feat: add device diagnostics with PIN masking#1097
Merged
Conversation
- Remove "Direct Matter client commands" (completed) - Remove ZHA from open PRs (merged as #1091) - Update provider list (add ZHA, SimpliSafe candidate, ISY994 unsupported) - Remove websocket optimization (premature) - Refine device diagnostics TODO with per-device-level data plan - Update live testing section (PIN change tested on ZHA) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 05f9143a90fe
Implements async_get_config_entry_diagnostics and async_get_device_diagnostics for troubleshooting. Config entry diagnostics return the full picture: all managed locks with coordinator data, all slots with configuration, and all entity states. Device diagnostics are scoped by device type: - Slot device: configured state, per-lock coordinator code, entities - Lock device: coordinator data, push/sync status, entities - Config entry device: falls through to full config entry diagnostics All PIN codes are masked using the existing deterministic CRC32 mask_pin function (not generic REDACTED), so support can correlate duplicate PINs across slots without seeing actual values. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 15e9eab44326
github-actions
Bot
added
python
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 784e9bd2f2a7
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1097 +/- ##
=======================================
Coverage 95.70% 95.71%
=======================================
Files 47 48 +1
Lines 5520 5595 +75
Branches 503 503
=======================================
+ Hits 5283 5355 +72
- Misses 237 240 +3
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: b67c112b93e4
Contributor
There was a problem hiding this comment.
Pull request overview
Adds Home Assistant diagnostics support for the Lock Code Manager integration, aiming to help troubleshooting while masking PINs deterministically via the existing mask_pin utility.
Changes:
- Introduces
diagnostics.pyimplementing config-entry and device-scoped diagnostics. - Adds initial test coverage for diagnostics output and PIN masking behavior.
- Updates
TODO.mdprovider list and diagnostics/testing notes.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
custom_components/lock_code_manager/diagnostics.py |
Adds config-entry + device diagnostics builders and PIN masking. |
tests/test_diagnostics.py |
Adds tests validating diagnostics structure and masked PIN outputs. |
TODO.md |
Updates roadmap/provider notes and diagnostics plan section. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add a separate upload field for Lock Code Manager diagnostics alongside the existing lock integration diagnostics field. LCM diagnostics include coordinator data, sync state, and entity states with PINs masked — the lock integration diagnostics show the underlying device state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 9d70f28f7b78
github-actions
Bot
added
the
github-config
The PIN's identity in LCM is the slot number — the same PIN on slot 1 should hash identically regardless of which lock it's on. This lets support confirm "configured PIN matches coordinator code on lock A and lock B" by comparing masked values in diagnostics. The salt is now instance_id + slot_num + pin. Different slots produce different hashes (prevents cross-slot correlation). Different HA instances produce different hashes (prevents cross-instance correlation). Lock entity ID and config entry ID are excluded because they can change without the PIN changing. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 6c709a89392a
1. Redact PIN and code entity states in diagnostics output. Entities with |pin or |code in their unique_id have their state replaced with **REDACTED** and attributes cleared. 2. Use existing instance_id from hass.data[DOMAIN] instead of hass.data["core.uuid"]. 3. Validate config entry ID when detecting slot devices. 4. Fix sentinel value case in test assertions. 5. Make lock device test always assert. Add sensitive entity redaction test. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: ac4a7a9cae2c
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
The previous test checked for |pin and |code in entity_id, but those markers are in the unique_id. The _is_sensitive function correctly checks unique_id, so the test now verifies that at least one entity was redacted and all redacted entities have empty attributes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 9dd6bf1068d8
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: a2d79e8eb48d
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed change
Adds diagnostics support for troubleshooting Lock Code Manager. Implements both
async_get_config_entry_diagnosticsandasync_get_device_diagnostics.What it provides
Config entry diagnostics (the superset):
Device diagnostics (scoped by device type):
PIN masking
All PINs use the existing
mask_pinfunction (deterministic CRC32 hash) rather than generic**REDACTED**. The salt isinstance_id + slot_num + pin:This is intentional: a PIN's identity in LCM is its slot number, not its lock. The same PIN on slot 1 should hash identically across all locks in a config entry.
Sensitive entity states (PIN text, code sensor) are redacted to
**REDACTED**with empty attributes to prevent plaintext PIN leakage.Also included
Type of change
Additional information