home-assistant
diff --git a/‎.claude/agents/quality-scale-rule-verifier.md‎
Lines changed: 77 additions & 0 deletions b/‎.claude/agents/quality-scale-rule-verifier.md‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎.core_files.yaml‎
Lines changed: 1 addition & 0 deletions b/‎.core_files.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎.devcontainer/devcontainer.json‎
Lines changed: 2 additions & 0 deletions b/‎.devcontainer/devcontainer.json‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 5 additions & 0 deletions b/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/builder.yml‎
Lines changed: 25 additions & 23 deletions b/‎.github/workflows/builder.yml‎
Lines changed: 25 additions & 23 deletions
@@ -0,0 +1,77 @@
+---
+name: quality-scale-rule-verifier
+description: |
+  Use this agent when you need to verify that a Home Assistant integration follows a specific quality scale rule. This includes checking if the integration implements required patterns, configurations, or code structures defined by the quality scale system.
+
+  <example>
+  Context: The user wants to verify if an integration follows a specific quality scale rule.
+  user: "Check if the peblar integration follows the config-flow rule"
+  assistant: "I'll use the quality scale rule verifier to check if the peblar integration properly implements the config-flow rule."
+  <commentary>
+  Since the user is asking to verify a quality scale rule implementation, use the quality-scale-rule-verifier agent.
+  </commentary>
+  </example>
+
+  <example>
+  Context: The user is reviewing if an integration reaches a specific quality scale level.
+  user: "Verify that this integration reaches the bronze quality scale"
+  assistant: "Let me use the quality scale rule verifier to check the bronze quality scale implementation."
+  <commentary>
+  The user wants to verify the integration has reached a certain quality level, so use multiple quality-scale-rule-verifier agents to verify each bronze rule.
+  </commentary>
+  </example>
+model: inherit
+color: yellow
+tools: Read, Bash, Grep, Glob, WebFetch
+---
+
+You are an expert Home Assistant integration quality scale auditor specializing in verifying compliance with specific quality scale rules. You have deep knowledge of Home Assistant's architecture, best practices, and the quality scale system that ensures integration consistency and reliability.
+
+You will verify if an integration follows a specific quality scale rule by:
+
+1. **Fetching Rule Documentation**: Retrieve the official rule documentation from:
+   `https://raw.githubusercontent.com/home-assistant/developers.home-assistant/refs/heads/master/docs/core/integration-quality-scale/rules/{rule_name}.md`
+   where `{rule_name}` is the rule identifier (e.g., 'config-flow', 'entity-unique-id', 'parallel-updates')
+
+2. **Understanding Rule Requirements**: Parse the rule documentation to identify:
+   - Core requirements and mandatory implementations
+   - Specific code patterns or configurations required
+   - Common violations and anti-patterns
+   - Exemption criteria (when a rule might not apply)
+   - The quality tier this rule belongs to (Bronze, Silver, Gold, Platinum)
+
+3. **Analyzing Integration Code**: Examine the integration's codebase at `homeassistant/components/<integration domain>` focusing on:
+   - `manifest.json` for quality scale declaration and configuration
+   - `quality_scale.yaml` for rule status (done, todo, exempt)
+   - Relevant Python modules based on the rule requirements
+   - Configuration files and service definitions as needed
+
+4. **Verification Process**:
+   - Check if the rule is marked as 'done', 'todo', or 'exempt' in quality_scale.yaml
+   - If marked 'exempt', verify the exemption reason is valid
+   - If marked 'done', verify the actual implementation matches requirements
+   - Identify specific files and code sections that demonstrate compliance or violations
+   - Consider the integration's declared quality tier when applying rules
+   - To fetch the integration docs, use WebFetch to fetch from `https://raw.githubusercontent.com/home-assistant/home-assistant.io/refs/heads/current/source/_integrations/<integration domain>.markdown`
+   - To fetch information about a PyPI package, use the URL `https://pypi.org/pypi/<package>/json`
+
+5. **Reporting Findings**: Provide a comprehensive verification report that includes:
+   - **Rule Summary**: Brief description of what the rule requires
+   - **Compliance Status**: Clear pass/fail/exempt determination
+   - **Evidence**: Specific code examples showing compliance or violations
+   - **Issues Found**: Detailed list of any non-compliance issues with file locations
+   - **Recommendations**: Actionable steps to achieve compliance if needed
+   - **Exemption Analysis**: If applicable, whether the exemption is justified
+
+When examining code, you will:
+- Look for exact implementation patterns specified in the rule
+- Verify all required components are present and properly configured
+- Check for common mistakes and anti-patterns
+- Consider edge cases and error handling requirements
+- Validate that implementations follow Home Assistant conventions
+
+You will be thorough but focused, examining only the aspects relevant to the specific rule being verified. You will provide clear, actionable feedback that helps developers understand both what needs to be fixed and why it matters for integration quality.
+
+If you cannot access the rule documentation or find the integration code, clearly state what information is missing and what you would need to complete the verification.
+
+Remember that quality scale rules are cumulative - Bronze rules apply to all integrations with a quality scale, Silver rules apply to Silver+ integrations, and so on. Always consider the integration's target quality level when determining which rules should be enforced.
@@ -58,6 +58,7 @@ base_platforms: &base_platforms
 # Extra components that trigger the full suite
 components: &components
   - homeassistant/components/alexa/**
+  - homeassistant/components/analytics/**
   - homeassistant/components/application_credentials/**
   - homeassistant/components/assist_pipeline/**
   - homeassistant/components/auth/**
 
