Fix preprocessor guards and update test to follow repo patterns

Co-authored-by: jesserockz <3060199+jesserockz@users.noreply.github.com>

.ai/instructions.md

@@ -124,28 +124,6 @@ This document provides essential context for AI models interacting with this pro
     *   **Indentation:** Use spaces (two per indentation level), not tabs
     *   **Type aliases:** Prefer `using type_t = int;` over `typedef int type_t;`
     *   **Line length:** Wrap lines at no more than 120 characters
-    *   **Constructor parameters vs setters:** Component properties that are both **required** and **invariant**
-        (never change after construction) should be constructor parameters rather than set via setter methods.
-        This makes the dependency explicit and prevents use of the object in an incompletely-initialized state.
-        In code generation, when calling `cg.new_Pvariable()` or the relevant helper function to create the component, pass these as arguments.
-        ```cpp
-        // Good - required invariant dependency as constructor parameter
-        class SourceTextSensor : public text_sensor::TextSensor, public Component {
-         public:
-          explicit SourceTextSensor(text::Text *source) : source_(source) {}
-         protected:
-          text::Text *source_;
-        };
-        ```
-        ```cpp
-        // Bad - required invariant dependency as setter
-        class SourceTextSensor : public text_sensor::TextSensor, public Component {
-         public:
-          void set_source(text::Text *source) { this->source_ = source; }
-         protected:
-          text::Text *source_{nullptr};
-        };
-        ```
 
 *   **Component Structure:**
     *   **Standard Files:**
@@ -239,123 +217,6 @@ This document provides essential context for AI models interacting with this pro
               var = await switch.new_switch(config)
           ```
 
-*   **Automations (Triggers, Actions, Conditions):**
-
-    Automations have three building blocks: **Triggers** (fire when something happens), **Actions** (do something), and **Conditions** (check if something is true).
-
-    *   **Triggers -- Callback method (preferred):**
-
-        Use `build_callback_automation()` for simple triggers. This eliminates the need for a C++ Trigger class by using a lightweight pointer-sized forwarder struct registered directly as a callback. No `CONF_TRIGGER_ID` in the schema.
-
-        **Python:**
-        ```python
-        from esphome import automation
-
-        CONFIG_SCHEMA = cv.Schema({
-            cv.GenerateID(): cv.declare_id(MyComponent),
-            cv.Optional(CONF_ON_STATE): automation.validate_automation({}),
-        }).extend(cv.COMPONENT_SCHEMA)
-
-        async def to_code(config):
-            var = cg.new_Pvariable(config[CONF_ID])
-            await cg.register_component(var, config)
-            for conf in config.get(CONF_ON_STATE, []):
-                await automation.build_callback_automation(
-                    var, "add_on_state_callback", [(bool, "x")], conf
-                )
-        ```
-
-        `build_callback_automation` arguments: `parent`, `callback_method` (C++ method name), `args` (template args as `[(type, name)]` tuples), `config`, and optional `forwarder` (defaults to `TriggerForwarder<Ts...>`).
-
-        For boolean filtering (e.g. `on_press`/`on_release`), use built-in forwarders with `args=[]`:
-        ```python
-        for conf_key, forwarder in (
-            (CONF_ON_PRESS, automation.TriggerOnTrueForwarder),
-            (CONF_ON_RELEASE, automation.TriggerOnFalseForwarder),
-        ):
-            for conf in config.get(conf_key, []):
-                await automation.build_callback_automation(
-                    var, "add_on_state_callback", [], conf, forwarder=forwarder
-                )
-        ```
-
-        **C++ -- no trigger class needed.** The callback registration method must be templatized to accept both `std::function` and lightweight forwarder structs (which avoid heap allocation):
-        ```cpp
-        class MyComponent : public Component {
-         public:
-          // Must be a template -- accepts both std::function and pointer-sized forwarder structs
-          template<typename F> void add_on_state_callback(F &&callback) {
-            this->state_callback_.add(std::forward<F>(callback));
-          }
-         protected:
-          // Use CallbackManager when callbacks are always registered (e.g. core components)
-          CallbackManager<void(bool)> state_callback_;
-          // Use LazyCallbackManager when callbacks are often not registered -- saves 8 bytes
-          // (nullptr vs empty std::vector) per instance when no callbacks are added
-          // LazyCallbackManager<void(bool)> state_callback_;
-        };
-        ```
-
-    *   **Triggers -- Trigger class method:**
-
-        Use `build_automation()` with a `Trigger<Ts...>` subclass only when the forwarder needs **mutable state beyond a single `Automation*` pointer** (e.g. edge detection tracking previous state, timing logic).
-
-        **Python:**
-        ```python
-        TurnOnTrigger = my_ns.class_("TurnOnTrigger", automation.Trigger.template())
-
-        CONFIG_SCHEMA = cv.Schema({
-            cv.Optional(CONF_ON_TURN_ON): automation.validate_automation(
-                {cv.GenerateID(CONF_TRIGGER_ID): cv.declare_id(TurnOnTrigger)}
-            ),
-        })
-
-        async def to_code(config):
-            for conf in config.get(CONF_ON_TURN_ON, []):
-                trigger = cg.new_Pvariable(conf[CONF_TRIGGER_ID], var)
-                await automation.build_automation(trigger, [], conf)
-        ```
-
-        **C++:**
-        ```cpp
-        class TurnOnTrigger : public Trigger<> {
-         public:
-          explicit TurnOnTrigger(MyComponent *parent) : last_on_{false} {
-            parent->add_on_state_callback([this](bool state) {
-              if (state && !this->last_on_)
-                this->trigger();
-              this->last_on_ = state;
-            });
-          }
-         protected:
-          bool last_on_;
-        };
-        ```
-
-    *   **Actions:**
-        ```cpp
-        template<typename... Ts> class MyAction : public Action<Ts...> {
-         public:
-          explicit MyAction(MyComponent *parent) : parent_(parent) {}
-          void play(const Ts &...) override { this->parent_->do_something(); }
-         protected:
-          MyComponent *parent_;
-        };
-        ```
-        Register with `@automation.register_action("my_component.do_something", MyAction, schema, synchronous=True)`. Use `synchronous=True` for actions that run to completion inside `play()` without deferring. Use `synchronous=False` if the action may suspend/defer execution (e.g. `delay`, `wait_until`, `script.wait`) or store trigger arguments for later use.
-
-    *   **Conditions:**
-        ```cpp
-        template<typename... Ts> class MyCondition : public Condition<Ts...> {
-         public:
-          explicit MyCondition(MyComponent *parent) : parent_(parent) {}
-          bool check(const Ts &...) override { return this->parent_->is_active(); }
-         protected:
-          MyComponent *parent_;
-        };
-        ```
-        Register with `@automation.register_condition("my_component.is_active", MyCondition, schema)`.
-
 *   **Configuration Validation:**
     *   **Common Validators:** `cv.int_`, `cv.float_`, `cv.string`, `cv.boolean`, `cv.int_range(min=0, max=100)`, `cv.positive_int`, `cv.percentage`.
     *   **Complex Validation:** `cv.All(cv.string, cv.Length(min=1, max=50))`, `cv.Any(cv.int_, cv.string)`.
@@ -391,49 +252,10 @@ This document provides essential context for AI models interacting with this pro
     *   **Component Tests:** YAML-based compilation tests are located in `tests/`. The structure is as follows:
         ```
         tests/
-        ├── test_build_components/
-        │   └── common/          # Shared bus packages (uart, i2c, spi, etc.)
-        │       ├── uart/        # UART at default baud rate
-        │       ├── uart_115200/ # UART at 115200 baud
-        │       ├── i2c/         # I2C bus
-        │       └── spi/         # SPI bus
-        └── components/[component]/
-            ├── common.yaml          # Component-only config (no bus definitions)
-            ├── test.esp32-idf.yaml      # config + compile
-            ├── test.esp8266-ard.yaml    # config + compile
-            ├── test-variant.esp32-idf.yaml  # variant test, config + compile
-            ├── validate.esp32-idf.yaml      # config-only (never compiled)
-            └── validate-legacy.esp32-idf.yaml  # config-only variant
+        ├── test_build_components/ # Base test configurations
+        └── components/[component]/ # Component-specific tests
         ```
         Run them using `script/test_build_components`. Use `-c <component>` to test specific components and `-t <target>` for specific platforms.
-
-    *   **Config-only test files (`validate.*.yaml`):** Use this prefix when a YAML file only needs to exercise schema/validation paths and does not need to be compiled. CI runs `validate.*.yaml` files with `esphome config` only and skips them during compile. The grammar mirrors `test.*.yaml`:
-        - `validate.<platform>.yaml` — base config-only test
-        - `validate-<variant>.<platform>.yaml` — config-only variant
-
-        Use this for things like deprecated-syntax migration tests, schema edge cases, or platform-specific validation branches where building firmware adds no signal. A component may have any mix of `test.*.yaml` and `validate.*.yaml` files. Validate files never participate in bus-grouping; each one runs as its own `esphome config` invocation.
-
-        When a PR's only edits to a component are `validate.*.yaml` files (no source changes, no `test.*.yaml` changes, and the component isn't pulled in as a dependency of another changed component), CI skips the compile stage for that component entirely and only runs config validation. This is decided in `script/determine-jobs.py` via `_component_change_is_validate_only` and surfaced as the `validate_only_components` output that the `test-build-components-split` job consumes.
-
-    *   **Test Grouping with Packages:** Components that use shared bus packages can be grouped together in CI to reduce build count. **Never define buses (uart, i2c, spi, modbus) directly in test YAML files** — always use packages from `test_build_components/common/`:
-        ```yaml
-        # test.esp32-idf.yaml — use packages for buses
-        packages:
-          uart: !include ../../test_build_components/common/uart_115200/esp32-idf.yaml
-
-        <<: !include common.yaml
-        ```
-        ```yaml
-        # common.yaml — component config only, NO bus definitions
-        my_component:
-          id: my_instance
-
-        sensor:
-          - platform: my_component
-            name: My Sensor
-        ```
-        Components that define buses directly are flagged as "NEEDS MIGRATION" and cannot be grouped, increasing CI build time.
-
     *   **Testing All Components Together:** To verify that all components can be tested together without ID conflicts or configuration issues, use:
         ```bash
         ./script/test_component_grouping.py -e config --all
@@ -454,17 +276,16 @@ This document provides essential context for AI models interacting with this pro
 ## 7. Specific Instructions for AI Collaboration
 
 *   **Contribution Workflow (Pull Request Process):**
-    1.  **Fork & Branch:** Create a new branch based on the `dev` branch (always use `git checkout -b <branch-name> dev` to ensure you're branching from `dev`, not the currently checked out branch).
+    1.  **Fork & Branch:** Create a new branch in your fork.
     2.  **Make Changes:** Adhere to all coding conventions and patterns.
     3.  **Test:** Create component tests for all supported platforms and run the full test suite locally.
     4.  **Lint:** Run `pre-commit` to ensure code is compliant.
     5.  **Commit:** Commit your changes. There is no strict format for commit messages.
-    6.  **Pull Request:** Submit a PR against the `dev` branch. The Pull Request title should have a prefix of the component being worked on (e.g., `[display] Fix bug`, `[abc123] Add new component`). Update documentation, examples, and add `CODEOWNERS` entries as needed. Pull requests should always be made using the `.github/PULL_REQUEST_TEMPLATE.md` template - fill out all sections completely without removing any parts of the template.
+    6.  **Pull Request:** Submit a PR against the `dev` branch. The Pull Request title should have a prefix of the component being worked on (e.g., `[display] Fix bug`, `[abc123] Add new component`). Update documentation, examples, and add `CODEOWNERS` entries as needed. Pull requests should always be made with the PULL_REQUEST_TEMPLATE.md template filled out correctly.
 
 *   **Documentation Contributions:**
-    *   Documentation is hosted in the separate `esphome/esphome.io` repository.
+    *   Documentation is hosted in the separate `esphome/esphome-docs` repository.
     *   The contribution workflow is the same as for the codebase.
-    *   When editing a component's documentation page, also update the corresponding component index page to ensure both pages remain in sync.
 
 *   **Best Practices:**
     *   **Component Development:** Keep dependencies minimal, provide clear error messages, and write comprehensive docstrings and tests.
@@ -472,12 +293,6 @@ This document provides essential context for AI models interacting with this pro
     *   **Configuration Design:** Aim for simplicity with sensible defaults, while allowing for advanced customization.
     *   **Embedded Systems Optimization:** ESPHome targets resource-constrained microcontrollers. Be mindful of flash size and RAM usage.
 
-        **Why Heap Allocation Matters:**
-
-        ESP devices run for months with small heaps shared between Wi-Fi, BLE, LWIP, and application code. Over time, repeated allocations of different sizes fragment the heap. Failures happen when the largest contiguous block shrinks, even if total free heap is still large. We have seen field crashes caused by this.
-
-        **Heap allocation after `setup()` should be avoided unless absolutely unavoidable.** Every allocation/deallocation cycle contributes to fragmentation. ESPHome treats runtime heap allocation as a long-term reliability bug, not a performance issue. Helpers that hide allocation (`std::string`, `std::to_string`, string-returning helpers) are being deprecated and replaced with buffer and view based APIs.
-
         **STL Container Guidelines:**
 
         ESPHome runs on embedded systems with limited resources. Choose containers carefully:
@@ -507,15 +322,15 @@ This document provides essential context for AI models interacting with this pro
            std::array<uint8_t, 256> buffer;
            ```
 
-        2. **Compile-time-known fixed sizes with vector-like API:** Use `StaticVector` from `esphome/core/helpers.h` for compile-time fixed size with `push_back()` interface (no dynamic allocation).
+        2. **Compile-time-known fixed sizes with vector-like API:** Use `StaticVector` from `esphome/core/helpers.h` for fixed-size stack allocation with `push_back()` interface.
            ```cpp
            // Bad - generates STL realloc code (_M_realloc_insert)
            std::vector<ServiceRecord> services;
            services.reserve(5);  // Still includes reallocation machinery
 
-           // Good - compile-time fixed size, no dynamic allocation
-           StaticVector<ServiceRecord, MAX_SERVICES> services;
-           services.push_back(record1);
+           // Good - compile-time fixed size, stack allocated, no reallocation machinery
+           StaticVector<ServiceRecord, MAX_SERVICES> services;  // Allocates all MAX_SERVICES on stack
+           services.push_back(record1);  // Tracks count but all slots allocated
            ```
            Use `cg.add_define("MAX_SERVICES", count)` to set the size from Python configuration.
            Like `std::array` but with vector-like API (`push_back()`, `size()`) and no STL reallocation code.
@@ -557,45 +372,22 @@ This document provides essential context for AI models interacting with this pro
            ```
            Linear search on small datasets (1-16 elements) is often faster than hashing/tree overhead, but this depends on lookup frequency and access patterns. For frequent lookups in hot code paths, the O(1) vs O(n) complexity difference may still matter even for small datasets. `std::vector` with simple structs is usually fine—it's the heavy containers (`map`, `set`, `unordered_map`) that should be avoided for small datasets unless profiling shows otherwise.
 
-        5. **Avoid `std::deque`:** It allocates in 512-byte blocks regardless of element size, guaranteeing at least 512 bytes of RAM usage immediately. This is a major source of crashes on memory-constrained devices.
-
-        6. **Detection:** Look for these patterns in compiler output:
+        5. **Detection:** Look for these patterns in compiler output:
            - Large code sections with STL symbols (vector, map, set)
            - `alloc`, `realloc`, `dealloc` in symbol names
            - `_M_realloc_insert`, `_M_default_append` (vector reallocation)
            - Red-black tree code (`rb_tree`, `_Rb_tree`)
            - Hash table infrastructure (`unordered_map`, `hash`)
 
-        **Prioritize optimization effort for:**
+        **When to optimize:**
         - Core components (API, network, logger)
         - Widely-used components (mdns, wifi, ble)
         - Components causing flash size complaints
 
-        Note: Avoiding heap allocation after `setup()` is always required regardless of component type. The prioritization above is about the effort spent on container optimization (e.g., migrating from `std::vector` to `StaticVector`).
-
-        **Callback Managers:**
-
-        ESPHome provides two callback manager types in `esphome/core/helpers.h` for the observer pattern. Both support `std::function`, lambdas, and lightweight forwarder structs via their templatized `add()` method.
-
-        | Type | Idle overhead (32-bit) | When to use |
-        |------|----------------------|-------------|
-        | `CallbackManager<void(Ts...)>` | 12 bytes (empty `std::vector`) | Callbacks are always or almost always registered |
-        | `LazyCallbackManager<void(Ts...)>` | 4 bytes (`nullptr`) | Callbacks are often not registered (common case) |
-
-        `LazyCallbackManager` is a drop-in replacement for `CallbackManager` that defers allocation until the first callback is added. Prefer it for entity-level callbacks where most instances have no subscribers.
-
-        **Important:** Registration methods that add to a callback manager **must always be templatized** to accept both `std::function` and pointer-sized forwarder structs (used by `build_callback_automation`). Never use `std::function` in the method signature:
-        ```cpp
-        // Bad -- forces heap allocation for forwarder structs
-        void add_on_state_callback(std::function<void(bool)> &&callback) {
-          this->state_callback_.add(std::move(callback));
-        }
-
-        // Good -- accepts any callable without forcing std::function wrapping
-        template<typename F> void add_on_state_callback(F &&callback) {
-          this->state_callback_.add(std::forward<F>(callback));
-        }
-        ```
+        **When not to optimize:**
+        - Single-use niche components
+        - Code where readability matters more than bytes
+        - Already using appropriate containers
 
     *   **State Management:** Use `CORE.data` for component state that needs to persist during configuration generation. Avoid module-level mutable globals.
 
@@ -610,45 +402,35 @@ This document provides essential context for AI models interacting with this pro
             _use_feature = True
         ```
 
-        **Bad Pattern (Flat Keys):**
+        **Good Pattern (CORE.data with Helpers):**
         ```python
-        # Don't do this - keys should be namespaced under component domain
-        MY_FEATURE_KEY = "my_component_feature"
-        CORE.data[MY_FEATURE_KEY] = True
-        ```
-
-        **Good Pattern (dataclass):**
-        ```python
-        from dataclasses import dataclass, field
         from esphome.core import CORE
 
-        DOMAIN = "my_component"
+        # Keys for CORE.data storage
+        COMPONENT_STATE_KEY = "my_component_state"
+        USE_FEATURE_KEY = "my_component_use_feature"
 
-        @dataclass
-        class MyComponentData:
-            feature_enabled: bool = False
-            item_count: int = 0
-            items: list[str] = field(default_factory=list)
+        def _get_component_state() -> list:
+            """Get component state from CORE.data."""
+            return CORE.data.setdefault(COMPONENT_STATE_KEY, [])
 
-        def _get_data() -> MyComponentData:
-            if DOMAIN not in CORE.data:
-                CORE.data[DOMAIN] = MyComponentData()
-            return CORE.data[DOMAIN]
+        def _get_use_feature() -> bool | None:
+            """Get feature flag from CORE.data."""
+            return CORE.data.get(USE_FEATURE_KEY)
 
-        def request_feature() -> None:
-            _get_data().feature_enabled = True
+        def _set_use_feature(value: bool) -> None:
+            """Set feature flag in CORE.data."""
+            CORE.data[USE_FEATURE_KEY] = value
 
-        def add_item(item: str) -> None:
-            _get_data().items.append(item)
+        def enable_feature():
+            _set_use_feature(True)
         ```
 
-        If you need a real-world example, search for components that use `@dataclass` with `CORE.data` in the codebase. Note: Some components may use `TypedDict` for dictionary-based storage; both patterns are acceptable depending on your needs.
-
         **Why this matters:**
         - Module-level globals persist between compilation runs if the dashboard doesn't fork/exec
         - `CORE.data` automatically clears between runs
-        - Namespacing under `DOMAIN` prevents key collisions between components
-        - `@dataclass` provides type safety and cleaner attribute access
+        - Typed helper functions provide better IDE support and maintainability
+        - Encapsulation makes state management explicit and testable
 
 *   **Security:** Be mindful of security when making changes to the API, web server, or any other network-related code. Do not hardcode secrets or keys.
 
@@ -681,7 +463,7 @@ This document provides essential context for AI models interacting with this pro
     - [ ] Explored non-breaking alternatives
     - [ ] Added deprecation warnings if possible (use `ESPDEPRECATED` macro for C++)
     - [ ] Documented migration path in PR description with before/after examples
-    - [ ] Updated all internal usage and esphome.io
+    - [ ] Updated all internal usage and esphome-docs
     - [ ] Tested backward compatibility during deprecation period
 
 *   **Deprecation Pattern (C++):**

.clang-tidy

@@ -5,30 +5,24 @@ Checks: >-
   -altera-*,
   -android-*,
   -boost-*,
-  -bugprone-derived-method-shadowing-base-method,
   -bugprone-easily-swappable-parameters,
   -bugprone-implicit-widening-of-multiplication-result,
-  -bugprone-invalid-enum-default-initialization,
   -bugprone-multi-level-implicit-pointer-conversion,
   -bugprone-narrowing-conversions,
-  -bugprone-tagged-union-member-count,
   -bugprone-signed-char-misuse,
   -bugprone-switch-missing-default-case,
   -cert-dcl50-cpp,
   -cert-err33-c,
   -cert-err58-cpp,
-  -cert-int09-c,
   -cert-oop57-cpp,
   -cert-str34-c,
   -clang-analyzer-optin.core.EnumCastOutOfRange,
   -clang-analyzer-optin.cplusplus.UninitializedObject,
   -clang-analyzer-osx.*,
-  -clang-analyzer-security.ArrayBound,
   -clang-diagnostic-delete-abstract-non-virtual-dtor,
   -clang-diagnostic-delete-non-abstract-non-virtual-dtor,
   -clang-diagnostic-deprecated-declarations,
   -clang-diagnostic-ignored-optimization-argument,
-  -clang-diagnostic-missing-designated-field-initializers,
   -clang-diagnostic-missing-field-initializers,
   -clang-diagnostic-shadow-field,
   -clang-diagnostic-unused-const-variable,
@@ -48,7 +42,6 @@ Checks: >-
   -cppcoreguidelines-owning-memory,
   -cppcoreguidelines-prefer-member-initializer,
   -cppcoreguidelines-pro-bounds-array-to-pointer-decay,
-  -cppcoreguidelines-pro-bounds-avoid-unchecked-container-access,
   -cppcoreguidelines-pro-bounds-constant-array-index,
   -cppcoreguidelines-pro-bounds-pointer-arithmetic,
   -cppcoreguidelines-pro-type-const-cast,
@@ -61,13 +54,12 @@ Checks: >-
   -cppcoreguidelines-rvalue-reference-param-not-moved,
   -cppcoreguidelines-special-member-functions,
   -cppcoreguidelines-use-default-member-init,
-  -cppcoreguidelines-use-enum-class,
   -cppcoreguidelines-virtual-class-destructor,
-  -fuchsia-default-arguments-calls,
-  -fuchsia-default-arguments-declarations,
   -fuchsia-multiple-inheritance,
   -fuchsia-overloaded-operator,
   -fuchsia-statically-constructed-objects,
+  -fuchsia-default-arguments-declarations,
+  -fuchsia-default-arguments-calls,
   -google-build-using-namespace,
   -google-explicit-constructor,
   -google-readability-braces-around-statements,
@@ -79,63 +71,49 @@ Checks: >-
   -llvm-else-after-return,
   -llvm-header-guard,
   -llvm-include-order,
-  -llvm-prefer-static-over-anonymous-namespace,
   -llvm-qualified-auto,
-  -llvm-use-ranges,
   -llvmlibc-*,
   -misc-const-correctness,
   -misc-include-cleaner,
-  -misc-multiple-inheritance,
   -misc-no-recursion,
   -misc-non-private-member-variables-in-classes,
-  -misc-override-with-different-visibility,
   -misc-unused-parameters,
   -misc-use-anonymous-namespace,
-  -misc-use-internal-linkage,
   -modernize-avoid-bind,
-  -modernize-avoid-variadic-functions,
   -modernize-avoid-c-arrays,
-  -modernize-avoid-c-style-cast,
+  -modernize-concat-nested-namespaces,
   -modernize-macro-to-enum,
   -modernize-return-braced-init-list,
   -modernize-type-traits,
   -modernize-use-auto,
   -modernize-use-constraints,
   -modernize-use-default-member-init,
-  -modernize-use-designated-initializers,
   -modernize-use-equals-default,
-  -modernize-use-integer-sign-comparison,
   -modernize-use-nodiscard,
   -modernize-use-nullptr,
-  -modernize-use-ranges,
+  -modernize-use-nodiscard,
+  -modernize-use-nullptr,
   -modernize-use-trailing-return-type,
   -mpi-*,
   -objc-*,
   -performance-enum-size,
-  -portability-avoid-pragma-once,
-  -portability-template-virtual-member-function,
-  -readability-ambiguous-smartptr-reset-call,
   -readability-avoid-nested-conditional-operator,
+  -readability-container-contains,
   -readability-container-data-pointer,
   -readability-convert-member-functions-to-static,
   -readability-else-after-return,
-  -readability-enum-initial-value,
   -readability-function-cognitive-complexity,
   -readability-implicit-bool-conversion,
   -readability-isolate-declaration,
   -readability-magic-numbers,
   -readability-make-member-function-const,
-  -readability-math-missing-parentheses,
   -readability-named-parameter,
   -readability-redundant-casting,
   -readability-redundant-inline-specifier,
   -readability-redundant-member-init,
-  -readability-redundant-parentheses,
-  -readability-redundant-typename,
+  -readability-redundant-string-init,
   -readability-uppercase-literal-suffix,
   -readability-use-anyofallof,
-  -readability-use-std-min-max,
-  -readability-use-concise-preprocessor-directives,
 WarningsAsErrors: '*'
 FormatStyle:     google
 CheckOptions:

.clang-tidy.hash

@@ -1 +1 @@
-72f02816e288b68ff4ef4b3d6fb66432c893b187a80ad3ebaa29afa443ff9ea6
+3d46b63015d761c85ca9cb77ab79a389509e5776701fb22aed16e7b79d432c0c

.claude/skills/pr-workflow/SKILL.md

@@ -1,96 +0,0 @@
----
-name: pr-workflow
-description: Create pull requests for esphome. Use when creating PRs, submitting changes, or preparing contributions.
-allowed-tools: Read, Bash, Glob, Grep
----
-
-# ESPHome PR Workflow
-
-When creating a pull request for esphome, follow these steps:
-
-## 1. Create Branch from Upstream
-
-Always base your branch on **upstream** (not origin/fork) to ensure you have the latest code:
-
-```bash
-git fetch upstream
-git checkout -b <branch-name> upstream/dev
-```
-
-## 2. Read the PR Template
-
-Before creating a PR, read `.github/PULL_REQUEST_TEMPLATE.md` to understand required fields.
-
-## 3. Create the PR
-
-Use `gh pr create` with the **full template** filled in. Never skip or abbreviate sections.
-
-Required fields:
-- **What does this implement/fix?**: Brief description of changes
-- **Types of changes**: Check ONE appropriate box (Bugfix, New feature, Breaking change, etc.)
-- **Related issue**: Use `fixes <link>` syntax if applicable
-- **Pull request in esphome.io**: Link if docs are needed
-- **Test Environment**: Check platforms you tested on
-- **Example config.yaml**: Include working example YAML
-- **Checklist**: Verify code is tested and tests added
-
-## 4. Example PR Body
-
-```markdown
-# What does this implement/fix?
-
-<describe your changes here>
-
-## Types of changes
-
-- [ ] Bugfix (non-breaking change which fixes an issue)
-- [x] New feature (non-breaking change which adds functionality)
-- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
-- [ ] Developer breaking change (an API change that could break external components)
-- [ ] Code quality improvements to existing code or addition of tests
-- [ ] Other
-
-**Related issue or feature (if applicable):**
-
-- fixes https://github.com/esphome/esphome/issues/XXX
-
-**Pull request in [esphome.io](https://github.com/esphome/esphome.io) with documentation (if applicable):**
-
-- esphome/esphome.io#XXX
-
-## Test Environment
-
-- [x] ESP32
-- [x] ESP32 IDF
-- [ ] ESP8266
-- [ ] RP2040
-- [ ] BK72xx
-- [ ] RTL87xx
-- [ ] LN882x
-- [ ] nRF52840
-
-## Example entry for `config.yaml`:
-
-```yaml
-# Example config.yaml
-component_name:
-  id: my_component
-  option: value
-```
-
-## Checklist:
-  - [x] The code change is tested and works locally.
-  - [x] Tests have been added to verify that the new code works (under `tests/` folder).
-
-If user exposed functionality or configuration variables are added/changed:
-  - [ ] Documentation added/updated in [esphome.io](https://github.com/esphome/esphome.io).
-```
-
-## 5. Push and Create PR
-
-```bash
-git push -u origin <branch-name>
-gh pr create --repo esphome/esphome --base dev --title "[component] Brief description"
-```
-
-Title should be prefixed with the component name in brackets, e.g. `[safe_mode] Add feature`.

.devcontainer/devcontainer.json

@@ -12,7 +12,7 @@
     "--privileged",
     "-e",
     "GIT_EDITOR=code --wait"
-    // uncomment and edit the path in order to pass through local USB serial to the container
+    // uncomment and edit the path in order to pass though local USB serial to the conatiner
     // , "--device=/dev/ttyACM0"
   ],
   "appPort": 6052,

.dockerignore

@@ -115,4 +115,4 @@ examples/
 Dockerfile
 .git/
 tests/
-.?*
+.*

.github/ISSUE_TEMPLATE/config.yml

@@ -2,7 +2,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: Report an issue with the ESPHome documentation
-    url: https://github.com/esphome/esphome.io/issues/new/choose
+    url: https://github.com/esphome/esphome-docs/issues/new/choose
     about: Report an issue with the ESPHome documentation.
   - name: Report an issue with the ESPHome web server
     url: https://github.com/esphome/esphome-webserver/issues/new/choose

.github/PULL_REQUEST_TEMPLATE.md

@@ -6,9 +6,8 @@
 
 - [ ] Bugfix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
-- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) — [policy](https://developers.esphome.io/contributing/code/#what-constitutes-a-c-breaking-change)
-- [ ] Developer breaking change (an API change that could break external components) — [policy](https://developers.esphome.io/contributing/code/#what-is-considered-public-c-api)
-- [ ] Undocumented C++ API change (removal or change of undocumented public methods that lambda users may depend on) — [policy](https://developers.esphome.io/contributing/code/#c-user-expectations)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Developer breaking change (an API change that could break external components)
 - [ ] Code quality improvements to existing code or addition of tests
 - [ ] Other
 
@@ -16,19 +15,18 @@
 
 - fixes <link to issue>
 
-**Pull request in [esphome.io](https://github.com/esphome/esphome.io) with documentation (if applicable):**
+**Pull request in [esphome-docs](https://github.com/esphome/esphome-docs) with documentation (if applicable):**
 
-- esphome/esphome.io#<esphome.io PR number goes here>
+- esphome/esphome-docs#<esphome-docs PR number goes here>
 
 ## Test Environment
 
 - [ ] ESP32
 - [ ] ESP32 IDF
 - [ ] ESP8266
-- [ ] RP2040/RP2350
+- [ ] RP2040
 - [ ] BK72xx
 - [ ] RTL87xx
-- [ ] LN882x
 - [ ] nRF52840
 
 ## Example entry for `config.yaml`:
@@ -43,4 +41,4 @@
   - [ ] Tests have been added to verify that the new code works (under `tests/` folder).
 
 If user exposed functionality or configuration variables are added/changed:
-  - [ ] Documentation added/updated in [esphome.io](https://github.com/esphome/esphome.io).
+  - [ ] Documentation added/updated in [esphome-docs](https://github.com/esphome/esphome-docs).

.github/actions/build-image/action.yaml

@@ -15,6 +15,11 @@ inputs:
     description: "Version to build"
     required: true
     example: "2023.12.0"
+  base_os:
+    description: "Base OS to use"
+    required: false
+    default: "debian"
+    example: "debian"
 runs:
   using: "composite"
   steps:
@@ -42,7 +47,7 @@ runs:
 
     - name: Build and push to ghcr by digest
       id: build-ghcr
-      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
       env:
         DOCKER_BUILD_SUMMARY: false
         DOCKER_BUILD_RECORD_UPLOAD: false
@@ -55,6 +60,7 @@ runs:
         build-args: |
           BUILD_TYPE=${{ inputs.build_type }}
           BUILD_VERSION=${{ inputs.version }}
+          BUILD_OS=${{ inputs.base_os }}
         outputs: |
           type=image,name=ghcr.io/${{ steps.tags.outputs.image_name }},push-by-digest=true,name-canonical=true,push=true
 
@@ -67,7 +73,7 @@ runs:
 
     - name: Build and push to dockerhub by digest
       id: build-dockerhub
-      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
       env:
         DOCKER_BUILD_SUMMARY: false
         DOCKER_BUILD_RECORD_UPLOAD: false
@@ -80,6 +86,7 @@ runs:
         build-args: |
           BUILD_TYPE=${{ inputs.build_type }}
           BUILD_VERSION=${{ inputs.version }}
+          BUILD_OS=${{ inputs.base_os }}
         outputs: |
           type=image,name=docker.io/${{ steps.tags.outputs.image_name }},push-by-digest=true,name-canonical=true,push=true
 

.github/actions/cache-esp-idf/action.yml

@@ -1,46 +0,0 @@
-name: Cache ESP-IDF
-description: >
-  Resolve the pinned ESP-IDF version and cache the native ESP-IDF install
-  (toolchains + source) at ~/.esphome-idf. Every job that installs ESP-IDF
-  natively (clang-tidy for IDF/Arduino and the native-IDF component build)
-  shares one cache, since the install is identical (ESPHOME_IDF_DEFAULT_TARGETS
-  defaults to "all", so all toolchains are present regardless of the chip).
-  Callers must set env ESPHOME_ESP_IDF_PREFIX: ~/.esphome-idf and have the
-  Python venv already restored.
-inputs:
-  framework:
-    description: 'Which pinned IDF version to key on: "espidf" (recommended) or "arduino".'
-    default: espidf
-runs:
-  using: composite
-  steps:
-    - name: Resolve ESP-IDF version for cache key
-      # The native-IDF version is pinned in code, not in any file that feeds the
-      # other cache keys, so resolve it explicitly. Keying on it means the cache
-      # invalidates on a version bump (actions/cache never overwrites a key).
-      id: version
-      shell: bash
-      run: |
-        . venv/bin/activate
-        if [ "${{ inputs.framework }}" = "arduino" ]; then
-          version=$(python -c 'from esphome.components.esp32 import ARDUINO_FRAMEWORK_VERSION_LOOKUP as A, ARDUINO_IDF_VERSION_LOOKUP as L; print(L[A["recommended"]])')
-        else
-          version=$(python -c 'from esphome.components.esp32 import ESP_IDF_FRAMEWORK_VERSION_LOOKUP as L; print(L["recommended"])')
-        fi
-        echo "version=$version" >> "$GITHUB_OUTPUT"
-    # Mirror the adjacent PlatformIO cache: only dev-branch runs write the
-    # shared cache (so it lives in the default-branch scope readable by all
-    # PRs), and PRs are restore-only -- they never push multi-GB artifacts into
-    # their own scope / the repo quota (e.g. on a version-bump PR).
-    - name: Cache ESP-IDF install (write on dev)
-      if: github.ref == 'refs/heads/dev'
-      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-      with:
-        path: ~/.esphome-idf
-        key: ${{ runner.os }}-esphome-idf-${{ steps.version.outputs.version }}
-    - name: Cache ESP-IDF install (restore-only off dev)
-      if: github.ref != 'refs/heads/dev'
-      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-      with:
-        path: ~/.esphome-idf
-        key: ${{ runner.os }}-esphome-idf-${{ steps.version.outputs.version }}

.github/actions/restore-python/action.yml

@@ -17,28 +17,16 @@ runs:
   steps:
     - name: Set up Python ${{ inputs.python-version }}
       id: python
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
       with:
         python-version: ${{ inputs.python-version }}
     - name: Restore Python virtual environment
       id: cache-venv
-      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
       with:
         path: venv
         # yamllint disable-line rule:line-length
         key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-venv-${{ inputs.cache-key }}
-    - name: Set up uv
-      # Only needed on cache miss to populate the venv. ``uv pip install``
-      # detects the activated venv via ``VIRTUAL_ENV`` so the venv layout
-      # downstream jobs rely on is preserved.
-      if: steps.cache-venv.outputs.cache-hit != 'true'
-      uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-      with:
-        enable-cache: true
-        # Pin uv version so the action does not have to fetch the
-        # manifest from raw.githubusercontent.com on every cache
-        # miss; that fetch flakes on Windows runners.
-        version: "0.11.15"
     - name: Create Python virtual environment
       if: steps.cache-venv.outputs.cache-hit != 'true' && runner.os != 'Windows'
       shell: bash
@@ -46,8 +34,8 @@ runs:
         python -m venv venv
         source venv/bin/activate
         python --version
-        uv pip install -r requirements.txt -r requirements_test.txt
-        uv pip install -e .
+        pip install -r requirements.txt -r requirements_test.txt
+        pip install -e .
     - name: Create Python virtual environment
       if: steps.cache-venv.outputs.cache-hit != 'true' && runner.os == 'Windows'
       shell: bash
@@ -55,5 +43,5 @@ runs:
         python -m venv venv
         source ./venv/Scripts/activate
         python --version
-        uv pip install -r requirements.txt -r requirements_test.txt
-        uv pip install -e .
+        pip install -r requirements.txt -r requirements_test.txt
+        pip install -e .

