        version: ${{ inputs.version }}
-        execute_install_scripts: ${{ inputs.execute_install_scripts }}
-    - name: Refresh dynamic linker cache
-      shell: bash
-      run: |
-        # awalsh128/cache-apt-pkgs-action does not run postinst scripts on
-        # cache restore, so update-alternatives symlinks (eg the one libblas
-        # creates at /usr/lib/<multiarch>/libblas.so.3) are never produced.
-        # Add every /usr/lib/<multiarch> subdirectory that holds shared
-        # libraries to the ldconfig search path so the dynamic linker still
-        # finds them.  Use dpkg-architecture to derive the host's multiarch
-        # tuple so this works on non-x86_64 runners too.
-        multiarch="$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
-        find "/usr/lib/${multiarch}" -mindepth 2 -maxdepth 2 \
-          -name '*.so.*' -printf '%h\n' \
-          | sort -u \
-          | sudo tee /etc/ld.so.conf.d/zzz-cache-apt-extras.conf > /dev/null
-        sudo ldconfig
@@ -6,7 +6,6 @@

 - Start review comments with a short, one-sentence summary of the suggested fix.
 - Do not comment on code style, formatting or linting issues.
- A Pull Request with a dependency version bump should only contain changes required for the version bump. If the PR includes other changes, request that they are removed from the PR.

 # GitHub Copilot & Claude Code Instructions

@@ -16,38 +15,22 @@ This repository contains the core of Home Assistant, a Python 3 based home autom

 - **Do NOT amend, squash, or rebase commits that have already been pushed to the PR branch after the PR is opened** - Reviewers need to follow the commit history, as well as see what changed since their last review

-## Pull Requests
-
- When opening a pull request, use the repository's PR template (`.github/PULL_REQUEST_TEMPLATE.md`). NEVER REMOVE ANYTHING from the template.
- Do not remove checkboxes that are not checked — leave all unchecked checkboxes in place so reviewers can see which options were not selected.
-
 ## Development Commands

- When entering a new environment or worktree, run `script/setup` to set up the virtual environment with all development dependencies (pylint, pre-commit hooks, etc.). This is required before committing.
- .vscode/tasks.json contains useful commands used for development.
- After finishing a code session, run `uv run prek run --all-files` to check for linting and formatting issues.
+.vscode/tasks.json contains useful commands used for development.

 ## Python Syntax Notes

- Home Assistant officially supports Python 3.14 as its minimum version. Do not flag syntax or features that require Python 3.14 as issues, and do not suggest workarounds for older Python versions.
- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses. Never flag this as an issue.
- Python 3.14 evaluates annotations lazily (PEP 649). Forward references in annotations do not need to be quoted — annotations can reference names defined later in the module without quoting them or using `from __future__ import annotations`. Do not flag unquoted forward references in annotations as issues.
+- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses. Never flag this as an issue since Home Assistant officially supports Python 3.14.

 ## Testing

- Use `uv run pytest` to run tests
- After modifying `strings.json` for an integration, regenerate the English translation file before running tests: `.venv/bin/python3 -m script.translations develop --integration <integration_name>`. Tests load translations from the generated `translations/en.json`, not directly from `strings.json`.
- When writing or modifying tests, ensure all test function parameters have type annotations.
- Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.
- Prefer `@pytest.mark.usefixtures` over arguments, if the argument is not going to be used.
- Avoid using conditions/branching in tests. Instead, either split tests or adjust the test parametrization to cover all cases without branching.
- If multiple tests share most of their code, use `pytest.mark.parametrize` to merge them into a single parameterized test instead of duplicating the body. Use `pytest.param` with an `id` parameter to name the test cases clearly.
- We use Syrupy for snapshot testing. Leverage `.ambr` snapshots instead of repetitive and exhaustive generation of test data within Python code itself.
- Hardcoded `entity_id`s in tests are fine. If the same one is repeated, use a constant.
+When writing or modifying tests, ensure all test function parameters have type annotations.
+Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.

 ## Good practices

- Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
- When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
- When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.
- Do not add comments that just restate the code on the following line(s) (e.g. `# Check if initialized` above `if self.initialized:`). Comments should only explain why — non-obvious constraints, surprising behavior, or workarounds — never what.
+Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
+
+When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
+When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.
@@ -11,7 +11,3 @@ updates:
      - github_actions
    cooldown:
      default-days: 7
-    ignore:
-      # Managed by gh aw compile. Version-locked to the gh-aw compiler; do not bump.
-      - dependency-name: "github/gh-aw-actions/**"
-      - dependency-name: "github/gh-aw-actions"
@@ -18,16 +18,11 @@ excludeAgent: "cloud-agent"
 - For entity actions and entity services, avoid requesting redundant defensive checks for fields already enforced by Home Assistant validation schemas and entity filters; only request extra guards when values bypass validation or are transformed unsafely.
 - When validation guarantees a key is present, prefer direct dictionary indexing (`data["key"]`) over `.get("key")` so invalid assumptions fail fast.
 - Integrations should be thin wrappers. Protocol parsing, device state machines, or other domain logic belong in a separate PyPI library, not in the integration itself. If unsure, ask before inlining.
- Integrations should not implement fixes or workarounds for limitations in libraries. Instead, the library should be updated to fix the issue.

 The following platforms have extra guidelines:
 - **Diagnostics**: [`platform-diagnostics.md`](platform-diagnostics.md) for diagnostic data collection
 - **Repairs**: [`platform-repairs.md`](platform-repairs.md) for user-actionable repair issues

-## Entity platforms
-
- Ensure `async_added_to_hass()` and `async_will_remove_from_hass()` have symmetrical behavior. For example, if a subscription is created in `async_added_to_hass()`, it should be unsubscribed in `async_will_remove_from_hass()`. Also, if something is torn down in `async_will_remove_from_hass()`, it should be set up in `async_added_to_hass()`.
- Entity base class (e.g. `SensorEntity`, `TrackerEntity`) provide a stable API for child classes to inherit from. Do not suggest redeclaring or duplicating attributes, properties, or methods the base class already provides, and do not add guards against the parent's behavior changing — rely on the base class instead.

 ## Integration Quality Scale

@@ -6,7 +6,6 @@
    "pep621",
    "pip_requirements",
    "pre-commit",
-    "dockerfile",
    "custom.regex",
    "homeassistant-manifest"
  ],
@@ -22,10 +21,6 @@
    ]
  },

-  "dockerfile": {
-    "managerFilePatterns": ["/^Dockerfile$/"]
-  },
-
  "homeassistant-manifest": {
    "managerFilePatterns": [
      "/^homeassistant/components/[^/]+/manifest\\.json$/"
@@ -40,14 +35,6 @@
      "matchStrings": ["required-version = \">=(?<currentValue>[\\d.]+)\""],
      "depNameTemplate": "ruff",
      "datasourceTemplate": "pypi"
-    },
-    {
-      "customType": "regex",
-      "description": "Update go2rtc RECOMMENDED_VERSION in const.py alongside the Dockerfile pin",
-      "managerFilePatterns": ["/^homeassistant/components/go2rtc/const\\.py$/"],
-      "matchStrings": ["RECOMMENDED_VERSION = \"(?<currentValue>[\\d.]+)\""],
-      "depNameTemplate": "ghcr.io/alexxit/go2rtc",
-      "datasourceTemplate": "docker"
    }
  ],

@@ -128,7 +115,6 @@
        "standard-aifc",
        "standard-telnetlib",
        "ulid-transform",
-        "unidiff",
        "url-normalize",
        "xmltodict"
      ],
@@ -142,8 +128,7 @@
        "home-assistant-bluetooth",
        "home-assistant-frontend",
        "home-assistant-intents",
-        "infrared-protocols",
-        "rf-protocols"
+        "infrared-protocols"
      ],
      "enabled": true,
      "minimumReleaseAge": null,
@@ -198,13 +183,6 @@
      "enabled": true,
      "labels": ["dependency"]
    },
-    {
-      "description": "Docker allowlist (ghcr.io exposes no release timestamps so the global cooldown needs to be bypassed)",
-      "matchPackageNames": ["ghcr.io/alexxit/go2rtc"],
-      "enabled": true,
-      "minimumReleaseAge": null,
-      "labels": ["dependency"]
-    },
    {
      "description": "Group ruff pre-commit hook with its PyPI twin into one PR",
      "matchPackageNames": ["astral-sh/ruff-pre-commit", "ruff"],
@@ -234,12 +212,6 @@
      "matchPackageNames": ["pylint", "astroid"],
      "groupName": "pylint",
      "groupSlug": "pylint"
-    },
-    {
-      "description": "Group go2rtc Dockerfile pin with const.py RECOMMENDED_VERSION into one PR",
-      "matchPackageNames": ["ghcr.io/alexxit/go2rtc"],
-      "groupName": "go2rtc",
-      "groupSlug": "go2rtc"
    }
  ]
 }
@@ -14,7 +14,7 @@ env:
  UV_HTTP_TIMEOUT: 60
  UV_SYSTEM_PYTHON: "true"
  # Base image version from https://github.com/home-assistant/docker
-  BASE_IMAGE_VERSION: "2026.05.0"
+  BASE_IMAGE_VERSION: "2026.01.0"
  ARCHITECTURES: '["amd64", "aarch64"]'

 permissions: {}
@@ -38,7 +38,7 @@ jobs:
      base_image_version: ${{ env.BASE_IMAGE_VERSION }}
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -102,13 +102,13 @@ jobs:
            os: ubuntu-24.04-arm
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Download nightly wheels of frontend
        if: needs.init.outputs.channel == 'dev'
-        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
+        uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
        with:
          github_token: ${{secrets.GITHUB_TOKEN}}
          repo: home-assistant/frontend
@@ -119,7 +119,7 @@ jobs:

      - name: Download nightly wheels of intents
        if: needs.init.outputs.channel == 'dev'
-        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
+        uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
        with:
          github_token: ${{secrets.GITHUB_TOKEN}}
          repo: OHF-Voice/intents-package
@@ -245,7 +245,7 @@ jobs:
            runs-on: ubuntu-24.04
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -292,7 +292,7 @@ jobs:
      contents: read
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -323,7 +323,7 @@ jobs:
          exclude-list: '["odroid-xu","qemuarm","qemux86","raspberrypi","raspberrypi2","raspberrypi3","raspberrypi4","tinker"]'

  publish_container:
-    name: Publish to ${{ matrix.registry }}
+    name: Publish meta container for ${{ matrix.registry }}
    environment: ${{ needs.init.outputs.channel }}
    if: github.repository_owner == 'home-assistant'
    needs: ["init", "build_base"]
@@ -338,19 +338,19 @@ jobs:
        registry: ["ghcr.io/home-assistant", "docker.io/homeassistant"]
    steps:
      - name: Install Cosign
-        uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
        with:
          cosign-release: "v2.5.3"

      - name: Login to DockerHub
        if: matrix.registry == 'docker.io/homeassistant'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
@@ -380,7 +380,7 @@ jobs:
      #   2025.12.0.dev202511250240 -> tags: 2025.12.0.dev202511250240, dev
      - name: Generate Docker metadata
        id: meta
-        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: ${{ matrix.registry }}/home-assistant
          sep-tags: ","
@@ -394,7 +394,7 @@ jobs:
            type=semver,pattern={{major}}.{{minor}},value=${{ needs.init.outputs.version }},enable=${{ !contains(needs.init.outputs.version, 'd') && !contains(needs.init.outputs.version, 'b') }}

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v3.7.1
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v3.7.1

