v0.1.0 — Initial Release

Gatekeeper HA v0.1.0

QR-code-based temporary guest access for Home Assistant.

Features

• Scoped guest tokens — generate time-limited URLs that grant access only to specific entities, domains, and services
• Standalone guest page — guests scan a QR code or open a link. No HA login, no app install
• Auto-expiry — tokens expire after a configured duration. Use limits also supported
• Guest mode — toggle a full guest mode that disables automations, scripts, and scenes, sets safe states, and revokes all tokens on exit
• Admin Lovelace card — create/revoke tokens, see remaining time, display QR code, toggle guest mode — all from a card on your dashboard
• Automation blueprints — doorbell → auto-token, token expiry alert, lock-code → guest mode
• Fully UI-configurable — set up via Settings → Devices & Services, no YAML editing
• 3 sensor entities — guest mode active, active token count, soonest token expiry

Security

• Token secrets hashed with bcrypt, never stored or logged in plaintext
• All scope enforcement server-side — guest JS cannot override permissions
• QR codes rendered locally in-browser — no third-party API calls
• XSS-safe DOM construction on guest page
• Constant-time secret comparison via hmac.compare_digest
• Race-safe single-use tokens with lock-guarded use_count

Architecture

Custom integration (custom_components/gatekeeper/) with embedded asyncio HTTP server for the guest page. No external dependencies beyond bcrypt.