.github/copilot-instructions.md

@@ -1 +1 @@
-../AGENTS.md
+../.ai/instructions.md

.github/dependabot.yml

@@ -5,7 +5,6 @@ updates:
     directory: "/"
     schedule:
       interval: daily
-    open-pull-requests-limit: 10
     ignore:
       # Hypotehsis is only used for testing and is updated quite often
       - dependency-name: hypothesis

.github/scripts/auto-label-pr/constants.js

@@ -1,44 +0,0 @@
-// Constants and markers for PR auto-labeling
-module.exports = {
-  BOT_COMMENT_MARKER: '<!-- auto-label-pr-bot -->',
-  CODEOWNERS_MARKER: '<!-- codeowners-request -->',
-  TOO_BIG_MARKER: '<!-- too-big-request -->',
-  DEPRECATED_COMPONENT_MARKER: '<!-- deprecated-component-request -->',
-  ORG_FORK_MARKER: '<!-- maintainer-access-warning -->',
-
-  MANAGED_LABELS: [
-    'new-component',
-    'new-platform',
-    'new-target-platform',
-    'merging-to-release',
-    'merging-to-beta',
-    'chained-pr',
-    'core',
-    'small-pr',
-    'medium-pr',
-    'dashboard',
-    'github-actions',
-    'by-code-owner',
-    'has-tests',
-    'needs-tests',
-    'needs-docs',
-    'needs-codeowners',
-    'too-big',
-    'labeller-recheck',
-    'bugfix',
-    'new-feature',
-    'breaking-change',
-    'developer-breaking-change',
-    'undocumented-api-change',
-    'code-quality',
-    'deprecated-component'
-  ],
-
-  DOCS_PR_PATTERNS: [
-    /https:\/\/github\.com\/esphome\/esphome\.io\/pull\/\d+/,
-    /esphome\/esphome\.io#\d+/,
-    // Keep matching the old esphome-docs name during the transition period
-    /https:\/\/github\.com\/esphome\/esphome-docs\/pull\/\d+/,
-    /esphome\/esphome-docs#\d+/
-  ]
-};

.github/scripts/auto-label-pr/detectors.js

@@ -1,403 +0,0 @@
-const { DOCS_PR_PATTERNS } = require('./constants');
-const {
-  COMPONENT_REGEX,
-  detectComponents,
-  hasCoreChanges,
-  hasDashboardChanges,
-  hasGitHubActionsChanges,
-} = require('../detect-tags');
-const { loadCodeowners, getEffectiveOwners } = require('../codeowners');
-
-// Top-level `CONFIG_SCHEMA = ...` (assignment) or `CONFIG_SCHEMA: ConfigType = ...` (annotation).
-// Ruff/Black enforce exactly one space around `=` and no space before `:`,
-// so we can match strictly: `CONFIG_SCHEMA ` or `CONFIG_SCHEMA:`.
-const CONFIG_SCHEMA_REGEX = /^CONFIG_SCHEMA[ :]/m;
-
-// Fetch a file's contents from the PR head SHA via the GitHub API.
-// The auto-label workflow runs on `pull_request_target`, which checks out the
-// base branch — files added by the PR don't exist in the workspace, so we have
-// to fetch them from the head SHA. Returns null if the file can't be fetched.
-async function fetchPrFileContent(github, context, path) {
-  try {
-    const { owner, repo } = context.repo;
-    const { data } = await github.rest.repos.getContent({
-      owner,
-      repo,
-      path,
-      ref: context.payload.pull_request.head.sha,
-    });
-    return Buffer.from(data.content, 'base64').toString('utf8');
-  } catch (error) {
-    console.log(`Failed to fetch ${path} from PR head:`, error.message);
-    return null;
-  }
-}
-
-// Strategy: Merge branch detection
-async function detectMergeBranch(context) {
-  const labels = new Set();
-  const baseRef = context.payload.pull_request.base.ref;
-
-  if (baseRef === 'release') {
-    labels.add('merging-to-release');
-  } else if (baseRef === 'beta') {
-    labels.add('merging-to-beta');
-  } else if (baseRef !== 'dev') {
-    labels.add('chained-pr');
-  }
-
-  return labels;
-}
-
-// Strategy: Component and platform labeling
-async function detectComponentPlatforms(changedFiles, apiData) {
-  const labels = new Set();
-  const targetPlatformRegex = new RegExp(`^esphome\/components\/(${apiData.targetPlatforms.join('|')})/`);
-
-  for (const comp of detectComponents(changedFiles)) {
-    labels.add(`component: ${comp}`);
-  }
-
-  for (const file of changedFiles) {
-    const platformMatch = file.match(targetPlatformRegex);
-    if (platformMatch) {
-      labels.add(`platform: ${platformMatch[1]}`);
-    }
-  }
-
-  return labels;
-}
-
-// Strategy: New component detection
-async function detectNewComponents(github, context, prFiles) {
-  const labels = new Set();
-  let hasYamlLoadable = false;
-  const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
-
-  for (const file of addedFiles) {
-    const componentMatch = file.match(/^esphome\/components\/([^\/]+)\/__init__\.py$/);
-    if (!componentMatch) continue;
-
-    labels.add('new-component');
-    const content = await fetchPrFileContent(github, context, file);
-    if (content === null) {
-      // Safe default: assume YAML-loadable so needs-docs behaviour is unchanged on fetch failure
-      hasYamlLoadable = true;
-      continue;
-    }
-    if (content.includes('IS_TARGET_PLATFORM = True')) {
-      labels.add('new-target-platform');
-    }
-    if (CONFIG_SCHEMA_REGEX.test(content)) {
-      hasYamlLoadable = true;
-    }
-  }
-
-  return { labels, hasYamlLoadable };
-}
-
-// Strategy: New platform detection
-async function detectNewPlatforms(github, context, prFiles, apiData) {
-  const labels = new Set();
-  let hasYamlLoadable = false;
-  const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
-
-  const platformPathPatterns = [
-    /^esphome\/components\/([^\/]+)\/([^\/]+)\.py$/,
-    /^esphome\/components\/([^\/]+)\/([^\/]+)\/__init__\.py$/,
-  ];
-
-  const removedFiles = new Set(prFiles.filter(file => file.status === 'removed').map(file => file.filename));
-
-  for (const file of addedFiles) {
-    for (const re of platformPathPatterns) {
-      const match = file.match(re);
-      if (!match) continue;
-      const platform = match[2];
-      if (!apiData.platformComponents.includes(platform)) break;
-
-      // Skip if this is a restructure between flat and subdirectory forms (either direction):
-      //   <component>/<platform>.py  <->  <component>/<platform>/__init__.py
-      const flatEquivalent = `esphome/components/${match[1]}/${platform}.py`;
-      const subdirEquivalent = `esphome/components/${match[1]}/${platform}/__init__.py`;
-      if (removedFiles.has(flatEquivalent) || removedFiles.has(subdirEquivalent)) break;
-
-      labels.add('new-platform');
-      const content = await fetchPrFileContent(github, context, file);
-      if (content === null) {
-        // Safe default: assume YAML-loadable so needs-docs behaviour is unchanged on fetch failure
-        hasYamlLoadable = true;
-      } else if (CONFIG_SCHEMA_REGEX.test(content)) {
-        hasYamlLoadable = true;
-      }
-      break;
-    }
-  }
-
-  return { labels, hasYamlLoadable };
-}
-
-// Strategy: Core files detection
-async function detectCoreChanges(changedFiles) {
-  const labels = new Set();
-  if (hasCoreChanges(changedFiles)) {
-    labels.add('core');
-  }
-  return labels;
-}
-
-// Strategy: PR size detection
-async function detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, MEDIUM_PR_THRESHOLD, TOO_BIG_THRESHOLD) {
-  const labels = new Set();
-
-  if (totalChanges <= SMALL_PR_THRESHOLD) {
-    labels.add('small-pr');
-    return labels;
-  }
-
-  if (totalChanges <= MEDIUM_PR_THRESHOLD) {
-    labels.add('medium-pr');
-    return labels;
-  }
-
-  const testAdditions = prFiles
-    .filter(file => file.filename.startsWith('tests/'))
-    .reduce((sum, file) => sum + (file.additions || 0), 0);
-  const testDeletions = prFiles
-    .filter(file => file.filename.startsWith('tests/'))
-    .reduce((sum, file) => sum + (file.deletions || 0), 0);
-
-  const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
-
-  // Don't add too-big if mega-pr label is already present
-  if (nonTestChanges > TOO_BIG_THRESHOLD && !isMegaPR) {
-    labels.add('too-big');
-  }
-
-  return labels;
-}
-
-// Strategy: Dashboard changes
-async function detectDashboardChanges(changedFiles) {
-  const labels = new Set();
-  if (hasDashboardChanges(changedFiles)) {
-    labels.add('dashboard');
-  }
-  return labels;
-}
-
-// Strategy: GitHub Actions changes
-async function detectGitHubActionsChanges(changedFiles) {
-  const labels = new Set();
-  if (hasGitHubActionsChanges(changedFiles)) {
-    labels.add('github-actions');
-  }
-  return labels;
-}
-
-// Strategy: Code owner detection
-async function detectCodeOwner(github, context, changedFiles) {
-  const labels = new Set();
-
-  try {
-    const codeownersPatterns = loadCodeowners();
-    const prAuthor = context.payload.pull_request.user.login;
-
-    // Check if PR author is a codeowner of any changed file
-    const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-    if (effective.users.has(prAuthor)) {
-      labels.add('by-code-owner');
-    }
-  } catch (error) {
-    console.log('Failed to read or parse CODEOWNERS file:', error.message);
-  }
-
-  return labels;
-}
-
-// Strategy: Test detection
-async function detectTests(changedFiles) {
-  const labels = new Set();
-  const testFiles = changedFiles.filter(file => file.startsWith('tests/'));
-
-  if (testFiles.length > 0) {
-    labels.add('has-tests');
-  }
-
-  return labels;
-}
-
-// Strategy: PR Template Checkbox detection
-async function detectPRTemplateCheckboxes(context) {
-  const labels = new Set();
-  const prBody = context.payload.pull_request.body || '';
-
-  console.log('Checking PR template checkboxes...');
-
-  // Check for checked checkboxes in the "Types of changes" section
-  const checkboxPatterns = [
-    { pattern: /- \[x\] Bugfix \(non-breaking change which fixes an issue\)/i, label: 'bugfix' },
-    { pattern: /- \[x\] New feature \(non-breaking change which adds functionality\)/i, label: 'new-feature' },
-    { pattern: /- \[x\] Breaking change \(fix or feature that would cause existing functionality to not work as expected\)/i, label: 'breaking-change' },
-    { pattern: /- \[x\] Developer breaking change \(an API change that could break external components\)/i, label: 'developer-breaking-change' },
-    { pattern: /- \[x\] Undocumented C\+\+ API change \(removal or change of undocumented public methods that lambda users may depend on\)/i, label: 'undocumented-api-change' },
-    { pattern: /- \[x\] Code quality improvements to existing code or addition of tests/i, label: 'code-quality' }
-  ];
-
-  for (const { pattern, label } of checkboxPatterns) {
-    if (pattern.test(prBody)) {
-      console.log(`Found checked checkbox for: ${label}`);
-      labels.add(label);
-    }
-  }
-
-  return labels;
-}
-
-// Strategy: Deprecated component detection
-async function detectDeprecatedComponents(github, context, changedFiles) {
-  const labels = new Set();
-  const deprecatedInfo = [];
-  const { owner, repo } = context.repo;
-
-  // Compile regex once for better performance
-  const componentFileRegex = COMPONENT_REGEX;
-
-  // Get files that are modified or added in components directory
-  const componentFiles = changedFiles.filter(file => componentFileRegex.test(file));
-
-  if (componentFiles.length === 0) {
-    return { labels, deprecatedInfo };
-  }
-
-  // Extract unique component names using the same regex
-  const components = new Set();
-  for (const file of componentFiles) {
-    const match = file.match(componentFileRegex);
-    if (match) {
-      components.add(match[1]);
-    }
-  }
-
-  // Get base branch ref to check if deprecation already exists for the component
-  // This prevents flagging a PR that simply adds deprecation
-  const baseRef = context.payload.pull_request.base.ref;
-
-  // Check each component's __init__.py for DEPRECATED_COMPONENT constant
-  for (const component of components) {
-    const initFile = `esphome/components/${component}/__init__.py`;
-    try {
-      // Fetch file content from base branch using GitHub API
-      const { data: fileData } = await github.rest.repos.getContent({
-        owner,
-        repo,
-        path: initFile,
-        ref: baseRef
-      });
-
-      // Decode base64 content
-      const content = Buffer.from(fileData.content, 'base64').toString('utf8');
-
-      // Look for DEPRECATED_COMPONENT = "message" or DEPRECATED_COMPONENT = 'message'
-      // Support single quotes, double quotes, and triple quotes (for multiline)
-      const doubleQuoteMatch = content.match(/DEPRECATED_COMPONENT\s*=\s*"""([\s\S]*?)"""/s) ||
-                              content.match(/DEPRECATED_COMPONENT\s*=\s*"((?:[^"\\]|\\.)*)"/);
-      const singleQuoteMatch = content.match(/DEPRECATED_COMPONENT\s*=\s*'''([\s\S]*?)'''/s) ||
-                              content.match(/DEPRECATED_COMPONENT\s*=\s*'((?:[^'\\]|\\.)*)'/);
-      const deprecatedMatch = doubleQuoteMatch || singleQuoteMatch;
-
-      if (deprecatedMatch) {
-        labels.add('deprecated-component');
-        deprecatedInfo.push({
-          component: component,
-          message: deprecatedMatch[1].trim()
-        });
-        console.log(`Found deprecated component: ${component}`);
-      }
-    } catch (error) {
-      // Only log if it's not a simple "file not found" error (404)
-      if (error.status !== 404) {
-        console.log(`Error reading ${initFile}:`, error.message);
-      }
-    }
-  }
-
-  return { labels, deprecatedInfo };
-}
-
-// Strategy: Detect when maintainers cannot modify the PR branch
-function detectMaintainerAccess(context) {
-  const pr = context.payload.pull_request;
-
-  // Only relevant for cross-repo PRs (forks)
-  if (!pr.head.repo || pr.head.repo.full_name === pr.base.repo.full_name) {
-    return null;
-  }
-
-  if (pr.maintainer_can_modify) {
-    return null;
-  }
-
-  const isOrgFork = pr.head.repo.owner.type === 'Organization';
-  console.log(`Maintainer cannot modify PR branch (${isOrgFork ? 'org fork: ' + pr.head.repo.owner.login : 'user disabled'})`);
-  return { isOrgFork, orgName: pr.head.repo.owner.login };
-}
-
-// Strategy: Requirements detection
-async function detectRequirements(allLabels, prFiles, context, hasYamlLoadable) {
-  const labels = new Set();
-
-  // Check for missing tests
-  if ((allLabels.has('new-component') || allLabels.has('new-platform') || allLabels.has('new-feature')) && !allLabels.has('has-tests')) {
-    labels.add('needs-tests');
-  }
-
-  // Check for missing docs.
-  // `new-feature` (PR-body checkbox) always counts. `new-component` / `new-platform`
-  // only count when at least one newly added file defines a top-level CONFIG_SCHEMA,
-  // i.e. the new component/platform is actually loadable from YAML.
-  const docsEligible =
-    allLabels.has('new-feature') ||
-    ((allLabels.has('new-component') || allLabels.has('new-platform')) && hasYamlLoadable);
-
-  if (docsEligible) {
-    const prBody = context.payload.pull_request.body || '';
-    const hasDocsLink = DOCS_PR_PATTERNS.some(pattern => pattern.test(prBody));
-
-    if (!hasDocsLink) {
-      labels.add('needs-docs');
-    }
-  }
-
-  // Check for missing CODEOWNERS
-  if (allLabels.has('new-component')) {
-    const codeownersModified = prFiles.some(file =>
-      file.filename === 'CODEOWNERS' &&
-      (file.status === 'modified' || file.status === 'added') &&
-      (file.additions || 0) > 0
-    );
-
-    if (!codeownersModified) {
-      labels.add('needs-codeowners');
-    }
-  }
-
-  return labels;
-}
-
-module.exports = {
-  detectMergeBranch,
-  detectComponentPlatforms,
-  detectNewComponents,
-  detectNewPlatforms,
-  detectCoreChanges,
-  detectPRSize,
-  detectDashboardChanges,
-  detectGitHubActionsChanges,
-  detectCodeOwner,
-  detectTests,
-  detectPRTemplateCheckboxes,
-  detectDeprecatedComponents,
-  detectMaintainerAccess,
-  detectRequirements
-};

.github/scripts/auto-label-pr/index.js

@@ -1,201 +0,0 @@
-const { MANAGED_LABELS } = require('./constants');
-const {
-  detectMergeBranch,
-  detectComponentPlatforms,
-  detectNewComponents,
-  detectNewPlatforms,
-  detectCoreChanges,
-  detectPRSize,
-  detectDashboardChanges,
-  detectGitHubActionsChanges,
-  detectCodeOwner,
-  detectTests,
-  detectPRTemplateCheckboxes,
-  detectDeprecatedComponents,
-  detectMaintainerAccess,
-  detectRequirements
-} = require('./detectors');
-const { handleReviews, handleMaintainerAccessComment } = require('./reviews');
-const { applyLabels, removeOldLabels } = require('./labels');
-
-// Fetch API data
-async function fetchApiData() {
-  try {
-    const response = await fetch('https://data.esphome.io/components.json');
-    const componentsData = await response.json();
-    return {
-      targetPlatforms: componentsData.target_platforms || [],
-      platformComponents: componentsData.platform_components || []
-    };
-  } catch (error) {
-    console.log('Failed to fetch components data from API:', error.message);
-    return { targetPlatforms: [], platformComponents: [] };
-  }
-}
-
-module.exports = async ({ github, context }) => {
-  // Environment variables
-  const SMALL_PR_THRESHOLD = parseInt(process.env.SMALL_PR_THRESHOLD);
-  const MEDIUM_PR_THRESHOLD = parseInt(process.env.MEDIUM_PR_THRESHOLD);
-  const MAX_LABELS = parseInt(process.env.MAX_LABELS);
-  const TOO_BIG_THRESHOLD = parseInt(process.env.TOO_BIG_THRESHOLD);
-  const COMPONENT_LABEL_THRESHOLD = parseInt(process.env.COMPONENT_LABEL_THRESHOLD);
-
-  // Global state
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-
-  // Get current labels and PR data
-  const { data: currentLabelsData } = await github.rest.issues.listLabelsOnIssue({
-    owner,
-    repo,
-    issue_number: pr_number
-  });
-  const currentLabels = currentLabelsData.map(label => label.name);
-  const managedLabels = currentLabels.filter(label =>
-    label.startsWith('component: ') || MANAGED_LABELS.includes(label)
-  );
-
-  // Check for mega-PR early - if present, skip most automatic labeling
-  const isMegaPR = currentLabels.includes('mega-pr');
-
-  // Get all PR files with automatic pagination
-  const prFiles = await github.paginate(
-    github.rest.pulls.listFiles,
-    {
-      owner,
-      repo,
-      pull_number: pr_number
-    }
-  );
-
-  // Calculate data from PR files
-  const changedFiles = prFiles.map(file => file.filename);
-  const totalAdditions = prFiles.reduce((sum, file) => sum + (file.additions || 0), 0);
-  const totalDeletions = prFiles.reduce((sum, file) => sum + (file.deletions || 0), 0);
-  const totalChanges = totalAdditions + totalDeletions;
-
-  console.log('Current labels:', currentLabels.join(', '));
-  console.log('Changed files:', changedFiles.length);
-  console.log('Total changes:', totalChanges);
-  if (isMegaPR) {
-    console.log('Mega-PR detected - applying limited labeling logic');
-  }
-
-  // Fetch API data
-  const apiData = await fetchApiData();
-  const baseRef = context.payload.pull_request.base.ref;
-
-  // Early exit for release and beta branches only
-  if (baseRef === 'release' || baseRef === 'beta') {
-    const branchLabels = await detectMergeBranch(context);
-    const finalLabels = Array.from(branchLabels);
-
-    console.log('Computed labels (merge branch only):', finalLabels.join(', '));
-
-    // Apply labels
-    await applyLabels(github, context, finalLabels);
-
-    // Remove old managed labels
-    await removeOldLabels(github, context, managedLabels, finalLabels);
-
-    return;
-  }
-
-  // Run all strategies
-  const [
-    branchLabels,
-    componentLabels,
-    newComponentResult,
-    newPlatformResult,
-    coreLabels,
-    sizeLabels,
-    dashboardLabels,
-    actionsLabels,
-    codeOwnerLabels,
-    testLabels,
-    checkboxLabels,
-    deprecatedResult,
-    maintainerAccess
-  ] = await Promise.all([
-    detectMergeBranch(context),
-    detectComponentPlatforms(changedFiles, apiData),
-    detectNewComponents(github, context, prFiles),
-    detectNewPlatforms(github, context, prFiles, apiData),
-    detectCoreChanges(changedFiles),
-    detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, MEDIUM_PR_THRESHOLD, TOO_BIG_THRESHOLD),
-    detectDashboardChanges(changedFiles),
-    detectGitHubActionsChanges(changedFiles),
-    detectCodeOwner(github, context, changedFiles),
-    detectTests(changedFiles),
-    detectPRTemplateCheckboxes(context),
-    detectDeprecatedComponents(github, context, changedFiles),
-    detectMaintainerAccess(context)
-  ]);
-
-  // Extract new-component / new-platform results
-  const newComponentLabels = newComponentResult.labels;
-  const newPlatformLabels = newPlatformResult.labels;
-  // Eligible for needs-docs only if any newly added component or platform file
-  // defines a top-level CONFIG_SCHEMA (i.e. is actually loadable from YAML).
-  const hasYamlLoadable = newComponentResult.hasYamlLoadable || newPlatformResult.hasYamlLoadable;
-
-  // Extract deprecated component info
-  const deprecatedLabels = deprecatedResult.labels;
-  const deprecatedInfo = deprecatedResult.deprecatedInfo;
-
-  // Combine all labels
-  const allLabels = new Set([
-    ...branchLabels,
-    ...componentLabels,
-    ...newComponentLabels,
-    ...newPlatformLabels,
-    ...coreLabels,
-    ...sizeLabels,
-    ...dashboardLabels,
-    ...actionsLabels,
-    ...codeOwnerLabels,
-    ...testLabels,
-    ...checkboxLabels,
-    ...deprecatedLabels
-  ]);
-
-  // Detect requirements based on all other labels
-  const requirementLabels = await detectRequirements(allLabels, prFiles, context, hasYamlLoadable);
-  for (const label of requirementLabels) {
-    allLabels.add(label);
-  }
-
-  let finalLabels = Array.from(allLabels);
-
-  // For mega-PRs, exclude component labels if there are too many
-  if (isMegaPR) {
-    const componentLabels = finalLabels.filter(label => label.startsWith('component: '));
-    if (componentLabels.length > COMPONENT_LABEL_THRESHOLD) {
-      finalLabels = finalLabels.filter(label => !label.startsWith('component: '));
-      console.log(`Mega-PR detected - excluding ${componentLabels.length} component labels (threshold: ${COMPONENT_LABEL_THRESHOLD})`);
-    }
-  }
-
-  // Handle too many labels (only for non-mega PRs)
-  const tooManyLabels = finalLabels.length > MAX_LABELS;
-  const originalLabelCount = finalLabels.length;
-
-  if (tooManyLabels && !isMegaPR && !finalLabels.includes('too-big')) {
-    finalLabels = ['too-big'];
-  }
-
-  console.log('Computed labels:', finalLabels.join(', '));
-
-  // Handle reviews and org fork comment
-  await Promise.all([
-    handleReviews(github, context, finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, MAX_LABELS, TOO_BIG_THRESHOLD),
-    handleMaintainerAccessComment(github, context, maintainerAccess)
-  ]);
-
-  // Apply labels
-  await applyLabels(github, context, finalLabels);
-
-  // Remove old managed labels
-  await removeOldLabels(github, context, managedLabels, finalLabels);
-};

.github/scripts/auto-label-pr/labels.js

@@ -1,41 +0,0 @@
-// Apply labels to PR
-async function applyLabels(github, context, finalLabels) {
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-
-  if (finalLabels.length > 0) {
-    console.log(`Adding labels: ${finalLabels.join(', ')}`);
-    await github.rest.issues.addLabels({
-      owner,
-      repo,
-      issue_number: pr_number,
-      labels: finalLabels
-    });
-  }
-}
-
-// Remove old managed labels
-async function removeOldLabels(github, context, managedLabels, finalLabels) {
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-
-  const labelsToRemove = managedLabels.filter(label => !finalLabels.includes(label));
-  for (const label of labelsToRemove) {
-    console.log(`Removing label: ${label}`);
-    try {
-      await github.rest.issues.removeLabel({
-        owner,
-        repo,
-        issue_number: pr_number,
-        name: label
-      });
-    } catch (error) {
-      console.log(`Failed to remove label ${label}:`, error.message);
-    }
-  }
-}
-
-module.exports = {
-  applyLabels,
-  removeOldLabels
-};

.github/scripts/auto-label-pr/package.json

@@ -1,7 +0,0 @@
-{
-  "name": "auto-label-pr",
-  "private": true,
-  "scripts": {
-    "test": "node --test tests/*.test.js"
-  }
-}

.github/scripts/auto-label-pr/reviews.js

@@ -1,219 +0,0 @@
-const {
-  BOT_COMMENT_MARKER,
-  CODEOWNERS_MARKER,
-  TOO_BIG_MARKER,
-  DEPRECATED_COMPONENT_MARKER,
-  ORG_FORK_MARKER
-} = require('./constants');
-
-// Generate review messages
-function generateReviewMessages(finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, prAuthor, MAX_LABELS, TOO_BIG_THRESHOLD) {
-  const messages = [];
-
-  // Deprecated component message
-  if (finalLabels.includes('deprecated-component') && deprecatedInfo && deprecatedInfo.length > 0) {
-    let message = `${DEPRECATED_COMPONENT_MARKER}\n### ⚠️ Deprecated Component\n\n`;
-    message += `Hey there @${prAuthor},\n`;
-    message += `This PR modifies one or more deprecated components. Please be aware:\n\n`;
-
-    for (const info of deprecatedInfo) {
-      message += `#### Component: \`${info.component}\`\n`;
-      message += `${info.message}\n\n`;
-    }
-
-    message += `Consider migrating to the recommended alternative if applicable.`;
-
-    messages.push(message);
-  }
-
-  // Too big message
-  if (finalLabels.includes('too-big')) {
-    const testAdditions = prFiles
-      .filter(file => file.filename.startsWith('tests/'))
-      .reduce((sum, file) => sum + (file.additions || 0), 0);
-    const testDeletions = prFiles
-      .filter(file => file.filename.startsWith('tests/'))
-      .reduce((sum, file) => sum + (file.deletions || 0), 0);
-    const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
-
-    const tooManyLabels = originalLabelCount > MAX_LABELS;
-    const tooManyChanges = nonTestChanges > TOO_BIG_THRESHOLD;
-
-    let message = `${TOO_BIG_MARKER}\n### 📦 Pull Request Size\n\n`;
-
-    message +=
-      `Hey @${prAuthor}, thanks for the contribution! Just a heads up, ` +
-      `this PR is on the large side `;
-
-    if (tooManyLabels && tooManyChanges) {
-      message +=
-        `(${nonTestChanges} line changes excluding tests, across ` +
-        `${originalLabelCount} different components/areas)`;
-    } else if (tooManyLabels) {
-      message +=
-        `(it touches ${originalLabelCount} different components/areas)`;
-    } else {
-      message += `(${nonTestChanges} line changes excluding tests)`;
-    }
-
-    message += `, which makes it harder for maintainers to review.\n\n`;
-    message +=
-      `Smaller, focused PRs tend to be reviewed much faster since they ` +
-      `fit into the short gaps between other maintainer work; large ones ` +
-      `often have to wait for a rare long uninterrupted block of time. ` +
-      `If you can break this up into smaller pieces that can be reviewed ` +
-      `independently, it will almost certainly land faster overall.\n\n`;
-    message +=
-      `Before putting more time in, it's also worth popping into ` +
-      `\`#devs\` on [Discord](https://esphome.io/chat) so we can help ` +
-      `you scope things and flag anything already in flight.\n\n`;
-    message +=
-      `For more details (including how to split the work up), see: ` +
-      `https://developers.esphome.io/contributing/submitting-your-work/` +
-      `#how-to-approach-large-submissions`;
-
-    messages.push(message);
-  }
-
-  // CODEOWNERS message
-  if (finalLabels.includes('needs-codeowners')) {
-    const message = `${CODEOWNERS_MARKER}\n### 👥 Code Ownership\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `Thanks for submitting this pull request! Can you add yourself as a codeowner for this integration? ` +
-      `This way we can notify you if a bug report for this integration is reported.\n\n` +
-      `In \`__init__.py\` of the integration, please add:\n\n` +
-      `\`\`\`python\nCODEOWNERS = ["@${prAuthor}"]\n\`\`\`\n\n` +
-      `And run \`script/build_codeowners.py\``;
-
-    messages.push(message);
-  }
-
-  return messages;
-}
-
-// Handle reviews
-async function handleReviews(github, context, finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, MAX_LABELS, TOO_BIG_THRESHOLD) {
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-  const prAuthor = context.payload.pull_request.user.login;
-
-  const reviewMessages = generateReviewMessages(finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, prAuthor, MAX_LABELS, TOO_BIG_THRESHOLD);
-  const hasReviewableLabels = finalLabels.some(label =>
-    ['too-big', 'needs-codeowners', 'deprecated-component'].includes(label)
-  );
-
-  const { data: reviews } = await github.rest.pulls.listReviews({
-    owner,
-    repo,
-    pull_number: pr_number
-  });
-
-  const botReviews = reviews.filter(review =>
-    review.user.type === 'Bot' &&
-    review.state === 'CHANGES_REQUESTED' &&
-    review.body && review.body.includes(BOT_COMMENT_MARKER)
-  );
-
-  if (hasReviewableLabels) {
-    const reviewBody = `${BOT_COMMENT_MARKER}\n\n${reviewMessages.join('\n\n---\n\n')}`;
-
-    if (botReviews.length > 0) {
-      // Update existing review
-      await github.rest.pulls.updateReview({
-        owner,
-        repo,
-        pull_number: pr_number,
-        review_id: botReviews[0].id,
-        body: reviewBody
-      });
-      console.log('Updated existing bot review');
-    } else {
-      // Create new review
-      await github.rest.pulls.createReview({
-        owner,
-        repo,
-        pull_number: pr_number,
-        body: reviewBody,
-        event: 'REQUEST_CHANGES'
-      });
-      console.log('Created new bot review');
-    }
-  } else if (botReviews.length > 0) {
-    // Dismiss existing reviews
-    for (const review of botReviews) {
-      try {
-        await github.rest.pulls.dismissReview({
-          owner,
-          repo,
-          pull_number: pr_number,
-          review_id: review.id,
-          message: 'Review dismissed: All requirements have been met'
-        });
-        console.log(`Dismissed bot review ${review.id}`);
-      } catch (error) {
-        console.log(`Failed to dismiss review ${review.id}:`, error.message);
-      }
-    }
-  }
-}
-
-// Handle maintainer access warning comment
-async function handleMaintainerAccessComment(github, context, maintainerAccess) {
-  if (!maintainerAccess) {
-    return;
-  }
-
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-  const prAuthor = context.payload.pull_request.user.login;
-
-  // Check if we already posted the warning (iterate pages to exit early)
-  let existingComment;
-  for await (const { data: comments } of github.paginate.iterator(
-    github.rest.issues.listComments,
-    { owner, repo, issue_number: pr_number }
-  )) {
-    existingComment = comments.find(comment =>
-      comment.user.type === 'Bot' &&
-      comment.body && comment.body.includes(ORG_FORK_MARKER)
-    );
-    if (existingComment) {
-      break;
-    }
-  }
-
-  if (existingComment) {
-    console.log('Maintainer access warning comment already exists, skipping');
-    return;
-  }
-
-  let body;
-  if (maintainerAccess.isOrgFork) {
-    body = `${ORG_FORK_MARKER}\n### ⚠️ Organization Fork Detected\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `It looks like this PR was submitted from a fork owned by the **${maintainerAccess.orgName}** organization. ` +
-      `GitHub does not allow maintainers to push changes to pull request branches when the fork is owned by an organization. ` +
-      `This means we won't be able to make small adjustments or fixups to your PR directly.\n\n` +
-      `To allow maintainer collaboration, please re-submit this PR from a personal fork instead.\n\n` +
-      `See: [Setting up the local repository](https://developers.esphome.io/contributing/development-environment/?h=org#set-up-the-local-repository) for more details.`;
-  } else {
-    body = `${ORG_FORK_MARKER}\n### ⚠️ Maintainer Access Disabled\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `It looks like this PR does not have the "Allow edits from maintainers" option enabled. ` +
-      `This means we won't be able to make small adjustments or fixups to your PR directly.\n\n` +
-      `Please enable this option in the PR sidebar to allow maintainer collaboration.`;
-  }
-
-  await github.rest.issues.createComment({
-    owner,
-    repo,
-    issue_number: pr_number,
-    body
-  });
-  console.log('Created maintainer access warning comment');
-}
-
-module.exports = {
-  handleReviews,
-  handleMaintainerAccessComment
-};

.github/scripts/auto-label-pr/tests/detectors.test.js

@@ -1,147 +0,0 @@
-const { describe, it } = require('node:test');
-const assert = require('node:assert/strict');
-const { detectNewPlatforms, detectNewComponents } = require('../detectors');
-
-// Minimal GitHub API mock — only repos.getContent is called by detectNewPlatforms/detectNewComponents
-// to check for CONFIG_SCHEMA in newly added files.
-function makeGithub(content = '') {
-  return {
-    rest: {
-      repos: {
-        getContent: async () => ({
-          data: { content: Buffer.from(content).toString('base64') }
-        })
-      }
-    }
-  };
-}
-
-const CONTEXT = {
-  repo: { owner: 'esphome', repo: 'esphome' },
-  payload: { pull_request: { head: { sha: 'abc123' }, base: { ref: 'dev' } } }
-};
-
-const API_DATA = {
-  targetPlatforms: ['esp32', 'esp8266', 'rp2040'],
-  platformComponents: ['cover', 'sensor', 'binary_sensor', 'switch', 'light', 'fan', 'climate', 'valve']
-};
-
-const WITH_SCHEMA = 'CONFIG_SCHEMA = cv.Schema({})';
-const WITHOUT_SCHEMA = 'CODEOWNERS = ["@esphome/core"]';
-
-// ---------------------------------------------------------------------------
-// detectNewPlatforms
-// ---------------------------------------------------------------------------
-
-describe('detectNewPlatforms', () => {
-  describe('restructure detection (no false positives)', () => {
-    it('flat .py -> subdir __init__.py is not a new platform', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/endstop/cover.py', status: 'removed' },
-        { filename: 'esphome/components/endstop/cover/__init__.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-
-    it('subdir __init__.py -> flat .py is not a new platform', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/endstop/cover/__init__.py', status: 'removed' },
-        { filename: 'esphome/components/endstop/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-  });
-
-  describe('genuine new platforms', () => {
-    it('new subdir platform with CONFIG_SCHEMA sets new-platform and hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover/__init__.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, true);
-    });
-
-    it('new flat platform with CONFIG_SCHEMA sets new-platform and hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, true);
-    });
-
-    it('new platform without CONFIG_SCHEMA sets new-platform but not hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITHOUT_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, false);
-    });
-
-    it('non-platform file addition produces no labels', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/sensor.py', status: 'added' },
-      ];
-      // Override platformComponents so 'sensor' is not a recognized platform -> no label expected.
-      const nonPlatformApiData = { ...API_DATA, platformComponents: ['cover'] };
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, nonPlatformApiData);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-  });
-});
-
-// ---------------------------------------------------------------------------
-// detectNewComponents
-// ---------------------------------------------------------------------------
-
-describe('detectNewComponents', () => {
-  it('new top-level __init__.py sets new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/actuator/__init__.py', status: 'added', },
-    ];
-    const result = await detectNewComponents(makeGithub(WITHOUT_SCHEMA), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.equal(result.hasYamlLoadable, false);
-  });
-
-  it('new top-level __init__.py with CONFIG_SCHEMA sets hasYamlLoadable', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/my_component/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.equal(result.hasYamlLoadable, true);
-  });
-
-  it('new top-level __init__.py with IS_TARGET_PLATFORM sets new-target-platform', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/my_platform/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub('IS_TARGET_PLATFORM = True'), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.ok(result.labels.has('new-target-platform'));
-  });
-
-  it('modified __init__.py does not set new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/existing/__init__.py', status: 'modified' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.equal(result.labels.size, 0);
-  });
-
-  it('nested __init__.py does not set new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/endstop/cover/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.equal(result.labels.size, 0);
-  });
-});