      - name: Copy architecture images to DockerHub
        if: matrix.registry == 'docker.io/homeassistant'
@@ -471,7 +471,7 @@ jobs:
    if: github.repository_owner == 'home-assistant' && needs.init.outputs.publish == 'true'
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -518,19 +518,19 @@ jobs:
      HASSFEST_IMAGE_TAG: ghcr.io/home-assistant/hassfest:${{ needs.init.outputs.version }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build Docker image
-        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: . # So action will not pull the repository again
          file: ./script/hassfest/docker/Dockerfile
@@ -543,7 +543,7 @@ jobs:
      - name: Push Docker image
        if: needs.init.outputs.channel != 'dev' && needs.init.outputs.publish == 'true'
        id: push
-        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+        uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0
        with:
          context: . # So action will not pull the repository again
          file: ./script/hassfest/docker/Dockerfile
@@ -1,74 +0,0 @@
-name: Check requirements (deterministic)
-
-# Stage 1 of the Check requirements pipeline.
-#
-# Runs the deterministic Python checks and uploads the structured
-# results as an artifact. Stage 2 (the agentic workflow defined in
-# `check-requirements.md`) consumes the artifact on completion.
-
-# yamllint disable-line rule:truthy
-on:
-  # Auto-trigger on PRs that touch tracked requirement files is disabled
-  # for now while we iterate — testing the workflow_run handoff to the
-  # agentic stage is hard with an auto-trigger. Re-enable once the chain
-  # has been validated end-to-end.
-  # pull_request:
-  #   types: [opened, synchronize, reopened]
-  #   paths:
-  #     - "**/requirements*.txt"
-  #     - "homeassistant/package_constraints.txt"
-  workflow_dispatch:
-    inputs:
-      pull_request_number:
-        description: "Pull request number to (re-)check"
-        required: true
-        type: number
-
-permissions: {}
-
-concurrency:
-  group: ${{ github.workflow }}-${{ inputs.pull_request_number || github.event.pull_request.number }}
-  cancel-in-progress: true
-
-jobs:
-  deterministic:
-    name: Run deterministic requirement checks
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read
-      pull-requests: read # To fetch the PR diff via gh CLI
-    timeout-minutes: 10
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          persist-credentials: false
-      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-        with:
-          python-version-file: ".python-version"
-          check-latest: true
-      - name: Install script dependencies
-        run: pip install -r script/check_requirements/requirements.txt
-      - name: Collect PR diff
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PR_NUMBER: ${{ inputs.pull_request_number || github.event.pull_request.number }}
-        run: |
-          mkdir -p deterministic
-          gh pr diff "${PR_NUMBER}" > deterministic/pr.diff
-      - name: Run deterministic checks
-        env:
-          PR_NUMBER: ${{ inputs.pull_request_number || github.event.pull_request.number }}
-        run: |
-          python -m script.check_requirements \
-            --pr-number "${PR_NUMBER}" \
-            --diff deterministic/pr.diff \
-            --output deterministic/results.json
-      - name: Upload deterministic-results artifact
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          name: check-requirements-deterministic
-          path: deterministic/results.json
-          if-no-files-found: error
-          retention-days: 7
@@ -1,370 +0,0 @@
---
-on:
-  workflow_run:
-    workflows: ["Check requirements (deterministic)"]
-    types: [completed]
-permissions:
-  contents: read
-  actions: read
-  pull-requests: read
-network:
-  allowed:
-    - python
-tools:
-  web-fetch: {}
-  github:
-    toolsets: [repos, pull_requests]
-    min-integrity: unapproved
-safe-outputs:
-  add-comment:
-    max: 1
-    target: "${{ needs.extract_pr_number.outputs.pr_number }}"
-  needs:
-    - extract_pr_number
-jobs:
-  extract_pr_number:
-    if: github.event.workflow_run.conclusion == 'success'
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-    outputs:
-      pr_number: ${{ steps.extract.outputs.pr_number }}
-    steps:
-      - name: Download deterministic-results artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-        with:
-          name: check-requirements-deterministic
-          path: /tmp/deterministic
-          run-id: ${{ github.event.workflow_run.id }}
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Extract PR number from artifact
-        id: extract
-        run: |
-          PR=$(jq -r '.pr_number' /tmp/deterministic/results.json)
-          echo "pr_number=${PR}" >> "${GITHUB_OUTPUT}"
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.workflow_run.id }}
-  cancel-in-progress: true
-steps:
-  - name: Download deterministic-results artifact
-    if: github.event.workflow_run.conclusion == 'success'
-    uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-    with:
-      name: check-requirements-deterministic
-      path: /tmp/gh-aw/deterministic
-      run-id: ${{ github.event.workflow_run.id }}
-      github-token: ${{ secrets.GITHUB_TOKEN }}
-post-steps:
-  - name: Verify agent produced an add_comment safe-output
-    if: always() && github.event.workflow_run.conclusion == 'success'
-    run: |
-      OUTPUT=/tmp/gh-aw/agent_output.json
-      if [ ! -f "${OUTPUT}" ]; then
-        echo "::error::Agent output file ${OUTPUT} is missing; the agent did not run to completion."
-        exit 1
-      fi
-      if ! grep -q '"add_comment"' "${OUTPUT}"; then
-        echo "::error::Agent did not emit an add_comment safe-output; no review comment was posted to the PR."
-        echo "Agent output:"
-        cat "${OUTPUT}"
-        exit 1
-      fi
-description: >
-  Resolves the deterministic-stage artifact's NEEDS_AGENT checks for changed
-  Python package requirements on PRs targeting the core repo, then posts the
-  final review comment. Triggered by completion of the deterministic workflow.
-  Reads the uploaded artifact from disk, replaces placeholders for any check
-  whose status is `needs_agent`, and posts the merged comment using the PR
-  number recorded inside the artifact itself. Each check kind has a dedicated
-  instruction section below; if the artifact contains a check kind that does
-  not have a section here, the agent fails hard rather than guess.
---
-
-# Check requirements (AW)
-
-You are a code-review assistant for Home Assistant. The deterministic
-stage already evaluated every check it can and produced an artifact at
-`/tmp/gh-aw/deterministic/results.json`. Your only job is to resolve any
-`needs_agent` checks and post the rendered comment.
-
-## Step 1 — Read the artifact
-
-Read the JSON directly for the full schema. Key fields:
-
- `pr_number`, `needs_agent` (bool), `packages[]`, `rendered_comment`.
- Each `package`: `name`, `old_version` (`null` if new), `new_version`,
-  `repo_url`, `publisher_kind`, `checks` (keyed by check-kind, each
-  with `status` of `pass`/`warn`/`fail`/`needs_agent` and `details`).
- `rendered_comment` contains, for each `needs_agent` check, two
-  placeholders to replace:
-  - `{{CHECK_CELL:<pkg>:<kind>}}` → exactly one of `✅`, `☑️`, `⚠️`, `❌`.  The
-    **`security`** check kind uses `☑️` instead of `✅` for the success
-    case — see its section below for why.
-  - `{{CHECK_DETAIL:<pkg>:<kind>}}` → `<icon> <one-line explanation>`
-    (the bullet's `- **<label>**:` prefix is already rendered; replace
-    only the placeholder).
-
-Do not modify other content in `rendered_comment`, do not re-evaluate
-deterministic checks, do not add or remove packages. If `needs_agent`
-is `false`, emit `rendered_comment` unchanged.
-
-## Step 2 — Resolve each `needs_agent` check
-
-For each `(package, check_kind)` with `status == "needs_agent"`, find
-the matching `### Check kind: <check_kind>` section below and follow
-it. If no section matches, emit a single `add_comment` with:
-
-```
-<!-- requirements-check -->
-## Check requirements
-
-❌ Internal error: deterministic artifact contains an unknown check kind
-(`<check_kind>` on `<pkg>`).
-```
-
-Then stop. Do not improvise a verdict.
-
-## Step 3 — Post the comment
-
-Replace every placeholder with the resolved value and emit
-`rendered_comment` via `add_comment`. Preserve the leading
-`<!-- requirements-check -->` marker. The PR target is already wired;
-do not pass `item_number`.
-
-## Check instructions
-
-### Check kind: `repo_public`
-
-`web-fetch` GET `package.repo_url`.
- 200 + public repo page → ✅ `<repo_url> is publicly accessible.`
- 4xx/5xx or login redirect → ❌ `Source repository at <repo_url> is
-  not publicly accessible. Home Assistant requires dependencies to
-  have publicly available source code.`
- Otherwise → ⚠️ with a one-line description.
-
-If ❌, also mark this package's `release_pipeline` and `async_blocking`
-cells/details as `—` and explain `Skipped because the source
-repository is not publicly accessible.`.
-
-### Check kind: `pr_link`
-
-Fetch the PR body via the `pull_requests` MCP using `pr_number`. Extract URLs.
-
- **New package** (`old_version == null`): body must contain a URL
-  pointing at `repo_url`'s `owner/repo` on the same host (any
-  sub-path OK). PyPI is not sufficient.
-  - ✅ if present; otherwise ❌ `PR description must link to the
-    source repository at <repo_url>. A PyPI page link is not
-    sufficient.`
- **Version bump**: body must contain a URL on the same host as
-  `repo_url` that mentions **both** `old_version` and `new_version`
-  (compare URL, changelog, release page).
-  - ✅ if present and versions match; otherwise ❌ `PR description
-    should link to a changelog or compare URL on <repo_url> that
-    mentions both <old_version> and <new_version>.`
-
-### Check kind: `release_pipeline`
-
-Inspect the upstream's publish-to-PyPI CI. Host-specific lookup, same
-rubric:
-
-1. Locate the publish workflow / job (name or filename contains
-   `release`, `publish`, `pypi`, or `deploy`).
-   - GitHub: list `.github/workflows/` via the `repos` MCP, pick the
-     promising file by name, fetch its contents.
-   - GitLab: fetch `.gitlab-ci.yml` from the default ref via
-     `https://gitlab.com/api/v4/projects/{id}/repository/files/.gitlab-ci.yml/raw?ref=HEAD`.
-   - Other hosts: `web-fetch` an obvious CI config
-     (`.circleci/config.yml`, `bitbucket-pipelines.yml`, etc.).
-2. Apply this rubric:
-   - **Trigger**: tag push / `release: published` / protected branch —
-     not solely manual dispatch without an environment guard.
-   - **Credentials**: OIDC (`id-token: write` +
-     `pypa/gh-action-pypi-publish` or equivalent) preferred; static
-     `PYPI_TOKEN` from a CI secret acceptable for a bump.
-   - **No bypass**: no ungated `twine upload` / `pip upload`.
-3. Verdict:
-   - ✅ — OIDC + sane triggers + no bypass.
-   - ⚠️ — static token on a bump, details unclear, or
-     non-GitHub/GitLab host with limited CI visibility.
-   - ❌ — static token on a new package, or manual-only triggers
-     without environment protection.
-
-### Check kind: `async_blocking`
-
-Verify the dependency does not call blocking APIs inside `async def`
-bodies. Home Assistant runs on a single asyncio loop, so blocking
-calls from the async surface stall the whole loop. A purely sync
-library is fine — integrations wrap its calls in an executor.
-
-**Mode** (decided by `old_version`):
- `null` → new package: review the entire current source tree.
- string → version bump: review only the diff between the two tags.
-  Blocking calls already present in `old_version` are not regressions.
-
-**Step 1 — async surface?**
-
-Fetch `pyproject.toml` / `setup.py` / `setup.cfg` / `README*` at the
-tag matching `new_version` (try `v{version}`, `{version}`,
-`release-{version}` — at most three attempts). Use the `repos` MCP for
-github.com, `web-fetch` otherwise.
-
-If sync-only (no `async def` in public modules; no
-asyncio/aiohttp/httpx/anyio in deps; no `Framework :: AsyncIO`
-classifier) → ✅ `Sync-only library; Home Assistant integrations must
-wrap calls in an executor.` (Same verdict for both modes.)
-
-**Step 2 — review the surface**
-
- New package: grep public modules for `async def`, inspect each
-  async body and transitive helpers.
- Bump: fetch the compare diff
-  (`/repos/{owner}/{repo}/compare/{old}...{new}` on GitHub, equivalent
-  on GitLab/other hosts). Only flag patterns on **added** lines that
-  are inside or reachable from `async def`. If no tag format resolves,
-  fall back to a full review and note that the diff was unavailable.
-
-**Blocking patterns to flag inside `async def`:**
-
- Sync HTTP: `requests.`, `urllib.request`, `urllib3.` direct,
-  `http.client.`, sync `httpx.Client(` / `httpx.get(`, `pycurl`.
- `time.sleep(` (use `await asyncio.sleep(`).
- Sync sockets/SSL: bare `socket.socket` I/O, `ssl.wrap_socket`,
-  blocking `select.select`.
- File I/O on the request path: `open(` /
-  `pathlib.Path.read_*` / `.write_*` for non-trivial sizes (small
-  one-shot reads during import are OK).
- Sync DB drivers: `sqlite3`, `psycopg2`, `pymysql`, sync `pymongo` /
-  `redis.Redis`.
- `subprocess.run` / `subprocess.call` / `os.system`.
-
-Calls dispatched to an executor (`run_in_executor`,
-`asyncio.to_thread`, `anyio.to_thread.run_sync`) do **not** count as
-blocking.
-
-**Verdict:**
-
- ✅ — no offending pattern. Bumps: phrase as `No new blocking calls
-  introduced in {old_version} → {new_version}.`.
- ⚠️ — blocking only in sync helpers the async API never calls, or
-  clearly off the hot path (e.g. one-shot pre-loop setup). Cite at
-  least one `<file>:<line>` and say why it's not hot.
- ❌ — blocking call reachable from a public `async def` on the
-  request/polling path (bump: introduced or moved onto the hot path
-  by this version). Cite the offending `<file>:<line>` as a clickable
-  link on the repo host.
-
-### Check kind: `security`
-
-**Baseline** scan of the upstream source for obvious supply-chain red
-flags — a cheap first pass, **not** a security review or malware audit.
-A clean result means "nothing obvious stood out", not "this package is
-safe". The success icon is `☑️` — **never** `✅` — so a passing scan is
-not read as an endorsement.
-
-If `repo_public` resolves to ❌ for the same package, mark `security`'s
-cell and detail as `—` and explain `Skipped because the source
-repository is not publicly accessible.` — the source cannot be fetched.
-
-**Step 1 — Fetch a representative slice**
-
-Locate the source from `package.repo_url`.
-
- GitHub: resolve the default branch (`GET /repos/{owner}/{repo}`), list
-  the tree (`GET /repos/{owner}/{repo}/git/trees/{branch}?recursive=1`),
-  find the module dir (`{name}/` or `src/{name}/`, normalising `-` ↔ `_`).
- GitLab: equivalent REST calls. Other hosts: `web-fetch` raw file URLs.
-
-Fetch the **raw contents** of `setup.py` (install-time code runs on every
-consumer), `pyproject.toml` (`[build-system]` / custom backend), the
-package's `__init__.py`, and co — prioritising `entry_points` targets, plus any name suggesting
-bootstrap / loader / self-update (`update*.py`, `loader*.py`,
-`bootstrap*.py`, `_native.py`, `_post_install*.py`, …).
-
-If the tree is too large for the API budget, inspect at least `setup.py`,
-`pyproject.toml`, and `__init__.py`, then return ⚠️ noting the partial scan.
-
-**Step 2 — Patterns to flag**
-
-Reason from principles, not a fixed checklist: for each file ask *would a
-well-behaved library doing what this package's PyPI description claims
-need to do this?* If "no" or "unclear", record a finding. The categories
-describe the **shape** of concerning behavior; the named APIs, filenames,
-and keys are illustrative — treat any equivalent construct (including ones
-that did not exist when this was written) the same way.
-
-For every finding include the file path, line number, a snippet
-(≤ 120 chars), a permalink
-(`https://github.com/{owner}/{repo}/blob/{sha}/{path}#L{line}` or the
-GitLab equivalent), and one sentence on why it is out of scope.
-
-1. **Reaches into Home Assistant internals.** A library should touch HA
-   only through its documented Python API — never the `config_dir`
-   filesystem or internal auth / session state. Flag code that opens,
-   reads, writes, or resolves paths to artifacts it does not own
-   (top-level YAML it did not create, anything under `.storage/`, other
-   integrations' files) or reads tokens / refresh tokens / auth providers
-   (e.g. `secrets.yaml`, `.storage/auth*`, `hass.auth`). The principle is
-   *out-of-scope access*, not a static list of names.
-2. **Network input flows into an execution sink (download-and-execute).**
-   Flag any data-flow from a network response body (any HTTP / WebSocket /
-   raw-socket client, sync or async) to an execution sink: `exec`, `eval`,
-   `compile`, `marshal.loads`, `pickle.loads`, `types.FunctionType`,
-   `importlib.util.spec_from_loader`, `subprocess.*`, `os.system`, shell
-   pipelines (`curl … | sh`), or a file later imported / executed — plus
-   package-manager calls (`pip install` / `download`) with args resolved
-   from network responses at runtime.
-3. **Build / install-time code is non-deterministic or non-local.**
-   `setup.py`, `setup.cfg` `cmdclass`, custom PEP 517 backends, and other
-   build hooks must only compile and copy files shipped in the sdist. Flag
-   build-stage code that opens a socket, shells out, writes outside the
-   build / install tree, or pulls a build backend not on PyPI (Git URL /
-   local path).
-4. **Reads secrets and combines them with an egress path.** The shape is
-   *secret-source → outbound-channel*. Flag code that reads credential
-   material (token-like env vars, credential files under the user's home,
-   OS keychain APIs, browser-profile dirs, HA token stores) **and** in the
-   same path sends it to a destination the package needn't talk to.
-   Reading or sending alone is not enough — the *combination* is the signal.
-5. **Hides what it does.** Flag opaque data flowing into an execution
-   sink: large encoded / compressed / hex strings (`base64`, `codecs`,
-   `zlib`, `lzma`, `bytes.fromhex`, or any equivalent) passed to `exec` /
-   `eval` / `compile` / `__import__`; identifiers assembled at runtime
-   then imported; or any construct whose evident purpose is to make the
-   behavior unreadable.
-6. **Hard-coded network destination off-purpose.** Flag outbound URLs or
-   hosts absent from the package's PyPI `project_urls` with no obvious
-   connection to its function — short-link / paste services, ephemeral
-   tunnels, raw IPs, non-default ports against unknown hosts — and any
-   network call at module top-level / `__init__.py` (runs on import for
-   every consumer).
-
-A clearly out-of-scope behavior that fits none of the above: flag under
-the closest category and explain. The categories guide reasoning, not bound it.
-
-**Verdict**
-
-Aggregate the findings into one of:
-
- `☑️ Baseline scan found nothing obvious in <list of inspected files>.
-  This is not a security review — only the cheap checks were run.`
-  Use `☑️` (**not** `✅`) so a passing scan is not read as an endorsement.
- `⚠️ <one-line summary>` — patterns with plausible legitimate uses;
-  include path / line / snippet / permalink per match for the reviewer.
- `❌ <one-line summary>` — patterns with no legitimate explanation
-  (install-time network execution, decode-and-exec of opaque blobs, reads
-  of `secrets.yaml` / `.storage/auth*`, token exfiltration to an external
-  host); same detail.
-
-Be precise. False positives are expected — when in doubt prefer `⚠️` with
-context over `❌`. This check is informational and never blocks the
-workflow on its own; a human reviewer decides whether to merge.
-
-## Notes
-
- Be constructive; reference the inspected file by URL when useful.
- Comment dedup is handled by gh-aw's `add_comment` safe-output via
-  the `<!-- requirements-check -->` marker.
- If `/tmp/gh-aw/deterministic/results.json` is missing (upstream
-  cancelled/failed), emit nothing — the post-step verification is
-  gated and won't complain.
@@ -38,8 +38,9 @@ on:

 env:
  CACHE_VERSION: 3
+  UV_CACHE_VERSION: 1
  MYPY_CACHE_VERSION: 1
-  HA_SHORT_VERSION: "2026.7"
+  HA_SHORT_VERSION: "2026.5"
  ADDITIONAL_PYTHON_VERSIONS: "[]"
  # 10.3 is the oldest supported version
  # - 10.3.32 is the version currently shipped with Synology (as of 17 Feb 2022)
@@ -60,7 +61,9 @@ env:
  # - 15.2 is the latest (as of 9 Feb 2023)
  POSTGRESQL_VERSIONS: "['postgres:12.14','postgres:15.2']"
  UV_CACHE_DIR: /tmp/uv-cache
-  APT_CACHE_VERSION: 1
+  APT_CACHE_BASE: /home/runner/work/apt
+  APT_CACHE_DIR: /home/runner/work/apt/cache
+  APT_LIST_CACHE_DIR: /home/runner/work/apt/lists
  SQLALCHEMY_WARN_20: 1
  PYTHONASYNCIODEBUG: 1
  HASS_CI: 1
@@ -84,6 +87,7 @@ jobs:
      core: ${{ steps.core.outputs.changes }}
      integrations_glob: ${{ steps.info.outputs.integrations_glob }}
      integrations: ${{ steps.integrations.outputs.changes }}
+      apt_cache_key: ${{ steps.generate_apt_cache_key.outputs.key }}
      python_cache_key: ${{ steps.generate_python_cache_key.outputs.key }}
      requirements: ${{ steps.core.outputs.requirements }}
      mariadb_groups: ${{ steps.info.outputs.mariadb_groups }}
@@ -98,7 +102,7 @@ jobs:
      skip_coverage: ${{ steps.info.outputs.skip_coverage }}
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Generate partial Python venv restore key
@@ -113,6 +117,10 @@ jobs:
          # Include HA_SHORT_VERSION to force the immediate creation
          # of a new uv cache entry after a version bump.
          echo "key=venv-${CACHE_VERSION}-${HA_SHORT_VERSION}-${HASH_REQUIREMENTS_TEST}-${HASH_REQUIREMENTS}-${HASH_REQUIREMENTS_ALL}-${HASH_PACKAGE_CONSTRAINTS}-${HASH_GEN_REQUIREMENTS}" >> $GITHUB_OUTPUT
+      - name: Generate partial apt restore key
+        id: generate_apt_cache_key
+        run: |
+          echo "key=$(lsb_release -rs)-apt-${CACHE_VERSION}-${HA_SHORT_VERSION}" >> $GITHUB_OUTPUT
      - name: Filter for core changes
        uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
        id: core
@@ -264,7 +272,7 @@ jobs:
      && github.event.inputs.audit-licenses-only != 'true'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Register problem matchers
@@ -274,7 +282,7 @@ jobs:
          echo "::add-matcher::.github/workflows/matchers/check-executables-have-shebangs.json"
          echo "::add-matcher::.github/workflows/matchers/codespell.json"
      - name: Run prek
-        uses: j178/prek-action@bdca6f102f98e2b4c7029491a53dfd366469e33d # v2.0.4
+        uses: j178/prek-action@cbc2f23eb5539cf20d82d1aabd0d0ecbcc56f4e3 # v2.0.2
        env:
          PREK_SKIP: no-commit-to-branch,mypy,pylint,gen_requirements_all,hassfest,hassfest-metadata,hassfest-mypy-config,zizmor
          RUFF_OUTPUT_FORMAT: github
@@ -291,11 +299,11 @@ jobs:
      && github.event.inputs.audit-licenses-only != 'true'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Run zizmor
-        uses: j178/prek-action@bdca6f102f98e2b4c7029491a53dfd366469e33d # v2.0.4
+        uses: j178/prek-action@cbc2f23eb5539cf20d82d1aabd0d0ecbcc56f4e3 # v2.0.2
        with:
          extra-args: --all-files zizmor

@@ -318,7 +326,7 @@ jobs:
          - script/hassfest/docker/Dockerfile
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Register hadolint problem matcher
@@ -341,7 +349,7 @@ jobs:
        python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up Python ${{ matrix.python-version }}
@@ -350,6 +358,12 @@ jobs:
        with:
          python-version: ${{ matrix.python-version }}
          check-latest: true
+      - name: Generate partial uv restore key
+        id: generate-uv-key
+        run: |
+          uv_version=$(cat requirements.txt | grep uv | cut -d '=' -f 3)
+          echo "version=${uv_version}" >> $GITHUB_OUTPUT
+          echo "key=uv-${UV_CACHE_VERSION}-${uv_version}-${HA_SHORT_VERSION}-$(date -u '+%Y-%m-%dT%H:%M:%s')" >> $GITHUB_OUTPUT
      - name: Restore base Python virtual environment
        id: cache-venv
        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -358,55 +372,78 @@ jobs:
          key: >-
            ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-${{
            needs.info.outputs.python_cache_key }}
-      - name: Generate partial uv restore key
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        id: generate-uv-key
-        env:
-          RUNNER_OS: ${{ runner.os }}
-          RUNNER_ARCH: ${{ runner.arch }}
-          PYTHON_VERSION: ${{ steps.python.outputs.python-version }}
-          HASH_FILES: ${{ hashFiles('requirements.txt', 'requirements_all.txt', 'requirements_test.txt', 'homeassistant/package_constraints.txt') }}
-        run: |
-          partial_key="${RUNNER_OS}-${RUNNER_ARCH}-${PYTHON_VERSION}-uv-"
-          echo "partial_key=${partial_key}" >> $GITHUB_OUTPUT
-          echo "full_key=${partial_key}${HASH_FILES}" >> $GITHUB_OUTPUT
      - name: Restore uv wheel cache
        if: steps.cache-venv.outputs.cache-hit != 'true'
+        id: cache-uv
        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: ${{ env.UV_CACHE_DIR }}
-          key: ${{ steps.generate-uv-key.outputs.full_key }}
-          restore-keys: ${{ steps.generate-uv-key.outputs.partial_key }}
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-${{
+            steps.generate-uv-key.outputs.key }}
+          restore-keys: |
+            ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-uv-${{
+            env.UV_CACHE_VERSION }}-${{ steps.generate-uv-key.outputs.version }}-${{
+            env.HA_SHORT_VERSION }}-
+      - name: Check if apt cache exists
+        id: cache-apt-check
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        with:
+          lookup-only: ${{ steps.cache-venv.outputs.cache-hit == 'true' }}
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Install additional OS dependencies
-        if: steps.cache-venv.outputs.cache-hit != 'true'
+        if: |
+          steps.cache-venv.outputs.cache-hit != 'true'
+          || steps.cache-apt-check.outputs.cache-hit != 'true'
+        id: install-os-deps
        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-            libxml2-utils
-            libavcodec-dev
-            libavdevice-dev
-            libavfilter-dev
-            libavformat-dev
-            libavutil-dev
-            libswresample-dev
-            libswscale-dev
-            libudev-dev
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
-      - name: Read uv version from requirements.txt
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        id: read-uv-version
+        env:
+          APT_CACHE_HIT: ${{ steps.cache-apt-check.outputs.cache-hit }}
        run: |
-          echo "version=$(grep '^uv==' requirements.txt | cut -d'=' -f3)" >> "$GITHUB_OUTPUT"
-      - name: Set up uv
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          if [[ "${APT_CACHE_HIT}" != 'true' ]]; then
+            mkdir -p ${APT_CACHE_DIR}
+            mkdir -p ${APT_LIST_CACHE_DIR}
+          fi
+
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
+            libxml2-utils \
+            libavcodec-dev \
+            libavdevice-dev \
+            libavfilter-dev \
+            libavformat-dev \
+            libavutil-dev \
+            libswresample-dev \
+            libswscale-dev \
+            libudev-dev
+
+          if [[ "${APT_CACHE_HIT}" != 'true' ]]; then
+            sudo chmod -R 755 ${APT_CACHE_BASE}
+          fi
+      - name: Save apt cache
+        if: |
+          always()
+          && steps.cache-apt-check.outputs.cache-hit != 'true'
+          && steps.install-os-deps.outcome == 'success'
+        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
-          version: ${{ steps.read-uv-version.outputs.version }}
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Create Python virtual environment
        if: steps.cache-venv.outputs.cache-hit != 'true'
        id: create-venv
@@ -414,8 +451,11 @@ jobs:
          python -m venv venv
          . venv/bin/activate
          python --version
+          pip install "$(grep '^uv' < requirements.txt)"
+          uv pip install -U "pip>=25.2"
          uv pip install -r requirements.txt
-          uv pip install -r requirements_all.txt -r requirements_test.txt
+          python -m script.gen_requirements_all ci
+          uv pip install -r requirements_all_pytest.txt -r requirements_test.txt
          uv pip install -e . --config-settings editable_mode=compat
      - name: Dump pip freeze
        run: |
@@ -431,21 +471,24 @@ jobs:
          overwrite: true
      - name: Remove pip_freeze
        run: rm pip_freeze.txt
+      - name: Remove generated requirements_all
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: rm requirements_all_pytest.txt requirements_all_wheels_*.txt
      - name: Check dirty
        run: |
          ./script/check_dirty
-      - name: Prune uv cache
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        id: prune-uv-cache
-        run: |
-          . venv/bin/activate
-          uv cache prune --ci
      - name: Save uv wheel cache
-        if: steps.cache-venv.outputs.cache-hit != 'true'
+        if: |
+          (success() && steps.cache-venv.outputs.cache-hit != 'true')
+          || (always()
+            && steps.create-venv.outcome == 'success'
+            && steps.cache-uv.outputs.cache-matched-key == '')
        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: ${{ env.UV_CACHE_DIR }}
-          key: ${{ steps.generate-uv-key.outputs.full_key }}
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ steps.python.outputs.python-version }}-${{
+            steps.generate-uv-key.outputs.key }}
      - name: Save base Python virtual environment
        if: always() && steps.create-venv.outcome == 'success'
        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
@@ -468,16 +511,30 @@ jobs:
      && github.event.inputs.mypy-only != 'true'
      && github.event.inputs.audit-licenses-only != 'true'
    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
-          persist-credentials: false
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Install additional OS dependencies
        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            libturbojpeg
+      - name: Check out code from GitHub
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
-          packages: libturbojpeg
-          version: ${{ env.APT_CACHE_VERSION }}
+          persist-credentials: false
      - name: Set up Python
        id: python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -512,7 +569,7 @@ jobs:
      && github.event.inputs.audit-licenses-only != 'true'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up Python
@@ -548,7 +605,7 @@ jobs:
      && github.event.inputs.audit-licenses-only != 'true'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up Python
@@ -576,11 +633,11 @@ jobs:
      && github.event_name == 'pull_request'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Dependency review
-        uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
+        uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0
        with:
          license-check: false # We use our own license audit checks