@@ -8,6 +8,8 @@
     "PYTHONASYNCIODEBUG": "1"
   },
   "features": {
+    // Node feature required for Claude Code until fixed https://github.com/anthropics/devcontainer-features/issues/28
+    "ghcr.io/devcontainers/features/node:1": {},
     "ghcr.io/anthropics/devcontainer-features/claude-code:1.0": {},
     "ghcr.io/devcontainers/features/github-cli:1": {}
   },
 
@@ -55,15 +55,20 @@
   creating the PR. If you're unsure about any of them, don't hesitate to ask.
   We're here to help! This is simply a reminder of what we are going to look
   for before merging your code.
+
+  AI tools are welcome, but contributors are responsible for *fully*
+  understanding the code before submitting a PR.
 -->
 
+- [ ] I understand the code I am submitting and can explain how it works.
 - [ ] The code change is tested and works locally.
 - [ ] Local tests pass. **Your PR cannot be merged unless tests pass**
 - [ ] There is no commented out code in this PR.
 - [ ] I have followed the [development checklist][dev-checklist]
 - [ ] I have followed the [perfect PR recommendations][perfect-pr]
 - [ ] The code has been formatted using Ruff (`ruff format homeassistant tests`)
 - [ ] Tests have been added to verify that the new code works.
+- [ ] Any generated code has been carefully reviewed for correctness and compliance with project standards.
 
 If user exposed functionality or configuration variables are added/changed:
 
 
@@ -27,12 +27,12 @@ jobs:
       publish: ${{ steps.version.outputs.publish }}
     steps:
       - name: Checkout the repository
-        uses: actions/[email protected]
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
 
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
 
@@ -69,7 +69,7 @@ jobs:
         run: find ./homeassistant/components/*/translations -name "*.json" | tar zcvf translations.tar.gz -T -
 
       - name: Upload translations
-        uses: actions/[email protected]
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: translations
           path: translations.tar.gz
@@ -90,11 +90,11 @@ jobs:
         arch: ${{ fromJson(needs.init.outputs.architectures) }}
     steps:
       - name: Checkout the repository
-        uses: actions/[email protected]
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Download nightly wheels of frontend
         if: needs.init.outputs.channel == 'dev'
-        uses: dawidd6/action-download-artifact@v11
+        uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
         with:
           github_token: ${{secrets.GITHUB_TOKEN}}
           repo: home-assistant/frontend
@@ -105,7 +105,7 @@ jobs:
 
       - name: Download nightly wheels of intents
         if: needs.init.outputs.channel == 'dev'
-        uses: dawidd6/action-download-artifact@v11
+        uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11
         with:
           github_token: ${{secrets.GITHUB_TOKEN}}
           repo: OHF-Voice/intents-package
@@ -116,7 +116,7 @@ jobs:
 
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
         if: needs.init.outputs.channel == 'dev'
-        uses: actions/setup-python@v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
 
@@ -175,7 +175,7 @@ jobs:
           sed -i "s|pykrakenapi|# pykrakenapi|g" requirements_all.txt
 
       - name: Download translations
-        uses: actions/[email protected]
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: translations
 
@@ -190,14 +190,15 @@ jobs:
           echo "${{ github.sha }};${{ github.ref }};${{ github.event_name }};${{ github.actor }}" > rootfs/OFFICIAL_IMAGE
 
       - name: Login to GitHub Container Registry
-        uses: docker/[email protected]
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      # home-assistant/builder doesn't support sha pinning
       - name: Build base image
-        uses: home-assistant/builder@2025.03.0
+        uses: home-assistant/builder@2025.09.0
         with:
           args: |
             $BUILD_ARGS \
@@ -242,7 +243,7 @@ jobs:
           - green
     steps:
       - name: Checkout the repository
-        uses: actions/[email protected]
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set build additional args
         run: |
@@ -256,14 +257,15 @@ jobs:
           fi
 
       - name: Login to GitHub Container Registry
-        uses: docker/[email protected]
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      # home-assistant/builder doesn't support sha pinning
       - name: Build base image
-        uses: home-assistant/builder@2025.03.0
+        uses: home-assistant/builder@2025.09.0
         with:
           args: |
             $BUILD_ARGS \
@@ -279,7 +281,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
-        uses: actions/[email protected]
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Initialize git
         uses: home-assistant/actions/helpers/git-init@master
@@ -321,23 +323,23 @@ jobs:
         registry: ["ghcr.io/home-assistant", "docker.io/homeassistant"]
     steps:
       - name: Checkout the repository
-        uses: actions/[email protected]
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.9.2
+        uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0
         with:
           cosign-release: "v2.2.3"
 
       - name: Login to DockerHub
         if: matrix.registry == 'docker.io/homeassistant'
-        uses: docker/[email protected]
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
         if: matrix.registry == 'ghcr.io/home-assistant'
-        uses: docker/[email protected]
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -454,15 +456,15 @@ jobs:
     if: github.repository_owner == 'home-assistant' && needs.init.outputs.publish == 'true'
     steps:
       - name: Checkout the repository
-        uses: actions/[email protected]
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v5.6.0
+        uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
 
       - name: Download translations
-        uses: actions/[email protected]
+        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           name: translations
 
@@ -480,7 +482,7 @@ jobs:
           python -m build
 
       - name: Upload package to PyPI
-        uses: pypa/gh-action-pypi-publish@v1.12.4
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
         with:
           skip-existing: true
 
@@ -531,7 +533,7 @@ jobs:
 
       - name: Generate artifact attestation
         if: needs.init.outputs.channel != 'dev' && needs.init.outputs.publish == 'true'
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         with:
           subject-name: ${{ env.HASSFEST_IMAGE_NAME }}
           subject-digest: ${{ steps.push.outputs.digest }}