.github/scripts/codeowners.js

@@ -1,227 +0,0 @@
-// Shared CODEOWNERS parsing and matching utilities.
-//
-// Used by:
-//   - codeowner-review-request.yml
-//   - codeowner-approved-label-update.yml
-//   - auto-label-pr/detectors.js (detectCodeOwner)
-
-/**
- * Convert a CODEOWNERS glob pattern to a RegExp.
- *
- * Handles **, *, and ? wildcards after escaping regex-special characters.
- */
-function globToRegex(pattern) {
-  let regexStr = pattern
-    .replace(/([.+^=!:${}()|[\]\\])/g, '\\$1')
-    .replace(/\*\*/g, '\x00GLOBSTAR\x00')  // protect ** from next replace
-    .replace(/\*/g, '[^/]*')               // single star
-    .replace(/\x00GLOBSTAR\x00/g, '.*')    // restore globstar
-    .replace(/\?/g, '.');
-  return new RegExp('^' + regexStr + '$');
-}
-
-/**
- * Parse raw CODEOWNERS file content into an array of
- * { pattern, regex, owners } objects.
- *
- * Each `owners` entry is the raw string from the file (e.g. "@user" or
- * "@esphome/core").
- */
-function parseCodeowners(content) {
-  const lines = content
-    .split('\n')
-    .map(line => line.trim())
-    .filter(line => line && !line.startsWith('#'));
-
-  const patterns = [];
-  for (const line of lines) {
-    const parts = line.split(/\s+/);
-    if (parts.length < 2) continue;
-
-    const pattern = parts[0];
-    const owners = parts.slice(1);
-    const regex = globToRegex(pattern);
-    patterns.push({ pattern, regex, owners });
-  }
-  return patterns;
-}
-
-/**
- * Fetch and parse the CODEOWNERS file via the GitHub API.
- *
- * @param {object} github  - octokit instance from actions/github-script
- * @param {string} owner   - repo owner
- * @param {string} repo    - repo name
- * @param {string} [ref]   - git ref (SHA / branch) to read from
- * @returns {Array<{pattern: string, regex: RegExp, owners: string[]}>}
- */
-async function fetchCodeowners(github, owner, repo, ref) {
-  const params = { owner, repo, path: 'CODEOWNERS' };
-  if (ref) params.ref = ref;
-
-  const { data: file } = await github.rest.repos.getContent(params);
-  const content = Buffer.from(file.content, 'base64').toString('utf8');
-  return parseCodeowners(content);
-}
-
-/**
- * Classify raw owner strings into individual users and teams.
- *
- * @param {string[]} rawOwners - e.g. ["@user1", "@esphome/core"]
- * @returns {{ users: string[], teams: string[] }}
- *   users  – login names without "@"
- *   teams  – team slugs without the "org/" prefix
- */
-function classifyOwners(rawOwners) {
-  const users = [];
-  const teams = [];
-  for (const o of rawOwners) {
-    const clean = o.startsWith('@') ? o.slice(1) : o;
-    if (clean.includes('/')) {
-      teams.push(clean.split('/')[1]);
-    } else {
-      users.push(clean);
-    }
-  }
-  return { users, teams };
-}
-
-/**
- * For each file, find its effective codeowners using GitHub's
- * "last match wins" semantics, then union across all files.
- *
- * @param {string[]} files              - list of file paths
- * @param {Array}    codeownersPatterns  - from parseCodeowners / fetchCodeowners
- * @returns {{ users: Set<string>, teams: Set<string>, matchedFileCount: number }}
- */
-function getEffectiveOwners(files, codeownersPatterns) {
-  const users = new Set();
-  const teams = new Set();
-  let matchedFileCount = 0;
-
-  for (const file of files) {
-    // Last matching pattern wins for each file
-    let effectiveOwners = null;
-    for (const { regex, owners } of codeownersPatterns) {
-      if (regex.test(file)) {
-        effectiveOwners = owners;
-      }
-    }
-    if (effectiveOwners) {
-      matchedFileCount++;
-      const classified = classifyOwners(effectiveOwners);
-      for (const u of classified.users) users.add(u);
-      for (const t of classified.teams) teams.add(t);
-    }
-  }
-
-  return { users, teams, matchedFileCount };
-}
-
-/**
- * Read and parse the CODEOWNERS file from disk.
- *
- * Use this when the repo is already checked out (avoids an API call).
- *
- * @param {string} [repoRoot='.'] - path to the repo root
- * @returns {Array<{pattern: string, regex: RegExp, owners: string[]}>}
- */
-function loadCodeowners(repoRoot = '.') {
-  const fs = require('fs');
-  const path = require('path');
-  const content = fs.readFileSync(path.join(repoRoot, 'CODEOWNERS'), 'utf8');
-  return parseCodeowners(content);
-}
-
-/** Possible label actions returned by determineLabelAction. */
-const LabelAction = Object.freeze({
-  ADD: 'add',
-  REMOVE: 'remove',
-  NONE: 'none',
-});
-
-/**
- * Determine what label action is needed for a PR based on codeowner approvals.
- *
- * Checks changed files against CODEOWNERS patterns, reviews, and current labels
- * to decide if the label should be added, removed, or left unchanged.
- *
- * @param {object} github              - octokit instance from actions/github-script
- * @param {string} owner               - repo owner
- * @param {string} repo                - repo name
- * @param {number} pr_number           - pull request number
- * @param {Array}  codeownersPatterns   - from loadCodeowners / fetchCodeowners
- * @param {string} labelName           - label to manage
- * @returns {Promise<LabelAction>}
- */
-async function determineLabelAction(github, owner, repo, pr_number, codeownersPatterns, labelName) {
-  // Get the list of changed files in this PR
-  const prFiles = await github.paginate(
-    github.rest.pulls.listFiles,
-    { owner, repo, pull_number: pr_number }
-  );
-
-  const changedFiles = prFiles.map(file => file.filename);
-  console.log(`Found ${changedFiles.length} changed files`);
-
-  if (changedFiles.length === 0) {
-    console.log('No changed files found');
-    return LabelAction.NONE;
-  }
-
-  // Get effective owners using last-match-wins semantics
-  const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-  const componentCodeowners = effective.users;
-
-  console.log(`Component-specific codeowners: ${Array.from(componentCodeowners).join(', ') || '(none)'}`);
-
-  // Get current labels
-  const { data: currentLabels } = await github.rest.issues.listLabelsOnIssue({
-    owner, repo, issue_number: pr_number
-  });
-  const hasLabel = currentLabels.some(label => label.name === labelName);
-
-  if (componentCodeowners.size === 0) {
-    console.log('No component-specific codeowners found');
-    return hasLabel ? LabelAction.REMOVE : LabelAction.NONE;
-  }
-
-  // Get all reviews and find latest per user
-  const reviews = await github.paginate(
-    github.rest.pulls.listReviews,
-    { owner, repo, pull_number: pr_number }
-  );
-
-  const latestReviewByUser = new Map();
-  for (const review of reviews) {
-    if (!review.user || review.user.type === 'Bot' || review.state === 'COMMENTED') continue;
-    latestReviewByUser.set(review.user.login, review);
-  }
-
-  // Check if any component-specific codeowner has an active approval
-  let hasCodeownerApproval = false;
-  for (const [login, review] of latestReviewByUser) {
-    if (review.state === 'APPROVED' && componentCodeowners.has(login)) {
-      console.log(`Codeowner '${login}' has approved`);
-      hasCodeownerApproval = true;
-      break;
-    }
-  }
-
-  if (hasCodeownerApproval && !hasLabel) return LabelAction.ADD;
-  if (!hasCodeownerApproval && hasLabel) return LabelAction.REMOVE;
-
-  console.log(`Label already ${hasLabel ? 'present' : 'absent'}, no change needed`);
-  return LabelAction.NONE;
-}
-
-module.exports = {
-  globToRegex,
-  parseCodeowners,
-  fetchCodeowners,
-  loadCodeowners,
-  classifyOwners,
-  getEffectiveOwners,
-  LabelAction,
-  determineLabelAction
-};

.github/scripts/detect-tags.js

@@ -1,66 +0,0 @@
-/**
- * Shared tag detection from changed file paths.
- * Used by pr-title-check and auto-label-pr workflows.
- */
-
-const COMPONENT_REGEX = /^esphome\/components\/([^\/]+)\//;
-
-/**
- * Detect component names from changed files.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {Set<string>} Set of component names
- */
-function detectComponents(changedFiles) {
-  const components = new Set();
-  for (const file of changedFiles) {
-    const match = file.match(COMPONENT_REGEX);
-    if (match) {
-      components.add(match[1]);
-    }
-  }
-  return components;
-}
-
-/**
- * Detect if core files were changed.
- * Core files are in esphome/core/ or top-level esphome/ directory.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasCoreChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('esphome/core/') ||
-    (file.startsWith('esphome/') && file.split('/').length === 2)
-  );
-}
-
-/**
- * Detect if dashboard files were changed.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasDashboardChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('esphome/dashboard/') ||
-    file.startsWith('esphome/components/dashboard_import/')
-  );
-}
-
-/**
- * Detect if GitHub Actions files were changed.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasGitHubActionsChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('.github/workflows/')
-  );
-}
-
-module.exports = {
-  COMPONENT_REGEX,
-  detectComponents,
-  hasCoreChanges,
-  hasDashboardChanges,
-  hasGitHubActionsChanges,
-};

.github/workflows/auto-label-pr.yml

@@ -6,14 +6,12 @@ on:
   pull_request_target:
     types: [labeled, opened, reopened, synchronize, edited]
 
-# All PR/label/review writes are performed with the App token minted below,
-# so the workflow's GITHUB_TOKEN only needs read access for checkout.
 permissions:
-  contents: read  # actions/checkout reads the workflow source
+  pull-requests: write
+  contents: read
 
 env:
   SMALL_PR_THRESHOLD: 30
-  MEDIUM_PR_THRESHOLD: 100
   MAX_LABELS: 15
   TOO_BIG_THRESHOLD: 1000
   COMPONENT_LABEL_THRESHOLD: 10
@@ -21,26 +19,650 @@ env:
 jobs:
   label:
     runs-on: ubuntu-latest
-    if: github.event.pull_request.state == 'open' && (github.event.action != 'labeled' || github.event.sender.type != 'Bot')
+    if: github.event.action != 'labeled' || github.event.sender.type != 'Bot'
     steps:
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Generate a token
         id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2
         with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
           private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by auto-label-pr/*.js.
-          permission-contents: read       # repos.getContent for CODEOWNERS and file lookups in detectors.js
-          permission-issues: write        # listLabelsOnIssue, addLabels, removeLabel, list/createComment
-          permission-pull-requests: write  # pulls.listFiles, list/create/update/dismissReview
 
       - name: Auto Label PR
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ steps.generate-token.outputs.token }}
           script: |
-            const script = require('./.github/scripts/auto-label-pr/index.js');
-            await script({ github, context });
+            const fs = require('fs');
+
+            // Constants
+            const SMALL_PR_THRESHOLD = parseInt('${{ env.SMALL_PR_THRESHOLD }}');
+            const MAX_LABELS = parseInt('${{ env.MAX_LABELS }}');
+            const TOO_BIG_THRESHOLD = parseInt('${{ env.TOO_BIG_THRESHOLD }}');
+            const COMPONENT_LABEL_THRESHOLD = parseInt('${{ env.COMPONENT_LABEL_THRESHOLD }}');
+            const BOT_COMMENT_MARKER = '<!-- auto-label-pr-bot -->';
+            const CODEOWNERS_MARKER = '<!-- codeowners-request -->';
+            const TOO_BIG_MARKER = '<!-- too-big-request -->';
+
+            const MANAGED_LABELS = [
+              'new-component',
+              'new-platform',
+              'new-target-platform',
+              'merging-to-release',
+              'merging-to-beta',
+              'chained-pr',
+              'core',
+              'small-pr',
+              'dashboard',
+              'github-actions',
+              'by-code-owner',
+              'has-tests',
+              'needs-tests',
+              'needs-docs',
+              'needs-codeowners',
+              'too-big',
+              'labeller-recheck',
+              'bugfix',
+              'new-feature',
+              'breaking-change',
+              'developer-breaking-change',
+              'code-quality'
+            ];
+
+            const DOCS_PR_PATTERNS = [
+              /https:\/\/github\.com\/esphome\/esphome-docs\/pull\/\d+/,
+              /esphome\/esphome-docs#\d+/
+            ];
+
+            // Global state
+            const { owner, repo } = context.repo;
+            const pr_number = context.issue.number;
+
+            // Get current labels and PR data
+            const { data: currentLabelsData } = await github.rest.issues.listLabelsOnIssue({
+              owner,
+              repo,
+              issue_number: pr_number
+            });
+            const currentLabels = currentLabelsData.map(label => label.name);
+            const managedLabels = currentLabels.filter(label =>
+              label.startsWith('component: ') || MANAGED_LABELS.includes(label)
+            );
+
+            // Check for mega-PR early - if present, skip most automatic labeling
+            const isMegaPR = currentLabels.includes('mega-pr');
+
+            // Get all PR files with automatic pagination
+            const prFiles = await github.paginate(
+              github.rest.pulls.listFiles,
+              {
+                owner,
+                repo,
+                pull_number: pr_number
+              }
+            );
+
+            // Calculate data from PR files
+            const changedFiles = prFiles.map(file => file.filename);
+            const totalAdditions = prFiles.reduce((sum, file) => sum + (file.additions || 0), 0);
+            const totalDeletions = prFiles.reduce((sum, file) => sum + (file.deletions || 0), 0);
+            const totalChanges = totalAdditions + totalDeletions;
+
+            console.log('Current labels:', currentLabels.join(', '));
+            console.log('Changed files:', changedFiles.length);
+            console.log('Total changes:', totalChanges);
+            if (isMegaPR) {
+              console.log('Mega-PR detected - applying limited labeling logic');
+            }
+
+            // Fetch API data
+            async function fetchApiData() {
+              try {
+                const response = await fetch('https://data.esphome.io/components.json');
+                const componentsData = await response.json();
+                return {
+                  targetPlatforms: componentsData.target_platforms || [],
+                  platformComponents: componentsData.platform_components || []
+                };
+              } catch (error) {
+                console.log('Failed to fetch components data from API:', error.message);
+                return { targetPlatforms: [], platformComponents: [] };
+              }
+            }
+
+            // Strategy: Merge branch detection
+            async function detectMergeBranch() {
+              const labels = new Set();
+              const baseRef = context.payload.pull_request.base.ref;
+
+              if (baseRef === 'release') {
+                labels.add('merging-to-release');
+              } else if (baseRef === 'beta') {
+                labels.add('merging-to-beta');
+              } else if (baseRef !== 'dev') {
+                labels.add('chained-pr');
+              }
+
+              return labels;
+            }
+
+            // Strategy: Component and platform labeling
+            async function detectComponentPlatforms(apiData) {
+              const labels = new Set();
+              const componentRegex = /^esphome\/components\/([^\/]+)\//;
+              const targetPlatformRegex = new RegExp(`^esphome\/components\/(${apiData.targetPlatforms.join('|')})/`);
+
+              for (const file of changedFiles) {
+                const componentMatch = file.match(componentRegex);
+                if (componentMatch) {
+                  labels.add(`component: ${componentMatch[1]}`);
+                }
+
+                const platformMatch = file.match(targetPlatformRegex);
+                if (platformMatch) {
+                  labels.add(`platform: ${platformMatch[1]}`);
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: New component detection
+            async function detectNewComponents() {
+              const labels = new Set();
+              const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
+
+              for (const file of addedFiles) {
+                const componentMatch = file.match(/^esphome\/components\/([^\/]+)\/__init__\.py$/);
+                if (componentMatch) {
+                  try {
+                    const content = fs.readFileSync(file, 'utf8');
+                    if (content.includes('IS_TARGET_PLATFORM = True')) {
+                      labels.add('new-target-platform');
+                    }
+                  } catch (error) {
+                    console.log(`Failed to read content of ${file}:`, error.message);
+                  }
+                  labels.add('new-component');
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: New platform detection
+            async function detectNewPlatforms(apiData) {
+              const labels = new Set();
+              const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
+
+              for (const file of addedFiles) {
+                const platformFileMatch = file.match(/^esphome\/components\/([^\/]+)\/([^\/]+)\.py$/);
+                if (platformFileMatch) {
+                  const [, component, platform] = platformFileMatch;
+                  if (apiData.platformComponents.includes(platform)) {
+                    labels.add('new-platform');
+                  }
+                }
+
+                const platformDirMatch = file.match(/^esphome\/components\/([^\/]+)\/([^\/]+)\/__init__\.py$/);
+                if (platformDirMatch) {
+                  const [, component, platform] = platformDirMatch;
+                  if (apiData.platformComponents.includes(platform)) {
+                    labels.add('new-platform');
+                  }
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: Core files detection
+            async function detectCoreChanges() {
+              const labels = new Set();
+              const coreFiles = changedFiles.filter(file =>
+                file.startsWith('esphome/core/') ||
+                (file.startsWith('esphome/') && file.split('/').length === 2)
+              );
+
+              if (coreFiles.length > 0) {
+                labels.add('core');
+              }
+
+              return labels;
+            }
+
+            // Strategy: PR size detection
+            async function detectPRSize() {
+              const labels = new Set();
+
+              if (totalChanges <= SMALL_PR_THRESHOLD) {
+                labels.add('small-pr');
+                return labels;
+              }
+
+              const testAdditions = prFiles
+                .filter(file => file.filename.startsWith('tests/'))
+                .reduce((sum, file) => sum + (file.additions || 0), 0);
+              const testDeletions = prFiles
+                .filter(file => file.filename.startsWith('tests/'))
+                .reduce((sum, file) => sum + (file.deletions || 0), 0);
+
+              const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
+
+              // Don't add too-big if mega-pr label is already present
+              if (nonTestChanges > TOO_BIG_THRESHOLD && !isMegaPR) {
+                labels.add('too-big');
+              }
+
+              return labels;
+            }
+
+            // Strategy: Dashboard changes
+            async function detectDashboardChanges() {
+              const labels = new Set();
+              const dashboardFiles = changedFiles.filter(file =>
+                file.startsWith('esphome/dashboard/') ||
+                file.startsWith('esphome/components/dashboard_import/')
+              );
+
+              if (dashboardFiles.length > 0) {
+                labels.add('dashboard');
+              }
+
+              return labels;
+            }
+
+            // Strategy: GitHub Actions changes
+            async function detectGitHubActionsChanges() {
+              const labels = new Set();
+              const githubActionsFiles = changedFiles.filter(file =>
+                file.startsWith('.github/workflows/')
+              );
+
+              if (githubActionsFiles.length > 0) {
+                labels.add('github-actions');
+              }
+
+              return labels;
+            }
+
+            // Strategy: Code owner detection
+            async function detectCodeOwner() {
+              const labels = new Set();
+
+              try {
+                const { data: codeownersFile } = await github.rest.repos.getContent({
+                  owner,
+                  repo,
+                  path: 'CODEOWNERS',
+                });
+
+                const codeownersContent = Buffer.from(codeownersFile.content, 'base64').toString('utf8');
+                const prAuthor = context.payload.pull_request.user.login;
+
+                const codeownersLines = codeownersContent.split('\n')
+                  .map(line => line.trim())
+                  .filter(line => line && !line.startsWith('#'));
+
+                const codeownersRegexes = codeownersLines.map(line => {
+                  const parts = line.split(/\s+/);
+                  const pattern = parts[0];
+                  const owners = parts.slice(1);
+
+                  let regex;
+                  if (pattern.endsWith('*')) {
+                    const dir = pattern.slice(0, -1);
+                    regex = new RegExp(`^${dir.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}`);
+                  } else if (pattern.includes('*')) {
+                    // First escape all regex special chars except *, then replace * with .*
+                    const regexPattern = pattern
+                      .replace(/[.+?^${}()|[\]\\]/g, '\\$&')
+                      .replace(/\*/g, '.*');
+                    regex = new RegExp(`^${regexPattern}$`);
+                  } else {
+                    regex = new RegExp(`^${pattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}$`);
+                  }
+
+                  return { regex, owners };
+                });
+
+                for (const file of changedFiles) {
+                  for (const { regex, owners } of codeownersRegexes) {
+                    if (regex.test(file) && owners.some(owner => owner === `@${prAuthor}`)) {
+                      labels.add('by-code-owner');
+                      return labels;
+                    }
+                  }
+                }
+              } catch (error) {
+                console.log('Failed to read or parse CODEOWNERS file:', error.message);
+              }
+
+              return labels;
+            }
+
+            // Strategy: Test detection
+            async function detectTests() {
+              const labels = new Set();
+              const testFiles = changedFiles.filter(file => file.startsWith('tests/'));
+
+              if (testFiles.length > 0) {
+                labels.add('has-tests');
+              }
+
+              return labels;
+            }
+
+            // Strategy: PR Template Checkbox detection
+            async function detectPRTemplateCheckboxes() {
+              const labels = new Set();
+              const prBody = context.payload.pull_request.body || '';
+
+              console.log('Checking PR template checkboxes...');
+
+              // Check for checked checkboxes in the "Types of changes" section
+              const checkboxPatterns = [
+                { pattern: /- \[x\] Bugfix \(non-breaking change which fixes an issue\)/i, label: 'bugfix' },
+                { pattern: /- \[x\] New feature \(non-breaking change which adds functionality\)/i, label: 'new-feature' },
+                { pattern: /- \[x\] Breaking change \(fix or feature that would cause existing functionality to not work as expected\)/i, label: 'breaking-change' },
+                { pattern: /- \[x\] Developer breaking change \(an API change that could break external components\)/i, label: 'developer-breaking-change' },
+                { pattern: /- \[x\] Code quality improvements to existing code or addition of tests/i, label: 'code-quality' }
+              ];
+
+              for (const { pattern, label } of checkboxPatterns) {
+                if (pattern.test(prBody)) {
+                  console.log(`Found checked checkbox for: ${label}`);
+                  labels.add(label);
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: Requirements detection
+            async function detectRequirements(allLabels) {
+              const labels = new Set();
+
+              // Check for missing tests
+              if ((allLabels.has('new-component') || allLabels.has('new-platform') || allLabels.has('new-feature')) && !allLabels.has('has-tests')) {
+                labels.add('needs-tests');
+              }
+
+              // Check for missing docs
+              if (allLabels.has('new-component') || allLabels.has('new-platform') || allLabels.has('new-feature')) {
+                const prBody = context.payload.pull_request.body || '';
+                const hasDocsLink = DOCS_PR_PATTERNS.some(pattern => pattern.test(prBody));
+
+                if (!hasDocsLink) {
+                  labels.add('needs-docs');
+                }
+              }
+
+              // Check for missing CODEOWNERS
+              if (allLabels.has('new-component')) {
+                const codeownersModified = prFiles.some(file =>
+                  file.filename === 'CODEOWNERS' &&
+                  (file.status === 'modified' || file.status === 'added') &&
+                  (file.additions || 0) > 0
+                );
+
+                if (!codeownersModified) {
+                  labels.add('needs-codeowners');
+                }
+              }
+
+              return labels;
+            }
+
+            // Generate review messages
+            function generateReviewMessages(finalLabels, originalLabelCount) {
+              const messages = [];
+              const prAuthor = context.payload.pull_request.user.login;
+
+              // Too big message
+              if (finalLabels.includes('too-big')) {
+                const testAdditions = prFiles
+                  .filter(file => file.filename.startsWith('tests/'))
+                  .reduce((sum, file) => sum + (file.additions || 0), 0);
+                const testDeletions = prFiles
+                  .filter(file => file.filename.startsWith('tests/'))
+                  .reduce((sum, file) => sum + (file.deletions || 0), 0);
+                const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
+
+                const tooManyLabels = originalLabelCount > MAX_LABELS;
+                const tooManyChanges = nonTestChanges > TOO_BIG_THRESHOLD;
+
+                let message = `${TOO_BIG_MARKER}\n### 📦 Pull Request Size\n\n`;
+
+                if (tooManyLabels && tooManyChanges) {
+                  message += `This PR is too large with ${nonTestChanges} line changes (excluding tests) and affects ${originalLabelCount} different components/areas.`;
+                } else if (tooManyLabels) {
+                  message += `This PR affects ${originalLabelCount} different components/areas.`;
+                } else {
+                  message += `This PR is too large with ${nonTestChanges} line changes (excluding tests).`;
+                }
+
+                message += ` Please consider breaking it down into smaller, focused PRs to make review easier and reduce the risk of conflicts.\n\n`;
+                message += `For guidance on breaking down large PRs, see: https://developers.esphome.io/contributing/submitting-your-work/#how-to-approach-large-submissions`;
+
+                messages.push(message);
+              }
+
+              // CODEOWNERS message
+              if (finalLabels.includes('needs-codeowners')) {
+                const message = `${CODEOWNERS_MARKER}\n### 👥 Code Ownership\n\n` +
+                  `Hey there @${prAuthor},\n` +
+                  `Thanks for submitting this pull request! Can you add yourself as a codeowner for this integration? ` +
+                  `This way we can notify you if a bug report for this integration is reported.\n\n` +
+                  `In \`__init__.py\` of the integration, please add:\n\n` +
+                  `\`\`\`python\nCODEOWNERS = ["@${prAuthor}"]\n\`\`\`\n\n` +
+                  `And run \`script/build_codeowners.py\``;
+
+                messages.push(message);
+              }
+
+              return messages;
+            }
+
+            // Handle reviews
+            async function handleReviews(finalLabels, originalLabelCount) {
+              const reviewMessages = generateReviewMessages(finalLabels, originalLabelCount);
+              const hasReviewableLabels = finalLabels.some(label =>
+                ['too-big', 'needs-codeowners'].includes(label)
+              );
+
+              const { data: reviews } = await github.rest.pulls.listReviews({
+                owner,
+                repo,
+                pull_number: pr_number
+              });
+
+              const botReviews = reviews.filter(review =>
+                review.user.type === 'Bot' &&
+                review.state === 'CHANGES_REQUESTED' &&
+                review.body && review.body.includes(BOT_COMMENT_MARKER)
+              );
+
+              if (hasReviewableLabels) {
+                const reviewBody = `${BOT_COMMENT_MARKER}\n\n${reviewMessages.join('\n\n---\n\n')}`;
+
+                if (botReviews.length > 0) {
+                  // Update existing review
+                  await github.rest.pulls.updateReview({
+                    owner,
+                    repo,
+                    pull_number: pr_number,
+                    review_id: botReviews[0].id,
+                    body: reviewBody
+                  });
+                  console.log('Updated existing bot review');
+                } else {
+                  // Create new review
+                  await github.rest.pulls.createReview({
+                    owner,
+                    repo,
+                    pull_number: pr_number,
+                    body: reviewBody,
+                    event: 'REQUEST_CHANGES'
+                  });
+                  console.log('Created new bot review');
+                }
+              } else if (botReviews.length > 0) {
+                // Dismiss existing reviews
+                for (const review of botReviews) {
+                  try {
+                    await github.rest.pulls.dismissReview({
+                      owner,
+                      repo,
+                      pull_number: pr_number,
+                      review_id: review.id,
+                      message: 'Review dismissed: All requirements have been met'
+                    });
+                    console.log(`Dismissed bot review ${review.id}`);
+                  } catch (error) {
+                    console.log(`Failed to dismiss review ${review.id}:`, error.message);
+                  }
+                }
+              }
+            }
+
+            // Main execution
+            const apiData = await fetchApiData();
+            const baseRef = context.payload.pull_request.base.ref;
+
+            // Early exit for release and beta branches only
+            if (baseRef === 'release' || baseRef === 'beta') {
+              const branchLabels = await detectMergeBranch();
+              const finalLabels = Array.from(branchLabels);
+
+              console.log('Computed labels (merge branch only):', finalLabels.join(', '));
+
+              // Apply labels
+              if (finalLabels.length > 0) {
+                await github.rest.issues.addLabels({
+                  owner,
+                  repo,
+                  issue_number: pr_number,
+                  labels: finalLabels
+                });
+              }
+
+              // Remove old managed labels
+              const labelsToRemove = managedLabels.filter(label => !finalLabels.includes(label));
+              for (const label of labelsToRemove) {
+                try {
+                  await github.rest.issues.removeLabel({
+                    owner,
+                    repo,
+                    issue_number: pr_number,
+                    name: label
+                  });
+                } catch (error) {
+                  console.log(`Failed to remove label ${label}:`, error.message);
+                }
+              }
+
+              return;
+            }
+
+            // Run all strategies
+            const [
+              branchLabels,
+              componentLabels,
+              newComponentLabels,
+              newPlatformLabels,
+              coreLabels,
+              sizeLabels,
+              dashboardLabels,
+              actionsLabels,
+              codeOwnerLabels,
+              testLabels,
+              checkboxLabels
+            ] = await Promise.all([
+              detectMergeBranch(),
+              detectComponentPlatforms(apiData),
+              detectNewComponents(),
+              detectNewPlatforms(apiData),
+              detectCoreChanges(),
+              detectPRSize(),
+              detectDashboardChanges(),
+              detectGitHubActionsChanges(),
+              detectCodeOwner(),
+              detectTests(),
+              detectPRTemplateCheckboxes()
+            ]);
+
+            // Combine all labels
+            const allLabels = new Set([
+              ...branchLabels,
+              ...componentLabels,
+              ...newComponentLabels,
+              ...newPlatformLabels,
+              ...coreLabels,
+              ...sizeLabels,
+              ...dashboardLabels,
+              ...actionsLabels,
+              ...codeOwnerLabels,
+              ...testLabels,
+              ...checkboxLabels
+            ]);
+
+            // Detect requirements based on all other labels
+            const requirementLabels = await detectRequirements(allLabels);
+            for (const label of requirementLabels) {
+              allLabels.add(label);
+            }
+
+            let finalLabels = Array.from(allLabels);
+
+            // For mega-PRs, exclude component labels if there are too many
+            if (isMegaPR) {
+              const componentLabels = finalLabels.filter(label => label.startsWith('component: '));
+              if (componentLabels.length > COMPONENT_LABEL_THRESHOLD) {
+                finalLabels = finalLabels.filter(label => !label.startsWith('component: '));
+                console.log(`Mega-PR detected - excluding ${componentLabels.length} component labels (threshold: ${COMPONENT_LABEL_THRESHOLD})`);
+              }
+            }
+
+            // Handle too many labels (only for non-mega PRs)
+            const tooManyLabels = finalLabels.length > MAX_LABELS;
+            const originalLabelCount = finalLabels.length;
+
+            if (tooManyLabels && !isMegaPR && !finalLabels.includes('too-big')) {
+              finalLabels = ['too-big'];
+            }
+
+            console.log('Computed labels:', finalLabels.join(', '));
+
+            // Handle reviews
+            await handleReviews(finalLabels, originalLabelCount);
+
+            // Apply labels
+            if (finalLabels.length > 0) {
+              console.log(`Adding labels: ${finalLabels.join(', ')}`);
+              await github.rest.issues.addLabels({
+                owner,
+                repo,
+                issue_number: pr_number,
+                labels: finalLabels
+              });
+            }
+
+            // Remove old managed labels
+            const labelsToRemove = managedLabels.filter(label => !finalLabels.includes(label));
+            for (const label of labelsToRemove) {
+              console.log(`Removing label: ${label}`);
+              try {
+                await github.rest.issues.removeLabel({
+                  owner,
+                  repo,
+                  issue_number: pr_number,
+                  name: label
+                });
+              } catch (error) {
+                console.log(`Failed to remove label ${label}:`, error.message);
+              }
+            }

.github/workflows/ci-api-proto.yml

@@ -12,8 +12,8 @@ on:
       - ".github/workflows/ci-api-proto.yml"
 
 permissions:
-  contents: read        # actions/checkout for the PR head
-  pull-requests: write  # pulls.createReview / listReviews / dismissReview when generated proto files are stale
+  contents: read
+  pull-requests: write
 
 jobs:
   check:
@@ -21,21 +21,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: "3.11"
-      - name: Set up uv
-        # ``--system`` (below) installs into the setup-python interpreter;
-        # no venv is created or restored by this workflow.
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-        with:
-          enable-cache: true
-          # Pin uv version so the action does not have to fetch the
-          # manifest from raw.githubusercontent.com on every cache
-          # miss; that fetch flakes on Windows runners.
-          version: "0.11.15"
 
       - name: Install apt dependencies
         run: |
@@ -44,7 +34,7 @@ jobs:
           sudo apt install -y protobuf-compiler
           protoc --version
       - name: Install python dependencies
-        run: uv pip install --system aioesphomeapi -c requirements.txt -r requirements_dev.txt
+        run: pip install aioesphomeapi -c requirements.txt -r requirements_dev.txt
       - name: Generate files
         run: script/api_protobuf/api_protobuf.py
       - name: Check for changes
@@ -57,7 +47,7 @@ jobs:
           fi
       - if: failure()
         name: Review PR
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             await github.rest.pulls.createReview({
@@ -72,7 +62,7 @@ jobs:
         run: git diff
       - if: failure()
         name: Archive artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: generated-proto-files
           path: |
@@ -80,7 +70,7 @@ jobs:
             esphome/components/api/api_pb2_service.*
       - if: success()
         name: Dismiss review
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             let reviews = await github.rest.pulls.listReviews({

.github/workflows/ci-clang-tidy-hash.yml

@@ -12,8 +12,8 @@ on:
       - ".github/workflows/ci-clang-tidy-hash.yml"
 
 permissions:
-  contents: read        # actions/checkout for the PR head
-  pull-requests: write  # pulls.createReview / listReviews / dismissReview when the clang-tidy hash is out of date
+  contents: read
+  pull-requests: write
 
 jobs:
   verify-hash:
@@ -21,10 +21,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: "3.11"
 
@@ -40,9 +40,9 @@ jobs:
           echo "You have modified clang-tidy configuration but have not updated the hash." | tee -a $GITHUB_STEP_SUMMARY
           echo "Please run 'script/clang_tidy_hash.py --update' and commit the changes." | tee -a $GITHUB_STEP_SUMMARY
 
-      - if: failure() && github.event.pull_request.head.repo.full_name == github.repository
+      - if: failure()
         name: Request changes
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             await github.rest.pulls.createReview({
@@ -53,9 +53,9 @@ jobs:
               body: 'You have modified clang-tidy configuration but have not updated the hash.\nPlease run `script/clang_tidy_hash.py --update` and commit the changes.'
             })
 
-      - if: success() && github.event.pull_request.head.repo.full_name == github.repository
+      - if: success()
         name: Dismiss review
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             let reviews = await github.rest.pulls.listReviews({