@@ -603,7 +660,7 @@ jobs:
        python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up Python ${{ matrix.python-version }}
@@ -654,7 +711,7 @@ jobs:
      || github.event.inputs.pylint-only == 'true'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up Python
@@ -707,7 +764,7 @@ jobs:
      && (needs.info.outputs.tests_glob || needs.info.outputs.test_full_suite == 'true')
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up Python
@@ -758,7 +815,7 @@ jobs:
      || github.event.inputs.mypy-only == 'true'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Set up Python
@@ -801,7 +858,7 @@ jobs:
        run: |
          . venv/bin/activate
          python --version
-          mypy --num-workers=4 homeassistant pylint
+          mypy homeassistant pylint
      - name: Run mypy (partially)
        if: needs.info.outputs.test_full_suite == 'false'
        shell: bash
@@ -810,7 +867,7 @@ jobs:
        run: |
          . venv/bin/activate
          python --version
-          mypy --num-workers=4 $(printf "homeassistant/components/%s " ${INTEGRATIONS_GLOB})
+          mypy $(printf "homeassistant/components/%s " ${INTEGRATIONS_GLOB})

  prepare-pytest-full:
    name: Split tests for full run
@@ -824,20 +881,32 @@ jobs:
      - info
      - base
    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
-          persist-credentials: false
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Install additional OS dependencies
        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
            libturbojpeg
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
+      - name: Check out code from GitHub
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Set up Python
        id: python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -888,21 +957,33 @@ jobs:
        python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
        group: ${{ fromJson(needs.info.outputs.test_groups) }}
    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
-          persist-credentials: false
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Install additional OS dependencies
        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
+      - name: Check out code from GitHub
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Set up Python ${{ matrix.python-version }}
        id: python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -1012,7 +1093,6 @@ jobs:
        options: >-
          --health-cmd="if command -v mariadb-admin >/dev/null; then mariadb-admin ping -uroot -ppassword; else mysqladmin ping -uroot -ppassword; fi"
          --health-interval=5s --health-timeout=2s --health-retries=3
-          --tmpfs /var/lib/mysql:size=2g,mode=0750
    needs:
      - info
      - base
@@ -1029,22 +1109,34 @@ jobs:
        python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
        mariadb-group: ${{ fromJson(needs.info.outputs.mariadb_groups) }}
    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
-          persist-credentials: false
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Install additional OS dependencies
        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
-            libmariadb-dev-compat
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
+            libmariadb-dev-compat \
            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
+      - name: Check out code from GitHub
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Set up Python ${{ matrix.python-version }}
        id: python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -1158,10 +1250,7 @@ jobs:
          - 5432:5432
        env:
          POSTGRES_PASSWORD: password
-        options: >-
-          --health-cmd="pg_isready -hlocalhost -Upostgres"
-          --health-interval=5s --health-timeout=2s --health-retries=3
-          --tmpfs /var/lib/postgresql/data:size=2g,mode=0700
+        options: --health-cmd="pg_isready -hlocalhost -Upostgres" --health-interval=5s --health-timeout=2s --health-retries=3
    needs:
      - info
      - base
@@ -1178,29 +1267,36 @@ jobs:
        python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
        postgresql-group: ${{ fromJson(needs.info.outputs.postgresql_groups) }}
    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
-          persist-credentials: false
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Install additional OS dependencies
        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
-      - name: Set up PostgreSQL apt repository
-        run: sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y
-      - name: Cache PostgreSQL development headers
-        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
+          sudo /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y
+          sudo apt-get -y install \
+            postgresql-server-dev-14
+      - name: Check out code from GitHub
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
-          packages: postgresql-server-dev-14
-          version: ${{ env.APT_CACHE_VERSION }}
+          persist-credentials: false
      - name: Set up Python ${{ matrix.python-version }}
        id: python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -1317,7 +1413,7 @@ jobs:
    if: needs.info.outputs.skip_coverage != 'true'
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Download all coverage artifacts
@@ -1326,7 +1422,7 @@ jobs:
          pattern: coverage-*
      - name: Upload coverage to Codecov
        if: needs.info.outputs.test_full_suite == 'true'
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          fail_ci_if_error: true
          flags: full-suite
@@ -1354,21 +1450,33 @@ jobs:
        python-version: ${{ fromJson(needs.info.outputs.python_versions) }}
        group: ${{ fromJson(needs.info.outputs.test_groups) }}
    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - name: Restore apt cache
+        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
-          persist-credentials: false
+          path: |
+            ${{ env.APT_CACHE_DIR }}
+            ${{ env.APT_LIST_CACHE_DIR }}
+          fail-on-cache-miss: true
+          key: >-
+            ${{ runner.os }}-${{ runner.arch }}-${{ needs.info.outputs.apt_cache_key }}
      - name: Install additional OS dependencies
        timeout-minutes: 10
-        uses: ./.github/actions/cache-apt-packages
-        with:
-          packages: >-
-            bluez
-            ffmpeg
-            libturbojpeg
+        run: |
+          sudo rm /etc/apt/sources.list.d/microsoft-prod.list
+          sudo apt-get update \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR}
+          sudo apt-get -y install \
+            -o Dir::Cache=${APT_CACHE_DIR} \
+            -o Dir::State::Lists=${APT_LIST_CACHE_DIR} \
+            bluez \
+            ffmpeg \
+            libturbojpeg \
            libxml2-utils
-          version: ${{ env.APT_CACHE_VERSION }}
-          execute_install_scripts: true
+      - name: Check out code from GitHub
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Set up Python ${{ matrix.python-version }}
        id: python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
@@ -1476,7 +1584,7 @@ jobs:
      - pytest-partial
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - name: Download all coverage artifacts
@@ -1485,7 +1593,7 @@ jobs:
          pattern: coverage-*
      - name: Upload coverage to Codecov
        if: needs.info.outputs.test_full_suite == 'false'
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          fail_ci_if_error: true
          token: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env]
@@ -1513,7 +1621,7 @@ jobs:
        with:
          pattern: test-results-*
      - name: Upload test results to Codecov
-        uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          report_type: test_results
          fail_ci_if_error: true
@@ -23,16 +23,16 @@ jobs:

    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

      - name: Initialize CodeQL
-        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          languages: python

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          category: "/language:python"
@@ -236,7 +236,7 @@ jobs:
      - name: Detect duplicates using AI
        id: ai_detection
        if: steps.extract.outputs.should_continue == 'true' && steps.fetch_similar.outputs.has_similar == 'true'
-        uses: actions/ai-inference@a7805884c80886efc241e94a5351df715968a0ad # v2.1.1
+        uses: actions/ai-inference@e09e65981758de8b2fdab13c2bfb7c7d5493b0b6 # v2.0.7
        with:
          model: openai/gpt-4o
          system-prompt: |
@@ -62,7 +62,7 @@ jobs:
      - name: Detect language using AI
        id: ai_language_detection
        if: steps.detect_language.outputs.should_continue == 'true'
-        uses: actions/ai-inference@a7805884c80886efc241e94a5351df715968a0ad # v2.1.1
+        uses: actions/ai-inference@e09e65981758de8b2fdab13c2bfb7c7d5493b0b6 # v2.0.7
        with:
          model: openai/gpt-4o-mini
          system-prompt: |
@@ -20,7 +20,7 @@ jobs:
      issues: write # To lock issues
      pull-requests: write # To lock pull requests
    steps:
-      - uses: dessant/lock-threads@89ae32b08ed1a541efecbab17912962a5e38981c # v6.0.2
+      - uses: dessant/lock-threads@7266a7ce5c1df01b1c6db85bf8cd86c737dadbe7 # v6.0.0
        with:
          github-token: ${{ github.token }}
          issue-inactive-days: "30"
@@ -20,36 +20,22 @@ jobs:
    permissions:
      issues: write # To label and close stale issues
      pull-requests: write # To label and close stale PRs
-      actions: write # To delete stalebot state
    steps:
-      # Generate a token for the GitHub App, we use this method to avoid
-      # hitting API limits for our GitHub actions + have a higher rate limit.
-      - name: Generate app token
-        id: token
-        # Pinned to a specific version of the action for security reasons
-        # v3.2.0
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1
-        with:
-          client-id: ${{ secrets.ISSUE_TRIAGE_APP_ID }} # zizmor: ignore[secrets-outside-env]
-          private-key: ${{ secrets.ISSUE_TRIAGE_APP_PEM }} # zizmor: ignore[secrets-outside-env]
-
      # The 60 day stale policy for PRs
      # Used for:
      # - PRs
      # - No PRs marked as no-stale
-      # The 90 day stale policy for issues
-      # Used for:
-      # - Issues
-      # - No issues marked as no-stale or help-wanted
-      - name: 60 days stale PRs policy and 90 days stale issue policy
-        uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
+      # - No issues (-1)
+      - name: 60 days stale PRs policy
+        uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
        with:
-          repo-token: ${{ steps.token.outputs.token }}
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 60
+          days-before-close: 7
+          days-before-issue-stale: -1
+          days-before-issue-close: -1
+          operations-per-run: 150
          remove-stale-when-updated: true
-          operations-per-run: 350
-          # pr policy
-          days-before-pr-stale: 60
-          days-before-pr-close: 7
          stale-pr-label: "stale"
          exempt-pr-labels: "no-stale"
          stale-pr-message: >
@@ -62,9 +48,65 @@ jobs:
            branch to ensure that it's up to date with the latest changes.

            Thank you for your contribution!
-          # issue policy
-          days-before-issue-stale: 90
-          days-before-issue-close: 7
+
+      # Generate a token for the GitHub App, we use this method to avoid
+      # hitting API limits for our GitHub actions + have a higher rate limit.
+      # This is only used for issues.
+      - name: Generate app token
+        id: token
+        # Pinned to a specific version of the action for security reasons
+        # v1.7.0
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
+        with:
+          app_id: ${{ secrets.ISSUE_TRIAGE_APP_ID }} # zizmor: ignore[secrets-outside-env]
+          private_key: ${{ secrets.ISSUE_TRIAGE_APP_PEM }} # zizmor: ignore[secrets-outside-env]
+
+      # The 90 day stale policy for issues
+      # Used for:
+      # - Issues
+      # - No issues marked as no-stale or help-wanted
+      # - No PRs (-1)
+      - name: 90 days stale issues
+        uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+        with:
+          repo-token: ${{ steps.token.outputs.token }}
+          days-before-stale: 90
+          days-before-close: 7
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          operations-per-run: 250
+          remove-stale-when-updated: true
+          stale-issue-label: "stale"
+          exempt-issue-labels: "no-stale,help-wanted,needs-more-information"
+          stale-issue-message: >
+            There hasn't been any activity on this issue recently. Due to the
+            high number of incoming GitHub notifications, we have to clean some
+            of the old issues, as many of them have already been resolved with
+            the latest updates.
+
+            Please make sure to update to the latest Home Assistant version and
+            check if that solves the issue. Let us know if that works for you by
+            adding a comment 👍
+
+            This issue has now been marked as stale and will be closed if no
+            further activity occurs. Thank you for your contributions.
+
+      # The 30 day stale policy for issues
+      # Used for:
+      # - Issues that are pending more information (incomplete issues)
+      # - No Issues marked as no-stale or help-wanted
+      # - No PRs (-1)
+      - name: Needs more information stale issues policy
+        uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+        with:
+          repo-token: ${{ steps.token.outputs.token }}
+          only-labels: "needs-more-information"
+          days-before-stale: 14
+          days-before-close: 7
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          operations-per-run: 250
+          remove-stale-when-updated: true
          stale-issue-label: "stale"
          exempt-issue-labels: "no-stale,help-wanted"
          stale-issue-message: >
@@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -29,7 +29,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -116,7 +116,7 @@ jobs:
            os: ubuntu-24.04-arm
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -137,7 +137,7 @@ jobs:
          sed -i "/uv/d" requirements_diff.txt

      - name: Build wheels
-        uses: home-assistant/wheels@34957438948e0b3dcde73c77750643dadae594f5 # 2026.06.0
+        uses: home-assistant/wheels@e5742a69d69f0e274e2689c998900c7d19652c21 # 2025.12.0
        with:
          abi: ${{ matrix.abi }}
          tag: musllinux_1_2
@@ -167,7 +167,7 @@ jobs:
            os: ubuntu-24.04-arm
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false

