Home Assistant Control
Use Home Assistant REST API with a long-lived access token.
Requirements
For skill users (runtime)
- - �INLINECODE0
- INLINECODE1
- INLINECODE2
- Home Assistant long-lived token (
HA_TOKEN) - Home Assistant public base URL (
HA_URL_PUBLIC)
For skill maintainers (packaging/validation)
- - �INLINECODE5
- INLINECODE6� (required by
skill-creator validator/packager scripts)
Required environment variables
- -
HA_TOKEN (required) - INLINECODE9� (required; canonical target and fallback)
- Optional URL behavior:
- if
HA_URL_LOCAL is set (and no
HA_URL override), local is tried first, then fallback to
HA_URL_PUBLIC
-
HA_URL is an explicit override (if set, used directly)
Secrets handling (publish-safe)
- - Keep keys/URLs in an external file, not in the skill folder.
- Set
HA_ENV_FILE=/absolute/path/to/file.env when you want file-based secret loading. - If
HA_ENV_FILE is not set, scripts only use environment variables already present in the shell. - INLINECODE16� and
scripts/self_check.sh load env file only when HA_ENV_FILE is provided.
Core workflow
- 1. Parse the user request into target entity/service + desired action.
- Check
references/naming-context.md for manual alias mappings first. - Verify entity exists before changing state.
- Execute service call.
- Re-check state and report outcome clearly.
Useful endpoints
- - List states: �INLINECODE20
- Single state: �INLINECODE21
- Call service: �INLINECODE22
Headers:
- - �INLINECODE23
- INLINECODE24
Scripts
- -
scripts/ha_env.sh — loads env file only when HA_ENV_FILE is explicitly set, using safe KEY=VALUE parsing (no source/eval). - INLINECODE29� — generic API caller for Home Assistant.
- INLINECODE30� — generate
references/entities.md from GET /api/states.
- Full map:
./scripts/fill_entities_md.sh
- Filter domains:
./scripts/fill_entities_md.sh --domains light,switch,climate,sensor
- -
scripts/save_naming_context.sh — refresh references/naming-context.md for user-specific naming.
-
./scripts/save_naming_context.sh
- -
scripts/ha_entity_find.sh — search entities by partial entity id or friendly name.
-
./scripts/ha_entity_find.sh kitchen
-
./scripts/ha_entity_find.sh temp --domains sensor,climate --limit 30
- -
scripts/ha_safe_action.sh — execute service actions with safety checks and risk confirmation.
-
./scripts/ha_safe_action.sh light turn_on light.kitchen '{"brightness_pct":60}'
-
./scripts/ha_safe_action.sh lock unlock lock.front_door --dry-run
- Add
--yes to bypass interactive confirmation for risky domains.
- -
scripts/self_check.sh — verify prerequisites and API connectivity/auth before running actions.
- �INLINECODE46
Safety
- - Confirm before high-impact actions (locks, alarms, garage/doors, heating shutdown).
- Do not print raw token values.
- If target entity is ambiguous, ask a follow-up question.
- Keep API paths scoped to Home Assistant endpoints only (
/api/...). - Use only HTTP(S) Home Assistant base URLs (
HA_URL*), prefer HTTPS for public access. - Avoid code execution when loading env files: parse key/value pairs, do not use
source on untrusted paths.
Reference files
- -
references/entities.md — entity inventory - INLINECODE51� — user alias memory for natural names (e.g. "living room light")
Publishing notes
- - Keep examples generic (
example_* IDs), no personal hostnames/tokens. - Do not commit
.env or any private env file with real tokens. - Keep the skill focused: API workflow + reusable scripts + entity reference.
Home Assistant 控制
使用带有长期访问令牌的 Home Assistant REST API。
要求
对于技能用户(运行时)
- - bash
- curl
- jq
- Home Assistant 长期令牌(HATOKEN)
- Home Assistant 公共基础 URL(HAURL_PUBLIC)
对于技能维护者(打包/验证)
- - python3
- pyyaml(由 skill-creator 验证器/打包脚本所需)
必需的环境变量
- - HATOKEN(必需)
- HAURL_PUBLIC(必需;规范目标及回退地址)
- 可选的 URL 行为:
- 如果设置了 HA
URLLOCAL(且没有 HA
URL 覆盖),则优先尝试本地地址,然后回退到 HAURL_PUBLIC
- HA_URL 是显式覆盖(如果设置,则直接使用)
密钥处理(发布安全)
- - 将密钥/URL 保存在外部文件中,而非技能文件夹内。
- 当需要基于文件的密钥加载时,设置 HAENVFILE=/绝对/路径/到/file.env。
- 如果未设置 HAENVFILE,脚本仅使用 shell 中已存在的环境变量。
- 仅在提供 HAENVFILE 时,scripts/hacall.sh 和 scripts/selfcheck.sh 才会加载环境文件。
核心工作流程
- 1. 将用户请求解析为目标实体/服务 + 所需操作。
- 首先检查 references/naming-context.md 以获取手动别名映射。
- 在更改状态前验证实体是否存在。
- 执行服务调用。
- 重新检查状态并清晰报告结果。
有用的端点
- - 列出状态:GET /api/states
- 单个状态:GET /api/states/{entity_id}
- 调用服务:POST /api/services/{domain}/{service}
请求头:
- - Authorization: Bearer $HA_TOKEN
- Content-Type: application/json
脚本
- - scripts/haenv.sh — 仅在显式设置 HAENVFILE 时加载环境文件,使用安全的 KEY=VALUE 解析(不使用 source/eval)。
- scripts/hacall.sh — Home Assistant 的通用 API 调用器。
- scripts/fillentitiesmd.sh — 从 GET /api/states 生成 references/entities.md。
- 完整映射:./scripts/fill
entitiesmd.sh
- 过滤域:./scripts/fill
entitiesmd.sh --domains light,switch,climate,sensor
- - scripts/savenamingcontext.sh — 刷新 references/naming-context.md 以获取用户特定的命名。
- ./scripts/save
namingcontext.sh
- - scripts/haentityfind.sh — 通过部分实体 ID 或友好名称搜索实体。
- ./scripts/ha
entityfind.sh kitchen
- ./scripts/ha
entityfind.sh temp --domains sensor,climate --limit 30
- - scripts/hasafeaction.sh — 执行带有安全检查与风险确认的服务操作。
- ./scripts/ha
safeaction.sh light turn
on light.kitchen {brightnesspct:60}
- ./scripts/ha
safeaction.sh lock unlock lock.front_door --dry-run
- 添加 --yes 可跳过高风险域的交互式确认。
- - scripts/self_check.sh — 在执行操作前验证先决条件及 API 连接/认证。
- ./scripts/self_check.sh
安全性
- - 在高影响操作(锁、警报、车库/门、供暖关闭)前进行确认。
- 不打印原始令牌值。
- 如果目标实体不明确,则提出后续问题。
- 将 API 路径限制在 Home Assistant 端点范围内(/api/...)。
- 仅使用 HTTP(S) Home Assistant 基础 URL(HA_URL*),公共访问优先使用 HTTPS。
- 加载环境文件时避免代码执行:解析键/值对,不要对不可信路径使用 source。
参考文件
- - references/entities.md — 实体清单
- references/naming-context.md — 用户别名记忆,用于自然名称(例如“客厅灯”)
发布说明
- - 保持示例通用(使用 example_* ID),不包含个人主机名/令牌。
- 不提交 .env 或任何包含真实令牌的私有环境文件。
- 保持技能专注:API 工作流程 + 可复用脚本 + 实体参考。