.github/workflows/ci-docker.yml

@@ -22,7 +22,8 @@ on:
       - "script/platformio_install_deps.py"
 
 permissions:
-  contents: read  # actions/checkout only
+  contents: read
+  packages: read
 
 concurrency:
   # yamllint disable-line rule:line-length
@@ -33,9 +34,6 @@ jobs:
   check-docker:
     name: Build docker containers
     runs-on: ${{ matrix.os }}
-    permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # push branch-tagged images to ghcr.io for local testing
     strategy:
       fail-fast: false
       matrix:
@@ -44,94 +42,23 @@ jobs:
           - "ha-addon"
           - "docker"
           # - "lint"
-    outputs:
-      tag: ${{ steps.tag.outputs.tag }}
-      push: ${{ steps.tag.outputs.push }}
     steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: "3.11"
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
-      - name: Determine tag and whether to push
-        id: tag
+      - name: Set TAG
         run: |
-          # Sanitize the branch name into a valid docker tag: replace invalid
-          # characters, ensure the first character is valid (tags must start
-          # with [A-Za-z0-9_]), and cap the length at 128 characters.
-          branch="${{ github.head_ref || github.ref_name }}"
-          tag="${branch//[^a-zA-Z0-9_.-]/-}"
-          case "$tag" in
-            [a-zA-Z0-9_]*) ;;
-            *) tag="pr-${tag}" ;;
-          esac
-          tag="${tag:0:128}"
-          echo "tag=${tag}" >> "$GITHUB_OUTPUT"
-          # Only push branch images for same-repo pull requests. Push events
-          # only fire for dev/beta/release, whose images are owned by the
-          # release pipeline -- never overwrite those from here.
-          if [ "${{ github.event_name }}" = "pull_request" ] \
-            && [ "${{ github.repository }}" = "esphome/esphome" ] \
-            && [ "${{ github.event.pull_request.head.repo.full_name }}" = "esphome/esphome" ]; then
-            echo "push=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "push=false" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Log in to the GitHub container registry
-        if: steps.tag.outputs.push == 'true'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          echo "TAG=check" >> $GITHUB_ENV
 
       - name: Run build
         run: |
           docker/build.py \
-            --tag "${{ steps.tag.outputs.tag }}" \
+            --tag "${TAG}" \
             --arch "${{ matrix.os == 'ubuntu-24.04-arm' && 'aarch64' || 'amd64' }}" \
             --build-type "${{ matrix.build_type }}" \
-            --registry ghcr \
-            build ${{ steps.tag.outputs.push == 'true' && '--push --no-cache-to' || '' }}
-
-  manifest:
-    name: Push ${{ matrix.build_type }} manifest to ghcr.io
-    needs: [check-docker]
-    if: needs.check-docker.outputs.push == 'true'
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read   # actions/checkout to run docker/build.py
-      packages: write  # buildx imagetools writes the multi-arch tag to ghcr.io
-    strategy:
-      fail-fast: false
-      matrix:
-        build_type:
-          - "ha-addon"
-          - "docker"
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-        with:
-          python-version: "3.11"
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
-
-      - name: Log in to the GitHub container registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Create and push manifest
-        run: |
-          docker/build.py \
-            --tag "${{ needs.check-docker.outputs.tag }}" \
-            --build-type "${{ matrix.build_type }}" \
-            --registry ghcr \
-            manifest
+            build

.github/workflows/ci-github-scripts.yml

@@ -1,27 +0,0 @@
-name: CI - GitHub Scripts
-
-on:
-  push:
-    branches: [dev, beta, release]
-    paths:
-      - ".github/scripts/**"
-      - ".github/workflows/ci-github-scripts.yml"
-  pull_request:
-    paths:
-      - ".github/scripts/**"
-      - ".github/workflows/ci-github-scripts.yml"
-
-permissions:
-  contents: read
-
-jobs:
-  test-auto-label-pr:
-    name: Test auto-label-pr scripts
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-
-      - name: Run tests
-        working-directory: .github/scripts/auto-label-pr
-        run: npm test

.github/workflows/ci-memory-impact-comment.yml

@@ -7,9 +7,9 @@ on:
     types: [completed]
 
 permissions:
-  contents: read        # actions/checkout of the base repo at the PR's target branch
-  pull-requests: write  # gh api to look up the PR by head SHA and post/update the memory-impact comment
-  actions: read         # gh run download for the memory-analysis artifacts produced by the CI workflow run
+  contents: read
+  pull-requests: write
+  actions: read
 
 jobs:
   memory-impact-comment:
@@ -49,7 +49,7 @@ jobs:
 
       - name: Check out code from base repository
         if: steps.pr.outputs.skip != 'true'
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           # Always check out from the base repository (esphome/esphome), never from forks
           # Use the PR's target branch to ensure we run trusted code from the main repo

.github/workflows/close-pr-from-fork-default-branch.yml

@@ -1,72 +0,0 @@
-name: Close PR From Fork Default Branch
-
-on:
-  # pull_request_target is required so we have permission to comment and close PRs from forks.
-  pull_request_target:
-    types: [opened, reopened]
-
-permissions:
-  pull-requests: write  # pulls.update to close the PR opened from a fork's default branch
-  issues: write         # issues.createComment to explain to the contributor why the PR was closed
-
-jobs:
-  close:
-    name: Close PR opened from fork's default branch
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
-      && github.event.pull_request.head.ref == github.event.repository.default_branch
-    steps:
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const prNumber = context.payload.pull_request.number;
-            const author = context.payload.pull_request.user.login;
-            const defaultBranch = context.payload.repository.default_branch;
-            const headRepo = context.payload.pull_request.head.repo.full_name;
-
-            const body = [
-              `Hi @${author}, thanks for opening a pull request! :tada:`,
-              ``,
-              `It looks like this PR was opened from the \`${defaultBranch}\` branch of your fork (\`${headRepo}\`), which is the same name as this repository's default branch. Working directly on \`${defaultBranch}\` in your fork causes a few problems:`,
-              ``,
-              `- Your fork's \`${defaultBranch}\` branch will permanently diverge from \`esphome/esphome:${defaultBranch}\`, making it hard to keep your fork up to date.`,
-              `- Any additional commits you push to \`${defaultBranch}\` will be added to this PR, so you can't easily work on multiple changes at once.`,
-              `- Pushing maintainer fixes to your branch is awkward, since it means committing directly to your fork's default branch.`,
-              `- It makes local collaboration painful — \`${defaultBranch}\` in a checkout becomes ambiguous between upstream and your fork, and maintainers end up with naming collisions when fetching your branch.`,
-              ``,
-              `Please re-open this as a new PR from a dedicated feature branch. The usual flow looks like:`,
-              ``,
-              `\`\`\`bash`,
-              `# Make sure your fork's ${defaultBranch} is up to date with upstream`,
-              `git remote add upstream https://github.com/${owner}/${repo}.git  # if you haven't already`,
-              `git fetch upstream`,
-              `git checkout ${defaultBranch}`,
-              `git reset --hard upstream/${defaultBranch}`,
-              `git push --force-with-lease origin ${defaultBranch}`,
-              ``,
-              `# Create a new branch for your change and cherry-pick / re-apply your commits there`,
-              `git checkout -b my-feature-branch upstream/${defaultBranch}`,
-              `# ...re-apply your changes, then:`,
-              `git push origin my-feature-branch`,
-              `\`\`\``,
-              ``,
-              `Then open a new pull request from \`my-feature-branch\` into \`${owner}/${repo}:${defaultBranch}\`.`,
-              ``,
-              `Closing this PR for now — sorry for the friction, and thanks again for contributing! :heart:`,
-            ].join('\n');
-
-            await github.rest.issues.createComment({
-              owner,
-              repo,
-              issue_number: prNumber,
-              body,
-            });
-
-            await github.rest.pulls.update({
-              owner,
-              repo,
-              pull_number: prNumber,
-              state: 'closed',
-            });

.github/workflows/codeowner-approved-label-update.yml

@@ -1,81 +0,0 @@
-# Adds/removes a 'code-owner-approved' label when a component-specific
-# codeowner approves (or dismisses) a PR.
-#
-# Uses pull_request_target so that fork PRs do not require workflow approval.
-# The label is reconciled on every PR update; for review events specifically,
-# this means the label is applied on the next push after a codeowner review.
-
-name: Codeowner Approved Label
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened, ready_for_review]
-    branches-ignore:
-      - release
-      - beta
-
-permissions:
-  issues: write       # issues.addLabels / removeLabel to manage the 'code-owner-approved' label on the PR
-  pull-requests: read  # listReviews to determine whether a codeowner has approved
-  contents: read       # actions/checkout to read CODEOWNERS and the shared codeowners.js helper
-
-jobs:
-  codeowner-approved:
-    name: Run
-    if: ${{ github.repository == 'esphome/esphome' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout base branch
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-          sparse-checkout: |
-            .github/scripts/codeowners.js
-            CODEOWNERS
-
-      - name: Check codeowner approval and update label
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        with:
-          script: |
-            const { loadCodeowners, determineLabelAction, LabelAction } = require('./.github/scripts/codeowners.js');
-
-            const owner = context.repo.owner;
-            const repo = context.repo.repo;
-            const pr_number = parseInt(process.env.PR_NUMBER, 10);
-            const LABEL_NAME = 'code-owner-approved';
-
-            console.log(`Processing PR #${pr_number} for codeowner approval label`);
-
-            const codeownersPatterns = loadCodeowners();
-            const action = await determineLabelAction(
-              github, owner, repo, pr_number, codeownersPatterns, LABEL_NAME
-            );
-
-            if (action === LabelAction.NONE) {
-              console.log('No label change needed');
-              return;
-            }
-
-            try {
-              if (action === LabelAction.ADD) {
-                await github.rest.issues.addLabels({
-                  owner, repo, issue_number: pr_number, labels: [LABEL_NAME]
-                });
-                console.log(`Added '${LABEL_NAME}' label`);
-              } else if (action === LabelAction.REMOVE) {
-                await github.rest.issues.removeLabel({
-                  owner, repo, issue_number: pr_number, name: LABEL_NAME
-                });
-                console.log(`Removed '${LABEL_NAME}' label`);
-              }
-            } catch (error) {
-              if (error.status === 403) {
-                console.log(`Warning: insufficient permissions to update label (expected for fork PRs)`);
-              } else if (error.status === 404) {
-                console.log(`Label '${LABEL_NAME}' not present, nothing to remove`);
-              } else {
-                throw error;
-              }
-            }

.github/workflows/codeowner-review-request.yml

@@ -13,14 +13,10 @@ on:
   # Needs to be pull_request_target to get write permissions
   pull_request_target:
     types: [opened, reopened, synchronize, ready_for_review]
-    branches-ignore:
-      - release
-      - beta
 
-# PR/review writes (requestReviewers, issues.createComment) are performed with the App token minted below,
-# so the workflow's GITHUB_TOKEN only needs read access for checkout.
 permissions:
-  contents: read  # actions/checkout to read CODEOWNERS and the shared codeowners.js helper
+  pull-requests: write
+  contents: read
 
 jobs:
   request-codeowner-reviews:
@@ -28,28 +24,10 @@ jobs:
     if: ${{ github.repository == 'esphome/esphome' && !github.event.pull_request.draft }}
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout base branch
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by the github-script step below.
-          permission-pull-requests: write  # pulls.listFiles, pulls.get, pulls.listReviews, pulls.requestReviewers
-          permission-issues: write         # issues.listComments and issues.createComment (PR comments use the issues API)
-
       - name: Request reviews from component codeowners
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
-          github-token: ${{ steps.generate-token.outputs.token }}
           script: |
-            const { loadCodeowners, getEffectiveOwners } = require('./.github/scripts/codeowners.js');
-
             const owner = context.repo.owner;
             const repo = context.repo.repo;
             const pr_number = context.payload.pull_request.number;
@@ -60,15 +38,12 @@ jobs:
             const BOT_COMMENT_MARKER = '<!-- codeowner-review-request-bot -->';
 
             try {
-              // Get the list of changed files in this PR (with pagination)
-              const files = await github.paginate(
-                github.rest.pulls.listFiles,
-                {
-                  owner,
-                  repo,
-                  pull_number: pr_number
-                }
-              );
+              // Get the list of changed files in this PR
+              const { data: files } = await github.rest.pulls.listFiles({
+                owner,
+                repo,
+                pull_number: pr_number
+              });
 
               const changedFiles = files.map(file => file.filename);
               console.log(`Found ${changedFiles.length} changed files`);
@@ -78,10 +53,32 @@ jobs:
                 return;
               }
 
-              // Parse CODEOWNERS from the checked-out base branch
-              const codeownersPatterns = loadCodeowners();
+              // Fetch CODEOWNERS file from root
+              const { data: codeownersFile } = await github.rest.repos.getContent({
+                owner,
+                repo,
+                path: 'CODEOWNERS',
+                ref: context.payload.pull_request.base.sha
+              });
+              const codeownersContent = Buffer.from(codeownersFile.content, 'base64').toString('utf8');
 
-              console.log(`Parsed ${codeownersPatterns.length} codeowner patterns`);
+              // Parse CODEOWNERS file to extract all patterns and their owners
+              const codeownersLines = codeownersContent.split('\n')
+                .map(line => line.trim())
+                .filter(line => line && !line.startsWith('#'));
+
+              const codeownersPatterns = [];
+
+              // Convert CODEOWNERS pattern to regex (robust glob handling)
+              function globToRegex(pattern) {
+                // Escape regex special characters except for glob wildcards
+                let regexStr = pattern
+                  .replace(/([.+^=!:${}()|[\]\\])/g, '\\$1') // escape regex chars
+                  .replace(/\*\*/g, '.*') // globstar
+                  .replace(/\*/g, '[^/]*') // single star
+                  .replace(/\?/g, '.'); // question mark
+                return new RegExp('^' + regexStr + '$');
+              }
 
               // Helper function to create comment body
               function createCommentBody(reviewersList, teamsList, matchedFileCount, isSuccessful = true) {
@@ -96,11 +93,50 @@ jobs:
                 }
               }
 
-              // Match changed files against CODEOWNERS patterns using last-match-wins semantics
-              const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-              const matchedOwners = effective.users;
-              const matchedTeams = effective.teams;
-              const matchedFileCount = effective.matchedFileCount;
+              for (const line of codeownersLines) {
+                const parts = line.split(/\s+/);
+                if (parts.length < 2) continue;
+
+                const pattern = parts[0];
+                const owners = parts.slice(1);
+
+                // Use robust glob-to-regex conversion
+                const regex = globToRegex(pattern);
+                codeownersPatterns.push({ pattern, regex, owners });
+              }
+
+              console.log(`Parsed ${codeownersPatterns.length} codeowner patterns`);
+
+              // Match changed files against CODEOWNERS patterns
+              const matchedOwners = new Set();
+              const matchedTeams = new Set();
+              const fileMatches = new Map(); // Track which files matched which patterns
+
+              for (const file of changedFiles) {
+                for (const { pattern, regex, owners } of codeownersPatterns) {
+                  if (regex.test(file)) {
+                    console.log(`File '${file}' matches pattern '${pattern}' with owners: ${owners.join(', ')}`);
+
+                    if (!fileMatches.has(file)) {
+                      fileMatches.set(file, []);
+                    }
+                    fileMatches.get(file).push({ pattern, owners });
+
+                    // Add owners to the appropriate set (remove @ prefix)
+                    for (const owner of owners) {
+                      const cleanOwner = owner.startsWith('@') ? owner.slice(1) : owner;
+                      if (cleanOwner.includes('/')) {
+                        // Team mention (org/team-name)
+                        const teamName = cleanOwner.split('/')[1];
+                        matchedTeams.add(teamName);
+                      } else {
+                        // Individual user
+                        matchedOwners.add(cleanOwner);
+                      }
+                    }
+                  }
+                }
+              }
 
               if (matchedOwners.size === 0 && matchedTeams.size === 0) {
                 console.log('No codeowners found for any changed files');
@@ -134,14 +170,11 @@ jobs:
               }
 
               // Check for completed reviews to avoid re-requesting users who have already reviewed
-              const reviews = await github.paginate(
-                github.rest.pulls.listReviews,
-                {
-                  owner,
-                  repo,
-                  pull_number: pr_number
-                }
-              );
+              const { data: reviews } = await github.rest.pulls.listReviews({
+                owner,
+                repo,
+                pull_number: pr_number
+              });
 
               const reviewedUsers = new Set();
               reviews.forEach(review => {
@@ -214,7 +247,7 @@ jobs:
               }
 
               const totalReviewers = reviewersList.length + teamsList.length;
-              console.log(`Requesting reviews from ${reviewersList.length} users and ${teamsList.length} teams for ${matchedFileCount} matched files`);
+              console.log(`Requesting reviews from ${reviewersList.length} users and ${teamsList.length} teams for ${fileMatches.size} matched files`);
 
               // Request reviews
               try {
@@ -246,7 +279,7 @@ jobs:
 
                 // Only add a comment if there are new codeowners to mention (not previously pinged)
                 if (reviewersList.length > 0 || teamsList.length > 0) {
-                  const commentBody = createCommentBody(reviewersList, teamsList, matchedFileCount, true);
+                  const commentBody = createCommentBody(reviewersList, teamsList, fileMatches.size, true);
 
                   await github.rest.issues.createComment({
                     owner,
@@ -264,7 +297,7 @@ jobs:
 
                   // Only try to add a comment if there are new codeowners to mention
                   if (reviewersList.length > 0 || teamsList.length > 0) {
-                    const commentBody = createCommentBody(reviewersList, teamsList, matchedFileCount, false);
+                    const commentBody = createCommentBody(reviewersList, teamsList, fileMatches.size, false);
 
                     try {
                       await github.rest.issues.createComment({

.github/workflows/codeql.yml

@@ -16,9 +16,6 @@ on:
   schedule:
     - cron: "30 18 * * 4"
 
-# Deny by default; the analyze job opts in to exactly what it needs.
-permissions: {}
-
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
@@ -29,10 +26,15 @@ jobs:
     # Consider using larger runners or machines with greater resources for possible analysis time improvements.
     runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
     permissions:
-      security-events: write  # upload CodeQL SARIF results to the Code Scanning API
-      packages: read          # fetch internal or private CodeQL query packs
-      actions: read           # required by codeql-action when run from a private repo
-      contents: read          # actions/checkout to scan the repository
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
 
     strategy:
       fail-fast: false
@@ -52,11 +54,11 @@ jobs:
             # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -84,6 +86,6 @@ jobs:
           exit 1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dashboard-deprecation-comment.yml

@@ -1,119 +0,0 @@
-name: Add Dashboard Deprecation Comment
-
-on:
-  pull_request_target:
-    types: [opened, synchronize]
-
-# All API calls (pulls.listFiles + issues.{list,create,update}Comment) are performed with
-# the App token minted below, so the workflow's GITHUB_TOKEN does not need any scopes.
-permissions: {}
-
-jobs:
-  dashboard-deprecation-comment:
-    name: Dashboard deprecation comment
-    runs-on: ubuntu-latest
-    # Release-bump PRs (bump-X.Y.Z -> beta, beta -> release) inevitably
-    # roll up everything merged into dev since the last cut, which can
-    # include dashboard changes that have already been reviewed once.
-    # The bot's purpose is to warn new contributors before they invest
-    # time -- that only applies to PRs entering dev.
-    if: github.event.pull_request.base.ref == 'dev'
-    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # pulls.listFiles + issues.{list,create,update}Comment on PRs. For PR resources
-          # the issues.*Comment APIs require the pull-requests scope, not issues.
-          permission-pull-requests: write
-
-      - name: Add dashboard deprecation comment
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const commentMarker = "<!-- This comment was generated automatically by the dashboard-deprecation-comment workflow. -->";
-
-            const commentBody = `Thanks for opening this PR!
-
-            Heads up: the legacy ESPHome dashboard (\`esphome/dashboard/\` and \`tests/dashboard/\`) is **deprecated** and is being replaced by [ESPHome Device Builder](https://github.com/esphome/device-builder). We are not adding new features to the legacy dashboard and it will eventually be removed from this repository.
-
-            What this means for your PR:
-
-            - **New features / enhancements**: please port the change to [esphome/device-builder](https://github.com/esphome/device-builder) instead. We are unlikely to review or merge new dashboard features here.
-            - **Bug fixes**: small fixes may still be considered, but please check first whether the same issue exists in Device Builder, where the fix will have a longer life.
-            - **Security issues**: please do not file a public PR. Report privately via [GitHub security advisories](https://github.com/esphome/esphome/security/advisories/new) so we can coordinate a fix.
-
-            We appreciate the contribution and apologize for the friction; flagging this early so your time isn't spent on a change that may not land.
-
-            ---
-            (Added by the PR bot)
-
-            ${commentMarker}`;
-
-            async function getDashboardChanges(github, owner, repo, prNumber) {
-                const changedFiles = await github.paginate(
-                    github.rest.pulls.listFiles,
-                    {
-                        owner: owner,
-                        repo: repo,
-                        pull_number: prNumber,
-                        per_page: 100,
-                    }
-                );
-
-                return changedFiles.filter(file =>
-                    file.filename.startsWith('esphome/dashboard/') ||
-                    file.filename.startsWith('tests/dashboard/')
-                );
-            }
-
-            async function findBotComment(github, owner, repo, prNumber) {
-                const comments = await github.paginate(
-                    github.rest.issues.listComments,
-                    {
-                        owner: owner,
-                        repo: repo,
-                        issue_number: prNumber,
-                        per_page: 100,
-                    }
-                );
-
-                return comments.find(comment =>
-                    comment.body.includes(commentMarker) && comment.user.type === "Bot"
-                );
-            }
-
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-
-            const dashboardChanges = await getDashboardChanges(github, owner, repo, prNumber);
-            const existingComment = await findBotComment(github, owner, repo, prNumber);
-
-            if (dashboardChanges.length === 0) {
-                // PR doesn't (or no longer) touches the legacy dashboard. If we previously
-                // commented (e.g. files were removed in a later push), leave the comment in
-                // place for history rather than thrash on edit/delete.
-                return;
-            }
-
-            if (existingComment) {
-                if (existingComment.body === commentBody) {
-                    return;
-                }
-                await github.rest.issues.updateComment({
-                    owner: owner,
-                    repo: repo,
-                    comment_id: existingComment.id,
-                    body: commentBody,
-                });
-            } else {
-                await github.rest.issues.createComment({
-                    owner: owner,
-                    repo: repo,
-                    issue_number: prNumber,
-                    body: commentBody,
-                });
-            }

.github/workflows/external-component-bot.yml

@@ -4,29 +4,20 @@ on:
   pull_request_target:
     types: [opened, synchronize]
 
-# All API calls (pulls.listFiles + issues.{list,create,update}Comment) are performed with
-# the App token minted below, so the workflow's GITHUB_TOKEN does not need any scopes.
-permissions: {}
+permissions:
+  contents: read       #  Needed to fetch PR details
+  issues: write        #  Needed to create and update comments (PR comments are managed via the issues REST API)
+  pull-requests: write  # also needed?
 
 jobs:
   external-comment:
     name: External component comment
     runs-on: ubuntu-latest
     steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # pulls.listFiles + issues.{list,create,update}Comment on PRs. For PR resources
-          # the issues.*Comment APIs require the pull-requests scope, not issues.
-          permission-pull-requests: write
-
       - name: Add external component comment
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             // Generate external component usage instructions
             function generateExternalComponentInstructions(prNumber, componentNames, owner, repo) {

.github/workflows/issue-codeowner-notify.yml

@@ -9,8 +9,8 @@ on:
     types: [labeled]
 
 permissions:
-  issues: write   # issues.createComment to mention component codeowners on the newly labelled issue
-  contents: read  # repos.getContent to fetch CODEOWNERS from the default branch
+  issues: write
+  contents: read
 
 jobs:
   notify-codeowners:
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Notify codeowners for component issues
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             const owner = context.repo.owner;

.github/workflows/lock.yml

@@ -6,12 +6,6 @@ on:
     - cron: "30 0 * * *"  # Run daily at 00:30 UTC
   workflow_dispatch:
 
-# Deny by default; the lock job opts in to exactly what the reusable workflow needs.
-permissions: {}
-
 jobs:
   lock:
-    permissions:
-      issues: write         # issues.lock on closed issues
-      pull-requests: write  # issues.lock on closed pull requests
-    uses: esphome/workflows/.github/workflows/lock.yml@025a1e6255610c498ed590403b7e510b69e474df  # 2026.4.1
+    uses: esphome/workflows/.github/workflows/lock.yml@main

.github/workflows/pr-title-check.yml

@@ -1,98 +0,0 @@
-name: PR Title Check
-
-on:
-  pull_request:
-    types: [opened, edited, synchronize, reopened]
-    branches-ignore:
-      - release
-      - beta
-
-permissions:
-  contents: read       # actions/checkout to load detect-tags.js
-  pull-requests: read  # pulls.listFiles to map changed files to component/core/dashboard/ci tags
-
-jobs:
-  check:
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
-
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const {
-              detectComponents,
-              hasCoreChanges,
-              hasDashboardChanges,
-              hasGitHubActionsChanges,
-            } = require('./.github/scripts/detect-tags.js');
-
-            const title = context.payload.pull_request.title;
-            const user = context.payload.pull_request.user;
-
-            // Skip bot PRs (e.g. dependabot, esphome[bot] device-class sync) -
-            // they have their own title formats.
-            if (user.type === 'Bot') {
-              return;
-            }
-
-            // Block titles starting with "word:" or "word(scope):" patterns
-            const commitStylePattern = /^\w+(\(.*?\))?[!]?\s*:/;
-            if (commitStylePattern.test(title)) {
-              core.setFailed(
-                `PR title should not start with a "prefix:" style format.\n` +
-                `Please use the format: [component] Brief description\n`
-              );
-              return;
-            }
-
-            // Get changed files to detect tags
-            const files = await github.paginate(github.rest.pulls.listFiles, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-            });
-            const filenames = files.map(f => f.filename);
-
-            // Detect tags from changed files using shared logic
-            const tags = new Set();
-
-            for (const comp of detectComponents(filenames)) {
-              tags.add(comp);
-            }
-            if (hasCoreChanges(filenames)) tags.add('core');
-            if (hasDashboardChanges(filenames)) tags.add('dashboard');
-            if (hasGitHubActionsChanges(filenames)) tags.add('ci');
-
-            if (tags.size === 0) {
-              return;
-            }
-
-            // Check for MDX syntax characters not wrapped in backticks.
-            // Astro docs MDX treats bare `<` as JSX component opening tags and
-            // bare `{` as JS expressions, so both must be escaped in changelog entries.
-            const stripped = title.replace(/`[^`]*`/g, '');
-            if (/[<>{}]/.test(stripped)) {
-              core.setFailed(
-                'PR title contains `<`, `>`, `{`, or `}` not wrapped in backticks.\n' +
-                'Astro docs MDX interprets bare `<` as JSX components and bare `{` as JS expressions.\n' +
-                'Please wrap these characters with backticks, e.g.: [component] Add `<feature>` support'
-              );
-              return;
-            }
-
-            // Check title starts with [tag] prefix
-            const bracketPattern = /^\[\w+\]/;
-            if (!bracketPattern.test(title)) {
-              const suggestion = [...tags].map(c => `[${c}]`).join('');
-              // Skip if the suggested prefix would be too long for a readable title
-              if (suggestion.length > 40) {
-                return;
-              }
-              core.setFailed(
-                `PR modifies: ${[...tags].join(', ')}\n` +
-                `Title must start with a [tag] prefix.\n` +
-                `Suggested: ${suggestion} <description>`
-              );
-            }

.github/workflows/release.yml

@@ -9,7 +9,7 @@ on:
     - cron: "0 2 * * *"
 
 permissions:
-  contents: read  # actions/checkout for all jobs; deploy jobs add their own scopes when they need to write
+  contents: read
 
 jobs:
   init:
@@ -20,7 +20,7 @@ jobs:
       branch_build: ${{ steps.tag.outputs.branch_build }}
       deploy_env: ${{ steps.tag.outputs.deploy_env }}
     steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Get tag
         id: tag
         # yamllint disable rule:line-length
@@ -57,12 +57,12 @@ jobs:
     if: github.repository == 'esphome/esphome' && github.event_name == 'release'
     runs-on: ubuntu-latest
     permissions:
-      contents: read   # actions/checkout to build the sdist/wheel
-      id-token: write  # OIDC token for PyPI Trusted Publishing (pypa/gh-action-pypi-publish)
+      contents: read
+      id-token: write
     steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: "3.x"
       - name: Build
@@ -70,7 +70,7 @@ jobs:
           pip3 install build
           python3 -m build
       - name: Publish
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
         with:
           skip-existing: true
 
@@ -78,8 +78,8 @@ jobs:
     name: Build ESPHome ${{ matrix.platform.arch }}
     if: github.repository == 'esphome/esphome'
     permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # docker/login-action + build-push-action push image digests to ghcr.io
+      contents: read
+      packages: write
     runs-on: ${{ matrix.platform.os }}
     needs: [init]
     strategy:
@@ -92,22 +92,22 @@ jobs:
             os: "ubuntu-24.04-arm"
 
     steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
           python-version: "3.11"
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
       - name: Log in to docker hub
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Log in to the GitHub container registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -138,7 +138,7 @@ jobs:
       #     version: ${{ needs.init.outputs.tag }}
 
       - name: Upload digests
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: digests-${{ matrix.platform.arch }}
           path: /tmp/digests
@@ -152,8 +152,8 @@ jobs:
       - deploy-docker
     if: github.repository == 'esphome/esphome'
     permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # docker/login-action + build-push-action push image digests to ghcr.io
+      contents: read
+      packages: write
     strategy:
       fail-fast: false
       matrix:
@@ -168,27 +168,27 @@ jobs:
           - ghcr
           - dockerhub
     steps:
-      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Download digests
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           pattern: digests-*
           path: /tmp/digests
           merge-multiple: true
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
 
       - name: Log in to docker hub
         if: matrix.registry == 'dockerhub'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Log in to the GitHub container registry
         if: matrix.registry == 'ghcr'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -212,32 +212,48 @@ jobs:
           docker buildx imagetools create $(jq -Rcnr 'inputs | . / "," | map("-t " + .) | join(" ")' <<< "${{ steps.tags.outputs.tags}}") \
             $(printf '${{ steps.tags.outputs.image }}@sha256:%s ' *)
 
-  version-notifier:
+  deploy-ha-addon-repo:
     if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
     runs-on: ubuntu-latest
     needs:
       - init
       - deploy-manifest
     steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          owner: esphome
-          repositories: version-notifier
-          permission-actions: write  # actions.createWorkflowDispatch on the target repo (only API call made with this token)
-
       - name: Trigger Workflow
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ secrets.DEPLOY_HA_ADDON_REPO_TOKEN }}
           script: |
-            await github.rest.actions.createWorkflowDispatch({
+            let description = "ESPHome";
+            if (context.eventName == "release") {
+              description = ${{ toJSON(github.event.release.body) }};
+            }
+            github.rest.actions.createWorkflowDispatch({
               owner: "esphome",
-              repo: "version-notifier",
-              workflow_id: "notify.yml",
+              repo: "home-assistant-addon",
+              workflow_id: "bump-version.yml",
+              ref: "main",
+              inputs: {
+                version: "${{ needs.init.outputs.tag }}",
+                content: description
+              }
+            })
+
+  deploy-esphome-schema:
+    if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
+    runs-on: ubuntu-latest
+    needs: [init]
+    environment: ${{ needs.init.outputs.deploy_env }}
+    steps:
+      - name: Trigger Workflow
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ secrets.DEPLOY_ESPHOME_SCHEMA_REPO_TOKEN }}
+          script: |
+            github.rest.actions.createWorkflowDispatch({
+              owner: "esphome",
+              repo: "esphome-schema",
+              workflow_id: "generate-schemas.yml",
               ref: "main",
               inputs: {
                 version: "${{ needs.init.outputs.tag }}",

.github/workflows/stale.yml

@@ -7,8 +7,8 @@ on:
   workflow_dispatch:
 
 permissions:
-  issues: write         # actions/stale labels, comments on, and closes stale issues
-  pull-requests: write  # actions/stale labels, comments on, and closes stale pull requests
+  issues: write
+  pull-requests: write
 
 concurrency:
   group: lock
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Stale
-        uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
+        uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with:
           debug-only: ${{ github.ref != 'refs/heads/dev' }} # Dry-run when not run on dev branch
           remove-stale-when-updated: true

.github/workflows/status-check-labels.yml

@@ -2,32 +2,30 @@ name: Status check labels
 
 on:
   pull_request:
-    types: [opened, reopened, labeled, unlabeled, synchronize]
-
-permissions:
-  pull-requests: read  # issues.listLabelsOnIssue to detect blocking labels (needs-docs, merge-after-release, chained-pr)
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+    types: [labeled, unlabeled]
 
 jobs:
   check:
-    name: Check blocking labels
+    name: Check ${{ matrix.label }}
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        label:
+          - needs-docs
+          - merge-after-release
+          - chained-pr
     steps:
-      - name: Check for blocking labels
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      - name: Check for ${{ matrix.label }} label
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
-            const blockingLabels = ['needs-docs', 'merge-after-release', 'chained-pr'];
             const { data: labels } = await github.rest.issues.listLabelsOnIssue({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: context.issue.number
             });
-            const labelNames = labels.map(l => l.name);
-            const found = blockingLabels.filter(bl => labelNames.includes(bl));
-            if (found.length > 0) {
-              core.setFailed(`Pull request cannot be merged, it has blocking label(s): ${found.join(', ')}`);
+            const hasLabel = labels.find(label => label.name === '${{ matrix.label }}');
+            if (hasLabel) {
+              core.setFailed('Pull request cannot be merged, it is labeled as ${{ matrix.label }}');
             }

.github/workflows/sync-device-classes.yml

@@ -6,94 +6,42 @@ on:
   schedule:
     - cron: "45 6 * * *"
 
-# Repo writes (branch push, PR open) happen via the App token minted below,
-# so the workflow's GITHUB_TOKEN does not need any write scopes.
-permissions:
-  contents: read  # actions/checkout for this repo and home-assistant/core
-
 jobs:
   sync:
     name: Sync Device Classes
     runs-on: ubuntu-latest
     if: github.repository == 'esphome/esphome'
     steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by peter-evans/create-pull-request.
-          permission-contents: write       # git.createCommit + refs.create/update to push the sync/device-classes branch
-          permission-pull-requests: write  # pulls.create / pulls.update to open or refresh the sync PR
-
       - name: Checkout
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Checkout Home Assistant
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           repository: home-assistant/core
           path: lib/home-assistant
 
       - name: Setup Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
         with:
-          python-version: "3.14"
-
-      - name: Set up uv
-        # An order of magnitude faster than pip on cold boots, with its
-        # own wheel cache. ``--system`` (below) installs into the
-        # setup-python interpreter so subsequent ``pre-commit`` /
-        # ``script/run-in-env.py`` steps find the deps without a
-        # ``uv run`` prefix.
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-        with:
-          enable-cache: true
-          # Pin uv version so the action does not have to fetch the
-          # manifest from raw.githubusercontent.com on every cache
-          # miss; that fetch flakes on Windows runners.
-          version: "0.11.15"
+          python-version: 3.13
 
       - name: Install Home Assistant
         run: |
-          uv pip install --system -e lib/home-assistant
-          uv pip install --system -r requirements.txt -r requirements_test.txt pre-commit
+          python -m pip install --upgrade pip
+          pip install -e lib/home-assistant
+          pip install -r requirements_test.txt pre-commit
 
       - name: Sync
         run: |
           python ./script/sync-device_class.py
 
-      - name: Apply pre-commit auto-fixes
-        # First pass: let formatters (ruff, end-of-file-fixer, etc.) modify
-        # files. pre-commit exits non-zero whenever a hook touches anything,
-        # which would otherwise abort the workflow before the auto-fixes
-        # can flow into the sync PR.
-        #
-        # SKIP:
-        #   - no-commit-to-branch is a local guard against committing on
-        #     dev/release/beta; CI runs on dev by definition, and
-        #     peter-evans/create-pull-request creates the branch itself.
-        #   - pylint surfaces import-error / relative-beyond-top-level
-        #     noise here because this workflow installs only a subset of
-        #     the runtime deps (HA + requirements*.txt); main CI already
-        #     gates pylint on real PRs.
-        env:
-          SKIP: pylint,no-commit-to-branch
-        run: python script/run-in-env.py pre-commit run --all-files || true
-
-      - name: Verify pre-commit clean
-        # Second pass: re-run all hooks against the now-fixed tree.
-        # Auto-fixers exit 0 (nothing to change); any remaining failure
-        # from a check-only hook (flake8 / yamllint / ci-custom) is a
-        # real issue and fails the workflow loudly. Same SKIP list as
-        # above for the same reasons.
-        env:
-          SKIP: pylint,no-commit-to-branch
-        run: python script/run-in-env.py pre-commit run --all-files
+      - name: Run pre-commit hooks
+        run: |
+          python script/run-in-env.py pre-commit run --all-files
 