@@ -195,7 +195,7 @@ jobs:
          sed -i "/uv/d" requirements_diff.txt

      - name: Build wheels
-        uses: home-assistant/wheels@34957438948e0b3dcde73c77750643dadae594f5 # 2026.06.0
+        uses: home-assistant/wheels@e5742a69d69f0e274e2689c998900c7d19652c21 # 2025.12.0
        with:
          abi: ${{ matrix.abi }}
          tag: musllinux_1_2
@@ -1,6 +1,6 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.15.16
+    rev: v0.15.12
    hooks:
      - id: ruff-check
        args:
@@ -23,7 +23,6 @@ repos:
      - id: zizmor
        args:
          - --pedantic
-        exclude: ^\.github/workflows/.*\.lock\.yml$
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v6.0.0
    hooks:
@@ -47,7 +46,6 @@ repos:
        additional_dependencies:
          - prettier@3.6.2
          - prettier-plugin-sort-json@4.2.0
-        exclude: ^\.github/workflows/.*\.lock\.yml$
  - repo: https://github.com/cdce8p/python-typing-update
    rev: v0.6.0
    hooks:
@@ -1 +1 @@
-3.14.5
+3.14.2
@@ -96,7 +96,6 @@ homeassistant.components.aprs.*
 homeassistant.components.apsystems.*
 homeassistant.components.aqualogic.*
 homeassistant.components.aquostv.*
-homeassistant.components.aqvify.*
 homeassistant.components.aranet.*
 homeassistant.components.arcam_fmj.*
 homeassistant.components.arris_tg2492lg.*
@@ -140,7 +139,6 @@ homeassistant.components.cambridge_audio.*
 homeassistant.components.camera.*
 homeassistant.components.canary.*
 homeassistant.components.casper_glow.*
-homeassistant.components.centriconnect.*
 homeassistant.components.cert_expiry.*
 homeassistant.components.clickatell.*
 homeassistant.components.clicksend.*
@@ -157,7 +155,6 @@ homeassistant.components.counter.*
 homeassistant.components.cover.*
 homeassistant.components.cpuspeed.*
 homeassistant.components.crownstone.*
-homeassistant.components.data_grand_lyon.*
 homeassistant.components.date.*
 homeassistant.components.datetime.*
 homeassistant.components.deako.*
@@ -251,7 +248,6 @@ homeassistant.components.gpsd.*
 homeassistant.components.greeneye_monitor.*
 homeassistant.components.group.*
 homeassistant.components.guardian.*
-homeassistant.components.guntamatic.*
 homeassistant.components.habitica.*
 homeassistant.components.hardkernel.*
 homeassistant.components.hardware.*
@@ -287,7 +283,6 @@ homeassistant.components.huawei_lte.*
 homeassistant.components.humidifier.*
 homeassistant.components.husqvarna_automower.*
 homeassistant.components.huum.*
-homeassistant.components.hvv_departures.*
 homeassistant.components.hydrawise.*
 homeassistant.components.hyperion.*
 homeassistant.components.hypontech.*
@@ -300,7 +295,6 @@ homeassistant.components.imap.*
 homeassistant.components.imgw_pib.*
 homeassistant.components.immich.*
 homeassistant.components.incomfort.*
-homeassistant.components.indevolt.*
 homeassistant.components.inels.*
 homeassistant.components.infrared.*
 homeassistant.components.input_button.*
@@ -339,7 +333,6 @@ homeassistant.components.led_ble.*
 homeassistant.components.lektrico.*
 homeassistant.components.letpot.*
 homeassistant.components.lg_infrared.*
-homeassistant.components.lg_tv_rs232.*
 homeassistant.components.libre_hardware_monitor.*
 homeassistant.components.lidarr.*
 homeassistant.components.liebherr.*
@@ -361,7 +354,6 @@ homeassistant.components.lunatone.*
 homeassistant.components.lutron.*
 homeassistant.components.madvr.*
 homeassistant.components.manual.*
-homeassistant.components.marantz_infrared.*
 homeassistant.components.mastodon.*
 homeassistant.components.matrix.*
 homeassistant.components.matter.*
@@ -428,12 +420,9 @@ homeassistant.components.opower.*
 homeassistant.components.oralb.*
 homeassistant.components.otbr.*
 homeassistant.components.otp.*
-homeassistant.components.ouman_eh_800.*
 homeassistant.components.overkiz.*
 homeassistant.components.overseerr.*
-homeassistant.components.ovhcloud_ai_endpoints.*
 homeassistant.components.p1_monitor.*
-homeassistant.components.paj_gps.*
 homeassistant.components.panel_custom.*
 homeassistant.components.paperless_ngx.*
 homeassistant.components.peblar.*
@@ -453,7 +442,6 @@ homeassistant.components.private_ble_device.*
 homeassistant.components.prometheus.*
 homeassistant.components.proximity.*
 homeassistant.components.prusalink.*
-homeassistant.components.ptdevices.*
 homeassistant.components.pure_energie.*
 homeassistant.components.purpleair.*
 homeassistant.components.pushbullet.*
@@ -496,7 +484,6 @@ homeassistant.components.rss_feed_template.*
 homeassistant.components.russound_rio.*
 homeassistant.components.ruuvi_gateway.*
 homeassistant.components.ruuvitag_ble.*
-homeassistant.components.samsung_infrared.*
 homeassistant.components.samsungtv.*
 homeassistant.components.saunum.*
 homeassistant.components.scene.*
@@ -569,7 +556,6 @@ homeassistant.components.technove.*
 homeassistant.components.tedee.*
 homeassistant.components.telegram_bot.*
 homeassistant.components.teleinfo.*
-homeassistant.components.teltonika.*
 homeassistant.components.teslemetry.*
 homeassistant.components.text.*
 homeassistant.components.thethingsnetwork.*
@@ -614,7 +600,6 @@ homeassistant.components.valve.*
 homeassistant.components.velbus.*
 homeassistant.components.velux.*
 homeassistant.components.victron_gx.*
-homeassistant.components.vistapool.*
 homeassistant.components.vivotek.*
 homeassistant.components.vlc_telnet.*
 homeassistant.components.vodafone_station.*
@@ -132,7 +132,7 @@
      "problemMatcher": []
    },
    {
-      "label": "Install all production Requirements",
+      "label": "Install all Requirements",
      "type": "shell",
      "command": "uv pip install -r requirements_all.txt",
      "group": {
@@ -146,9 +146,9 @@
      "problemMatcher": []
    },
    {
-      "label": "Install all (test & production) Requirements",
+      "label": "Install all Test Requirements",
      "type": "shell",
-      "command": "uv pip install -r requirements_all.txt -r requirements_test.txt",
+      "command": "uv pip install -r requirements.txt -r requirements_test_all.txt",
      "group": {
        "kind": "build",
        "isDefault": true
@@ -1,6 +1,5 @@
 ignore: |
  tests/fixtures/core/config/yaml_errors/
-  .github/workflows/*.lock.yml
 rules:
  braces:
    level: error
@@ -6,38 +6,22 @@ This repository contains the core of Home Assistant, a Python 3 based home autom

 - **Do NOT amend, squash, or rebase commits that have already been pushed to the PR branch after the PR is opened** - Reviewers need to follow the commit history, as well as see what changed since their last review

-## Pull Requests
-
- When opening a pull request, use the repository's PR template (`.github/PULL_REQUEST_TEMPLATE.md`). NEVER REMOVE ANYTHING from the template.
- Do not remove checkboxes that are not checked — leave all unchecked checkboxes in place so reviewers can see which options were not selected.
-
 ## Development Commands

- When entering a new environment or worktree, run `script/setup` to set up the virtual environment with all development dependencies (pylint, pre-commit hooks, etc.). This is required before committing.
- .vscode/tasks.json contains useful commands used for development.
- After finishing a code session, run `uv run prek run --all-files` to check for linting and formatting issues.
+.vscode/tasks.json contains useful commands used for development.

 ## Python Syntax Notes

- Home Assistant officially supports Python 3.14 as its minimum version. Do not flag syntax or features that require Python 3.14 as issues, and do not suggest workarounds for older Python versions.
- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses. Never flag this as an issue.
- Python 3.14 evaluates annotations lazily (PEP 649). Forward references in annotations do not need to be quoted — annotations can reference names defined later in the module without quoting them or using `from __future__ import annotations`. Do not flag unquoted forward references in annotations as issues.
+- Python 3.14 explicitly allows `except TypeA, TypeB:` without parentheses. Never flag this as an issue since Home Assistant officially supports Python 3.14.

 ## Testing

- Use `uv run pytest` to run tests
- After modifying `strings.json` for an integration, regenerate the English translation file before running tests: `.venv/bin/python3 -m script.translations develop --integration <integration_name>`. Tests load translations from the generated `translations/en.json`, not directly from `strings.json`.
- When writing or modifying tests, ensure all test function parameters have type annotations.
- Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.
- Prefer `@pytest.mark.usefixtures` over arguments, if the argument is not going to be used.
- Avoid using conditions/branching in tests. Instead, either split tests or adjust the test parametrization to cover all cases without branching.
- If multiple tests share most of their code, use `pytest.mark.parametrize` to merge them into a single parameterized test instead of duplicating the body. Use `pytest.param` with an `id` parameter to name the test cases clearly.
- We use Syrupy for snapshot testing. Leverage `.ambr` snapshots instead of repetitive and exhaustive generation of test data within Python code itself.
- Hardcoded `entity_id`s in tests are fine. If the same one is repeated, use a constant.
+When writing or modifying tests, ensure all test function parameters have type annotations.
+Prefer concrete types (for example, `HomeAssistant`, `MockConfigEntry`, etc.) over `Any`.

