Skip to content

Home Assistant Integration

Overview

Home Assistant Core lives at http://192.168.86.180:8123 (VM CT 100 on Finn). Long-lived API token in ~/.forge-secrets/ (NOT in repo). Forge consumes HA via two paths:

  1. Direct REST API calls from scripts/integrations/{eight-sleep,garmin}/poll.py, pollers push wellness sensors into HA. See reference_wellness_pollers memory entry.
  2. Context API HA poller at infra/context-api/scripts/ha_poller.py, every 15 min ingests wellness + presence + device state into the SQLite Context Graph at data/context.db. Surfaced via /context skill.

Capabilities verified (2026-03)

  • 42 lights detected and controllable via REST
  • RGB color control, scenes (Gaming Scene, Work Scene), power on/off/toggle
  • State queries (individual + bulk)
  • Wellness dashboard at /wellness-dash (HA Lovelace)

Remote access / Cloudflare Access (changed 2026-05-30)

homeassistant.justinsforge.com is served via Cloudflare tunnel. Cloudflare Access was REMOVED 2026-05-30 so the iOS HA companion app works (iOS app can't carry the Access cookie on its WebSocket and has no custom-header support, so Access broke the app — showed a broken-image page; Safari worked). Tradeoff accepted by Justin: HA's own login is now the only public gate. Full Access app+policy config backed up at data/ha-backups/cf-access-homeassistant-*.json — one-step restore. A CF Access service token "Home Assistant App" still exists (works for the Android app's custom headers; unused by iOS). Two legacy "HA Alexa bypass" Access apps remain (now redundant).

RECOMMENDED hardening (not yet applied): HA http: should set use_x_forwarded_for: true + trusted_proxies: [<cloudflared connector IP>] and ip_ban_enabled: true, login_attempts_threshold: 5. Without correct trusted_proxies, ip_ban would ban the tunnel connector (lock everyone out), so the connector IP must be identified first.

Lighting / scenes stack (added 2026-05-30)

No Philips Hue bridge; bulbs are WiZ, ZHA (Zigbee: Hue/Tradfri/Inovelli), Tuya, Matter. To get Hue-level scenes across all brands, three HACS components are installed (downloaded manually into /config, HACS can adopt for updates):

  • hue-like-light-card v1.11.0 (frontend) — Hue-app-style room/scene UI. JS at /config/www/community/hue-like-light-card/, Lovelace resource /local/community/hue-like-light-card/hue-like-light-card.js.
  • Adaptive Lighting v1.30.1 — circadian color-temp+brightness. Config /config/packages/adaptive_lighting.yaml, scoped to 6 living-area lights only (studio/office/outdoor/video/gaming EXCLUDED so they never auto-adjust). Master switch switch.living_areas_adaptive_lighting_living_areas.
  • Animated Scenes v2.1.1 — dynamic cycling-color scenes; service animated_scenes.start_animation. Activity Sensor config entry created. Scenes are scripts in /config/packages/lighting_animated_scenes.yaml (tropical/fireplace/ocean/party + animated_scenes_stop).

Static scene gallery: scene.relax|bright|evening|movie (+ existing studio_mood_lighting, work_scene, gaming_scene) in scenes.yaml. Dedicated Lighting dashboard at url_path lighting-control (Home dashboard deliberately untouched). Source copies of all package/config files in forge at data/ha-backups/.

Token

Long-lived access token: HA → Profile → Long-Lived Access Tokens. Lives at ~/.forge-secrets/wellness.env (chmod 600) and is mirrored into n8n encrypted credential store (cred IDs in reference_wellness_pollers).

History

Earlier (Greg / OpenClaw era) there was a custom skills/home-assistant/ skill with its own FastAPI wrapper on :7357, superseded by the Context API on :7358 and removed 2026-04-28. If you need direct HA control again, call the REST API directly with the long-lived token rather than reviving the wrapper.