       - name: Commit changes
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
         with:
           commit-message: "Synchronise Device Classes from Home Assistant"
           committer: esphomebot <esphome@openhomefoundation.org>
@@ -102,4 +50,4 @@ jobs:
           delete-branch: true
           title: "Synchronise Device Classes from Home Assistant"
           body-path: .github/PULL_REQUEST_TEMPLATE.md
-          token: ${{ steps.generate-token.outputs.token }}
+          token: ${{ secrets.DEVICE_CLASS_SYNC_TOKEN }}

.gitignore

@@ -91,10 +91,6 @@ venv-*/
 # mypy
 .mypy_cache/
 
-# nix
-/default.nix
-/shell.nix
-
 .pioenvs
 .piolibdeps
 .pio
@@ -141,12 +137,10 @@ tests/.esphome/
 
 sdkconfig.*
 !sdkconfig.defaults
-!sdkconfig.defaults.*
 
 .tests/
 
 /components
 /managed_components
-/dependencies.lock
 
 api-docs/

.pre-commit-config.yaml

@@ -11,7 +11,7 @@ ci:
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.15.15
+    rev: v0.14.5
     hooks:
       # Run the linter.
       - id: ruff
@@ -37,7 +37,7 @@ repos:
       - id: end-of-file-fixer
       - id: trailing-whitespace
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.21.2
+    rev: v3.20.0
     hooks:
       - id: pyupgrade
         args: [--py311-plus]
@@ -55,18 +55,13 @@ repos:
     hooks:
       - id: pylint
         name: pylint
-        entry: python script/run-in-env.py pylint
+        entry: python3 script/run-in-env.py pylint
         language: system
         types: [python]
-        files: ^esphome/.+\.py$
       - id: clang-tidy-hash
         name: Update clang-tidy hash
         entry: python script/clang_tidy_hash.py --update-if-changed
         language: python
-        files: ^(\.clang-tidy|platformio\.ini|requirements_dev\.txt|sdkconfig\.defaults|esphome/idf_component\.yml)$
+        files: ^(\.clang-tidy|platformio\.ini|requirements_dev\.txt)$
         pass_filenames: false
         additional_dependencies: []
-      - id: ci-custom
-        name: ci-custom
-        entry: python script/run-in-env.py script/ci-custom.py
-        language: system

CLAUDE.md

@@ -1 +1 @@
-AGENTS.md
+.ai/instructions.md

CODEOWNERS

@@ -19,15 +19,15 @@ esphome/components/ac_dimmer/* @glmnet
 esphome/components/adc/* @esphome/core
 esphome/components/adc128s102/* @DeerMaximum
 esphome/components/addressable_light/* @justfalter
+esphome/components/ade7880/* @kpfleming
 esphome/components/ade7953/* @angelnu
-esphome/components/ade7953_base/* @angelnu
 esphome/components/ade7953_i2c/* @angelnu
 esphome/components/ade7953_spi/* @angelnu
 esphome/components/ads1118/* @solomondg1
 esphome/components/ags10/* @mak-42
 esphome/components/aic3204/* @kbx81
 esphome/components/airthings_ble/* @jeromelaban
-esphome/components/airthings_wave_base/* @jeromelaban @ncareau
+esphome/components/airthings_wave_base/* @jeromelaban @kpfleming @ncareau
 esphome/components/airthings_wave_mini/* @ncareau
 esphome/components/airthings_wave_plus/* @jeromelaban @precurse
 esphome/components/alarm_control_panel/* @grahambrown11 @hwstar
@@ -41,7 +41,6 @@ esphome/components/animation/* @syndlex
 esphome/components/anova/* @buxtronix
 esphome/components/apds9306/* @aodrenah
 esphome/components/api/* @esphome/core
-esphome/components/aqi/* @freekode @jasstrong @ximex
 esphome/components/as5600/* @ammmze
 esphome/components/as5600/sensor/* @ammmze
 esphome/components/as7341/* @mrgnr
@@ -53,9 +52,6 @@ esphome/components/atm90e32/* @circuitsetup @descipher
 esphome/components/audio/* @kahrendt
 esphome/components/audio_adc/* @kbx81
 esphome/components/audio_dac/* @kbx81
-esphome/components/audio_file/* @kahrendt
-esphome/components/audio_file/media_source/* @kahrendt
-esphome/components/audio_http/* @kahrendt
 esphome/components/axs15231/* @clydebarrow
 esphome/components/b_parasite/* @rbaron
 esphome/components/ballu/* @bazuchan
@@ -83,7 +79,6 @@ esphome/components/bme680_bsec/* @trvrnrth
 esphome/components/bme68x_bsec2/* @kbx81 @neffs
 esphome/components/bme68x_bsec2_i2c/* @kbx81 @neffs
 esphome/components/bmi160/* @flaviut
-esphome/components/bmi270/* @clydebarrow
 esphome/components/bmp280_base/* @ademuri
 esphome/components/bmp280_i2c/* @ademuri
 esphome/components/bmp280_spi/* @ademuri
@@ -91,12 +86,9 @@ esphome/components/bmp3xx/* @latonita
 esphome/components/bmp3xx_base/* @latonita @martgras
 esphome/components/bmp3xx_i2c/* @latonita
 esphome/components/bmp3xx_spi/* @latonita
-esphome/components/bmp581_base/* @danielkent-net @kahrendt
-esphome/components/bmp581_i2c/* @danielkent-net @kahrendt
-esphome/components/bmp581_spi/* @danielkent-net @kahrendt
+esphome/components/bmp581/* @kahrendt
 esphome/components/bp1658cj/* @Cossid
 esphome/components/bp5758d/* @Cossid
-esphome/components/bthome_mithermometer/* @nagyrobi
 esphome/components/button/* @esphome/core
 esphome/components/bytebuffer/* @clydebarrow
 esphome/components/camera/* @bdraco @DT-art1
@@ -104,11 +96,9 @@ esphome/components/camera_encoder/* @DT-art1
 esphome/components/canbus/* @danielschramm @mvturnho
 esphome/components/cap1188/* @mreditor97
 esphome/components/captive_portal/* @esphome/core
-esphome/components/cc1101/* @gabest11 @lygris
 esphome/components/ccs811/* @habbie
 esphome/components/cd74hc4067/* @asoehlke
 esphome/components/ch422g/* @clydebarrow @jesterret
-esphome/components/ch423/* @dwmw2
 esphome/components/chsc6x/* @kkosik20
 esphome/components/climate/* @esphome/core
 esphome/components/climate_ir/* @glmnet
@@ -134,22 +124,19 @@ esphome/components/dashboard_import/* @esphome/core
 esphome/components/datetime/* @jesserockz @rfdarter
 esphome/components/debug/* @esphome/core
 esphome/components/delonghi/* @grob6000
-esphome/components/dew_point/* @CFlix
 esphome/components/dfplayer/* @glmnet
 esphome/components/dfrobot_sen0395/* @niklasweber
 esphome/components/dht/* @OttoWinter
 esphome/components/display_menu_base/* @numo68
-esphome/components/dlms_meter/* @latonita @PolarGoose @SimonFischer04 @Tomer27cz
 esphome/components/dps310/* @kbx81
 esphome/components/ds1307/* @badbadc0ffee
 esphome/components/ds2484/* @mrk-its
-esphome/components/dsmr/* @glmnet @PolarGoose
+esphome/components/dsmr/* @glmnet @zuidwijk
 esphome/components/duty_time/* @dudanov
 esphome/components/ee895/* @Stock-M
 esphome/components/ektf2232/touchscreen/* @jesserockz
 esphome/components/emc2101/* @ellull
 esphome/components/emmeti/* @E440QF
-esphome/components/emontx/* @FredM67 @glynhudson @TrystanLea
 esphome/components/ens160/* @latonita
 esphome/components/ens160_base/* @latonita @vincentscode
 esphome/components/ens160_i2c/* @latonita
@@ -202,7 +189,6 @@ esphome/components/gps/* @coogle @ximex
 esphome/components/graph/* @synco
 esphome/components/graphical_display_menu/* @MrMDavidson
 esphome/components/gree/* @orestismers
-esphome/components/gree/switch/* @nagyrobi
 esphome/components/grove_gas_mc_v2/* @YorkshireIoT
 esphome/components/grove_tb6612fng/* @max246
 esphome/components/growatt_solar/* @leeuwte
@@ -219,16 +205,12 @@ esphome/components/hbridge/light/* @DotNetDann
 esphome/components/hbridge/switch/* @dwmw2
 esphome/components/hc8/* @omartijn
 esphome/components/hdc2010/* @optimusprimespace @ssieb
-esphome/components/hdc2080/* @G-Pereira @jesserockz
-esphome/components/hdc302x/* @joshuasing
 esphome/components/he60r/* @clydebarrow
 esphome/components/heatpumpir/* @rob-deutsch
 esphome/components/hitachi_ac424/* @sourabhjaiswal
 esphome/components/hlk_fm22x/* @OnFreund
-esphome/components/hlw8032/* @rici4kubicek
 esphome/components/hm3301/* @freekode
 esphome/components/hmac_md5/* @dwmw2
-esphome/components/hmac_sha256/* @dwmw2
 esphome/components/homeassistant/* @esphome/core @OttoWinter
 esphome/components/homeassistant/number/* @landonr
 esphome/components/homeassistant/switch/* @Links2004
@@ -242,12 +224,12 @@ esphome/components/hte501/* @Stock-M
 esphome/components/http_request/ota/* @oarcher
 esphome/components/http_request/update/* @jesserockz
 esphome/components/htu31d/* @betterengineering
-esphome/components/hub75/* @stuartparmenter
 esphome/components/hydreon_rgxx/* @functionpointer
 esphome/components/hyt271/* @Philippe12
 esphome/components/i2c/* @esphome/core
 esphome/components/i2c_device/* @gabest11
 esphome/components/i2s_audio/* @jesserockz
+esphome/components/i2s_audio/media_player/* @jesserockz
 esphome/components/i2s_audio/microphone/* @jesserockz
 esphome/components/i2s_audio/speaker/* @jesserockz @kahrendt
 esphome/components/iaqcore/* @yozik04
@@ -259,13 +241,11 @@ esphome/components/ina260/* @mreditor97
 esphome/components/ina2xx_base/* @latonita
 esphome/components/ina2xx_i2c/* @latonita
 esphome/components/ina2xx_spi/* @latonita
-esphome/components/infrared/* @kbx81
 esphome/components/inkbird_ibsth1_mini/* @fkirill
 esphome/components/inkplate/* @jesserockz @JosipKuci
 esphome/components/integration/* @OttoWinter
 esphome/components/internal_temperature/* @Mat931
 esphome/components/interval/* @esphome/core
-esphome/components/ir_rf_proxy/* @kbx81
 esphome/components/jsn_sr04t/* @Mafus1
 esphome/components/json/* @esphome/core
 esphome/components/kamstrup_kmp/* @cfeenstra1024
@@ -291,7 +271,6 @@ esphome/components/lock/* @esphome/core
 esphome/components/logger/* @esphome/core
 esphome/components/logger/select/* @clydebarrow
 esphome/components/lps22/* @nagisa
-esphome/components/lsm6ds/* @clydebarrow
 esphome/components/ltr390/* @latonita @sjtrny
 esphome/components/ltr501/* @latonita
 esphome/components/ltr_als_ps/* @latonita
@@ -323,9 +302,8 @@ esphome/components/mcp9808/* @k7hpn
 esphome/components/md5/* @esphome/core
 esphome/components/mdns/* @esphome/core
 esphome/components/media_player/* @jesserockz
-esphome/components/media_source/* @kahrendt
 esphome/components/micro_wake_word/* @jesserockz @kahrendt
-esphome/components/micronova/* @edenhaus @jorre05
+esphome/components/micronova/* @jorre05
 esphome/components/microphone/* @jesserockz @kahrendt
 esphome/components/mics_4514/* @jesserockz
 esphome/components/midea/* @dudanov
@@ -334,7 +312,6 @@ esphome/components/mipi_dsi/* @clydebarrow
 esphome/components/mipi_rgb/* @clydebarrow
 esphome/components/mipi_spi/* @clydebarrow
 esphome/components/mitsubishi/* @RubyBailey
-esphome/components/mitsubishi_cn105/* @crnjan
 esphome/components/mixer/speaker/* @kahrendt
 esphome/components/mlx90393/* @functionpointer
 esphome/components/mlx90614/* @jesserockz
@@ -348,11 +325,9 @@ esphome/components/modbus_controller/select/* @martgras @stegm
 esphome/components/modbus_controller/sensor/* @martgras
 esphome/components/modbus_controller/switch/* @martgras
 esphome/components/modbus_controller/text_sensor/* @martgras
-esphome/components/modbus_server/* @exciton
 esphome/components/mopeka_ble/* @Fabian-Schmidt @spbrogan
 esphome/components/mopeka_pro_check/* @spbrogan
 esphome/components/mopeka_std_check/* @Fabian-Schmidt
-esphome/components/motion/* @esphome/core
 esphome/components/mpl3115a2/* @kbickar
 esphome/components/mpu6886/* @fabaff
 esphome/components/ms8607/* @e28eta
@@ -381,7 +356,6 @@ esphome/components/pca6416a/* @Mat931
 esphome/components/pca9554/* @bdraco @clydebarrow @hwstar
 esphome/components/pcf85063/* @brogon
 esphome/components/pcf8563/* @KoenBreeman
-esphome/components/pcm5122/* @remcom
 esphome/components/pi4ioe5v6408/* @jesserockz
 esphome/components/pid/* @OttoWinter
 esphome/components/pipsolar/* @andreashergert1984
@@ -408,27 +382,21 @@ esphome/components/qmp6988/* @andrewpc
 esphome/components/qr_code/* @wjtje
 esphome/components/qspi_dbi/* @clydebarrow
 esphome/components/qwiic_pir/* @kahrendt
-esphome/components/radio_frequency/* @kbx81
 esphome/components/radon_eye_ble/* @jeffeb3
 esphome/components/radon_eye_rd200/* @jeffeb3
 esphome/components/rc522/* @glmnet
 esphome/components/rc522_i2c/* @glmnet
 esphome/components/rc522_spi/* @glmnet
-esphome/components/rd03d/* @jasstrong
 esphome/components/resampler/speaker/* @kahrendt
 esphome/components/restart/* @esphome/core
 esphome/components/rf_bridge/* @jesserockz
 esphome/components/rgbct/* @jesserockz
-esphome/components/ring_buffer/* @kahrendt
-esphome/components/router/speaker/* @kahrendt
 esphome/components/rp2040/* @jesserockz
-esphome/components/rp2040_ble/* @bdraco
 esphome/components/rp2040_pio_led_strip/* @Papa-DMan
 esphome/components/rp2040_pwm/* @jesserockz
 esphome/components/rpi_dpi_rgb/* @clydebarrow
 esphome/components/rtl87xx/* @kuba2k2
-esphome/components/rtttl/* @glmnet @ximex
-esphome/components/runtime_image/* @clydebarrow @guillempages @kahrendt
+esphome/components/rtttl/* @glmnet
 esphome/components/runtime_stats/* @bdraco
 esphome/components/rx8130/* @beormund
 esphome/components/safe_mode/* @jsuanet @kbx81 @paulmonigatti
@@ -445,15 +413,8 @@ esphome/components/select/* @esphome/core
 esphome/components/sen0321/* @notjj
 esphome/components/sen21231/* @shreyaskarnik
 esphome/components/sen5x/* @martgras
-esphome/components/sen6x/* @martgras @mebner86 @mikelawrence @tuct
-esphome/components/sendspin/* @kahrendt
-esphome/components/sendspin/media_player/* @kahrendt
-esphome/components/sendspin/media_source/* @kahrendt
-esphome/components/sendspin/sensor/* @kahrendt
-esphome/components/sendspin/text_sensor/* @kahrendt
 esphome/components/sensirion_common/* @martgras
 esphome/components/sensor/* @esphome/core
-esphome/components/serial_proxy/* @kbx81
 esphome/components/sfa30/* @ghsensdev
 esphome/components/sgp40/* @SenexCrenshaw
 esphome/components/sgp4x/* @martgras @SenexCrenshaw
@@ -474,12 +435,8 @@ esphome/components/sn74hc165/* @jesserockz
 esphome/components/socket/* @esphome/core
 esphome/components/sonoff_d1/* @anatoly-savchenkov
 esphome/components/sound_level/* @kahrendt
-esphome/components/spa06_base/* @danielkent-net
-esphome/components/spa06_i2c/* @danielkent-net
-esphome/components/spa06_spi/* @danielkent-net
 esphome/components/speaker/* @jesserockz @kahrendt
 esphome/components/speaker/media_player/* @kahrendt @synesthesiam
-esphome/components/speaker_source/* @kahrendt
 esphome/components/spi/* @clydebarrow @esphome/core
 esphome/components/spi_device/* @clydebarrow
 esphome/components/spi_led_strip/* @clydebarrow
@@ -513,7 +470,6 @@ esphome/components/switch/* @esphome/core
 esphome/components/switch/binary_sensor/* @ssieb
 esphome/components/sx126x/* @swoboda1337
 esphome/components/sx127x/* @swoboda1337
-esphome/components/sy6970/* @linkedupbits
 esphome/components/syslog/* @clydebarrow
 esphome/components/t6615/* @tylermenezes
 esphome/components/tc74/* @sethgirvan
@@ -556,15 +512,13 @@ esphome/components/tuya/switch/* @jesserockz
 esphome/components/tuya/text_sensor/* @dentra
 esphome/components/uart/* @esphome/core
 esphome/components/uart/button/* @ssieb
-esphome/components/uart/event/* @eoasmxd
 esphome/components/uart/packet_transport/* @clydebarrow
 esphome/components/udp/* @clydebarrow
 esphome/components/ufire_ec/* @pvizeli
 esphome/components/ufire_ise/* @pvizeli
-esphome/components/ultrasonic/* @ssieb @swoboda1337
+esphome/components/ultrasonic/* @OttoWinter
 esphome/components/update/* @jesserockz
 esphome/components/uponor_smatrix/* @kroimon
-esphome/components/usb_cdc_acm/* @kbx81
 esphome/components/usb_host/* @clydebarrow
 esphome/components/usb_uart/* @clydebarrow
 esphome/components/valve/* @esphome/core
@@ -575,7 +529,6 @@ esphome/components/version/* @esphome/core
 esphome/components/voice_assistant/* @jesserockz @kahrendt
 esphome/components/wake_on_lan/* @clydebarrow @willwill2will54
 esphome/components/watchdog/* @oarcher
-esphome/components/water_heater/* @dhoeben
 esphome/components/waveshare_epaper/* @clydebarrow
 esphome/components/web_server/ota/* @esphome/core
 esphome/components/web_server_base/* @esphome/core
@@ -598,7 +551,6 @@ esphome/components/wk2212_spi/* @DrCoolZic
 esphome/components/wl_134/* @hobbypunk90
 esphome/components/wts01/* @alepee
 esphome/components/x9c/* @EtienneMD
-esphome/components/xdb401/* @RT530
 esphome/components/xgzp68xx/* @gcormier
 esphome/components/xiaomi_hhccjcy10/* @fariouche
 esphome/components/xiaomi_lywsd02mmc/* @juanluss31
@@ -611,8 +563,6 @@ esphome/components/xl9535/* @mreditor97
 esphome/components/xpt2046/touchscreen/* @nielsnl68 @numo68
 esphome/components/xxtea/* @clydebarrow
 esphome/components/zephyr/* @tomaszduda23
-esphome/components/zephyr_mcumgr/ota/* @tomaszduda23
 esphome/components/zhlt01/* @cfeenstra1024
-esphome/components/zigbee/* @luar123 @tomaszduda23
 esphome/components/zio_ultrasonic/* @kahrendt
 esphome/components/zwave_proxy/* @kbx81

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 We welcome contributions to the ESPHome suite of code and documentation!
 
-Please read our [contributing guide](https://developers.esphome.io/contributing/code/) if you wish to contribute to the
+Please read our [contributing guide](https://esphome.io/guides/contributing.html) if you wish to contribute to the
 project and be sure to join us on [Discord](https://discord.gg/KhAMKrd).
 
 **See also:**

Doxyfile

@@ -48,7 +48,7 @@ PROJECT_NAME           = ESPHome
 # could be handy for archiving the generated documentation or if some version
 # control system is used.
 
-PROJECT_NUMBER         = 2026.6.2
+PROJECT_NUMBER         = 2025.12.0-dev
 
 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a

GEMINI.md

@@ -1 +1 @@
-AGENTS.md
+.ai/instructions.md

MANIFEST.in

@@ -1,8 +1,6 @@
 include LICENSE
 include README.md
 include requirements.txt
-recursive-include esphome *.yaml
 recursive-include esphome *.cpp *.h *.tcc *.c
 recursive-include esphome *.py.script
-recursive-include esphome *.jinja
 recursive-include esphome LICENSE.txt

README.md

@@ -1,9 +1,9 @@
-# ESPHome [![Discord Chat](https://img.shields.io/discord/429907082951524364.svg)](https://discord.gg/KhAMKrd) [![GitHub release](https://img.shields.io/github/release/esphome/esphome.svg)](https://GitHub.com/esphome/esphome/releases/) [![CodSpeed](https://img.shields.io/endpoint?url=https://codspeed.io/badge.json)](https://codspeed.io/esphome/esphome)
+# ESPHome [![Discord Chat](https://img.shields.io/discord/429907082951524364.svg)](https://discord.gg/KhAMKrd) [![GitHub release](https://img.shields.io/github/release/esphome/esphome.svg)](https://GitHub.com/esphome/esphome/releases/)
 
 <a href="https://esphome.io/">
   <picture>
-    <source media="(prefers-color-scheme: dark)" srcset="https://media.esphome.io/logo/logo-text-on-dark.svg">
-    <img src="https://media.esphome.io/logo/logo-text-on-light.svg" alt="ESPHome Logo">
+    <source media="(prefers-color-scheme: dark)" srcset="https://esphome.io/_static/logo-text-on-dark.svg", alt="ESPHome Logo">
+    <img src="https://esphome.io/_static/logo-text-on-light.svg" alt="ESPHome Logo">
   </picture>
 </a>
 

codecov.yml

@@ -1,18 +0,0 @@
-coverage:
-  status:
-    patch:
-      default:
-        target: 100%
-        threshold: 0%
-    project:
-      default:
-        informational: true
-
-ignore:
-  - "esphome/components/**/*"
-  - "esphome/analyze_memory/**/*"
-  - "tests/integration/**/*"
-
-comment:
-  layout: "reach, diff, flags, files"
-  require_changes: true

docker/Dockerfile

@@ -1,29 +1,19 @@
 ARG BUILD_VERSION=dev
-ARG BUILD_BASE_VERSION=2026.06.0
+ARG BUILD_OS=alpine
+ARG BUILD_BASE_VERSION=2025.04.0
 ARG BUILD_TYPE=docker
 
-FROM ghcr.io/esphome/docker-base:debian-${BUILD_BASE_VERSION} AS base-source-docker
-FROM ghcr.io/esphome/docker-base:debian-ha-addon-${BUILD_BASE_VERSION} AS base-source-ha-addon
+FROM ghcr.io/esphome/docker-base:${BUILD_OS}-${BUILD_BASE_VERSION} AS base-source-docker
+FROM ghcr.io/esphome/docker-base:${BUILD_OS}-ha-addon-${BUILD_BASE_VERSION} AS base-source-ha-addon
 
 ARG BUILD_TYPE
 FROM base-source-${BUILD_TYPE} AS base
 
-RUN git config --system --add safe.directory "*" \
-    && git config --system advice.detachedHead false
-
-# Install build tools for Python packages that require compilation
-# (e.g., ruamel.yaml.clib used by ESP-IDF's idf-component-manager).
-# Also install libusb-1.0 at runtime so the ESP-IDF tools installer can
-# validate openocd-esp32 (it dynamically links libusb-1.0.so.0); without
-# it idf_tools.py rejects the openocd install with exit 127 and aborts
-# the whole framework setup.
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends build-essential libusb-1.0-0 \
-    && rm -rf /var/lib/apt/lists/*
+RUN git config --system --add safe.directory "*"
 
 ENV PIP_DISABLE_PIP_VERSION_CHECK=1
 
-RUN pip install --no-cache-dir -U pip uv==0.10.1
+RUN pip install --no-cache-dir -U pip uv==0.6.14
 
 COPY requirements.txt /
 
@@ -31,9 +21,6 @@ RUN \
     uv pip install --no-cache-dir \
     -r /requirements.txt
 
-# Install the ESPHome Device Builder dashboard.
-RUN uv pip install --no-cache-dir esphome-device-builder==1.0.12
-
 RUN \
     platformio settings set enable_telemetry No \
     && platformio settings set check_platformio_interval 1000000 \

docker/build.py

@@ -20,10 +20,6 @@ TYPE_HA_ADDON = "ha-addon"
 TYPE_LINT = "lint"
 TYPES = [TYPE_DOCKER, TYPE_HA_ADDON, TYPE_LINT]
 
-REGISTRY_GHCR = "ghcr"
-REGISTRY_DOCKERHUB = "dockerhub"
-REGISTRIES = [REGISTRY_GHCR, REGISTRY_DOCKERHUB]
-
 
 parser = argparse.ArgumentParser()
 parser.add_argument(
@@ -38,12 +34,6 @@ parser.add_argument(
 parser.add_argument(
     "--build-type", choices=TYPES, required=True, help="The type of build to run"
 )
-parser.add_argument(
-    "--registry",
-    choices=REGISTRIES,
-    action="append",
-    help="Restrict to specific registries (default: all). May be passed multiple times.",
-)
 parser.add_argument(
     "--dry-run", action="store_true", help="Don't run any commands, just print them"
 )
@@ -55,11 +45,6 @@ build_parser.add_argument("--push", help="Also push the images", action="store_t
 build_parser.add_argument(
     "--load", help="Load the docker image locally", action="store_true"
 )
-build_parser.add_argument(
-    "--no-cache-to",
-    help="Don't write the build cache (avoids polluting the shared cache)",
-    action="store_true",
-)
 manifest_parser = subparsers.add_parser(
     "manifest", help="Create a manifest from already pushed images"
 )
@@ -110,14 +95,11 @@ def main():
                 print("Command failed")
                 sys.exit(1)
 
-    registries = args.registry or REGISTRIES
-
     # detect channel from tag
     match = re.match(r"^(\d+\.\d+)(?:\.\d+)?(b\d+)?$", args.tag)
     major_minor_version = None
     if match is None:
-        # Custom tag (e.g. a branch name) -- push only the tag itself
-        channel = None
+        channel = CHANNEL_DEV
     elif match.group(2) is None:
         major_minor_version = match.group(1)
         channel = CHANNEL_RELEASE
@@ -146,18 +128,11 @@ def main():
             CHANNEL_DEV: "cache-dev",
             CHANNEL_BETA: "cache-beta",
             CHANNEL_RELEASE: "cache-latest",
-        }.get(channel, "cache-dev")
-        # Cache images live alongside the pushed images; prefer GHCR when it is
-        # one of the selected registries, otherwise fall back to Docker Hub so a
-        # registry-restricted build doesn't need GHCR auth.
-        cache_prefix = "ghcr.io/" if REGISTRY_GHCR in registries else ""
-        cache_img = f"{cache_prefix}{params.build_to}:{cache_tag}"
+        }[channel]
+        cache_img = f"ghcr.io/{params.build_to}:{cache_tag}"
 
-        imgs = []
-        if REGISTRY_DOCKERHUB in registries:
-            imgs += [f"{params.build_to}:{tag}" for tag in tags_to_push]
-        if REGISTRY_GHCR in registries:
-            imgs += [f"ghcr.io/{params.build_to}:{tag}" for tag in tags_to_push]
+        imgs = [f"{params.build_to}:{tag}" for tag in tags_to_push]
+        imgs += [f"ghcr.io/{params.build_to}:{tag}" for tag in tags_to_push]
 
         # 3. build
         cmd = [
@@ -180,9 +155,7 @@ def main():
         for img in imgs:
             cmd += ["--tag", img]
         if args.push:
-            cmd += ["--push"]
-            if not args.no_cache_to:
-                cmd += ["--cache-to", f"type=registry,ref={cache_img},mode=max"]
+            cmd += ["--push", "--cache-to", f"type=registry,ref={cache_img},mode=max"]
         if args.load:
             cmd += ["--load"]
 
@@ -190,22 +163,20 @@ def main():
     elif args.command == "manifest":
         manifest = DockerParams.for_type_arch(args.build_type, ARCH_AMD64).manifest_to
 
-        targets = []
-        if REGISTRY_DOCKERHUB in registries:
-            targets += [f"{manifest}:{tag}" for tag in tags_to_push]
-        if REGISTRY_GHCR in registries:
-            targets += [f"ghcr.io/{manifest}:{tag}" for tag in tags_to_push]
-        # Use buildx imagetools (not `docker manifest`) so the per-arch sources,
-        # which buildx pushes as single-platform manifest lists, are combined
-        # and pushed correctly in one step.
+        targets = [f"{manifest}:{tag}" for tag in tags_to_push]
+        targets += [f"ghcr.io/{manifest}:{tag}" for tag in tags_to_push]
+        # 1. Create manifests
         for target in targets:
-            cmd = ["docker", "buildx", "imagetools", "create", "--tag", target]
+            cmd = ["docker", "manifest", "create", target]
             for arch in ARCHS:
                 src = f"{DockerParams.for_type_arch(args.build_type, arch).build_to}:{args.tag}"
                 if target.startswith("ghcr.io"):
                     src = f"ghcr.io/{src}"
                 cmd.append(src)
             run_command(*cmd)
+        # 2. Push manifests
+        for target in targets:
+            run_command("docker", "manifest", "push", target)
 
 
 if __name__ == "__main__":

docker/docker_entrypoint.sh

@@ -27,12 +27,4 @@ if [[ -d /build ]]; then
     export ESPHOME_BUILD_PATH=/build
 fi
 
-# The default CMD is "dashboard /config". Route the dashboard to the new
-# Device Builder, but pass every other subcommand (compile, run, config,
-# logs, ...) straight through to the esphome CLI so direct CLI use keeps working.
-if [[ "$1" == "dashboard" ]]; then
-    shift
-    exec esphome-device-builder "$@"
-fi
-
 exec esphome "$@"

docker/ha-addon-rootfs/etc/nginx/includes/mime.types

@@ -0,0 +1,96 @@
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}

docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf

@@ -0,0 +1,16 @@
+proxy_http_version          1.1;
+proxy_ignore_client_abort   off;
+proxy_read_timeout          86400s;
+proxy_redirect              off;
+proxy_send_timeout          86400s;
+proxy_max_temp_file_size    0;
+
+proxy_set_header Accept-Encoding "";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Authorization "";

docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf

@@ -0,0 +1,8 @@
+root            /dev/null;
+server_name     $hostname;
+
+client_max_body_size 512m;
+
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;

docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf

@@ -0,0 +1,8 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;

docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf

@@ -0,0 +1,3 @@
+upstream esphome {
+    server unix:/var/run/esphome.sock;
+}

docker/ha-addon-rootfs/etc/nginx/nginx.conf

@@ -0,0 +1,30 @@
+daemon off;
+user root;
+pid /var/run/nginx.pid;
+worker_processes 1;
+error_log /proc/1/fd/1 error;
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/includes/mime.types;
+
+    access_log              off;
+    default_type            application/octet-stream;
+    gzip                    on;
+    keepalive_timeout       65;
+    sendfile                on;
+    server_tokens           off;
+
+    tcp_nodelay             on;
+    tcp_nopush              on;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    include /etc/nginx/includes/upstream.conf;
+    include /etc/nginx/servers/*.conf;
+}

docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep

@@ -0,0 +1 @@
+Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)

docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl

@@ -0,0 +1,28 @@
+server {
+    {{ if not .ssl }}
+    listen 6052 default_server;
+    {{ else }}
+    listen 6052 default_server ssl http2;
+    {{ end }}
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    {{ if .ssl }}
+    include /etc/nginx/includes/ssl_params.conf;
+
+    ssl_certificate /ssl/{{ .certfile }};
+    ssl_certificate_key /ssl/{{ .keyfile }};
+
+    # Redirect http requests to https on the same port.
+    # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/
+    error_page 497 https://$http_host$request_uri;
+    {{ end }}
+
+    # Clear Home Assistant Ingress header
+    proxy_set_header X-HA-Ingress "";
+
+    location / {
+        proxy_pass http://esphome;
+    }
+}

docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl

@@ -0,0 +1,18 @@
+server {
+    listen 127.0.0.1:{{ .port }} default_server;
+    listen {{ .interface }}:{{ .port }} default_server;
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    # Set Home Assistant Ingress header
+    proxy_set_header X-HA-Ingress "YES";
+
+    location / {
+        allow   172.30.32.2;
+        allow   127.0.0.1;
+        deny    all;
+
+        proxy_pass http://esphome;
+    }
+}

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run

@@ -16,7 +16,7 @@ fi
 
 port=$(bashio::addon.ingress_port)
 
-# Wait for the ESPHome Device Builder to become available
+# Wait for NGINX to become available
 bashio::net.wait_for "${port}" "127.0.0.1" 300
 
 config=$(\

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish

@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 # ==============================================================================
 # Home Assistant Community Add-on: ESPHome
-# Take down the S6 supervision tree when ESPHome Device Builder fails
+# Take down the S6 supervision tree when ESPHome dashboard fails
 # ==============================================================================
 declare exit_code
 readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
@@ -10,7 +10,7 @@ readonly exit_code_service="${1}"
 readonly exit_code_signal="${2}"
 
 bashio::log.info \
-  "Service ESPHome Device Builder exited with code ${exit_code_service}" \
+  "Service ESPHome dashboard exited with code ${exit_code_service}" \
   "(by signal ${exit_code_signal})"
 
 if [[ "${exit_code_service}" -eq 256 ]]; then

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run

@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 # ==============================================================================
 # Community Hass.io Add-ons: ESPHome
-# Runs the ESPHome Device Builder
+# Runs the ESPHome dashboard
 # ==============================================================================
 readonly pio_cache_base=/data/cache/platformio
 
@@ -49,21 +49,5 @@ if bashio::fs.directory_exists '/config/esphome/.esphome'; then
     rm -rf /config/esphome/.esphome
 fi
 
-# Only signal device-builder to expose the public LAN port when the operator
-# mapped port 6052, matching the legacy dashboard where nginx listened on the
-# fixed port 6052 only when it was configured. We use the mapping purely as a
-# presence check and don't forward the published value; device-builder binds
-# its default port 6052 (the fixed container port, as the legacy
-# "listen 6052" did). --ha-addon-allow-public is inert on its own: the no-auth
-# gate is the DISABLE_HA_AUTHENTICATION env var set above, so both opt-ins are
-# required to bind 6052 unauthenticated; either alone stays ingress-only.
-set --
-if bashio::var.has_value "$(bashio::addon.port 6052)"; then
-    set -- --ha-addon-allow-public
-fi
-
-bashio::log.info "Starting ESPHome Device Builder..."
-exec esphome-device-builder /config/esphome \
-    --ha-addon \
-    --ingress-port "$(bashio::addon.ingress_port)" \
-    "$@"
+bashio::log.info "Starting ESPHome dashboard..."
+exec esphome dashboard /config/esphome --socket /var/run/esphome.sock --ha-addon

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run

@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Configures NGINX for use with ESPHome
+# ==============================================================================
+mkdir -p /var/log/nginx
+
+# Generate Ingress configuration
+bashio::var.json \
+    interface "$(bashio::addon.ip_address)" \
+    port "^$(bashio::addon.ingress_port)" \
+    | tempio \
+        -template /etc/nginx/templates/ingress.gtpl \
+        -out /etc/nginx/servers/ingress.conf
+
+# Generate direct access configuration, if enabled.
+if bashio::var.has_value "$(bashio::addon.port 6052)"; then
+    bashio::config.require.ssl
+    bashio::var.json \
+        certfile "$(bashio::config 'certfile')" \
+        keyfile "$(bashio::config 'keyfile')" \
+        ssl "^$(bashio::config 'ssl')" \
+        | tempio \
+            -template /etc/nginx/templates/direct.gtpl \
+            -out /etc/nginx/servers/direct.conf
+fi

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type

@@ -0,0 +1 @@
+oneshot

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up

@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx/run

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish

@@ -0,0 +1,25 @@
+#!/command/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Take down the S6 supervision tree when NGINX fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+
+bashio::log.info \
+  "Service NGINX exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run

@@ -0,0 +1,15 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Runs the NGINX proxy
+# ==============================================================================
+
+bashio::log.info "Waiting for ESPHome dashboard to come up..."
+
+while [[ ! -S /var/run/esphome.sock ]]; do
+  sleep 0.5
+done
+
+bashio::log.info "Starting NGINX..."
+exec nginx

docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type

@@ -0,0 +1 @@
+longrun

esphome/address_cache.py

@@ -101,17 +101,6 @@ class AddressCache:
         """Check if any cache entries exist."""
         return bool(self.mdns_cache or self.dns_cache)
 
-    def add_mdns_addresses(self, hostname: str, addresses: list[str]) -> None:
-        """Store resolved mDNS addresses for ``hostname`` in the cache.
-
-        Callers that discover ``.local`` hosts (e.g. via mDNS browse) can use
-        this to avoid a second resolution round-trip during the upload path.
-        No-op when ``addresses`` is empty.
-        """
-        if not addresses:
-            return
-        self.mdns_cache[normalize_hostname(hostname)] = addresses
-
     @classmethod
     def from_cli_args(
         cls, mdns_args: Iterable[str], dns_args: Iterable[str]

esphome/analyze_memory/cli.py

@@ -1,40 +1,16 @@
 """CLI interface for memory analysis with report generation."""
 