 ## Good practices

- Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
- When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
- When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.
- Do not add comments that just restate the code on the following line(s) (e.g. `# Check if initialized` above `if self.initialized:`). Comments should only explain why — non-obvious constraints, surprising behavior, or workarounds — never what.
+Integrations with Platinum or Gold level in the Integration Quality Scale reflect a high standard of code quality and maintainability. When looking for examples of something, these are good places to start. The level is indicated in the manifest.json of the integration.
+
+When reviewing entity actions, do not suggest extra defensive checks for input fields that are already validated by Home Assistant's service/action schemas and entity selection filters. Suggest additional guards only when data bypasses those validators or is transformed into a less-safe form.
+When validation guarantees a dict key exists, prefer direct key access (`data["key"]`) instead of `.get("key")` so contract violations are surfaced instead of silently masked.
@@ -68,8 +68,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/agent_dvr/ @ispysoftware
 /homeassistant/components/ai_task/ @home-assistant/core
 /tests/components/ai_task/ @home-assistant/core
-/homeassistant/components/aidot/ @s1eedz @HongBryan
-/tests/components/aidot/ @s1eedz @HongBryan
 /homeassistant/components/air_quality/ @home-assistant/core
 /tests/components/air_quality/ @home-assistant/core
 /homeassistant/components/airgradient/ @airgradienthq @joostlek
@@ -162,8 +160,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/apsystems/ @mawoka-myblock @SonnenladenGmbH
 /homeassistant/components/aquacell/ @Jordi1990
 /tests/components/aquacell/ @Jordi1990
-/homeassistant/components/aqvify/ @astrandb
-/tests/components/aqvify/ @astrandb
 /homeassistant/components/aranet/ @aschmitz @thecode @anrijs
 /tests/components/aranet/ @aschmitz @thecode @anrijs
 /homeassistant/components/arcam_fmj/ @elupus
@@ -200,7 +196,6 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/autoskope/ @mcisk
 /tests/components/autoskope/ @mcisk
 /homeassistant/components/avea/ @pattyland
-/tests/components/avea/ @pattyland
 /homeassistant/components/awair/ @ahayworth @ricohageman
 /tests/components/awair/ @ahayworth @ricohageman
 /homeassistant/components/aws_s3/ @tomasbedrich
@@ -238,8 +233,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/blebox/ @bbx-a @swistakm @bkobus-bbx
 /homeassistant/components/blink/ @fronzbot
 /tests/components/blink/ @fronzbot
-/homeassistant/components/blue_current/ @gleeuwen @jtodorova23
-/tests/components/blue_current/ @gleeuwen @jtodorova23
+/homeassistant/components/blue_current/ @gleeuwen @NickKoepr @jtodorova23
+/tests/components/blue_current/ @gleeuwen @NickKoepr @jtodorova23
 /homeassistant/components/bluemaestro/ @bdraco
 /tests/components/bluemaestro/ @bdraco
 /homeassistant/components/blueprint/ @home-assistant/core
@@ -293,16 +288,12 @@ CLAUDE.md @home-assistant/core
 /tests/components/cast/ @emontnemery
 /homeassistant/components/ccm15/ @ocalvo
 /tests/components/ccm15/ @ocalvo
-/homeassistant/components/centriconnect/ @gresrun
-/tests/components/centriconnect/ @gresrun
 /homeassistant/components/cert_expiry/ @jjlawren
 /tests/components/cert_expiry/ @jjlawren
 /homeassistant/components/chacon_dio/ @cnico
 /tests/components/chacon_dio/ @cnico
 /homeassistant/components/chess_com/ @joostlek
 /tests/components/chess_com/ @joostlek
-/homeassistant/components/cielo_home/ @ihsan-cielo @mudasar-cielo
-/tests/components/cielo_home/ @ihsan-cielo @mudasar-cielo
 /homeassistant/components/cisco_ios/ @fbradyirl
 /homeassistant/components/cisco_mobility_express/ @fbradyirl
 /homeassistant/components/cisco_webex_teams/ @fbradyirl
@@ -354,8 +345,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/cync/ @Kinachi249
 /homeassistant/components/daikin/ @fredrike
 /tests/components/daikin/ @fredrike
-/homeassistant/components/data_grand_lyon/ @Crocmagnon
-/tests/components/data_grand_lyon/ @Crocmagnon
 /homeassistant/components/date/ @home-assistant/core
 /tests/components/date/ @home-assistant/core
 /homeassistant/components/datetime/ @home-assistant/core
@@ -455,8 +444,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/ecovacs/ @mib1185 @edenhaus @Augar
 /homeassistant/components/ecowitt/ @pvizeli
 /tests/components/ecowitt/ @pvizeli
-/homeassistant/components/edifier_infrared/ @abmantis
-/tests/components/edifier_infrared/ @abmantis
 /homeassistant/components/efergy/ @tkdrob
 /tests/components/efergy/ @tkdrob
 /homeassistant/components/egardia/ @jeroenterheerdt
@@ -505,8 +492,6 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/enphase_envoy/ @bdraco @cgarwood @catsmanac
 /tests/components/enphase_envoy/ @bdraco @cgarwood @catsmanac
 /homeassistant/components/entur_public_transport/ @hfurubotten @SanderBlom
-/homeassistant/components/envertech_evt800/ @daniel-bergmann-00
-/tests/components/envertech_evt800/ @daniel-bergmann-00
 /homeassistant/components/environment_canada/ @gwww @michaeldavie
 /tests/components/environment_canada/ @gwww @michaeldavie
 /homeassistant/components/ephember/ @ttroy50 @roberty99
@@ -576,8 +561,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/flo/ @dmulcahey
 /homeassistant/components/flume/ @ChrisMandich @bdraco @jeeftor
 /tests/components/flume/ @ChrisMandich @bdraco @jeeftor
-/homeassistant/components/fluss/ @fluss @Marcello17
-/tests/components/fluss/ @fluss @Marcello17
+/homeassistant/components/fluss/ @fluss
+/tests/components/fluss/ @fluss
 /homeassistant/components/flux_led/ @icemanch
 /tests/components/flux_led/ @icemanch
 /homeassistant/components/forecast_solar/ @klaasnicolaas @frenck
@@ -629,8 +614,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/generic_hygrostat/ @Shulyaka
 /homeassistant/components/geniushub/ @manzanotti
 /tests/components/geniushub/ @manzanotti
-/homeassistant/components/gentex_homelink/ @Gentex-Corporation/Homelink @rjones-gentex
-/tests/components/gentex_homelink/ @Gentex-Corporation/Homelink @rjones-gentex
+/homeassistant/components/gentex_homelink/ @niaexa @ryanjones-gentex
+/tests/components/gentex_homelink/ @niaexa @ryanjones-gentex
 /homeassistant/components/geo_json_events/ @exxamalte
 /tests/components/geo_json_events/ @exxamalte
 /homeassistant/components/geo_location/ @home-assistant/core
@@ -703,8 +688,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/growatt_server/ @johanzander
 /homeassistant/components/guardian/ @bachya
 /tests/components/guardian/ @bachya
-/homeassistant/components/guntamatic/ @JensTimmerman
-/tests/components/guntamatic/ @JensTimmerman
 /homeassistant/components/habitica/ @tr4nt0r
 /tests/components/habitica/ @tr4nt0r
 /homeassistant/components/hanna/ @bestycame
@@ -724,8 +707,6 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/heatmiser/ @andylockran
 /homeassistant/components/hegel/ @boazca
 /tests/components/hegel/ @boazca
-/homeassistant/components/helty/ @ebaschiera
-/tests/components/helty/ @ebaschiera
 /homeassistant/components/heos/ @andrewsayre
 /tests/components/heos/ @andrewsayre
 /homeassistant/components/here_travel_time/ @eifinger
@@ -844,8 +825,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/imgw_pib/ @bieniu
 /homeassistant/components/immich/ @mib1185
 /tests/components/immich/ @mib1185
-/homeassistant/components/imou/ @Imou-OpenPlatform
-/tests/components/imou/ @Imou-OpenPlatform
 /homeassistant/components/improv_ble/ @emontnemery
 /tests/components/improv_ble/ @emontnemery
 /homeassistant/components/incomfort/ @jbouwh
@@ -872,8 +851,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/input_select/ @home-assistant/core
 /homeassistant/components/input_text/ @home-assistant/core
 /tests/components/input_text/ @home-assistant/core
-/homeassistant/components/insteon/ @teharris1 @ssyrell
-/tests/components/insteon/ @teharris1 @ssyrell
+/homeassistant/components/insteon/ @teharris1
+/tests/components/insteon/ @teharris1
 /homeassistant/components/integration/ @dgomes
 /tests/components/integration/ @dgomes
 /homeassistant/components/intelliclima/ @dvdinth
@@ -947,8 +926,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/kiosker/ @Claeysson
 /homeassistant/components/kitchen_sink/ @home-assistant/core
 /tests/components/kitchen_sink/ @home-assistant/core
-/homeassistant/components/klik_aan_klik_uit/ @Phunkafizer
-/tests/components/klik_aan_klik_uit/ @Phunkafizer
 /homeassistant/components/kmtronic/ @dgomes
 /tests/components/kmtronic/ @dgomes
 /homeassistant/components/knocki/ @joostlek @jgatto1 @JakeBosh
@@ -957,6 +934,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/knx/ @Julius2342 @farmio @marvin-w
 /homeassistant/components/kodi/ @OnFreund
 /tests/components/kodi/ @OnFreund
+/homeassistant/components/konnected/ @heythisisnate
+/tests/components/konnected/ @heythisisnate
 /homeassistant/components/kostal_plenticore/ @stegm
 /tests/components/kostal_plenticore/ @stegm
 /homeassistant/components/kraken/ @eifinger
@@ -993,14 +972,12 @@ CLAUDE.md @home-assistant/core
 /tests/components/lektrico/ @lektrico
 /homeassistant/components/letpot/ @jpelgrom
 /tests/components/letpot/ @jpelgrom
-/homeassistant/components/lg_infrared/ @abmantis
-/tests/components/lg_infrared/ @abmantis
+/homeassistant/components/lg_infrared/ @home-assistant/core
+/tests/components/lg_infrared/ @home-assistant/core
 /homeassistant/components/lg_netcast/ @Drafteed @splinter98
 /tests/components/lg_netcast/ @Drafteed @splinter98
 /homeassistant/components/lg_thinq/ @LG-ThinQ-Integration
 /tests/components/lg_thinq/ @LG-ThinQ-Integration
-/homeassistant/components/lg_tv_rs232/ @balloob
-/tests/components/lg_tv_rs232/ @balloob
 /homeassistant/components/libre_hardware_monitor/ @Sab44
 /tests/components/libre_hardware_monitor/ @Sab44
 /homeassistant/components/lichess/ @aryanhasgithub
@@ -1059,8 +1036,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/lyric/ @timmo001
 /homeassistant/components/madvr/ @iloveicedgreentea
 /tests/components/madvr/ @iloveicedgreentea
-/homeassistant/components/marantz_infrared/ @balloob
-/tests/components/marantz_infrared/ @balloob
 /homeassistant/components/mastodon/ @fabaff @andrew-codechimp
 /tests/components/mastodon/ @fabaff @andrew-codechimp
 /homeassistant/components/matrix/ @PaarthShah
@@ -1086,8 +1061,6 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/mediaroom/ @dgomes
 /homeassistant/components/melcloud/ @erwindouna
 /tests/components/melcloud/ @erwindouna
-/homeassistant/components/melcloud_home/ @erwindouna
-/tests/components/melcloud_home/ @erwindouna
 /homeassistant/components/melissa/ @kennedyshead
 /tests/components/melissa/ @kennedyshead
 /homeassistant/components/melnor/ @vanstinator
@@ -1119,8 +1092,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/minecraft_server/ @elmurato @zachdeibert
 /homeassistant/components/minio/ @tkislan
 /tests/components/minio/ @tkislan
-/homeassistant/components/mitsubishi_comfort/ @nikolairahimi
-/tests/components/mitsubishi_comfort/ @nikolairahimi
 /homeassistant/components/moat/ @bdraco
 /tests/components/moat/ @bdraco
 /homeassistant/components/mobile_app/ @home-assistant/core
@@ -1306,8 +1277,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/openhome/ @bazwilliams
 /homeassistant/components/openrgb/ @felipecrs
 /tests/components/openrgb/ @felipecrs
-/homeassistant/components/opensensemap/ @AlCalzone
-/tests/components/opensensemap/ @AlCalzone
 /homeassistant/components/opensky/ @joostlek
 /tests/components/opensky/ @joostlek
 /homeassistant/components/opentherm_gw/ @mvn23
@@ -1327,22 +1296,16 @@ CLAUDE.md @home-assistant/core
 /tests/components/osoenergy/ @osohotwateriot
 /homeassistant/components/otbr/ @home-assistant/core
 /tests/components/otbr/ @home-assistant/core
-/homeassistant/components/ouman_eh_800/ @Markus98
-/tests/components/ouman_eh_800/ @Markus98
 /homeassistant/components/ourgroceries/ @OnFreund
 /tests/components/ourgroceries/ @OnFreund
 /homeassistant/components/overkiz/ @imicknl
 /tests/components/overkiz/ @imicknl
 /homeassistant/components/overseerr/ @joostlek @AmGarera
 /tests/components/overseerr/ @joostlek @AmGarera
-/homeassistant/components/ovhcloud_ai_endpoints/ @Crocmagnon
-/tests/components/ovhcloud_ai_endpoints/ @Crocmagnon
 /homeassistant/components/ovo_energy/ @timmo001
 /tests/components/ovo_energy/ @timmo001
 /homeassistant/components/p1_monitor/ @klaasnicolaas
 /tests/components/p1_monitor/ @klaasnicolaas
-/homeassistant/components/paj_gps/ @skipperro
-/tests/components/paj_gps/ @skipperro
 /homeassistant/components/palazzetti/ @dotvav
 /tests/components/palazzetti/ @dotvav
 /homeassistant/components/panel_custom/ @home-assistant/frontend
@@ -1415,8 +1378,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/proxmoxve/ @Corbeno @erwindouna @CoMPaTech
 /homeassistant/components/ps4/ @ktnrg45
 /tests/components/ps4/ @ktnrg45
-/homeassistant/components/ptdevices/ @ParemTech-Inc @frogman85978
-/tests/components/ptdevices/ @ParemTech-Inc @frogman85978
 /homeassistant/components/pterodactyl/ @elmurato
 /tests/components/pterodactyl/ @elmurato
 /homeassistant/components/pure_energie/ @klaasnicolaas
@@ -1431,8 +1392,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/pushover/ @engrbm87
 /homeassistant/components/pvoutput/ @frenck
 /tests/components/pvoutput/ @frenck
-/homeassistant/components/pvpc_hourly_pricing/ @azogue @chiro79
-/tests/components/pvpc_hourly_pricing/ @azogue @chiro79
+/homeassistant/components/pvpc_hourly_pricing/ @azogue
+/tests/components/pvpc_hourly_pricing/ @azogue
 /homeassistant/components/pyload/ @tr4nt0r
 /tests/components/pyload/ @tr4nt0r
 /homeassistant/components/qbittorrent/ @geoffreylagaisse @finder39
@@ -1530,8 +1491,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/roku/ @ctalkington
 /homeassistant/components/romy/ @xeniter
 /tests/components/romy/ @xeniter
-/homeassistant/components/roomba/ @pschmitt @cyr-ius @shenxn
-/tests/components/roomba/ @pschmitt @cyr-ius @shenxn
+/homeassistant/components/roomba/ @pschmitt @cyr-ius @shenxn @Orhideous
+/tests/components/roomba/ @pschmitt @cyr-ius @shenxn @Orhideous
 /homeassistant/components/roon/ @pavoni
 /tests/components/roon/ @pavoni
 /homeassistant/components/route_b_smart_meter/ @SeraphicRav
@@ -1554,10 +1515,8 @@ CLAUDE.md @home-assistant/core
 /homeassistant/components/sabnzbd/ @shaiu @jpbede
 /tests/components/sabnzbd/ @shaiu @jpbede
 /homeassistant/components/saj/ @fredericvl
-/homeassistant/components/samsung_infrared/ @lmaertin
-/tests/components/samsung_infrared/ @lmaertin
-/homeassistant/components/samsungtv/ @chemelli74
-/tests/components/samsungtv/ @chemelli74
+/homeassistant/components/samsungtv/ @chemelli74 @epenet
+/tests/components/samsungtv/ @chemelli74 @epenet
 /homeassistant/components/sanix/ @tomaszsluszniak
 /tests/components/sanix/ @tomaszsluszniak
 /homeassistant/components/satel_integra/ @Tommatheussen
@@ -1950,8 +1909,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/victron_remote_monitoring/ @AndyTempel
 /homeassistant/components/vilfo/ @ManneW
 /tests/components/vilfo/ @ManneW
-/homeassistant/components/vistapool/ @fdebrus
-/tests/components/vistapool/ @fdebrus
 /homeassistant/components/vivotek/ @HarlemSquirrel
 /tests/components/vivotek/ @HarlemSquirrel
 /homeassistant/components/vizio/ @raman325
@@ -2056,8 +2013,6 @@ CLAUDE.md @home-assistant/core
 /tests/components/xiaomi_miio/ @rytilahti @syssi @starkillerOG
 /homeassistant/components/xiaomi_tv/ @simse
 /homeassistant/components/xmpp/ @fabaff @flowolf
-/homeassistant/components/xthings_cloud/ @XthingsJacobs
-/tests/components/xthings_cloud/ @XthingsJacobs
 /homeassistant/components/yale/ @bdraco
 /tests/components/yale/ @bdraco
 /homeassistant/components/yale_smart_alarm/ @gjohansson-ST
@@ -2068,16 +2023,14 @@ CLAUDE.md @home-assistant/core
 /tests/components/yamaha_musiccast/ @vigonotion @micha91
 /homeassistant/components/yandex_transport/ @rishatik92 @devbis
 /tests/components/yandex_transport/ @rishatik92 @devbis
-/homeassistant/components/yardian/ @aeon-matrix
-/tests/components/yardian/ @aeon-matrix
+/homeassistant/components/yardian/ @h3l1o5
+/tests/components/yardian/ @h3l1o5
 /homeassistant/components/yeelight/ @zewelor @shenxn @starkillerOG @alexyao2015
 /tests/components/yeelight/ @zewelor @shenxn @starkillerOG @alexyao2015
 /homeassistant/components/yeelightsunflower/ @lindsaymarkward
 /homeassistant/components/yi/ @bachya
 /homeassistant/components/yolink/ @matrixd2
 /tests/components/yolink/ @matrixd2
-/homeassistant/components/yoto/ @cdnninja @piitaya
-/tests/components/yoto/ @cdnninja @piitaya
 /homeassistant/components/youless/ @gjong
 /tests/components/youless/ @gjong
 /homeassistant/components/youtube/ @joostlek
@@ -2090,8 +2043,8 @@ CLAUDE.md @home-assistant/core
 /tests/components/zeroconf/ @bdraco
 /homeassistant/components/zerproc/ @emlove
 /tests/components/zerproc/ @emlove
-/homeassistant/components/zeversolar/ @kvanzuijlen @mhuiskes
-/tests/components/zeversolar/ @kvanzuijlen @mhuiskes
+/homeassistant/components/zeversolar/ @kvanzuijlen
+/tests/components/zeversolar/ @kvanzuijlen
 /homeassistant/components/zha/ @dmulcahey @adminiuga @puddly @TheJulianJES
 /tests/components/zha/ @dmulcahey @adminiuga @puddly @TheJulianJES
 /homeassistant/components/zimi/ @markhannon
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile@sha256:2780b5c3bab67f1f76c781860de469442999ed1a0d7992a5efdf2cffc0e3d769
-# Partly generated by hassfest.
+# Automatically generated by hassfest.
 #
 # To update, run python3 -m script.hassfest -p docker
 ARG BUILD_FROM
@@ -26,7 +26,7 @@ WORKDIR /usr/src
 COPY rootfs /

