Skip to content

Releases: rusty4444/gatekeeper-ha

v0.1.5 — Fix disable_automations default, add config flow toggles

21 May 08:55
@rusty4444 rusty4444
v0.1.5
b2a03ac

Choose a tag to compare

View all tags
v0.1.5 — Fix disable_automations default, add config flow toggles Latest
Latest

Fixes

Root cause

The Voluptuous service schema in __init__.py still had default=True for disable_automations. When the card sent an empty payload {}, the HA backend schema validation filled in True before the handler ran — undoing the earlier fix.

Changes

  • Service schema default: disable_automations changed from TrueFalse (the proper fix)
  • Config flow toggles: Visual on/off switches in Settings → Gatekeeper HA → Options:
    • Disable automations when guest mode activates (default OFF)
    • Disable scripts when guest mode activates (default ON)
    • Disable scenes when guest mode activates (default ON)
    • Apply safe states in guest mode (default ON)
  • Internal defaults: guest_mode.py method defaults changed to match service defaults
  • Blueprint: disable_automations is now a configurable blueprint input (defaults true for lock-code users)
  • Translations: Added for the new config field

Upgrade path

  1. Update via HACS (or copy custom_components/gatekeeper manually)
  2. Restart Home Assistant
  3. Browse to Settings → Gatekeeper HA → Options to configure your defaults
  4. Clear browser cache to pick up the new card JS

Fixes #17 (gatekeeper-card), Fixes #54 (gatekeeper-ha)

Assets 2
Loading

v0.1.4

20 May 22:22
@rusty4444 rusty4444
v0.1.4
c657d2b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.1.4

v0.1.4

Bug Fixes

  • Guest mode no longer disables ALL automations by default (issue #54)
    Changed disable_automations default from True to False in both service handler and services.yaml. Users who want automations disabled during guest mode can explicitly pass disable_automations: true and/or automation_entity_ids: [specific automations].

Companion

  • gatekeeper-card v0.1.3: fixed callService signature for return_response, removed default disable_automations from card
  • gatekeeper-card PR #18 / gatekeeper-ha PR #55
Loading

v0.1.3

19 May 23:53
@rusty4444 rusty4444
v0.1.3
dda8cbd

Choose a tag to compare

View all tags
v0.1.3

v0.1.3

Bug Fixes

  • Fix config flow 500 on HA 2026.4+ (Python 3.14 bcrypt conflict)
    Relaxed bcrypt pin to >=4.2.1,<6.0.0 to work with the bcrypt==5.0.0 that ships with Python 3.14

What Changed

  • Relaxed bcrypt requirement so HA 2026.4+ users don't see a RequirementsNotFound error during config flow

Closes #52

Loading

v0.1.2

18 May 21:30
@rusty4444 rusty4444
v0.1.2
f1922c9

Choose a tag to compare

View all tags
v0.1.2

What's Changed

Security

  • CSRF protection on /call_service endpoint (cross-site, host mismatch, Content-Type enforcement)
  • WiFi password redacted in /status unless both per-token and global options enable it
  • Guest secret on card changed to password field with reveal/hide, dismiss, and 60s auto-clear
  • TOCTOU fix: token validate + use-count increment now atomic under a single lock

Fixed

  • Guest URL now uses proxy bind host+port instead of HA UI port (8123)
  • GuestModeManager properly cancels auto-disable timer on shutdown
  • async_revoke_all accepts source filter so guest mode doesn't revoke admin tokens
  • Safe-state overrides map values to real service names (e.g. lockedlock)
  • Safe-state no-op path skips service calls entirely when no overrides exist
  • Sensor/binary_sensor coordinator-missing path now logs at ERROR level
  • Dead SHA-256 fallback removed; bcrypt is a hard requirement
  • Explicit imports throughout

Changed

  • Lovelace card split into dedicated repo: rusty4444/gatekeeper-card
  • State keyed by entry.entry_id for correct multi-entry teardown

Added

  • Tests for auth proxy, safe-state, and guest mode (33 passing)
Loading

v0.1.0 — Initial Release

18 May 05:45
@rusty4444 rusty4444
v0.1.0
86c4f9b

Choose a tag to compare

View all tags
v0.1.0 — Initial Release

Gatekeeper HA v0.1.0

QR-code-based temporary guest access for Home Assistant.

Features

  • Scoped guest tokens — generate time-limited URLs that grant access only to specific entities, domains, and services
  • Standalone guest page — guests scan a QR code or open a link. No HA login, no app install
  • Auto-expiry — tokens expire after a configured duration. Use limits also supported
  • Guest mode — toggle a full guest mode that disables automations, scripts, and scenes, sets safe states, and revokes all tokens on exit
  • Admin Lovelace card — create/revoke tokens, see remaining time, display QR code, toggle guest mode — all from a card on your dashboard
  • Automation blueprints — doorbell → auto-token, token expiry alert, lock-code → guest mode
  • Fully UI-configurable — set up via Settings → Devices & Services, no YAML editing
  • 3 sensor entities — guest mode active, active token count, soonest token expiry

Security

  • Token secrets hashed with bcrypt, never stored or logged in plaintext
  • All scope enforcement server-side — guest JS cannot override permissions
  • QR codes rendered locally in-browser — no third-party API calls
  • XSS-safe DOM construction on guest page
  • Constant-time secret comparison via hmac.compare_digest
  • Race-safe single-use tokens with lock-guarded use_count

Architecture

Custom integration (custom_components/gatekeeper/) with embedded asyncio HTTP server for the guest page. No external dependencies beyond bcrypt.

Loading