-from __future__ import annotations
-
 from collections import defaultdict
-from collections.abc import Callable
-import heapq
-from operator import itemgetter
-from pathlib import Path
 import sys
-from typing import TYPE_CHECKING
 
 from . import (
     _COMPONENT_API,
     _COMPONENT_CORE,
     _COMPONENT_PREFIX_ESPHOME,
     _COMPONENT_PREFIX_EXTERNAL,
-    _COMPONENT_PREFIX_LIB,
-    _PSTORAGE_SUFFIX,
-    RAM_SECTIONS,
     MemoryAnalyzer,
 )
 
-if TYPE_CHECKING:
-    from . import ComponentMemory
-
-
-def _format_pstorage_name(name: str) -> str:
-    """Format a __pstorage symbol as 'storage for {id}'."""
-    if not name.endswith(_PSTORAGE_SUFFIX):
-        return name
-    prefix = name[: -len(_PSTORAGE_SUFFIX)]
-    # Strip component namespace prefix: {component}__{id} -> {id}
-    dunder_pos = prefix.find("__")
-    var_id = prefix[dunder_pos + 2 :] if dunder_pos != -1 else prefix
-    return f"storage for {var_id}"
-
 
 class MemoryAnalyzerCLI(MemoryAnalyzer):
     """Memory analyzer with CLI-specific report generation."""
@@ -43,12 +19,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
     SYMBOL_SIZE_THRESHOLD: int = (
         100  # Show symbols larger than this in detailed analysis
     )
-    # Lower threshold for RAM symbols (RAM is more constrained)
-    RAM_SYMBOL_SIZE_THRESHOLD: int = 24
-    # Number of top symbols to show in the largest symbols report
-    TOP_SYMBOLS_LIMIT: int = 30
-    # Width for symbol name display in top symbols report
-    COL_TOP_SYMBOL_NAME: int = 55
 
     # Column width constants
     COL_COMPONENT: int = 29
@@ -113,246 +83,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
         COL_CORE_PERCENT,
     )
 
-    def _add_section_header(self, lines: list[str], title: str) -> None:
-        """Add a section header with title centered between separator lines."""
-        lines.append("")
-        lines.append("=" * self.TABLE_WIDTH)
-        lines.append(title.center(self.TABLE_WIDTH))
-        lines.append("=" * self.TABLE_WIDTH)
-        lines.append("")
-
-    def _add_top_consumers(
-        self,
-        lines: list[str],
-        title: str,
-        components: list[tuple[str, ComponentMemory]],
-        get_size: Callable[[ComponentMemory], int],
-        total: int,
-        memory_type: str,
-        limit: int = 25,
-    ) -> None:
-        """Add a formatted list of top memory consumers to the report.
-
-        Args:
-            lines: List of report lines to append the output to.
-            title: Section title to print before the list.
-            components: Sequence of (name, ComponentMemory) tuples to analyze.
-            get_size: Callable that takes a ComponentMemory and returns the
-                size in bytes to use for ranking and display.
-            total: Total size in bytes for computing percentage usage.
-            memory_type: Label for the memory region (e.g., "flash" or "RAM").
-            limit: Maximum number of components to include in the list.
-        """
-        lines.append("")
-        lines.append(f"{title}:")
-        for i, (name, mem) in enumerate(components[:limit]):
-            size = get_size(mem)
-            if size > 0:
-                percentage = (size / total * 100) if total > 0 else 0
-                lines.append(
-                    f"{i + 1}. {name} ({size:,} B) - {percentage:.1f}% of analyzed {memory_type}"
-                )
-
-    def _format_symbol_with_section(
-        self, demangled: str, size: int, section: str | None = None
-    ) -> str:
-        """Format a symbol entry, optionally adding a RAM section label.
-
-        If section is one of the RAM sections (.data or .bss), a label like
-        " [data]" or " [bss]" is appended. For non-RAM sections or when
-        section is None, no section label is added.
-
-        Placement new storage symbols are formatted as "storage for {id}".
-        """
-        display_name = _format_pstorage_name(demangled)
-        section_label = ""
-        if section in RAM_SECTIONS:
-            section_label = f" [{section[1:]}]"  # .data -> [data], .bss -> [bss]
-        return f"{display_name} ({size:,} B){section_label}"
-
-    def _add_top_symbols(self, lines: list[str]) -> None:
-        """Add a section showing the top largest symbols in the binary."""
-        # Collect all symbols from all components: (symbol, demangled, size, section, component)
-        all_symbols = [
-            (symbol, demangled, size, section, component)
-            for component, symbols in self._component_symbols.items()
-            for symbol, demangled, size, section in symbols
-        ]
-
-        # Get top N symbols by size using heapq for efficiency
-        top_symbols = heapq.nlargest(
-            self.TOP_SYMBOLS_LIMIT, all_symbols, key=itemgetter(2)
-        )
-
-        lines.append("")
-        lines.append(f"Top {self.TOP_SYMBOLS_LIMIT} Largest Symbols:")
-        # Calculate truncation limit from column width (leaving room for "...")
-        truncate_limit = self.COL_TOP_SYMBOL_NAME - 3
-        for i, (_, demangled, size, section, component) in enumerate(top_symbols):
-            # Format section label
-            section_label = f"[{section[1:]}]" if section else ""
-            # Format storage symbols readably
-            display_name = _format_pstorage_name(demangled)
-            # Truncate if too long
-            demangled_display = (
-                f"{display_name[:truncate_limit]}..."
-                if len(display_name) > self.COL_TOP_SYMBOL_NAME
-                else display_name
-            )
-            lines.append(
-                f"{i + 1:>2}. {size:>7,} B {section_label:<8} {demangled_display:<{self.COL_TOP_SYMBOL_NAME}} {component}"
-            )
-
-    def _add_cswtch_analysis(self, lines: list[str]) -> None:
-        """Add CSWTCH (GCC switch table lookup) analysis section."""
-        self._add_section_header(lines, "CSWTCH Analysis (GCC Switch Table Lookups)")
-
-        total_size = sum(size for _, size, _, _ in self._cswtch_symbols)
-        lines.append(
-            f"Total: {len(self._cswtch_symbols)} switch table(s), {total_size:,} B"
-        )
-        lines.append("")
-
-        # Group by component
-        by_component: dict[str, list[tuple[str, int, str]]] = defaultdict(list)
-        for sym_name, size, source_file, component in self._cswtch_symbols:
-            by_component[component].append((sym_name, size, source_file))
-
-        # Sort components by total size descending
-        sorted_components = sorted(
-            by_component.items(),
-            key=lambda x: sum(s[1] for s in x[1]),
-            reverse=True,
-        )
-
-        for component, symbols in sorted_components:
-            comp_total = sum(s[1] for s in symbols)
-            lines.append(f"{component} ({comp_total:,} B, {len(symbols)} tables):")
-
-            # Group by source file within component
-            by_file: dict[str, list[tuple[str, int]]] = defaultdict(list)
-            for sym_name, size, source_file in symbols:
-                by_file[source_file].append((sym_name, size))
-
-            for source_file, file_symbols in sorted(
-                by_file.items(),
-                key=lambda x: sum(s[1] for s in x[1]),
-                reverse=True,
-            ):
-                file_total = sum(s[1] for s in file_symbols)
-                lines.append(
-                    f"  {source_file} ({file_total:,} B, {len(file_symbols)} tables)"
-                )
-                for sym_name, size in sorted(
-                    file_symbols, key=lambda x: x[1], reverse=True
-                ):
-                    lines.append(f"    {size:>6,} B  {sym_name}")
-            lines.append("")
-
-    # Number of top called functions to show
-    TOP_CALLS_LIMIT: int = 50
-    # Number of inlining candidates to show
-    INLINE_CANDIDATES_LIMIT: int = 25
-    # Maximum function size in bytes to consider for inlining
-    INLINE_SIZE_THRESHOLD: int = 16
-
-    def _build_symbol_sizes(self) -> dict[str, int]:
-        """Build a size lookup from all component symbols: mangled_name -> size."""
-        return {
-            symbol: size
-            for symbols in self._component_symbols.values()
-            for symbol, _, size, _ in symbols
-        }
-
-    def _format_call_row(
-        self, index: int, mangled: str, count: int, symbol_sizes: dict[str, int]
-    ) -> str:
-        """Format a single row for call frequency tables."""
-        demangled = self._demangle_cache.get(mangled, mangled)
-        if len(demangled) > 80:
-            demangled = f"{demangled[:77]}..."
-        size = symbol_sizes.get(mangled)
-        size_str = f"{size:>5,} B" if size is not None else "      ?"
-        return f"{index:>3}  {count:>5}  {size_str}  {demangled}"
-
-    def _add_call_table_header(self, lines: list[str]) -> None:
-        """Add the header row for call frequency tables."""
-        lines.append(f"{'#':>3}  {'Calls':>5}  {'Size':>7}  Function")
-        lines.append(f"{'---':>3}  {'-----':>5}  {'-------':>7}  {'-' * 60}")
-
-    def _add_function_call_analysis(self, lines: list[str]) -> None:
-        """Add function call frequency analysis section.
-
-        Shows the most frequently called functions by call site count.
-        """
-        self._add_section_header(lines, "Top Called Functions")
-
-        symbol_sizes = self._build_symbol_sizes()
-
-        # Sort by call count descending
-        sorted_calls = sorted(
-            self._function_call_counts.items(), key=lambda x: x[1], reverse=True
-        )
-
-        self._add_call_table_header(lines)
-
-        for i, (mangled, count) in enumerate(sorted_calls[: self.TOP_CALLS_LIMIT]):
-            lines.append(self._format_call_row(i + 1, mangled, count, symbol_sizes))
-
-        total_calls = sum(self._function_call_counts.values())
-        lines.append("")
-        lines.append(
-            f"Total: {len(self._function_call_counts)} unique targets, "
-            f"{total_calls:,} call sites"
-        )
-        lines.append("")
-
-    def _add_inline_candidates(self, lines: list[str]) -> None:
-        """Add inlining candidates section.
-
-        Shows frequently called functions that are small enough to benefit
-        from inlining (< 16 bytes). These are the best candidates for
-        reducing call overhead.
-        """
-        self._add_section_header(
-            lines,
-            f"Inlining Candidates (<{self.INLINE_SIZE_THRESHOLD} B, by call count)",
-        )
-
-        symbol_sizes = self._build_symbol_sizes()
-
-        # Filter to small functions with known size, sort by call count
-        candidates = sorted(
-            (
-                (mangled, count)
-                for mangled, count in self._function_call_counts.items()
-                if mangled in symbol_sizes
-                and symbol_sizes[mangled] < self.INLINE_SIZE_THRESHOLD
-            ),
-            key=lambda x: x[1],
-            reverse=True,
-        )
-
-        if not candidates:
-            lines.append("No candidates found.")
-            lines.append("")
-            return
-
-        self._add_call_table_header(lines)
-
-        for i, (mangled, count) in enumerate(
-            candidates[: self.INLINE_CANDIDATES_LIMIT]
-        ):
-            lines.append(self._format_call_row(i + 1, mangled, count, symbol_sizes))
-
-        lines.append("")
-        lines.append(
-            f"Showing top {min(len(candidates), self.INLINE_CANDIDATES_LIMIT)} "
-            f"of {len(candidates)} functions under "
-            f"{self.INLINE_SIZE_THRESHOLD} B"
-        )
-        lines.append("")
-
     def generate_report(self, detailed: bool = False) -> str:
         """Generate a formatted memory report."""
         components = sorted(
@@ -393,73 +123,43 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
             f"{total_flash:>{self.COL_TOTAL_FLASH - 2},} B | {total_ram:>{self.COL_TOTAL_RAM - 2},} B"
         )
 
-        # Show unattributed RAM (SDK/framework overhead)
-        unattributed_bss, unattributed_data, unattributed_total = (
-            self.get_unattributed_ram()
-        )
-        if unattributed_total > 0:
-            lines.append("")
-            lines.append(
-                f"Unattributed RAM: {unattributed_total:,} B (SDK/framework overhead)"
-            )
-            if unattributed_bss > 0 and unattributed_data > 0:
+        # Top consumers
+        lines.append("")
+        lines.append("Top Flash Consumers:")
+        for i, (name, mem) in enumerate(components[:25]):
+            if mem.flash_total > 0:
+                percentage = (
+                    (mem.flash_total / total_flash * 100) if total_flash > 0 else 0
+                )
                 lines.append(
-                    f"  .bss: {unattributed_bss:,} B | .data: {unattributed_data:,} B"
+                    f"{i + 1}. {name} ({mem.flash_total:,} B) - {percentage:.1f}% of analyzed flash"
                 )
 
-            # Show SDK symbol breakdown if available
-            sdk_by_lib = self.get_sdk_ram_by_library()
-            if sdk_by_lib:
-                lines.append("")
-                lines.append("SDK library breakdown (static symbols not in ELF):")
-                # Sort libraries by total size
-                lib_totals = [
-                    (lib, sum(s.size for s in syms), syms)
-                    for lib, syms in sdk_by_lib.items()
-                ]
-                lib_totals.sort(key=lambda x: x[1], reverse=True)
-
-                for lib_name, lib_total, syms in lib_totals:
-                    if lib_total == 0:
-                        continue
-                    lines.append(f"  {lib_name}: {lib_total:,} B")
-                    # Show top symbols from this library
-                    for sym in sorted(syms, key=lambda s: s.size, reverse=True)[:3]:
-                        section_label = sym.section.lstrip(".")
-                        # Use demangled name (falls back to original if not demangled)
-                        display_name = sym.demangled or sym.name
-                        if len(display_name) > 50:
-                            display_name = f"{display_name[:47]}..."
-                        lines.append(
-                            f"    {sym.size:>6,} B [{section_label}] {display_name}"
-                        )
-
-        # Top consumers
-        self._add_top_consumers(
-            lines,
-            "Top Flash Consumers",
-            components,
-            lambda m: m.flash_total,
-            total_flash,
-            "flash",
-        )
-
+        lines.append("")
+        lines.append("Top RAM Consumers:")
         ram_components = sorted(components, key=lambda x: x[1].ram_total, reverse=True)
-        self._add_top_consumers(
-            lines,
-            "Top RAM Consumers",
-            ram_components,
-            lambda m: m.ram_total,
-            total_ram,
-            "RAM",
-        )
+        for i, (name, mem) in enumerate(ram_components[:25]):
+            if mem.ram_total > 0:
+                percentage = (mem.ram_total / total_ram * 100) if total_ram > 0 else 0
+                lines.append(
+                    f"{i + 1}. {name} ({mem.ram_total:,} B) - {percentage:.1f}% of analyzed RAM"
+                )
 
-        # Top largest symbols in the binary
-        self._add_top_symbols(lines)
+        lines.append("")
+        lines.append(
+            "Note: This analysis covers symbols in the ELF file. Some runtime allocations may not be included."
+        )
+        lines.append("=" * self.TABLE_WIDTH)
 
         # Add ESPHome core detailed analysis if there are core symbols
         if self._esphome_core_symbols:
-            self._add_section_header(lines, f"{_COMPONENT_CORE} Detailed Analysis")
+            lines.append("")
+            lines.append("=" * self.TABLE_WIDTH)
+            lines.append(
+                f"{_COMPONENT_CORE} Detailed Analysis".center(self.TABLE_WIDTH)
+            )
+            lines.append("=" * self.TABLE_WIDTH)
+            lines.append("")
 
             # Group core symbols by subcategory
             core_subcategories: dict[str, list[tuple[str, str, int]]] = defaultdict(
@@ -510,12 +210,8 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
             lines.append(
                 f"{_COMPONENT_CORE} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B ({len(large_core_symbols)} symbols):"
             )
-            for i, (_symbol, demangled, size) in enumerate(large_core_symbols):
-                # Core symbols only track (symbol, demangled, size) without section info,
-                # so we don't show section labels here
-                lines.append(
-                    f"{i + 1}. {self._format_symbol_with_section(demangled, size)}"
-                )
+            for i, (symbol, demangled, size) in enumerate(large_core_symbols):
+                lines.append(f"{i + 1}. {demangled} ({size:,} B)")
 
             lines.append("=" * self.TABLE_WIDTH)
 
@@ -530,11 +226,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
             for name, mem in components
             if name.startswith(_COMPONENT_PREFIX_EXTERNAL)
         ]
-        library_components = [
-            (name, mem)
-            for name, mem in components
-            if name.startswith(_COMPONENT_PREFIX_LIB)
-        ]
 
         top_esphome_components = sorted(
             esphome_components, key=lambda x: x[1].flash_total, reverse=True
@@ -545,11 +236,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
             external_components, key=lambda x: x[1].flash_total, reverse=True
         )
 
-        # Include all library components
-        top_library_components = sorted(
-            library_components, key=lambda x: x[1].flash_total, reverse=True
-        )
-
         # Check if API component exists and ensure it's included
         api_component = None
         for name, mem in components:
@@ -568,11 +254,10 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
             if name in system_components_to_include
         ]
 
-        # Combine all components to analyze: top ESPHome + all external + libraries + API if not already included + system components
+        # Combine all components to analyze: top ESPHome + all external + API if not already included + system components
         components_to_analyze = (
             list(top_esphome_components)
             + list(top_external_components)
-            + list(top_library_components)
             + system_components
         )
         if api_component and api_component not in components_to_analyze:
@@ -582,7 +267,11 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
             for comp_name, comp_mem in components_to_analyze:
                 if not (comp_symbols := self._component_symbols.get(comp_name, [])):
                     continue
-                self._add_section_header(lines, f"{comp_name} Detailed Analysis")
+                lines.append("")
+                lines.append("=" * self.TABLE_WIDTH)
+                lines.append(f"{comp_name} Detailed Analysis".center(self.TABLE_WIDTH))
+                lines.append("=" * self.TABLE_WIDTH)
+                lines.append("")
 
                 # Sort symbols by size
                 sorted_symbols = sorted(comp_symbols, key=lambda x: x[2], reverse=True)
@@ -591,85 +280,21 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
                 lines.append(f"Total size: {comp_mem.flash_total:,} B")
                 lines.append("")
 
-                # Show symbols above threshold, always include storage symbols
+                # Show all symbols above threshold for better visibility
                 large_symbols = [
-                    (sym, dem, size, sec)
-                    for sym, dem, size, sec in sorted_symbols
+                    (sym, dem, size)
+                    for sym, dem, size in sorted_symbols
                     if size > self.SYMBOL_SIZE_THRESHOLD
-                    or dem.endswith(_PSTORAGE_SUFFIX)
                 ]
 
                 lines.append(
-                    f"{comp_name} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B & storage ({len(large_symbols)} symbols):"
+                    f"{comp_name} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B ({len(large_symbols)} symbols):"
                 )
-                for i, (_symbol, demangled, size, section) in enumerate(large_symbols):
-                    lines.append(
-                        f"{i + 1}. {self._format_symbol_with_section(demangled, size, section)}"
-                    )
+                for i, (symbol, demangled, size) in enumerate(large_symbols):
+                    lines.append(f"{i + 1}. {demangled} ({size:,} B)")
 
                 lines.append("=" * self.TABLE_WIDTH)
 
-        # Detailed RAM analysis by component (at end, before RAM strings analysis)
-        self._add_section_header(lines, "RAM Symbol Analysis by Component")
-
-        # Show top 15 RAM consumers with their large symbols
-        for name, mem in ram_components[:15]:
-            if mem.ram_total == 0:
-                continue
-            ram_syms = self._ram_symbols.get(name, [])
-            if not ram_syms:
-                continue
-
-            # Sort by size descending
-            sorted_ram_syms = sorted(ram_syms, key=lambda x: x[2], reverse=True)
-            large_ram_syms = [
-                s
-                for s in sorted_ram_syms
-                if s[2] > self.RAM_SYMBOL_SIZE_THRESHOLD
-                or s[1].endswith(_PSTORAGE_SUFFIX)
-            ]
-
-            lines.append(f"{name} ({mem.ram_total:,} B total RAM):")
-
-            # Show breakdown by section type
-            data_size = sum(s[2] for s in ram_syms if s[3] == ".data")
-            bss_size = sum(s[2] for s in ram_syms if s[3] == ".bss")
-            lines.append(f"  .data (initialized): {data_size:,} B")
-            lines.append(f"  .bss (uninitialized): {bss_size:,} B")
-
-            if large_ram_syms:
-                lines.append(
-                    f"  Symbols > {self.RAM_SYMBOL_SIZE_THRESHOLD} B ({len(large_ram_syms)}):"
-                )
-                for _symbol, demangled, size, section in large_ram_syms[:10]:
-                    # Format section label consistently by stripping leading dot
-                    section_label = section.lstrip(".") if section else ""
-                    display_name = _format_pstorage_name(demangled)
-                    # Add ellipsis if name is truncated
-                    display_name = (
-                        f"{display_name[:70]}..."
-                        if len(display_name) > 70
-                        else display_name
-                    )
-                    lines.append(f"    {size:>6,} B [{section_label}] {display_name}")
-                if len(large_ram_syms) > 10:
-                    lines.append(f"    ... and {len(large_ram_syms) - 10} more")
-            lines.append("")
-
-        # CSWTCH (GCC switch table) analysis
-        if self._cswtch_symbols:
-            self._add_cswtch_analysis(lines)
-
-        # Function call frequency analysis
-        if self._function_call_counts:
-            self._add_function_call_analysis(lines)
-            self._add_inline_candidates(lines)
-
-        lines.append(
-            "Note: This analysis covers symbols in the ELF file. Some runtime allocations may not be included."
-        )
-        lines.append("=" * self.TABLE_WIDTH)
-
         return "\n".join(lines)
 
     def dump_uncategorized_symbols(self, output_file: str | None = None) -> None:
@@ -700,7 +325,7 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
         content = "\n".join(lines)
 
         if output_file:
-            with Path(output_file).open("w", encoding="utf-8") as f:
+            with open(output_file, "w", encoding="utf-8") as f:
                 f.write(content)
         else:
             print(content)
@@ -738,8 +363,9 @@ def main():
 
     # Load build directory
     import json
+    from pathlib import Path
 
-    from esphome.platformio.toolchain import IDEData
+    from esphome.platformio_api import IDEData
 
     build_path = Path(build_dir)
 
@@ -785,7 +411,7 @@ def main():
         if not idedata_path.exists():
             continue
         try:
-            with idedata_path.open(encoding="utf-8") as f:
+            with open(idedata_path, encoding="utf-8") as f:
                 raw_data = json.load(f)
             idedata = IDEData(raw_data)
             print(f"Loaded idedata from: {idedata_path}", file=sys.stderr)

esphome/analyze_memory/const.py

@@ -7,63 +7,20 @@ ESPHOME_COMPONENT_PATTERN = re.compile(r"esphome::([a-zA-Z0-9_]+)::")
 
 # Section mapping for ELF file sections
 # Maps standard section names to their various platform-specific variants
-# Note: Order matters! More specific patterns (.bss) must come before general ones (.dram)
-# because ESP-IDF uses names like ".dram0.bss" which would match ".dram" otherwise
-#
-# Platform-specific sections:
-# - ESP8266/ESP32: .iram*, .dram*
-# - LibreTiny RTL87xx: .xip.code_* (flash), .ram.code_* (RAM)
-# - LibreTiny BK7231: .itcm.code (fast RAM), .vectors (interrupt vectors)
-# - LibreTiny LN882X: .flash_text, .flash_copy* (flash code)
-# - Zephyr/nRF52: text, rodata, datas, bss (no leading dots)
 SECTION_MAPPING = {
-    ".text": frozenset(
-        [
-            ".text",
-            ".iram",
-            # LibreTiny RTL87xx XIP (eXecute In Place) flash code
-            ".xip.code",
-            # LibreTiny RTL87xx RAM code
-            ".ram.code_text",
-            # LibreTiny BK7231 fast RAM code and vectors
-            ".itcm.code",
-            ".vectors",
-            # LibreTiny LN882X flash code
-            ".flash_text",
-            ".flash_copy",
-            # Zephyr/nRF52 sections (no leading dots)
-            "text",
-            "rom_start",
-        ]
-    ),
-    ".rodata": frozenset(
-        [
-            ".rodata",
-            # LibreTiny RTL87xx read-only data in RAM
-            ".ram.code_rodata",
-            # Zephyr/nRF52 sections (no leading dots)
-            "rodata",
-        ]
-    ),
-    # .bss patterns - must be before .data to catch ".dram0.bss"
-    ".bss": frozenset(
-        [
-            ".bss",
-            # LibreTiny LN882X BSS
-            ".bss_ram",
-            # Zephyr/nRF52 sections (no leading dots)
-            "bss",
-            "noinit",
-        ]
-    ),
-    ".data": frozenset(
-        [
-            ".data",
-            ".dram",
-            # Zephyr/nRF52 sections (no leading dots)
-            "datas",
-        ]
-    ),
+    ".text": frozenset([".text", ".iram"]),
+    ".rodata": frozenset([".rodata"]),
+    ".data": frozenset([".data", ".dram"]),
+    ".bss": frozenset([".bss"]),
+}
+
+# Section to ComponentMemory attribute mapping
+# Maps section names to the attribute name in ComponentMemory dataclass
+SECTION_TO_ATTR = {
+    ".text": "text_size",
+    ".rodata": "rodata_size",
+    ".data": "data_size",
+    ".bss": "bss_size",
 }
 
 # Component identification rules
@@ -131,77 +88,6 @@ SYMBOL_PATTERNS = {
         "sys_mbox_new",
         "sys_arch_mbox_tryfetch",
     ],
-    # LibreTiny/Beken BK7231 radio calibration
-    "bk_radio_cal": [
-        "bk7011_",
-        "calibration_main",
-        "gcali_",
-        "rwnx_cal",
-    ],
-    # LibreTiny/Beken WiFi MAC layer
-    "bk_wifi_mac": [
-        "rxu_",  # RX upper layer
-        "txu_",  # TX upper layer
-        "txl_",  # TX lower layer
-        "rxl_",  # RX lower layer
-        "scanu_",  # Scan unit
-        "mm_hw_",  # MAC management hardware
-        "mm_bcn",  # MAC management beacon
-        "mm_tim",  # MAC management TIM
-        "mm_check",  # MAC management checks
-        "sm_connect",  # Station management
-        "me_beacon",  # Management entity beacon
-        "me_build",  # Management entity build
-        "hapd_",  # Host AP daemon
-        "chan_pre_",  # Channel management
-        "handle_probe_",  # Probe handling
-    ],
-    # LibreTiny/Beken system control
-    "bk_system": [
-        "sctrl_",  # System control
-        "icu_ctrl",  # Interrupt control unit
-        "gdma_ctrl",  # DMA control
-        "mpb_ctrl",  # MPB control
-        "uf2_",  # UF2 OTA
-        "bkreg_",  # Beken registers
-    ],
-    # LibreTiny/Beken BLE stack
-    "bk_ble": [
-        "gapc_",  # GAP client
-        "gattc_",  # GATT client
-        "attc_",  # ATT client
-        "attmdb_",  # ATT database
-        "atts_",  # ATT server
-        "l2cc_",  # L2CAP
-        "prf_env",  # Profile environment
-    ],
-    # LibreTiny/Beken scheduler
-    "bk_scheduler": [
-        "sch_plan_",  # Scheduler plan
-        "sch_prog_",  # Scheduler program
-        "sch_arb_",  # Scheduler arbiter
-    ],
-    # LibreTiny/Beken DMA descriptors
-    "bk_dma": [
-        "rx_payload_desc",
-        "rx_dma_hdrdesc",
-        "tx_hw_desc",
-        "host_event_data",
-        "host_cmd_data",
-    ],
-    # ARM EABI compiler runtime (LibreTiny uses ARM Cortex-M)
-    "arm_runtime": [
-        "__aeabi_",
-        "__adddf3",
-        "__subdf3",
-        "__muldf3",
-        "__divdf3",
-        "__addsf3",
-        "__subsf3",
-        "__mulsf3",
-        "__divsf3",
-        "__gnu_unwind",
-    ],
     "xtensa": ["xt_", "_xt_", "xPortEnterCriticalTimeout"],
     "heap": ["heap_", "multi_heap"],
     "spi_flash": ["spi_flash"],
@@ -256,7 +142,7 @@ SYMBOL_PATTERNS = {
     "ipv6_stack": ["nd6_", "ip6_", "mld6_", "icmp6_", "icmp6_input"],
     # Order matters! More specific categories must come before general ones.
     # mdns must come before bluetooth to avoid "_mdns_disable_pcb" matching "ble_" pattern
-    "mdns_lib": ["mdns", "packet$"],
+    "mdns_lib": ["mdns"],
     # memory_mgmt must come before wifi_stack to catch mmu_hal_* symbols
     "memory_mgmt": [
         "mem_",
@@ -408,6 +294,7 @@ SYMBOL_PATTERNS = {
     ],
     "arduino_core": [
         "pinMode",
+        "resetPins",
         "millis",
         "micros",
         "delay(",  # More specific - Arduino delay function with parenthesis
@@ -503,9 +390,7 @@ SYMBOL_PATTERNS = {
         "__FUNCTION__$",
         "DAYS_IN_MONTH",
         "_DAYS_BEFORE_MONTH",
-        # Note: CSWTCH$ symbols are GCC switch table lookup tables.
-        # They are attributed to their source object files via _analyze_cswtch_symbols()
-        # rather than being lumped into libc.
+        "CSWTCH$",
         "dst$",
         "sulp",
         "_strtol_l",  # String to long with locale
@@ -793,6 +678,7 @@ SYMBOL_PATTERNS = {
         "s_dp",
         "s_ni",
         "s_reg_dump",
+        "packet$",
         "d_mult_table",
         "K",
         "fcstab",
@@ -896,22 +782,7 @@ SYMBOL_PATTERNS = {
     "math_internal": ["__mdiff", "__lshift", "__mprec_tens", "quorem"],
     "character_class": ["__chclass"],
     "camellia": ["camellia_", "camellia_feistel"],
-    "crypto_tables": [
-        "FSb",
-        "FSb2",
-        "FSb3",
-        "FSb4",
-        "Te0",  # AES encryption table
-        "Td0",  # AES decryption table
-        "crc32_table",  # CRC32 lookup table
-        "crc_tab",  # CRC lookup table
-    ],
-    "crypto_hash": [
-        "SHA1Transform",  # SHA1 hash function
-        "MD5Transform",  # MD5 hash function
-        "SHA256",
-        "SHA512",
-    ],
+    "crypto_tables": ["FSb", "FSb2", "FSb3", "FSb4"],
     "event_buffer": ["g_eb_list_desc", "eb_space"],
     "base_node": ["base_node_", "base_node_add_handler"],
     "file_descriptor": ["s_fd_table"],

esphome/analyze_memory/demangle.py

@@ -1,182 +0,0 @@
-"""Symbol demangling utilities for memory analysis.
-
-This module provides functions for demangling C++ symbol names using c++filt.
-"""
-
-from __future__ import annotations
-
-import logging
-import re
-import subprocess
-
-from .toolchain import find_tool
-
-_LOGGER = logging.getLogger(__name__)
-
-# GCC global constructor/destructor prefix annotations
-GCC_PREFIX_ANNOTATIONS = {
-    "_GLOBAL__sub_I_": "global constructor for",
-    "_GLOBAL__sub_D_": "global destructor for",
-}
-
-# GCC optimization suffix pattern (e.g., $isra$0, $part$1, $constprop$2)
-GCC_OPTIMIZATION_SUFFIX_PATTERN = re.compile(r"(\$(?:isra|part|constprop)\$\d+)")
-
-
-def _strip_gcc_annotations(symbol: str) -> tuple[str, str]:
-    """Strip GCC optimization suffixes and prefixes from a symbol.
-
-    Args:
-        symbol: The mangled symbol name
-
-    Returns:
-        Tuple of (stripped_symbol, removed_prefix)
-    """
-    # Remove GCC optimization markers
-    stripped = GCC_OPTIMIZATION_SUFFIX_PATTERN.sub("", symbol)
-
-    # Handle GCC global constructor/initializer prefixes
-    prefix = ""
-    for gcc_prefix in GCC_PREFIX_ANNOTATIONS:
-        if stripped.startswith(gcc_prefix):
-            prefix = gcc_prefix
-            stripped = stripped[len(prefix) :]
-            break
-
-    return stripped, prefix
-
-
-def _restore_symbol_prefix(prefix: str, stripped: str, demangled: str) -> str:
-    """Restore prefix that was removed before demangling.
-
-    Args:
-        prefix: Prefix that was removed (e.g., "_GLOBAL__sub_I_")
-        stripped: Stripped symbol name
-        demangled: Demangled symbol name
-
-    Returns:
-        Demangled name with prefix restored/annotated
-    """
-    if not prefix:
-        return demangled
-
-    # Successfully demangled - add descriptive prefix
-    if demangled != stripped and (annotation := GCC_PREFIX_ANNOTATIONS.get(prefix)):
-        return f"[{annotation}: {demangled}]"
-
-    # Failed to demangle - restore original prefix
-    return prefix + demangled
-
-
-def _restore_symbol_suffix(original: str, demangled: str) -> str:
-    """Restore GCC optimization suffix that was removed before demangling.
-
-    Args:
-        original: Original symbol name with suffix
-        demangled: Demangled symbol name without suffix
-
-    Returns:
-        Demangled name with suffix annotation
-    """
-    if suffix_match := GCC_OPTIMIZATION_SUFFIX_PATTERN.search(original):
-        return f"{demangled} [{suffix_match.group(1)}]"
-    return demangled
-
-
-def batch_demangle(
-    symbols: list[str],
-    cppfilt_path: str | None = None,
-    objdump_path: str | None = None,
-) -> dict[str, str]:
-    """Batch demangle C++ symbol names.
-
-    Args:
-        symbols: List of symbol names to demangle
-        cppfilt_path: Path to c++filt binary (auto-detected if not provided)
-        objdump_path: Path to objdump binary to derive c++filt path from
-
-    Returns:
-        Dictionary mapping original symbol names to demangled names
-    """
-    cache: dict[str, str] = {}
-
-    if not symbols:
-        return cache
-
-    # Find c++filt tool
-    cppfilt_cmd = cppfilt_path or find_tool("c++filt", objdump_path)
-    if not cppfilt_cmd:
-        _LOGGER.warning("Could not find c++filt, symbols will not be demangled")
-        return {s: s for s in symbols}
-
-    _LOGGER.debug("Demangling %d symbols using %s", len(symbols), cppfilt_cmd)
-
-    # Strip GCC optimization suffixes and prefixes before demangling
-    symbols_stripped: list[str] = []
-    symbols_prefixes: list[str] = []
-    for symbol in symbols:
-        stripped, prefix = _strip_gcc_annotations(symbol)
-        symbols_stripped.append(stripped)
-        symbols_prefixes.append(prefix)
-
-    try:
-        result = subprocess.run(
-            [cppfilt_cmd],
-            input="\n".join(symbols_stripped),
-            capture_output=True,
-            text=True,
-            check=False,
-        )
-    except (subprocess.SubprocessError, OSError, UnicodeDecodeError) as e:
-        _LOGGER.warning("Failed to batch demangle symbols: %s", e)
-        return {s: s for s in symbols}
-
-    if result.returncode != 0:
-        _LOGGER.warning(
-            "c++filt exited with code %d: %s",
-            result.returncode,
-            result.stderr[:200] if result.stderr else "(no error output)",
-        )
-        return {s: s for s in symbols}
-
-    # Process demangled output
-    demangled_lines = result.stdout.strip().split("\n")
-
-    # Check for output length mismatch
-    if len(demangled_lines) != len(symbols):
-        _LOGGER.warning(
-            "c++filt output mismatch: expected %d lines, got %d",
-            len(symbols),
-            len(demangled_lines),
-        )
-        return {s: s for s in symbols}
-
-    failed_count = 0
-
-    for original, stripped, prefix, demangled in zip(
-        symbols, symbols_stripped, symbols_prefixes, demangled_lines, strict=True
-    ):
-        # Add back any prefix that was removed
-        demangled = _restore_symbol_prefix(prefix, stripped, demangled)
-
-        # If we stripped a suffix, add it back to the demangled name for clarity
-        if original != stripped and not prefix:
-            demangled = _restore_symbol_suffix(original, demangled)
-
-        cache[original] = demangled
-
-        # Count symbols that failed to demangle
-        if stripped == demangled and stripped.startswith("_Z"):
-            failed_count += 1
-            if failed_count <= 5:
-                _LOGGER.debug("Failed to demangle: %s", original)
-
-    if failed_count > 0:
-        _LOGGER.debug(
-            "Failed to demangle %d/%d symbols using %s",
-            failed_count,
-            len(symbols),
-            cppfilt_cmd,
-        )
-
-    return cache

esphome/analyze_memory/helpers.py

@@ -94,13 +94,13 @@ def parse_symbol_line(line: str) -> tuple[str, str, int, str] | None:
         return None
 