 # Add go2rtc binary
-COPY --from=ghcr.io/alexxit/go2rtc:1.9.14@sha256:675c318b23c06fd862a61d262240c9a63436b4050d177ffc68a32710d9e05bae /usr/local/bin/go2rtc /bin/go2rtc
+COPY --from=ghcr.io/alexxit/go2rtc@sha256:675c318b23c06fd862a61d262240c9a63436b4050d177ffc68a32710d9e05bae /usr/local/bin/go2rtc /bin/go2rtc

 ## Setup Home Assistant Core dependencies
 COPY --parents requirements.txt homeassistant/package_constraints.txt homeassistant/
@@ -1,5 +1,7 @@
 """Start Home Assistant."""

+from __future__ import annotations
+
 import argparse
 from contextlib import suppress
 import faulthandler
@@ -1,5 +1,7 @@
 """Provide an authentication layer for Home Assistant."""

+from __future__ import annotations
+
 import asyncio
 from collections import OrderedDict
 from collections.abc import Mapping
@@ -73,12 +75,10 @@ async def auth_manager_from_config(
        provider_hash[key] = provider

        if isinstance(provider, HassAuthProvider):
-            # Can be removed in 2026.7 with the legacy mode of
-            # homeassistant auth provider.
-            # We need to initialize the provider to create the repair
-            # if needed as otherwise the provider will be initialized
-            # on first use, which could be rare as users don't
-            # frequently change auth settings
+            # Can be removed in 2026.7 with the legacy mode of homeassistant auth provider
+            # We need to initialize the provider to create the repair if needed as otherwise
+            # the provider will be initialized on first use, which could be rare as users
+            # don't frequently change auth settings
            await provider.async_initialize()

    if module_configs:
@@ -134,7 +134,7 @@ class AuthManagerFlowManager(
        """
        flow = cast(LoginFlow, flow)

-        if result["type"] is not FlowResultType.CREATE_ENTRY:
+        if result["type"] != FlowResultType.CREATE_ENTRY:
            return result

        # we got final result
@@ -1,5 +1,7 @@
 """Storage for auth models."""

+from __future__ import annotations
+
 from datetime import timedelta
 import hmac
 import itertools
@@ -5,6 +5,8 @@ we can cache the result of the decode of valid tokens
 to speed up the process.
 """

+from __future__ import annotations
+
 from collections.abc import Container, Iterable, Sequence
 from datetime import timedelta
 from functools import lru_cache
@@ -1,5 +1,7 @@
 """Pluggable auth modules for Home Assistant."""

+from __future__ import annotations
+
 import logging
 import types
 from typing import Any
@@ -1,5 +1,7 @@
 """Example auth module."""

+from __future__ import annotations
+
 from typing import Any

 import voluptuous as vol
@@ -3,6 +3,8 @@
 Sending HOTP through notify service
 """

+from __future__ import annotations
+
 import asyncio
 import logging
 from typing import Any, cast
@@ -1,5 +1,7 @@
 """Time-based One Time Password auth module."""

+from __future__ import annotations
+
 import asyncio
 from io import BytesIO
 from typing import Any, cast
@@ -1,5 +1,7 @@
 """Auth models."""

+from __future__ import annotations
+
 from datetime import datetime, timedelta
 from ipaddress import IPv4Address, IPv6Address
 import secrets
@@ -1,5 +1,7 @@
 """Permissions for Home Assistant."""

+from __future__ import annotations
+
 from collections.abc import Callable, Iterable
 from typing import TYPE_CHECKING

@@ -1,5 +1,7 @@
 """Entity permissions."""

+from __future__ import annotations
+
 from collections import OrderedDict
 from collections.abc import Callable

@@ -1,5 +1,7 @@
 """Permission for events."""

+from __future__ import annotations
+
 from typing import Any, Final

 from homeassistant.const import (
@@ -1,5 +1,7 @@
 """Merging of policies."""

+from __future__ import annotations
+
 from typing import cast

 from .types import CategoryType, PolicyType
@@ -1,5 +1,7 @@
 """Models for permissions."""

+from __future__ import annotations
+
 from typing import TYPE_CHECKING

 import attr
@@ -1,5 +1,7 @@
 """Helpers to deal with permissions."""

+from __future__ import annotations
+
 from collections.abc import Callable
 from functools import wraps
 from typing import cast
@@ -1,5 +1,7 @@
 """Auth providers for Home Assistant."""

+from __future__ import annotations
+
 from collections.abc import Mapping
 import logging
 import types
@@ -1,5 +1,7 @@
 """Auth provider that validates credentials via an external command."""

+from __future__ import annotations
+
 import asyncio
 from collections.abc import Mapping
 import logging
@@ -1,5 +1,7 @@
 """Home Assistant auth provider."""

+from __future__ import annotations
+
 import asyncio
 import base64
 from collections.abc import Mapping
@@ -120,10 +122,9 @@ class Data:
            if self.normalize_username(username, force_normalize=True) != username:
                logging.getLogger(__name__).warning(
                    (
-                        "Home Assistant auth provider is running in"
-                        " legacy mode because we detected usernames"
-                        " that are normalized (lowercase and without"
-                        " spaces). Please change the username: '%s'."
+                        "Home Assistant auth provider is running in legacy mode "
+                        "because we detected usernames that are normalized (lowercase and without spaces)."
+                        " Please change the username: '%s'."
                    ),
                    username,
                )
@@ -140,9 +141,7 @@ class Data:
                severity=ir.IssueSeverity.WARNING,
                translation_key="homeassistant_provider_not_normalized_usernames",
                translation_placeholders={
-                    "usernames": (
-                        f'- "{'"\n- "'.join(sorted(not_normalized_usernames))}"'
-                    )
+                    "usernames": f'- "{'"\n- "'.join(sorted(not_normalized_usernames))}"'
                },
                learn_more_url="homeassistant://config/users",
            )
@@ -1,5 +1,7 @@
 """Example auth provider."""

+from __future__ import annotations
+
 from collections.abc import Mapping
 import hmac

@@ -4,6 +4,8 @@ It shows list of users if access from trusted network.
 Abort login flow if not access from trusted network.
 """

+from __future__ import annotations
+
 from collections.abc import Mapping
 from ipaddress import (
    IPv4Address,
@@ -1,5 +1,7 @@
 """Home Assistant module to handle restoring backups."""

+from __future__ import annotations
+
 from collections.abc import Iterable
 from dataclasses import dataclass
 import json
@@ -60,10 +62,7 @@ def restore_backup_file_content(config_dir: Path) -> RestoreBackupFileContent |


 def _clear_configuration_directory(config_dir: Path, keep: Iterable[str]) -> None:
-    """Delete all files and directories in the config dir.
-
-    Entries in the keep list are preserved.
-    """
+    """Delete all files and directories in the config directory except entries in the keep list."""
    keep_paths = [config_dir.joinpath(path) for path in keep]
    entries_to_remove = sorted(
        entry for entry in config_dir.iterdir() if entry not in keep_paths
@@ -92,7 +91,8 @@ def _extract_backup(
    ):
        ostf.tar.extractall(
            path=Path(tempdir, "extracted"),
-            filter="tar",
+            members=securetar.secure_path(ostf.tar),
+            filter="fully_trusted",
        )
        backup_meta_file = Path(tempdir, "extracted", "backup.json")
        backup_meta = json.loads(backup_meta_file.read_text(encoding="utf8"))
@@ -103,8 +103,7 @@ def _extract_backup(
            )
        ) > HA_VERSION:
            raise ValueError(
-                f"You need at least Home Assistant version"
-                f" {backup_meta_version} to restore this backup"
+                f"You need at least Home Assistant version {backup_meta_version} to restore this backup"
            )

        with securetar.SecureTarFile(
@@ -118,7 +117,8 @@ def _extract_backup(
        ) as istf:
            istf.extractall(
                path=Path(tempdir, "homeassistant"),
-                filter="tar",
+                members=securetar.secure_path(istf),
+                filter="fully_trusted",
            )
            if restore_content.restore_homeassistant:
                keep = list(KEEP_BACKUPS)
@@ -1,5 +1,7 @@
 """Provide methods to bootstrap a Home Assistant instance."""

+from __future__ import annotations
+
 import asyncio
 from collections import defaultdict
 import contextlib
@@ -17,8 +19,7 @@ from time import monotonic
 from typing import TYPE_CHECKING, Any

 # Import cryptography early since import openssl is not thread-safe
-# _frozen_importlib._DeadlockError: deadlock detected by
-# _ModuleLock('cryptography.hazmat.backends.openssl.backend')
+# _frozen_importlib._DeadlockError: deadlock detected by _ModuleLock('cryptography.hazmat.backends.openssl.backend')
 import cryptography.hazmat.backends.openssl.backend  # noqa: F401
 import voluptuous as vol
 import yarl
@@ -166,14 +167,10 @@ FRONTEND_INTEGRATIONS = {
    # visible in frontend
    "frontend",
 }
-# Stage 0 is divided into substages. Each substage has a name,
-# a set of integrations and a timeout.
-# The substage containing recorder should have no timeout, as it
-# could cancel a database migration.
-# Recorder freezes "recorder" timeout during a migration, but it
-# does not freeze other timeouts.
-# If we add timeouts to the frontend substages, we should make sure
-# they don't apply in recovery mode.
+# Stage 0 is divided into substages. Each substage has a name, a set of integrations and a timeout.
+# The substage containing recorder should have no timeout, as it could cancel a database migration.
+# Recorder freezes "recorder" timeout during a migration, but it does not freeze other timeouts.
+# If we add timeouts to the frontend substages, we should make sure they don't apply in recovery mode.
 STAGE_0_INTEGRATIONS = (
    # Load logging and http deps as soon as possible
    ("logging, http deps", LOGGING_AND_HTTP_DEPS_INTEGRATIONS, None),
@@ -6,7 +6,6 @@
    "lg_netcast",
    "lg_soundbar",
    "lg_thinq",
-    "lg_tv_rs232",
    "webostv"
  ]
 }
@@ -1,5 +0,0 @@
-{
-  "domain": "marantz",
-  "name": "Marantz",
-  "integrations": ["marantz", "marantz_infrared"]
-}
@@ -1,5 +0,0 @@
-{
-  "domain": "mitsubishi",
-  "name": "Mitsubishi",
-  "integrations": ["melcloud", "mitsubishi_comfort"]
-}
@@ -1,5 +1,5 @@
 {
  "domain": "samsung",
  "name": "Samsung",
-  "integrations": ["familyhub", "samsung_infrared", "samsungtv", "syncthru"]
+  "integrations": ["familyhub", "samsungtv", "syncthru"]
 }
@@ -1,5 +0,0 @@
-{
-  "domain": "sensereo",
-  "name": "Sensereo",
-  "iot_standards": ["matter"]
-}
@@ -1,5 +0,0 @@
-{
-  "domain": "zunzunbee",
-  "name": "Zunzunbee",
-  "iot_standards": ["zigbee"]
-}
@@ -1,5 +1,7 @@
 """Support for the Abode Security System."""

+from __future__ import annotations
+
 from dataclasses import dataclass, field
 from functools import partial
 from pathlib import Path
@@ -1,5 +1,7 @@
 """Support for Abode Security System alarm control panels."""

+from __future__ import annotations
+
 from jaraco.abode.devices.alarm import Alarm

 from homeassistant.components.alarm_control_panel import (
@@ -1,5 +1,7 @@
 """Support for Abode Security System binary sensors."""

+from __future__ import annotations
+
 from typing import cast

 from jaraco.abode.devices.binary_sensor import BinarySensor
@@ -1,5 +1,7 @@
 """Support for Abode Security System cameras."""

+from __future__ import annotations
+
 from datetime import timedelta
 from typing import Any, cast

@@ -1,5 +1,7 @@
 """Config flow for the Abode Security System component."""

+from __future__ import annotations
+
 from collections.abc import Mapping
 from http import HTTPStatus
 from typing import Any, cast
@@ -1,5 +1,7 @@
 """Constants for the Abode Security System component."""