     # Find section, size, and name
-    # Try each part as a potential section name
     for i, part in enumerate(parts):
-        # Skip parts that are clearly flags, addresses, or other metadata
-        # Sections start with '.' (standard ELF) or are known section names (Zephyr)
+        if not part.startswith("."):
+            continue
+
         section = map_section_name(part)
         if not section:
-            continue
+            break
 
         # Need at least size field after section
         if i + 1 >= len(parts):

esphome/analyze_memory/ram_strings.py

@@ -1,493 +0,0 @@
-"""Analyzer for RAM-stored strings in ESP8266/ESP32 firmware ELF files.
-
-This module identifies strings that are stored in RAM sections (.data, .bss, .rodata)
-rather than in flash sections (.irom0.text, .irom.text), which is important for
-memory-constrained platforms like ESP8266.
-"""
-
-from __future__ import annotations
-
-from collections import defaultdict
-from dataclasses import dataclass
-import logging
-from pathlib import Path
-import re
-import subprocess
-
-from .demangle import batch_demangle
-from .toolchain import find_tool
-
-_LOGGER = logging.getLogger(__name__)
-
-# ESP8266: .rodata is in RAM (DRAM), not flash
-# ESP32: .rodata is in flash, mapped to data bus
-ESP8266_RAM_SECTIONS = frozenset([".data", ".rodata", ".bss"])
-ESP8266_FLASH_SECTIONS = frozenset([".irom0.text", ".irom.text", ".text"])
-
-# ESP32: .rodata is memory-mapped from flash
-ESP32_RAM_SECTIONS = frozenset([".data", ".bss", ".dram0.data", ".dram0.bss"])
-ESP32_FLASH_SECTIONS = frozenset([".text", ".rodata", ".flash.text", ".flash.rodata"])
-
-# nm symbol types for data symbols (D=global data, d=local data, R=rodata, B=bss)
-DATA_SYMBOL_TYPES = frozenset(["D", "d", "R", "r", "B", "b"])
-
-
-@dataclass
-class SectionInfo:
-    """Information about an ELF section."""
-
-    name: str
-    address: int
-    size: int
-
-
-@dataclass
-class RamString:
-    """A string found in RAM."""
-
-    section: str
-    address: int
-    content: str
-
-    @property
-    def size(self) -> int:
-        """Size in bytes including null terminator."""
-        return len(self.content) + 1
-
-
-@dataclass
-class RamSymbol:
-    """A symbol found in RAM."""
-
-    name: str
-    sym_type: str
-    address: int
-    size: int
-    section: str
-    demangled: str = ""  # Demangled name, set after batch demangling
-
-
-class RamStringsAnalyzer:
-    """Analyzes ELF files to find strings stored in RAM."""
-
-    def __init__(
-        self,
-        elf_path: str,
-        objdump_path: str | None = None,
-        min_length: int = 8,
-        platform: str = "esp32",
-    ) -> None:
-        """Initialize the RAM strings analyzer.
-
-        Args:
-            elf_path: Path to the ELF file to analyze
-            objdump_path: Path to objdump binary (used to find other tools)
-            min_length: Minimum string length to report (default: 8)
-            platform: Platform name ("esp8266", "esp32", etc.) for section mapping
-        """
-        self.elf_path = Path(elf_path)
-        if not self.elf_path.exists():
-            raise FileNotFoundError(f"ELF file not found: {elf_path}")
-
-        self.objdump_path = objdump_path
-        self.min_length = min_length
-        self.platform = platform
-
-        # Set RAM/flash sections based on platform
-        if self.platform == "esp8266":
-            self.ram_sections = ESP8266_RAM_SECTIONS
-            self.flash_sections = ESP8266_FLASH_SECTIONS
-        else:
-            # ESP32 and other platforms
-            self.ram_sections = ESP32_RAM_SECTIONS
-            self.flash_sections = ESP32_FLASH_SECTIONS
-
-        self.sections: dict[str, SectionInfo] = {}
-        self.ram_strings: list[RamString] = []
-        self.ram_symbols: list[RamSymbol] = []
-
-    def _run_command(self, cmd: list[str]) -> str:
-        """Run a command and return its output."""
-        try:
-            result = subprocess.run(cmd, capture_output=True, text=True, check=True)
-            return result.stdout
-        except subprocess.CalledProcessError as e:
-            _LOGGER.debug("Command failed: %s - %s", " ".join(cmd), e.stderr)
-            raise
-        except FileNotFoundError:
-            _LOGGER.warning("Command not found: %s", cmd[0])
-            raise
-
-    def analyze(self) -> None:
-        """Perform the full RAM analysis."""
-        self._parse_sections()
-        self._extract_strings()
-        self._analyze_symbols()
-        self._demangle_symbols()
-
-    def _parse_sections(self) -> None:
-        """Parse section headers from ELF file."""
-        objdump = find_tool("objdump", self.objdump_path)
-        if not objdump:
-            _LOGGER.error("Could not find objdump command")
-            return
-
-        try:
-            output = self._run_command([objdump, "-h", str(self.elf_path)])
-        except (subprocess.CalledProcessError, FileNotFoundError):
-            return
-
-        # Parse section headers
-        # Format: Idx Name          Size      VMA       LMA       File off  Algn
-        section_pattern = re.compile(
-            r"^\s*\d+\s+(\S+)\s+([0-9a-fA-F]+)\s+([0-9a-fA-F]+)"
-        )
-
-        for line in output.split("\n"):
-            if match := section_pattern.match(line):
-                name = match.group(1)
-                size = int(match.group(2), 16)
-                vma = int(match.group(3), 16)
-                self.sections[name] = SectionInfo(name, vma, size)
-
-    def _extract_strings(self) -> None:
-        """Extract strings from RAM sections."""
-        objdump = find_tool("objdump", self.objdump_path)
-        if not objdump:
-            return
-
-        for section_name in self.ram_sections:
-            if section_name not in self.sections:
-                continue
-
-            try:
-                output = self._run_command(
-                    [objdump, "-s", "-j", section_name, str(self.elf_path)]
-                )
-            except subprocess.CalledProcessError:
-                # Section may exist but have no content (e.g., .bss)
-                continue
-            except FileNotFoundError:
-                continue
-
-            strings = self._parse_hex_dump(output, section_name)
-            self.ram_strings.extend(strings)
-
-    def _parse_hex_dump(self, output: str, section_name: str) -> list[RamString]:
-        """Parse hex dump output to extract strings.
-
-        Args:
-            output: Output from objdump -s
-            section_name: Name of the section being parsed
-
-        Returns:
-            List of RamString objects
-        """
-        strings: list[RamString] = []
-        current_string = bytearray()
-        string_start_addr = 0
-
-        for line in output.split("\n"):
-            # Lines look like: " 3ffef8a0 00000000 00000000 00000000 00000000  ................"
-            match = re.match(r"^\s+([0-9a-fA-F]+)\s+((?:[0-9a-fA-F]{2,8}\s*)+)", line)
-            if not match:
-                continue
-
-            addr = int(match.group(1), 16)
-            hex_data = match.group(2).strip()
-
-            # Convert hex to bytes
-            hex_bytes = hex_data.split()
-            byte_offset = 0
-            for hex_chunk in hex_bytes:
-                # Handle both byte-by-byte and word formats
-                for i in range(0, len(hex_chunk), 2):
-                    byte_val = int(hex_chunk[i : i + 2], 16)
-                    if 0x20 <= byte_val <= 0x7E:  # Printable ASCII
-                        if not current_string:
-                            string_start_addr = addr + byte_offset
-                        current_string.append(byte_val)
-                    else:
-                        if byte_val == 0 and len(current_string) >= self.min_length:
-                            # Found null terminator
-                            strings.append(
-                                RamString(
-                                    section=section_name,
-                                    address=string_start_addr,
-                                    content=current_string.decode(
-                                        "ascii", errors="ignore"
-                                    ),
-                                )
-                            )
-                        current_string = bytearray()
-                    byte_offset += 1
-
-        return strings
-
-    def _analyze_symbols(self) -> None:
-        """Analyze symbols in RAM sections."""
-        nm = find_tool("nm", self.objdump_path)
-        if not nm:
-            return
-
-        try:
-            output = self._run_command([nm, "-S", "--size-sort", str(self.elf_path)])
-        except (subprocess.CalledProcessError, FileNotFoundError):
-            return
-
-        for line in output.split("\n"):
-            parts = line.split()
-            if len(parts) < 4:
-                continue
-
-            try:
-                addr = int(parts[0], 16)
-                size = int(parts[1], 16) if parts[1] != "?" else 0
-            except ValueError:
-                continue
-
-            sym_type = parts[2]
-            name = " ".join(parts[3:])
-
-            # Filter for data symbols
-            if sym_type not in DATA_SYMBOL_TYPES:
-                continue
-
-            # Check if symbol is in a RAM section
-            for section_name in self.ram_sections:
-                if section_name not in self.sections:
-                    continue
-
-                section = self.sections[section_name]
-                if section.address <= addr < section.address + section.size:
-                    self.ram_symbols.append(
-                        RamSymbol(
-                            name=name,
-                            sym_type=sym_type,
-                            address=addr,
-                            size=size,
-                            section=section_name,
-                        )
-                    )
-                    break
-
-    def _demangle_symbols(self) -> None:
-        """Batch demangle all RAM symbol names."""
-        if not self.ram_symbols:
-            return
-
-        # Collect all symbol names and demangle them
-        symbol_names = [s.name for s in self.ram_symbols]
-        demangle_cache = batch_demangle(symbol_names, objdump_path=self.objdump_path)
-
-        # Assign demangled names to symbols
-        for symbol in self.ram_symbols:
-            symbol.demangled = demangle_cache.get(symbol.name, symbol.name)
-
-    def _get_sections_size(self, section_names: frozenset[str]) -> int:
-        """Get total size of specified sections."""
-        return sum(
-            section.size
-            for name, section in self.sections.items()
-            if name in section_names
-        )
-
-    def get_total_ram_usage(self) -> int:
-        """Get total RAM usage from RAM sections."""
-        return self._get_sections_size(self.ram_sections)
-
-    def get_total_flash_usage(self) -> int:
-        """Get total flash usage from flash sections."""
-        return self._get_sections_size(self.flash_sections)
-
-    def get_total_string_bytes(self) -> int:
-        """Get total bytes used by strings in RAM."""
-        return sum(s.size for s in self.ram_strings)
-
-    def get_repeated_strings(self) -> list[tuple[str, int]]:
-        """Find strings that appear multiple times.
-
-        Returns:
-            List of (string, count) tuples sorted by potential savings
-        """
-        string_counts: dict[str, int] = defaultdict(int)
-        for ram_string in self.ram_strings:
-            string_counts[ram_string.content] += 1
-
-        return sorted(
-            [(s, c) for s, c in string_counts.items() if c > 1],
-            key=lambda x: x[1] * (len(x[0]) + 1),
-            reverse=True,
-        )
-
-    def get_long_strings(self, min_len: int = 20) -> list[RamString]:
-        """Get strings longer than the specified length.
-
-        Args:
-            min_len: Minimum string length
-
-        Returns:
-            List of RamString objects sorted by length
-        """
-        return sorted(
-            [s for s in self.ram_strings if len(s.content) >= min_len],
-            key=lambda x: len(x.content),
-            reverse=True,
-        )
-
-    def get_largest_symbols(self, min_size: int = 100) -> list[RamSymbol]:
-        """Get RAM symbols larger than the specified size.
-
-        Args:
-            min_size: Minimum symbol size in bytes
-
-        Returns:
-            List of RamSymbol objects sorted by size
-        """
-        return sorted(
-            [s for s in self.ram_symbols if s.size >= min_size],
-            key=lambda x: x.size,
-            reverse=True,
-        )
-
-    def generate_report(self, show_all_sections: bool = False) -> str:
-        """Generate a formatted RAM strings analysis report.
-
-        Args:
-            show_all_sections: If True, show all sections, not just RAM
-
-        Returns:
-            Formatted report string
-        """
-        lines: list[str] = []
-        table_width = 80
-
-        lines.append("=" * table_width)
-        lines.append(
-            f"RAM Strings Analysis ({self.platform.upper()})".center(table_width)
-        )
-        lines.append("=" * table_width)
-        lines.append("")
-
-        # Section Analysis
-        lines.append("SECTION ANALYSIS")
-        lines.append("-" * table_width)
-        lines.append(f"{'Section':<20} {'Address':<12} {'Size':<12} {'Location'}")
-        lines.append("-" * table_width)
-
-        total_ram_usage = 0
-        total_flash_usage = 0
-
-        for name, section in sorted(self.sections.items(), key=lambda x: x[1].address):
-            if name in self.ram_sections:
-                location = "RAM"
-                total_ram_usage += section.size
-            elif name in self.flash_sections:
-                location = "FLASH"
-                total_flash_usage += section.size
-            else:
-                location = "OTHER"
-
-            if show_all_sections or name in self.ram_sections:
-                lines.append(
-                    f"{name:<20} 0x{section.address:08x}   {section.size:>8} B   {location}"
-                )
-
-        lines.append("-" * table_width)
-        lines.append(f"Total RAM sections size: {total_ram_usage:,} bytes")
-        lines.append(f"Total Flash sections size: {total_flash_usage:,} bytes")
-
-        # Strings in RAM
-        lines.append("")
-        lines.append("=" * table_width)
-        lines.append("STRINGS IN RAM SECTIONS")
-        lines.append("=" * table_width)
-        lines.append(
-            "Note: .bss sections contain uninitialized data (no strings to extract)"
-        )
-
-        # Group strings by section
-        strings_by_section: dict[str, list[RamString]] = defaultdict(list)
-        for ram_string in self.ram_strings:
-            strings_by_section[ram_string.section].append(ram_string)
-
-        for section_name in sorted(strings_by_section.keys()):
-            section_strings = strings_by_section[section_name]
-            lines.append(f"\nSection: {section_name}")
-            lines.append("-" * 40)
-            for ram_string in sorted(section_strings, key=lambda x: x.address):
-                clean_string = ram_string.content[:100] + (
-                    "..." if len(ram_string.content) > 100 else ""
-                )
-                lines.append(
-                    f'  0x{ram_string.address:08x}: "{clean_string}" (len={len(ram_string.content)})'
-                )
-
-        # Large RAM symbols
-        lines.append("")
-        lines.append("=" * table_width)
-        lines.append("LARGE DATA SYMBOLS IN RAM (>= 50 bytes)")
-        lines.append("=" * table_width)
-
-        largest_symbols = self.get_largest_symbols(50)
-        lines.append(f"\n{'Symbol':<50} {'Type':<6} {'Size':<10} {'Section'}")
-        lines.append("-" * table_width)
-
-        for symbol in largest_symbols:
-            # Use demangled name if available, otherwise raw name
-            display_name = symbol.demangled or symbol.name
-            name_display = display_name[:49] if len(display_name) > 49 else display_name
-            lines.append(
-                f"{name_display:<50} {symbol.sym_type:<6} {symbol.size:>8} B  {symbol.section}"
-            )
-
-        # Summary
-        lines.append("")
-        lines.append("=" * table_width)
-        lines.append("SUMMARY")
-        lines.append("=" * table_width)
-        lines.append(f"Total strings found in RAM: {len(self.ram_strings)}")
-        total_string_bytes = self.get_total_string_bytes()
-        lines.append(f"Total bytes used by strings: {total_string_bytes:,}")
-
-        # Optimization targets
-        lines.append("")
-        lines.append("=" * table_width)
-        lines.append("POTENTIAL OPTIMIZATION TARGETS")
-        lines.append("=" * table_width)
-
-        # Repeated strings
-        repeated = self.get_repeated_strings()[:10]
-        if repeated:
-            lines.append("\nRepeated strings (could be deduplicated):")
-            for string, count in repeated:
-                savings = (count - 1) * (len(string) + 1)
-                clean_string = string[:50] + ("..." if len(string) > 50 else "")
-                lines.append(
-                    f'  "{clean_string}" - appears {count} times (potential savings: {savings} bytes)'
-                )
-
-        # Long strings - platform-specific advice
-        long_strings = self.get_long_strings(20)[:10]
-        if long_strings:
-            if self.platform == "esp8266":
-                lines.append(
-                    "\nLong strings that could be moved to PROGMEM (>= 20 chars):"
-                )
-            else:
-                # ESP32: strings in DRAM are typically there for a reason
-                # (interrupt handlers, pre-flash-init code, etc.)
-                lines.append("\nLong strings in DRAM (>= 20 chars):")
-                lines.append(
-                    "Note: ESP32 DRAM strings may be required for interrupt/early-boot contexts"
-                )
-            for ram_string in long_strings:
-                clean_string = ram_string.content[:60] + (
-                    "..." if len(ram_string.content) > 60 else ""
-                )
-                lines.append(
-                    f'  {ram_string.section} @ 0x{ram_string.address:08x}: "{clean_string}" ({len(ram_string.content)} bytes)'
-                )
-
-        lines.append("")
-        return "\n".join(lines)

esphome/analyze_memory/toolchain.py

@@ -1,172 +0,0 @@
-"""Toolchain utilities for memory analysis."""
-
-from __future__ import annotations
-
-import logging
-from pathlib import Path
-import subprocess
-from typing import TYPE_CHECKING
-
-if TYPE_CHECKING:
-    from collections.abc import Sequence
-
-_LOGGER = logging.getLogger(__name__)
-
-# Platform-specific toolchain prefixes
-TOOLCHAIN_PREFIXES = [
-    "xtensa-lx106-elf-",  # ESP8266
-    "xtensa-esp32-elf-",  # ESP32
-    "xtensa-esp-elf-",  # ESP32 (newer IDF)
-    "arm-zephyr-eabi-",  # nRF52/Zephyr SDK
-    "arm-none-eabi-",  # Generic ARM (RP2040, etc.)
-    "",  # System default (no prefix)
-]
-
-
-def _find_in_platformio_packages(tool_name: str) -> str | None:
-    """Search for a tool in PlatformIO package directories.
-
-    This handles cases like Zephyr SDK where tools are installed in nested
-    directories that aren't in PATH.
-
-    Args:
-        tool_name: Name of the tool (e.g., "readelf", "objdump")
-
-    Returns:
-        Full path to the tool or None if not found
-    """
-    # Get PlatformIO packages directory
-    platformio_home = Path("~/.platformio/packages").expanduser()
-    if not platformio_home.exists():
-        return None
-
-    # Search patterns for toolchains that might contain the tool
-    # Order matters - more specific patterns first
-    search_patterns = [
-        # Zephyr SDK deeply nested structure (4 levels)
-        # e.g., toolchain-gccarmnoneeabi/zephyr-sdk-0.17.4/arm-zephyr-eabi/bin/arm-zephyr-eabi-objdump
-        f"toolchain-*/*/*/bin/*-{tool_name}",
-        # Zephyr SDK nested structure (3 levels)
-        f"toolchain-*/*/bin/*-{tool_name}",
-        f"toolchain-*/bin/*-{tool_name}",
-        # Standard PlatformIO toolchain structure
-        f"toolchain-*/bin/*{tool_name}",
-    ]
-
-    for pattern in search_patterns:
-        matches = list(platformio_home.glob(pattern))
-        if matches:
-            # Sort to get consistent results, prefer arm-zephyr-eabi over arm-none-eabi
-            matches.sort(key=lambda p: ("zephyr" not in str(p), str(p)))
-            tool_path = str(matches[0])
-            _LOGGER.debug("Found %s in PlatformIO packages: %s", tool_name, tool_path)
-            return tool_path
-
-    return None
-
-
-def resolve_tool_path(
-    tool_name: str,
-    derived_path: str | None,
-    objdump_path: str | None = None,
-) -> str | None:
-    """Resolve a tool path, falling back to find_tool if derived path doesn't exist.
-
-    Args:
-        tool_name: Name of the tool (e.g., "objdump", "readelf")
-        derived_path: Path derived from idedata (may not exist for some platforms)
-        objdump_path: Path to objdump binary to derive other tool paths from
-
-    Returns:
-        Resolved path to the tool, or the original derived_path if it exists
-    """
-    if derived_path and not Path(derived_path).exists():
-        found = find_tool(tool_name, objdump_path)
-        if found:
-            _LOGGER.debug(
-                "Derived %s path %s not found, using %s",
-                tool_name,
-                derived_path,
-                found,
-            )
-            return found
-    return derived_path
-
-
-def find_tool(
-    tool_name: str,
-    objdump_path: str | None = None,
-) -> str | None:
-    """Find a toolchain tool by name.
-
-    First tries to derive the tool path from objdump_path (if provided),
-    then searches PlatformIO package directories (for cross-compile toolchains),
-    and finally falls back to searching for platform-specific tools in PATH.
-
-    Args:
-        tool_name: Name of the tool (e.g., "objdump", "nm", "c++filt")
-        objdump_path: Path to objdump binary to derive other tool paths from
-
-    Returns:
-        Path to the tool or None if not found
-    """
-    # Try to derive from objdump path first (most reliable)
-    if objdump_path and objdump_path != "objdump":
-        objdump_file = Path(objdump_path)
-        # Replace just the filename portion, preserving any prefix (e.g., xtensa-esp32-elf-)
-        new_name = objdump_file.name.replace("objdump", tool_name)
-        potential_path = str(objdump_file.with_name(new_name))
-        if Path(potential_path).exists():
-            _LOGGER.debug("Found %s at: %s", tool_name, potential_path)
-            return potential_path
-
-    # Search in PlatformIO packages directory first (handles Zephyr SDK, etc.)
-    # This must come before PATH search because system tools (e.g., /usr/bin/objdump)
-    # are for the host architecture, not the target (ARM, Xtensa, etc.)
-    if found := _find_in_platformio_packages(tool_name):
-        return found
-
-    # Try platform-specific tools in PATH (fallback for when tools are installed globally)
-    for prefix in TOOLCHAIN_PREFIXES:
-        cmd = f"{prefix}{tool_name}"
-        try:
-            subprocess.run([cmd, "--version"], capture_output=True, check=True)
-            _LOGGER.debug("Found %s: %s", tool_name, cmd)
-            return cmd
-        except (subprocess.CalledProcessError, FileNotFoundError):
-            continue
-
-    _LOGGER.warning("Could not find %s tool", tool_name)
-    return None
-
-
-def run_tool(
-    cmd: Sequence[str],
-    timeout: int = 30,
-) -> subprocess.CompletedProcess[str] | None:
-    """Run a toolchain command and return the result.
-
-    Args:
-        cmd: Command and arguments to run
-        timeout: Timeout in seconds
-
-    Returns:
-        CompletedProcess on success, None on failure
-    """
-    try:
-        return subprocess.run(
-            cmd,
-            capture_output=True,
-            text=True,
-            timeout=timeout,
-            check=False,
-        )
-    except subprocess.TimeoutExpired:
-        _LOGGER.warning("Command timed out: %s", " ".join(cmd))
-        return None
-    except FileNotFoundError:
-        _LOGGER.warning("Command not found: %s", cmd[0])
-        return None
-    except OSError as e:
-        _LOGGER.warning("Failed to run command %s: %s", cmd[0], e)
-        return None

esphome/async_thread.py

@@ -1,56 +0,0 @@
-"""Helpers for running an async coroutine from sync code via a daemon thread.
-
-``asyncio.run(coro())`` in the main thread blocks until the loop's cleanup
-cycle finishes, which can add hundreds of milliseconds before the caller
-receives the result. Running the loop in a daemon thread lets the caller
-observe the result as soon as the coroutine completes while cleanup finishes
-in the background.
-"""
-
-from __future__ import annotations
-
-import asyncio
-from collections.abc import Awaitable, Callable
-import threading
-from typing import Generic, TypeVar
-
-_T = TypeVar("_T")
-
-
-class AsyncThreadRunner(threading.Thread, Generic[_T]):
-    """Run an async coroutine in a daemon thread and expose its result.
-
-    The runner catches all exceptions from the coroutine and stores them in
-    ``exception`` so ``event`` is always set — this prevents callers waiting
-    on ``event`` from hanging forever when the coroutine crashes.
-
-    Typical usage::
-
-        runner = AsyncThreadRunner(lambda: my_coro(arg))
-        runner.start()
-        if not runner.event.wait(timeout=5.0):
-            ...  # timed out
-        if runner.exception is not None:
-            raise runner.exception
-        result = runner.result
-    """
-
-    def __init__(self, coro_factory: Callable[[], Awaitable[_T]]) -> None:
-        super().__init__(daemon=True)
-        self._coro_factory = coro_factory
-        self.result: _T | None = None
-        self.exception: BaseException | None = None
-        self.event = threading.Event()
-
-    async def _runner(self) -> None:
-        try:
-            self.result = await self._coro_factory()
-        except Exception as exc:  # noqa: BLE001  # pylint: disable=broad-except
-            # Capture all exceptions so ``event`` is always set — otherwise a
-            # crash would hang the waiter forever.
-            self.exception = exc
-        finally:
-            self.event.set()
-
-    def run(self) -> None:
-        asyncio.run(self._runner())

esphome/automation.py

@@ -1,6 +1,3 @@
-from dataclasses import dataclass, field
-import logging
-
 import esphome.codegen as cg
 import esphome.config_validation as cv
 from esphome.const import (
@@ -60,42 +57,8 @@ def maybe_conf(conf, *validators):
     return validate
 
 
-_LOGGER = logging.getLogger(__name__)
-
-
-def register_action(
-    name: str,
-    action_type: MockObjClass,
-    schema: cv.Schema,
-    *,
-    synchronous: bool | None = None,
-):
-    """Register an action type.
-
-    All callers must pass ``synchronous`` explicitly.
-
-    ``synchronous=True`` — the action never defers ``play_next_()`` to a
-    later point (callback, timer, or ``loop()``).  Trigger arguments are
-    only used during the initial call, so string args can use non-owning
-    StringRef for zero-copy access.
-
-    ``synchronous=False`` — the action defers ``play_next_()`` via a
-    callback, timer, or ``Component::loop()``.  Trigger arguments must
-    outlive the initial call, so string args use owning std::string to
-    prevent dangling references.
-    """
-    if synchronous is None:
-        _LOGGER.warning(
-            "register_action('%s', ...) is missing the synchronous= parameter. "
-            "Defaulting to synchronous=False (safe but prevents StringRef "
-            "optimization). Check the C++ class: use synchronous=False if "
-            "play_next_() is deferred to a callback, timer, or loop(); "
-            "use synchronous=True if play_next_() always runs before the "
-            "initial play/play_complex call returns",
-            name,
-        )
-        synchronous = False
-    return ACTION_REGISTRY.register(name, action_type, schema, synchronous=synchronous)
+def register_action(name: str, action_type: MockObjClass, schema: cv.Schema):
+    return ACTION_REGISTRY.register(name, action_type, schema)
 
 
 def register_condition(name: str, condition_type: MockObjClass, schema: cv.Schema):
@@ -127,7 +90,7 @@ def validate_potentially_or_condition(value):
     return validate_condition(value)
 
 
-DelayAction = cg.esphome_ns.class_("DelayAction", Action)
+DelayAction = cg.esphome_ns.class_("DelayAction", Action, cg.Component)
 LambdaAction = cg.esphome_ns.class_("LambdaAction", Action)
 StatelessLambdaAction = cg.esphome_ns.class_("StatelessLambdaAction", Action)
 IfAction = cg.esphome_ns.class_("IfAction", Action)
@@ -138,9 +101,6 @@ UpdateComponentAction = cg.esphome_ns.class_("UpdateComponentAction", Action)
 SuspendComponentAction = cg.esphome_ns.class_("SuspendComponentAction", Action)
 ResumeComponentAction = cg.esphome_ns.class_("ResumeComponentAction", Action)
 Automation = cg.esphome_ns.class_("Automation")
-TriggerForwarder = cg.esphome_ns.class_("TriggerForwarder")
-TriggerOnTrueForwarder = cg.esphome_ns.class_("TriggerOnTrueForwarder")
-TriggerOnFalseForwarder = cg.esphome_ns.class_("TriggerOnFalseForwarder")
 
 LambdaCondition = cg.esphome_ns.class_("LambdaCondition", Condition)
 StatelessLambdaCondition = cg.esphome_ns.class_("StatelessLambdaCondition", Condition)
@@ -199,10 +159,11 @@ def validate_automation(extra_schema=None, extra_validators=None, single=False):
                     return cv.Schema([schema])(value)
                 except cv.Invalid as err2:
                     if "extra keys not allowed" in str(err2) and len(err2.path) == 2:
-                        raise err from None
+                        # pylint: disable=raise-missing-from
+                        raise err
                     if "Unable to find action" in str(err):
-                        raise err2 from None
-                    raise cv.MultipleInvalid([err, err2]) from None
+                        raise err2
+                    raise cv.MultipleInvalid([err, err2])
         elif isinstance(value, dict):
             if CONF_THEN in value:
                 return [schema(value)]
@@ -250,9 +211,7 @@ async def and_condition_to_code(
     args: TemplateArgsType,
 ) -> MockObj:
     conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)
 
 
 @register_condition("or", OrCondition, validate_condition_list)
@@ -263,9 +222,7 @@ async def or_condition_to_code(
     args: TemplateArgsType,
 ) -> MockObj:
     conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)
 
 
 @register_condition("all", AndCondition, validate_condition_list)
@@ -276,9 +233,7 @@ async def all_condition_to_code(
     args: TemplateArgsType,
 ) -> MockObj:
     conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)
 
 
 @register_condition("any", OrCondition, validate_condition_list)
@@ -289,9 +244,7 @@ async def any_condition_to_code(
     args: TemplateArgsType,
 ) -> MockObj:
     conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)
 
 
 @register_condition("not", NotCondition, validate_potentially_and_condition)
@@ -313,9 +266,7 @@ async def xor_condition_to_code(
     args: TemplateArgsType,
 ) -> MockObj:
     conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)
 
 
 @register_condition("lambda", LambdaCondition, cv.returning_lambda)
@@ -384,10 +335,7 @@ async def component_is_idle_condition_to_code(
 
 
 @register_action(
-    "delay",
-    DelayAction,
-    cv.templatable(cv.positive_time_period_milliseconds),
-    synchronous=False,
+    "delay", DelayAction, cv.templatable(cv.positive_time_period_milliseconds)
 )
 async def delay_action_to_code(
     config: ConfigType,
@@ -396,6 +344,7 @@ async def delay_action_to_code(
     args: TemplateArgsType,
 ) -> MockObj:
     var = cg.new_Pvariable(action_id, template_arg)
+    await cg.register_component(var, {})
     template_ = await cg.templatable(config, args, cg.uint32)
     cg.add(var.set_delay(template_))
     return var
@@ -417,7 +366,6 @@ async def delay_action_to_code(
         cv.has_at_least_one_key(CONF_THEN, CONF_ELSE),
         cv.has_at_least_one_key(CONF_CONDITION, CONF_ANY, CONF_ALL),
     ),
-    synchronous=True,
 )
 async def if_action_to_code(
     config: ConfigType,
@@ -425,16 +373,13 @@ async def if_action_to_code(
     template_arg: cg.TemplateArguments,
     args: TemplateArgsType,
 ) -> MockObj:
-    has_else = CONF_ELSE in config
-    # Prepend HasElse bool to template arguments: IfAction<HasElse, Ts...>
-    if_template_arg = cg.TemplateArguments(has_else, *template_arg)
     cond_conf = next(el for el in config if el in (CONF_ANY, CONF_ALL, CONF_CONDITION))
     condition = await build_condition(config[cond_conf], template_arg, args)
-    var = cg.new_Pvariable(action_id, if_template_arg, condition)
+    var = cg.new_Pvariable(action_id, template_arg, condition)
     if CONF_THEN in config:
         actions = await build_action_list(config[CONF_THEN], template_arg, args)
         cg.add(var.add_then(actions))
-    if has_else:
+    if CONF_ELSE in config:
         actions = await build_action_list(config[CONF_ELSE], template_arg, args)
         cg.add(var.add_else(actions))
     return var
@@ -449,7 +394,6 @@ async def if_action_to_code(
             cv.Required(CONF_THEN): validate_action_list,
         }
     ),
-    synchronous=True,
 )
 async def while_action_to_code(
     config: ConfigType,
@@ -473,7 +417,6 @@ async def while_action_to_code(
             cv.Required(CONF_THEN): validate_action_list,
         }
     ),
-    synchronous=True,
 )
 async def repeat_action_to_code(
     config: ConfigType,
@@ -502,7 +445,7 @@ _validate_wait_until = cv.maybe_simple_value(
 )
 
 
-@register_action("wait_until", WaitUntilAction, _validate_wait_until, synchronous=False)
+@register_action("wait_until", WaitUntilAction, _validate_wait_until)
 async def wait_until_action_to_code(
     config: ConfigType,
     action_id: ID,
@@ -518,12 +461,7 @@ async def wait_until_action_to_code(
     return var
 
 
-# Lambda executes user C++ inline and returns — synchronous by execution model.
-# User code could theoretically store the StringRef for deferred use, but StringRef
-# is a view type and storing views beyond their scope is always unsafe regardless
-# of this optimization.  Marking non-synchronous would disable StringRef for nearly
-# all user services since most use lambda.
-@register_action("lambda", LambdaAction, cv.lambda_, synchronous=True)
+@register_action("lambda", LambdaAction, cv.lambda_)
 async def lambda_action_to_code(
     config: ConfigType,
     action_id: ID,
@@ -542,7 +480,6 @@ async def lambda_action_to_code(
             cv.Required(CONF_ID): cv.use_id(cg.PollingComponent),
         }
     ),
-    synchronous=True,
 )
 async def component_update_action_to_code(
     config: ConfigType,
@@ -562,7 +499,6 @@ async def component_update_action_to_code(
             cv.Required(CONF_ID): cv.use_id(cg.PollingComponent),
         }
     ),
-    synchronous=True,
 )
 async def component_suspend_action_to_code(
     config: ConfigType,
@@ -585,7 +521,6 @@ async def component_suspend_action_to_code(
             ),
         }
     ),
-    synchronous=True,
 )
 async def component_resume_action_to_code(
     config: ConfigType,
@@ -596,7 +531,7 @@ async def component_resume_action_to_code(
     comp = await cg.get_variable(config[CONF_ID])
     var = cg.new_Pvariable(action_id, template_arg, comp)
     if CONF_UPDATE_INTERVAL in config:
-        template_ = await cg.templatable(config[CONF_UPDATE_INTERVAL], args, cg.uint32)
+        template_ = await cg.templatable(config[CONF_UPDATE_INTERVAL], args, int)
         cg.add(var.set_update_interval(template_))
     return var
 