+from __future__ import annotations
+
 import logging

 LOGGER = logging.getLogger(__package__)
@@ -1,5 +1,7 @@
 """Support for Abode Security System lights."""

+from __future__ import annotations
+
 from math import ceil
 from typing import Any

@@ -1,5 +1,7 @@
 """Support for Abode Security System sensors."""

+from __future__ import annotations
+
 from collections.abc import Callable
 from dataclasses import dataclass
 from typing import cast
@@ -1,5 +1,7 @@
 """Support for the Abode Security System."""

+from __future__ import annotations
+
 from typing import TYPE_CHECKING

 from jaraco.abode.exceptions import Exception as AbodeException
@@ -44,7 +46,6 @@ def _change_setting(call: ServiceCall) -> None:

    try:
        _get_abode_system(call.hass).abode.set_setting(setting, value)
-    # pylint: disable-next=home-assistant-action-swallowed-exception
    except AbodeException as ex:
        LOGGER.warning(ex)

@@ -1,5 +1,7 @@
 """Support for Abode Security System switches."""

+from __future__ import annotations
+
 from typing import Any, cast

 from jaraco.abode.devices.switch import Switch
@@ -1,5 +1,7 @@
 """Coordinator for Acaia integration."""

+from __future__ import annotations
+
 from datetime import timedelta
 import logging

@@ -1,5 +1,7 @@
 """Diagnostics support for Acaia."""

+from __future__ import annotations
+
 from dataclasses import asdict
 from typing import Any

@@ -1,5 +1,7 @@
 """The AccuWeather component."""

+from __future__ import annotations
+
 import asyncio
 import logging

@@ -1,5 +1,7 @@
 """Adds config flow for AccuWeather."""

+from __future__ import annotations
+
 from asyncio import timeout
 from collections.abc import Mapping
 from typing import TYPE_CHECKING, Any
@@ -1,5 +1,7 @@
 """Constants for AccuWeather integration."""

+from __future__ import annotations
+
 from datetime import timedelta
 from typing import Final

@@ -1,5 +1,7 @@
 """The AccuWeather coordinator."""

+from __future__ import annotations
+
 from asyncio import timeout
 from collections.abc import Awaitable, Callable
 from dataclasses import dataclass
@@ -1,5 +1,7 @@
 """Diagnostics support for AccuWeather."""

+from __future__ import annotations
+
 from typing import Any

 from homeassistant.components.diagnostics import async_redact_data
@@ -1,5 +1,7 @@
 """Support for the AccuWeather service."""

+from __future__ import annotations
+
 from collections.abc import Callable
 from dataclasses import dataclass
 from typing import Any, cast
@@ -11,6 +13,7 @@ from homeassistant.components.sensor import (
    SensorStateClass,
 )
 from homeassistant.const import (
+    CONCENTRATION_PARTS_PER_CUBIC_METER,
    PERCENTAGE,
    UV_INDEX,
    UnitOfIrradiance,
@@ -46,8 +49,6 @@ from .coordinator import (

 PARALLEL_UPDATES = 1

-PARTS_PER_CUBIC_METER = "p/m³"
-

@dataclass(frozen=True, kw_only=True)
 class AccuWeatherSensorDescription(SensorEntityDescription):
@@ -82,7 +83,7 @@ FORECAST_SENSOR_TYPES: tuple[AccuWeatherSensorDescription, ...] = (
    AccuWeatherSensorDescription(
        key="Grass",
        entity_registry_enabled_default=False,
-        native_unit_of_measurement=PARTS_PER_CUBIC_METER,
+        native_unit_of_measurement=CONCENTRATION_PARTS_PER_CUBIC_METER,
        value_fn=lambda data: cast(int, data[ATTR_VALUE]),
        attr_fn=lambda data: {
            ATTR_LEVEL: POLLEN_CATEGORY_MAP[data[ATTR_CATEGORY_VALUE]]
@@ -108,7 +109,7 @@ FORECAST_SENSOR_TYPES: tuple[AccuWeatherSensorDescription, ...] = (
    AccuWeatherSensorDescription(
        key="Mold",
        entity_registry_enabled_default=False,
-        native_unit_of_measurement=PARTS_PER_CUBIC_METER,
+        native_unit_of_measurement=CONCENTRATION_PARTS_PER_CUBIC_METER,
        value_fn=lambda data: cast(int, data[ATTR_VALUE]),
        attr_fn=lambda data: {
            ATTR_LEVEL: POLLEN_CATEGORY_MAP[data[ATTR_CATEGORY_VALUE]]
@@ -117,7 +118,7 @@ FORECAST_SENSOR_TYPES: tuple[AccuWeatherSensorDescription, ...] = (
    ),
    AccuWeatherSensorDescription(
        key="Ragweed",
-        native_unit_of_measurement=PARTS_PER_CUBIC_METER,
+        native_unit_of_measurement=CONCENTRATION_PARTS_PER_CUBIC_METER,
        entity_registry_enabled_default=False,
        value_fn=lambda data: cast(int, data[ATTR_VALUE]),
        attr_fn=lambda data: {
@@ -185,7 +186,7 @@ FORECAST_SENSOR_TYPES: tuple[AccuWeatherSensorDescription, ...] = (
    ),
    AccuWeatherSensorDescription(
        key="Tree",
-        native_unit_of_measurement=PARTS_PER_CUBIC_METER,
+        native_unit_of_measurement=CONCENTRATION_PARTS_PER_CUBIC_METER,
        entity_registry_enabled_default=False,
        value_fn=lambda data: cast(int, data[ATTR_VALUE]),
        attr_fn=lambda data: {
@@ -1,5 +1,7 @@
 """Provide info to system health."""

+from __future__ import annotations
+
 from typing import Any

 from accuweather.const import ENDPOINT
@@ -1,5 +1,7 @@
 """Support for the AccuWeather service."""

+from __future__ import annotations
+
 from typing import cast

 from homeassistant.components.weather import (
@@ -1,5 +1,7 @@
 """Use serial protocol of Acer projector to obtain state of the projector."""

+from __future__ import annotations
+
 from typing import Final

 from homeassistant.const import STATE_OFF, STATE_ON
@@ -5,5 +5,5 @@
  "documentation": "https://www.home-assistant.io/integrations/acer_projector",
  "iot_class": "local_polling",
  "quality_scale": "legacy",
-  "requirements": ["serialx==1.8.0"]
+  "requirements": ["serialx==1.4.1"]
 }
@@ -1,5 +1,7 @@
 """Use serial protocol of Acer projector to obtain state of the projector."""

+from __future__ import annotations
+
 import logging
 import re
 from typing import Any
@@ -1,5 +1,7 @@
 """Config flow for Rollease Acmeda Automate Pulse Hub."""

+from __future__ import annotations
+
 from asyncio import timeout
 from contextlib import suppress
 from typing import Any
@@ -1,5 +1,7 @@
 """Support for Acmeda Roller Blinds."""

+from __future__ import annotations
+
 from typing import Any

 from homeassistant.components.cover import (
@@ -1,5 +1,7 @@
 """Base class for Acmeda Roller Blinds."""

+from __future__ import annotations
+
 import aiopulse

 from homeassistant.core import callback
@@ -1,5 +1,7 @@
 """Helper functions for Acmeda Pulse."""

+from __future__ import annotations
+
 from typing import TYPE_CHECKING

 from aiopulse import Roller
@@ -1,5 +1,7 @@
 """Code to handle a Pulse Hub."""

+from __future__ import annotations
+
 import asyncio
 from collections.abc import Callable

@@ -1,5 +1,7 @@
 """Support for Acmeda Roller Blind Batteries."""

+from __future__ import annotations
+
 from homeassistant.components.sensor import SensorDeviceClass, SensorEntity
 from homeassistant.const import PERCENTAGE
 from homeassistant.core import HomeAssistant, callback
@@ -1,5 +1,7 @@
 """Support for Actiontec MI424WR (Verizon FIOS) routers."""

+from __future__ import annotations
+
 import re
 from typing import Final

@@ -1,5 +1,7 @@
 """Support for Actiontec MI424WR (Verizon FIOS) routers."""

+from __future__ import annotations
+
 import logging
 from typing import Final

@@ -147,7 +147,7 @@ class ActronSystemClimate(ActronAirAcEntity, ActronAirClimateEntity):
    @property
    def target_temperature(self) -> float:
        """Return the target temperature."""
-        return self._status.user_aircon_settings.current_setpoint
+        return self._status.user_aircon_settings.temperature_setpoint_cool_c

    @actron_air_command
    async def async_set_fan_mode(self, fan_mode: str) -> None:
@@ -239,7 +239,7 @@ class ActronZoneClimate(ActronAirZoneEntity, ActronAirClimateEntity):
    @property
    def target_temperature(self) -> float | None:
        """Return the target temperature."""
-        return self._zone.current_setpoint
+        return self._zone.temperature_setpoint_cool_c

    @actron_air_command
    async def async_set_hvac_mode(self, hvac_mode: HVACMode) -> None:
@@ -6,12 +6,7 @@ from typing import Any

 from actron_neo_api import ActronAirAPI, ActronAirAuthError

-from homeassistant.config_entries import (
-    SOURCE_REAUTH,
-    SOURCE_RECONFIGURE,
-    ConfigFlow,
-    ConfigFlowResult,
-)
+from homeassistant.config_entries import SOURCE_REAUTH, ConfigFlow, ConfigFlowResult
 from homeassistant.const import CONF_API_TOKEN
 from homeassistant.exceptions import HomeAssistantError

@@ -110,14 +105,6 @@ class ActronAirConfigFlow(ConfigFlow, domain=DOMAIN):
                data_updates={CONF_API_TOKEN: self._api.refresh_token_value},
            )

-        # Check if this is a reconfigure flow
-        if self.source == SOURCE_RECONFIGURE:
-            self._abort_if_unique_id_mismatch(reason="wrong_account")
-            return self.async_update_reload_and_abort(
-                self._get_reconfigure_entry(),
-                data_updates={CONF_API_TOKEN: self._api.refresh_token_value},
-            )
-
        self._abort_if_unique_id_configured()
        return self.async_create_entry(
            title=user_data.email,
@@ -151,20 +138,6 @@ class ActronAirConfigFlow(ConfigFlow, domain=DOMAIN):

        return self.async_show_form(step_id="reauth_confirm")

-    async def async_step_reconfigure(
-        self, user_input: dict[str, Any] | None = None
-    ) -> ConfigFlowResult:
-        """Handle reconfiguration request."""
-        return await self.async_step_reconfigure_confirm()
-
-    async def async_step_reconfigure_confirm(
-        self, user_input: dict[str, Any] | None = None
-    ) -> ConfigFlowResult:
-        """Confirm reconfiguration dialog."""
-        if user_input is not None:
-            return await self.async_step_user()
-        return self.async_show_form(step_id="reconfigure_confirm")
-
    async def async_step_connection_error(
        self, user_input: dict[str, Any] | None = None
    ) -> ConfigFlowResult:
@@ -1,5 +1,7 @@
 """Coordinator for Actron Air integration."""

+from __future__ import annotations
+
 from dataclasses import dataclass
 from datetime import timedelta

@@ -1,5 +1,7 @@
 """Diagnostics support for Actron Air."""

+from __future__ import annotations
+
 from typing import Any

 from homeassistant.components.diagnostics import async_redact_data
@@ -13,5 +13,5 @@
  "integration_type": "hub",
  "iot_class": "cloud_polling",
  "quality_scale": "silver",
-  "requirements": ["actron-neo-api==0.5.12"]
+  "requirements": ["actron-neo-api==0.5.6"]
 }
@@ -60,7 +60,7 @@ rules:
  entity-translations: done
  exception-translations: done
  icon-translations: done
-  reconfiguration-flow: done
+  reconfiguration-flow: todo
  repair-issues:
    status: exempt
    comment: This integration does not have any known issues that require repair.
@@ -4,8 +4,7 @@
      "already_configured": "[%key:common::config_flow::abort::already_configured_account%]",
      "oauth2_error": "Failed to start authentication flow",
      "reauth_successful": "[%key:common::config_flow::abort::reauth_successful%]",
-      "reconfigure_successful": "[%key:common::config_flow::abort::reconfigure_successful%]",
-      "wrong_account": "You must authenticate with the same Actron Air account that was originally configured."
+      "wrong_account": "You must reauthenticate with the same Actron Air account that was originally configured."
    },
    "error": {
      "oauth2_error": "Failed to start authentication flow. Please try again later."
@@ -23,10 +22,6 @@
        "description": "Your Actron Air authentication has expired. Select continue to reauthenticate with your Actron Air account. You will be prompted to log in again to restore the connection.",
        "title": "Authentication expired"
      },
-      "reconfigure_confirm": {
-        "description": "Reconfigure your Actron Air account. You will be prompted to log in again. Note: you must use the same account that was originally configured.",
-        "title": "Reconfigure Actron Air"
-      },
      "timeout": {
        "data": {},
        "description": "The authentication process timed out. Please try again.",
@@ -1,5 +1,7 @@
 """The Adax integration."""

+from __future__ import annotations
+
 from homeassistant.const import Platform
 from homeassistant.core import HomeAssistant

@@ -1,5 +1,7 @@
 """Support for Adax wifi-enabled home heaters."""

+from __future__ import annotations
+
 from typing import Any, cast

 from adax import Adax
@@ -1,5 +1,7 @@
 """Config flow for Adax integration."""

+from __future__ import annotations
+
 import logging
 from typing import Any

@@ -1,5 +1,7 @@
 """Support for Adax energy sensors."""

+from __future__ import annotations
+
 from dataclasses import dataclass
 from typing import cast

--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .14.5
 .14.2