@@ -643,27 +578,6 @@ async def build_condition_list(
     return conditions
 
 
-def has_non_synchronous_actions(actions: ConfigType) -> bool:
-    """Check if a validated action list contains any non-synchronous actions.
-
-    Non-synchronous actions (delay, wait_until, script.wait, etc.) store
-    trigger args for later execution, making non-owning types like StringRef
-    unsafe.
-    """
-    if isinstance(actions, list):
-        return any(has_non_synchronous_actions(item) for item in actions)
-    if isinstance(actions, dict):
-        for key in actions:
-            if key in ACTION_REGISTRY and not ACTION_REGISTRY[key].synchronous:
-                return True
-        return any(
-            has_non_synchronous_actions(v)
-            for v in actions.values()
-            if isinstance(v, (list, dict))
-        )
-    return False
-
-
 async def build_automation(
     trigger: MockObj, args: TemplateArgsType, config: ConfigType
 ) -> MockObj:
@@ -673,76 +587,3 @@ async def build_automation(
     actions = await build_action_list(config[CONF_THEN], templ, args)
     cg.add(obj.add_actions(actions))
     return obj
-
-
-async def build_callback_automation(
-    parent: MockObj,
-    callback_method: str,
-    args: TemplateArgsType,
-    config: ConfigType,
-    forwarder: MockObj | MockObjClass | None = None,
-) -> None:
-    """Build an Automation and register it as a callback on the parent.
-
-    Eliminates the need for a Trigger wrapper object by registering the
-    automation's trigger() directly as a callback on the parent component.
-
-    Uses template forwarder structs so the compiler deduplicates the operator()
-    body across all call sites with the same signature. The forwarder must be
-    pointer-sized (single Automation* field) to fit inline in Callback::ctx_
-    and avoid heap allocation.
-
-    :param parent: The component object (e.g., button, sensor).
-    :param callback_method: Name of the callback method (e.g., "add_on_press_callback").
-    :param args: Automation template args as list of (type, name) tuples.
-    :param config: The automation config dict.
-    :param forwarder: Optional forwarder type to use instead of the default
-        TriggerForwarder<Ts...>. Pass any struct type whose aggregate init takes
-        a single Automation pointer (e.g., TriggerOnTrueForwarder).
-    """
-    arg_types = [arg[0] for arg in args]
-    templ = cg.TemplateArguments(*arg_types)
-    obj = cg.new_Pvariable(config[CONF_AUTOMATION_ID], templ)
-    actions = await build_action_list(config[CONF_THEN], templ, args)
-    cg.add(obj.add_actions(actions))
-    # Use template forwarder structs for deduplication. The compiler generates
-    # one operator() per forwarder type; different automation pointers are just
-    # data in the struct.
-    if forwarder is None:
-        forwarder = TriggerForwarder.template(templ)
-    # RawExpression for aggregate init — both forwarder and obj are codegen
-    # MockObjs (not user input), and there's no Expression type for positional
-    # aggregate initialization (StructInitializer uses named fields).
-    cg.add(getattr(parent, callback_method)(cg.RawExpression(f"{forwarder}{{{obj}}}")))
-
-
-@dataclass(frozen=True, slots=True)
-class CallbackAutomation:
-    """A single callback automation entry for build_callback_automations."""
-
-    conf_key: str
-    callback_method: str
-    args: TemplateArgsType = field(default_factory=list)
-    forwarder: MockObj | MockObjClass | None = None
-
-
-async def build_callback_automations(
-    parent: MockObj,
-    config: ConfigType,
-    entries: tuple[CallbackAutomation, ...],
-) -> None:
-    """Build multiple callback automations from a tuple of entries.
-
-    :param parent: The component object (e.g., button, sensor).
-    :param config: The full component config dict.
-    :param entries: Tuple of CallbackAutomation entries to process.
-    """
-    for entry in entries:
-        for conf in config.get(entry.conf_key, []):
-            await build_callback_automation(
-                parent,
-                entry.callback_method,
-                entry.args,
-                conf,
-                forwarder=entry.forwarder,
-            )

esphome/build_gen/espidf.py

@@ -1,244 +0,0 @@
-"""ESP-IDF direct build generator for ESPHome."""
-
-import json
-from pathlib import Path
-
-from esphome.components.esp32 import get_esp32_variant, idf_version
-import esphome.config_validation as cv
-from esphome.core import CORE
-from esphome.helpers import mkdir_p, write_file_if_changed
-
-# Replaces the IDF default C++ standard (-std=gnu++2b appended to
-# CXX_COMPILE_OPTIONS by project.cmake's __build_init) with the one set via
-# cg.set_cpp_standard(). Emitted between include(project.cmake) and project(),
-# i.e. after IDF appends its default and before the options are consumed, and
-# applies project-wide like PlatformIO build_unflags.
-CPP_STANDARD_TEMPLATE = """\
-idf_build_get_property(esphome_cxx_compile_options CXX_COMPILE_OPTIONS)
-list(FILTER esphome_cxx_compile_options EXCLUDE REGEX "^-std=")
-list(APPEND esphome_cxx_compile_options "-std={standard}")
-idf_build_set_property(CXX_COMPILE_OPTIONS "${{esphome_cxx_compile_options}}")"""
-
-
-def get_available_components() -> list[str] | None:
-    """Get list of built-in ESP-IDF components from project_description.json.
-
-    Excludes ``src``, IDF-managed components (``managed_components/``), and
-    converted PIO libs (``pio_components/``). Returns ``None`` if the build
-    dir or ``project_description.json`` isn't ready yet.
-    """
-    if CORE.build_path is None:
-        return None
-    project_desc = Path(CORE.build_path) / "build" / "project_description.json"
-    if not project_desc.exists():
-        return None
-
-    try:
-        with project_desc.open(encoding="utf-8") as f:
-            data = json.load(f)
-
-        component_info = data.get("build_component_info", {})
-
-        result = []
-        for name, info in component_info.items():
-            # Exclude our own src component
-            if name == "src":
-                continue
-
-            # Exclude IDF-managed and converted-PIO components (external).
-            comp_dir = info.get("dir", "")
-            if "managed_components" in comp_dir or "pio_components" in comp_dir:
-                continue
-
-            result.append(name)
-
-        return result
-    except (json.JSONDecodeError, OSError):
-        return None
-
-
-def has_discovered_components() -> bool:
-    """Check if we have discovered components from a previous configure."""
-    return get_available_components() is not None
-
-
-def get_project_cmakelists(minimal: bool = False) -> str:
-    """Generate the top-level CMakeLists.txt for ESP-IDF project.
-
-    When ``minimal`` is true, omit ``ESPHOME_PROJECT_BUILTIN_COMPONENTS``
-    since ``project_description.json`` may be stale on the first write.
-    """
-    # Get IDF target from ESP32 variant (e.g., ESP32S3 -> esp32s3)
-    variant = get_esp32_variant()
-    idf_target = variant.lower().replace("-", "")
-
-    # esp_idf_size 2.x (bundled with IDF >=6.0) made NG the default and
-    # removed the --ng flag; on 1.x (IDF 5.5) --ng is required to get
-    # --format=raw because the legacy mode doesn't support it.
-    size_ng_flag = "--ng" if idf_version() < cv.Version(6, 0, 0) else ""
-
-    # Project-wide compile options: -D defines and -W warning flags (skip
-    # -Wl, linker flags — those go on the src component via
-    # target_link_options below). Emitted via idf_build_set_property so the
-    # flags propagate to every IDF component (including managed ones like
-    # esphome__micro-mp3) rather than just src/. Required so suppressions
-    # like ``-Wno-error=maybe-uninitialized`` actually silence warnings in
-    # third-party components we don't author.
-    project_compile_opts = [
-        flag
-        for flag in sorted(CORE.build_flags)
-        if flag.startswith("-D")
-        or (flag.startswith("-W") and not flag.startswith("-Wl,"))
-    ]
-    extra_compile_options = "\n".join(
-        f'idf_build_set_property(COMPILE_OPTIONS "{flag}" APPEND)'
-        for flag in project_compile_opts
-    )
-
-    cpp_standard_options = (
-        CPP_STANDARD_TEMPLATE.format(standard=CORE.cpp_standard)
-        if CORE.cpp_standard
-        else ""
-    )
-
-    # Per-project list exposed as a CMake variable so converted PIO libs
-    # can reference ${ESPHOME_PROJECT_MANAGED_COMPONENTS} without baking
-    # project-specific names into their cached CMakeLists.
-    #
-    # Emit via idf_build_set_property (not plain set()) so the value is
-    # serialised into build_properties.temp.cmake and visible to IDF's
-    # early requirements-expansion pass (component_get_requirements.cmake
-    # runs as a separate CMake script invocation that doesn't load the
-    # project's top-level CMakeLists; without this, ${ESPHOME_PROJECT_
-    # MANAGED_COMPONENTS} in a converted-lib REQUIRES expands to empty).
-    from esphome.components.esp32 import get_managed_component_require_names
-
-    managed_components_property = "\n".join(
-        f"idf_build_set_property(ESPHOME_PROJECT_MANAGED_COMPONENTS {name} APPEND)"
-        for name in get_managed_component_require_names()
-    )
-
-    # Built-in IDF components exposed via our own property (not IDF's
-    # __COMPONENT_REQUIRES_COMMON, which would append them to every
-    # component's REQUIRES including real IDF components). Referenced by
-    # src/CMakeLists and by each converted PIO lib's CMakeLists. Skipped
-    # on minimal writes because project_description.json may be stale.
-    builtin_components_property = (
-        ""
-        if minimal
-        else "\n".join(
-            f"idf_build_set_property(ESPHOME_PROJECT_BUILTIN_COMPONENTS {name} APPEND)"
-            for name in sorted(get_available_components() or [])
-        )
-    )
-
-    return f"""\
-# Auto-generated by ESPHome
-cmake_minimum_required(VERSION 3.16)
-
-# On Windows, Ninja can fail with:
-#   "CreateProcess: The parameter is incorrect (is the command line too long?)"
-# when compiler/linker command lines exceed the OS length limit.
-#
-# The following settings force CMake/Ninja to use *response files* (@file.rsp)
-# to pass long lists of includes, objects, and other arguments indirectly,
-# avoiding command-line length limits and fixing the build failure.
-#
-# This is especially useful for large ESP-IDF / ESPHome projects with many
-# source files or include directories.
-set(CMAKE_C_USE_RESPONSE_FILE_FOR_INCLUDES 1)
-set(CMAKE_CXX_USE_RESPONSE_FILE_FOR_INCLUDES 1)
-set(CMAKE_C_USE_RESPONSE_FILE_FOR_OBJECTS 1)
-set(CMAKE_CXX_USE_RESPONSE_FILE_FOR_OBJECTS 1)
-set(CMAKE_NINJA_FORCE_RESPONSE_FILE 1)
-
-set(IDF_TARGET {idf_target})
-set(EXTRA_COMPONENT_DIRS ${{CMAKE_SOURCE_DIR}}/src)
-
-include($ENV{{IDF_PATH}}/tools/cmake/project.cmake)
-
-{cpp_standard_options}
-
-{extra_compile_options}
-
-{managed_components_property}
-
-{builtin_components_property}
-
-project({CORE.name})
-
-# Emit raw JSON size data for ESPHome to read post-build.
-add_custom_command(
-    TARGET ${{CMAKE_PROJECT_NAME}}.elf POST_BUILD
-    COMMAND ${{PYTHON}} -m esp_idf_size {size_ng_flag} --format=raw
-            -o ${{CMAKE_BINARY_DIR}}/esp_idf_size.json
-            ${{CMAKE_PROJECT_NAME}}.map
-    WORKING_DIRECTORY ${{CMAKE_BINARY_DIR}}
-    VERBATIM
-)
-"""
-
-
-def get_component_cmakelists() -> str:
-    """Generate the main component CMakeLists.txt.
-
-    REQUIRES pulls in the discovered built-in IDF components via the
-    project-level variables set in the top-level CMakeLists.
-    """
-    # Extract linker options (-Wl, flags). Compile flags (-D, -W) are
-    # emitted project-wide via idf_build_set_property in
-    # get_project_cmakelists so they reach every component, not just src/.
-    link_opts = [flag for flag in CORE.build_flags if flag.startswith("-Wl,")]
-    link_opts_str = "\n    ".join(sorted(link_opts)) if link_opts else ""
-
-    return f"""\
-# Auto-generated by ESPHome
-# CONFIGURE_DEPENDS asks CMake to re-check the glob each build so test
-# runs that reuse the build dir don't compile stale source paths. It's
-# invalid in script mode (cmake -P), which is how IDF's
-# component_get_requirements.cmake includes us, so skip it there.
-if(CMAKE_SCRIPT_MODE_FILE)
-    file(GLOB_RECURSE app_sources
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.c"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.c"
-    )
-else()
-    file(GLOB_RECURSE app_sources CONFIGURE_DEPENDS
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.c"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.c"
-    )
-endif()
-
-idf_component_register(
-    SRCS ${{app_sources}}
-    INCLUDE_DIRS "." "esphome"
-    REQUIRES ${{ESPHOME_PROJECT_BUILTIN_COMPONENTS}}
-)
-
-# ESPHome linker options
-target_link_options(${{COMPONENT_LIB}} PUBLIC
-    {link_opts_str}
-)
-"""
-
-
-def write_project(minimal: bool = False) -> None:
-    """Write ESP-IDF project files."""
-    mkdir_p(CORE.build_path)
-    mkdir_p(CORE.relative_src_path())
-
-    # Write top-level CMakeLists.txt
-    write_file_if_changed(
-        CORE.relative_build_path("CMakeLists.txt"),
-        get_project_cmakelists(minimal=minimal),
-    )
-
-    # Write component CMakeLists.txt in src/
-    write_file_if_changed(
-        CORE.relative_src_path("CMakeLists.txt"),
-        get_component_cmakelists(),
-    )

esphome/build_gen/platformio.py

@@ -1,7 +1,7 @@
 from esphome.const import __version__
 from esphome.core import CORE
 from esphome.helpers import mkdir_p, read_file, write_file_if_changed
-from esphome.writer import find_begin_end
+from esphome.writer import find_begin_end, update_storage_json
 
 INI_AUTO_GENERATE_BEGIN = "; ========== AUTO GENERATED CODE BEGIN ==========="
 INI_AUTO_GENERATE_END = "; =========== AUTO GENERATED CODE END ============"
@@ -33,27 +33,12 @@ def format_ini(data: dict[str, str | list[str]]) -> str:
     return content
 
 
-# All -std= variants a platform/framework may set by default, in both the GNU
-# and strict dialects; unflagged so the cg.set_cpp_standard() value is the
-# only standard left in the build.
-CPP_STD_VARIANTS = [
-    f"{prefix}{year}"
-    for year in ("11", "14", "17", "20", "23", "26", "2a", "2b", "2c")
-    for prefix in ("gnu++", "c++")
-]
-
-
 def get_ini_content():
     CORE.add_platformio_option(
         "lib_deps",
         [x.as_lib_dep for x in CORE.platformio_libraries.values()]
         + ["${common.lib_deps}"],
     )
-    if CORE.cpp_standard:
-        for variant in CPP_STD_VARIANTS:
-            if variant != CORE.cpp_standard:
-                CORE.add_build_unflag(f"-std={variant}")
-        CORE.add_build_flag(f"-std={CORE.cpp_standard}")
     # Sort to avoid changing build flags order
     CORE.add_platformio_option("build_flags", sorted(CORE.build_flags))
 
@@ -73,6 +58,7 @@ def get_ini_content():
 
 
 def write_ini(content):
+    update_storage_json()
     path = CORE.relative_build_path("platformio.ini")
 
     if path.is_file():

esphome/bundle.py

@@ -1,694 +0,0 @@
-"""Config bundle creator and extractor for ESPHome.
-
-A bundle is a self-contained .tar.gz archive containing a YAML config
-and every local file it depends on. Bundles can be created from a config
-and compiled directly: ``esphome compile my_device.esphomebundle.tar.gz``
-"""
-
-from __future__ import annotations
-
-from dataclasses import dataclass
-from enum import StrEnum
-import io
-import json
-import logging
-from pathlib import Path
-import re
-import shutil
-import tarfile
-from typing import Any
-
-from esphome import const, yaml_util
-from esphome.const import (
-    CONF_ESPHOME,
-    CONF_EXTERNAL_COMPONENTS,
-    CONF_INCLUDES,
-    CONF_INCLUDES_C,
-    CONF_PATH,
-    CONF_SOURCE,
-    CONF_TYPE,
-)
-from esphome.core import CORE, EsphomeError
-
-_LOGGER = logging.getLogger(__name__)
-
-BUNDLE_EXTENSION = ".esphomebundle.tar.gz"
-MANIFEST_FILENAME = "manifest.json"
-CURRENT_MANIFEST_VERSION = 1
-MAX_DECOMPRESSED_SIZE = 500 * 1024 * 1024  # 500 MB
-MAX_MANIFEST_SIZE = 1024 * 1024  # 1 MB
-
-# Directories preserved across bundle extractions (build caches)
-_PRESERVE_DIRS = (".esphome", ".pioenvs", ".pio")
-_BUNDLE_STAGING_DIR = ".bundle_staging"
-
-
-class ManifestKey(StrEnum):
-    """Keys used in bundle manifest.json."""
-
-    MANIFEST_VERSION = "manifest_version"
-    ESPHOME_VERSION = "esphome_version"
-    CONFIG_FILENAME = "config_filename"
-    FILES = "files"
-    HAS_SECRETS = "has_secrets"
-
-
-# String prefixes that are never local file paths
-_NON_PATH_PREFIXES = ("http://", "https://", "ftp://", "mdi:", "<")
-
-# File extensions recognized when resolving relative path strings.
-# A relative string with one of these extensions is resolved against the
-# config directory and included if the file exists.
-_KNOWN_FILE_EXTENSIONS = frozenset(
-    {
-        # Fonts
-        ".ttf",
-        ".otf",
-        ".woff",
-        ".woff2",
-        ".pcf",
-        ".bdf",
-        # Images
-        ".png",
-        ".jpg",
-        ".jpeg",
-        ".bmp",
-        ".gif",
-        ".svg",
-        ".ico",
-        ".webp",
-        # Certificates
-        ".pem",
-        ".crt",
-        ".key",
-        ".der",
-        ".p12",
-        ".pfx",
-        # C/C++ includes
-        ".h",
-        ".hpp",
-        ".c",
-        ".cpp",
-        ".ino",
-        # Web assets
-        ".css",
-        ".js",
-        ".html",
-    }
-)
-
-
-# Matches !secret references in YAML text.  An optional surrounding
-# quote pair around the key is allowed and ignored: YAML treats
-# ``!secret 'foo'`` and ``!secret foo`` as the same key.  This is
-# intentionally a simple regex scan rather than a YAML parse — it may
-# match inside comments or multi-line strings, which is the conservative
-# direction (include more secrets rather than fewer).
-_SECRET_RE = re.compile(r"""!secret\s+['"]?([^\s'"]+)""")
-
-
-def _find_used_secret_keys(yaml_files: list[Path]) -> set[str]:
-    """Scan YAML files for ``!secret <key>`` references."""
-    keys: set[str] = set()
-    for fpath in yaml_files:
-        try:
-            text = fpath.read_text(encoding="utf-8")
-        except (OSError, UnicodeDecodeError):
-            continue
-        for match in _SECRET_RE.finditer(text):
-            keys.add(match.group(1))
-    return keys
-
-
-@dataclass
-class BundleFile:
-    """A file to include in the bundle."""
-
-    path: str  # Relative path inside the archive
-    source: Path  # Absolute path on disk
-
-
-@dataclass
-class BundleResult:
-    """Result of creating a bundle."""
-
-    data: bytes
-    manifest: dict[str, Any]
-    files: list[BundleFile]
-
-
-@dataclass
-class BundleManifest:
-    """Parsed and validated bundle manifest."""
-
-    manifest_version: int
-    esphome_version: str
-    config_filename: str
-    files: list[str]
-    has_secrets: bool
-
-
-class ConfigBundleCreator:
-    """Creates a self-contained bundle from an ESPHome config."""
-
-    def __init__(self, config: dict[str, Any]) -> None:
-        self._config = config
-        self._config_dir = Path(CORE.config_dir).resolve()
-        self._config_path = Path(CORE.config_path).resolve()
-        self._files: list[BundleFile] = []
-        self._seen_paths: set[Path] = set()
-        self._secrets_paths: set[Path] = set()
-
-    def discover_files(self) -> list[BundleFile]:
-        """Discover all files needed for the bundle."""
-        self._files = []
-        self._seen_paths = set()
-        self._secrets_paths = set()
-
-        # The main config file
-        self._add_file(self._config_path)
-
-        # Phase 1: YAML includes (tracked during config loading)
-        self._discover_yaml_includes()
-
-        # Phase 2: Component-referenced files from validated config
-        self._discover_component_files()
-
-        return list(self._files)
-
-    def create_bundle(self) -> BundleResult:
-        """Create the bundle archive."""
-        files = self.discover_files()
-
-        # Determine which secret keys are actually referenced by the
-        # bundled YAML files so we only ship those, not the entire
-        # secrets.yaml which may contain secrets for other devices.
-        yaml_sources = [
-            bf.source for bf in files if bf.source.suffix in (".yaml", ".yml")
-        ]
-        used_secret_keys = _find_used_secret_keys(yaml_sources)
-        filtered_secrets = self._build_filtered_secrets(used_secret_keys)
-
-        has_secrets = bool(filtered_secrets)
-        if has_secrets:
-            _LOGGER.warning(
-                "Bundle contains secrets (e.g. Wi-Fi passwords). "
-                "Do not share it with untrusted parties."
-            )
-
-        manifest = self._build_manifest(files, has_secrets=has_secrets)
-
-        buf = io.BytesIO()
-        with tarfile.open(fileobj=buf, mode="w:gz") as tar:
-            # Add manifest first
-            manifest_data = json.dumps(manifest, indent=2).encode("utf-8")
-            _add_bytes_to_tar(tar, MANIFEST_FILENAME, manifest_data)
-
-            # Add filtered secrets files
-            for rel_path, data in sorted(filtered_secrets.items()):
-                _add_bytes_to_tar(tar, rel_path, data)
-
-            # Add files in sorted order for determinism, skipping secrets
-            # files which were already added above with filtered content
-            for bf in sorted(files, key=lambda f: f.path):
-                if bf.source in self._secrets_paths:
-                    continue
-                self._add_to_tar(tar, bf)
-
-        return BundleResult(data=buf.getvalue(), manifest=manifest, files=files)
-
-    def _add_file(self, abs_path: Path) -> bool:
-        """Add a file to the bundle. Returns False if already added."""
-        abs_path = abs_path.resolve()
-        if abs_path in self._seen_paths:
-            return False
-        if not abs_path.is_file():
-            _LOGGER.warning("Bundle: skipping missing file %s", abs_path)
-            return False
-
-        rel_path = self._relative_to_config_dir(abs_path)
-        if rel_path is None:
-            _LOGGER.warning(
-                "Bundle: skipping file outside config directory: %s", abs_path
-            )
-            return False
-
-        self._seen_paths.add(abs_path)
-        self._files.append(BundleFile(path=rel_path, source=abs_path))
-        return True
-
-    def _add_directory(self, abs_path: Path) -> None:
-        """Recursively add all files in a directory."""
-        abs_path = abs_path.resolve()
-        if not abs_path.is_dir():
-            _LOGGER.warning("Bundle: skipping missing directory %s", abs_path)
-            return
-        for child in sorted(abs_path.rglob("*")):
-            if child.is_file() and "__pycache__" not in child.parts:
-                self._add_file(child)
-
-    def _relative_to_config_dir(self, abs_path: Path) -> str | None:
-        """Get a path relative to the config directory. Returns None if outside.
-
-        Always uses forward slashes for consistency in tar archives.
-        """
-        try:
-            return abs_path.relative_to(self._config_dir).as_posix()
-        except ValueError:
-            return None
-
-    def _discover_yaml_includes(self) -> None:
-        """Discover YAML files loaded during config parsing.
-
-        Delegates to :func:`yaml_util.discover_user_yaml_files`, which does a
-        fresh re-parse and force-loads every deferred ``IncludeFile`` so that
-        *all* potentially-reachable includes are captured (even branches not
-        selected by local substitutions). Bundles are meant to be compiled on
-        another system where command-line substitution overrides may choose a
-        different branch — e.g. ``!include network/${eth_model}/config.yaml``
-        must ship every candidate so the remote build can pick any one.
-        """
-        discovered = yaml_util.discover_user_yaml_files(self._config_path)
-        self._secrets_paths.update(discovered.secrets)
-        config_resolved = self._config_path.resolve()
-        for fpath in discovered.files:
-            if fpath == config_resolved:
-                continue  # Already added as config
-            self._add_file(fpath)
-
-    def _discover_component_files(self) -> None:
-        """Walk the validated config for file references.
-
-        Uses a generic recursive walk to find file paths instead of
-        hardcoding per-component knowledge about config dict formats.
-        After validation, components typically resolve paths to absolute
-        using CORE.relative_config_path() or cv.file_(). Relative paths
-        with known file extensions are also resolved and checked.
-
-        Core ESPHome concepts that use relative paths or directories
-        are handled explicitly.
-        """
-        config = self._config
-
-        # Generic walk: find all file paths in the validated config
-        self._walk_config_for_files(config)
-
-        # --- Core ESPHome concepts needing explicit handling ---
-
-        # esphome.includes / includes_c - can be relative paths and directories
-        esphome_conf = config.get(CONF_ESPHOME, {})
-        for include_path in esphome_conf.get(CONF_INCLUDES, []):
-            resolved = _resolve_include_path(include_path)
-            if resolved is None:
-                continue
-            if resolved.is_dir():
-                self._add_directory(resolved)
-            else:
-                self._add_file(resolved)
-        for include_path in esphome_conf.get(CONF_INCLUDES_C, []):
-            resolved = _resolve_include_path(include_path)
-            if resolved is not None:
-                self._add_file(resolved)
-
-        # external_components with source: local - directories
-        for ext_conf in config.get(CONF_EXTERNAL_COMPONENTS, []):
-            source = ext_conf.get(CONF_SOURCE, {})
-            if not isinstance(source, dict):
-                continue
-            if source.get(CONF_TYPE) != "local":
-                continue
-            path = source.get(CONF_PATH)
-            if not path:
-                continue
-            p = Path(path)
-            if not p.is_absolute():
-                p = CORE.relative_config_path(p)
-            self._add_directory(p)
-
-    def _walk_config_for_files(self, obj: Any) -> None:
-        """Recursively walk the config dict looking for file path references."""
-        if isinstance(obj, dict):
-            for value in obj.values():
-                self._walk_config_for_files(value)
-        elif isinstance(obj, (list, tuple)):
-            for item in obj:
-                self._walk_config_for_files(item)
-        elif isinstance(obj, Path):
-            if obj.is_absolute() and obj.is_file():
-                self._add_file(obj)
-        elif isinstance(obj, str):
-            self._check_string_path(obj)
-
-    def _check_string_path(self, value: str) -> None:
-        """Check if a string value is a local file reference."""
-        # Fast exits for strings that cannot be file paths
-        if len(value) < 2 or "\n" in value:
-            return
-        if value.startswith(_NON_PATH_PREFIXES):
-            return
-        # File paths must contain a path separator or a dot (for extension)
-        if "/" not in value and "\\" not in value and "." not in value:
-            return
-
-        p = Path(value)
-
-        # Absolute path - check if it points to an existing file
-        if p.is_absolute():
-            if p.is_file():
-                self._add_file(p)
-            return
-
-        # Relative path with a known file extension - likely a component
-        # validator that forgot to resolve to absolute via cv.file_() or
-        # CORE.relative_config_path(). Warn and try to resolve.
-        if p.suffix.lower() in _KNOWN_FILE_EXTENSIONS:
-            _LOGGER.warning(
-                "Bundle: non-absolute path in validated config: %s "
-                "(component validator should return absolute paths)",
-                value,
-            )
-            resolved = CORE.relative_config_path(p)
-            if resolved.is_file():
-                self._add_file(resolved)
-
-    def _build_filtered_secrets(self, used_keys: set[str]) -> dict[str, bytes]:
-        """Build filtered secrets files containing only the referenced keys.
-
-        Returns a dict mapping relative archive path to YAML bytes.
-        """
-        if not used_keys or not self._secrets_paths:
-            return {}
-
-        result: dict[str, bytes] = {}
-        for secrets_path in self._secrets_paths:
-            rel_path = self._relative_to_config_dir(secrets_path)
-            if rel_path is None:
-                continue
-            try:
-                all_secrets = yaml_util.load_yaml(secrets_path, clear_secrets=False)
-            except EsphomeError:
-                _LOGGER.warning("Bundle: failed to load secrets file %s", secrets_path)
-                continue
-            if not isinstance(all_secrets, dict):
-                continue
-            filtered = {k: v for k, v in all_secrets.items() if k in used_keys}
-            if filtered:
-                data = yaml_util.dump(filtered, show_secrets=True).encode("utf-8")
-                result[rel_path] = data
-        return result
-
-    def _build_manifest(
-        self, files: list[BundleFile], *, has_secrets: bool
-    ) -> dict[str, Any]:
-        """Build the manifest.json content."""
-        return {
-            ManifestKey.MANIFEST_VERSION: CURRENT_MANIFEST_VERSION,
-            ManifestKey.ESPHOME_VERSION: const.__version__,
-            ManifestKey.CONFIG_FILENAME: self._config_path.name,
-            ManifestKey.FILES: [f.path for f in files],
-            ManifestKey.HAS_SECRETS: has_secrets,
-        }
-
-    @staticmethod
-    def _add_to_tar(tar: tarfile.TarFile, bf: BundleFile) -> None:
-        """Add a BundleFile to the tar archive with deterministic metadata."""
-        with bf.source.open("rb") as f:
-            _add_bytes_to_tar(tar, bf.path, f.read())
-
-
-def extract_bundle(
-    bundle_path: Path,
-    target_dir: Path | None = None,
-) -> Path:
-    """Extract a bundle archive and return the path to the config YAML.
-
-    Sanity checks reject path traversal, symlinks, absolute paths, and
-    oversized archives to prevent accidental file overwrites or extraction
-    outside the target directory.  These are **not** a security boundary —
-    bundles are assumed to come from the user's own machine or a trusted
-    build pipeline.
-
-    Args:
-        bundle_path: Path to the .tar.gz bundle file.
-        target_dir: Directory to extract into. If None, extracts next to
-                     the bundle file in a directory named after it.
-
-    Returns:
-        Absolute path to the extracted config YAML file.
-
-    Raises:
-        EsphomeError: If the bundle is invalid or extraction fails.
-    """
-
-    bundle_path = bundle_path.resolve()
-    if not bundle_path.is_file():
-        raise EsphomeError(f"Bundle file not found: {bundle_path}")
-
-    if target_dir is None:
-        target_dir = _default_target_dir(bundle_path)
-
-    target_dir = target_dir.resolve()
-    target_dir.mkdir(parents=True, exist_ok=True)
-
-    # Read and validate the archive
-    try:
-        with tarfile.open(bundle_path, "r:gz") as tar:
-            manifest = _read_manifest_from_tar(tar)
-            _validate_tar_members(tar, target_dir)
-            tar.extractall(path=target_dir, filter="data")
-    except tarfile.TarError as err:
-        raise EsphomeError(f"Failed to extract bundle: {err}") from err
-
-    config_filename = manifest[ManifestKey.CONFIG_FILENAME]
-    config_path = target_dir / config_filename
-    if not config_path.is_file():
-        raise EsphomeError(
-            f"Bundle manifest references config '{config_filename}' "
-            f"but it was not found in the archive"
-        )
-
-    return config_path
-
-
-def read_bundle_manifest(bundle_path: Path) -> BundleManifest:
-    """Read and validate the manifest from a bundle without full extraction.
-
-    Args:
-        bundle_path: Path to the .tar.gz bundle file.
-
-    Returns:
-        Parsed BundleManifest.
-
-    Raises:
-        EsphomeError: If the manifest is missing, invalid, or version unsupported.
-    """
-
-    try:
-        with tarfile.open(bundle_path, "r:gz") as tar:
-            manifest = _read_manifest_from_tar(tar)
-    except tarfile.TarError as err:
-        raise EsphomeError(f"Failed to read bundle: {err}") from err
-
-    return BundleManifest(
-        manifest_version=manifest[ManifestKey.MANIFEST_VERSION],
-        esphome_version=manifest.get(ManifestKey.ESPHOME_VERSION, "unknown"),
-        config_filename=manifest[ManifestKey.CONFIG_FILENAME],
-        files=manifest.get(ManifestKey.FILES, []),
-        has_secrets=manifest.get(ManifestKey.HAS_SECRETS, False),
-    )
-
-
-def _read_manifest_from_tar(tar: tarfile.TarFile) -> dict[str, Any]:
-    """Read and validate manifest.json from an open tar archive."""
-
-    try:
-        member = tar.getmember(MANIFEST_FILENAME)
-    except KeyError:
-        raise EsphomeError("Invalid bundle: missing manifest.json") from None
-
-    f = tar.extractfile(member)
-    if f is None:
-        raise EsphomeError("Invalid bundle: manifest.json is not a regular file")
-
-    if member.size > MAX_MANIFEST_SIZE:
-        raise EsphomeError(
-            f"Invalid bundle: manifest.json too large "
-            f"({member.size} bytes, max {MAX_MANIFEST_SIZE})"
-        )
-
-    try:
-        manifest = json.loads(f.read())
-    except (json.JSONDecodeError, UnicodeDecodeError) as err:
-        raise EsphomeError(f"Invalid bundle: malformed manifest.json: {err}") from err
-
-    # Version check
-    version = manifest.get(ManifestKey.MANIFEST_VERSION)
-    if version is None:
-        raise EsphomeError("Invalid bundle: manifest.json missing 'manifest_version'")
-    if not isinstance(version, int) or version < 1:
-        raise EsphomeError(
-            f"Invalid bundle: manifest_version must be a positive integer, got {version!r}"
-        )
-    if version > CURRENT_MANIFEST_VERSION:
-        raise EsphomeError(
-            f"Bundle manifest version {version} is newer than this ESPHome "
-            f"version supports (max {CURRENT_MANIFEST_VERSION}). "
-            f"Please upgrade ESPHome to compile this bundle."
-        )
-
-    # Required fields
-    if ManifestKey.CONFIG_FILENAME not in manifest:
-        raise EsphomeError("Invalid bundle: manifest.json missing 'config_filename'")
-
-    return manifest
-
-
-def _validate_tar_members(tar: tarfile.TarFile, target_dir: Path) -> None:
-    """Sanity-check tar members to prevent mistakes and accidental overwrites.
-
-    This is not a security boundary — bundles are created locally or come
-    from a trusted build pipeline.  The checks catch malformed archives
-    and common mistakes (stray absolute paths, ``..`` components) that
-    could silently overwrite unrelated files.
-    """
-
-    total_size = 0
-    for member in tar.getmembers():
-        # Reject absolute paths (Unix and Windows)
-        if member.name.startswith(("/", "\\")):
-            raise EsphomeError(
-                f"Invalid bundle: absolute path in archive: {member.name}"
-            )
-
-        # Reject path traversal (split on both / and \ for cross-platform)
-        parts = re.split(r"[/\\]", member.name)
-        if ".." in parts:
-            raise EsphomeError(
-                f"Invalid bundle: path traversal in archive: {member.name}"
-            )
-
-        # Reject symlinks
-        if member.issym() or member.islnk():
-            raise EsphomeError(f"Invalid bundle: symlink in archive: {member.name}")
-
-        # Ensure extraction stays within target_dir
-        target_path = (target_dir / member.name).resolve()
-        if not target_path.is_relative_to(target_dir):
-            raise EsphomeError(
-                f"Invalid bundle: file would extract outside target: {member.name}"
-            )
-
-        # Track total decompressed size
-        total_size += member.size
-        if total_size > MAX_DECOMPRESSED_SIZE:
-            raise EsphomeError(
-                f"Invalid bundle: decompressed size exceeds "
-                f"{MAX_DECOMPRESSED_SIZE // (1024 * 1024)}MB limit"
-            )
-
-
-def is_bundle_path(path: Path) -> bool:
-    """Check if a path looks like a bundle file."""
-    return path.name.lower().endswith(BUNDLE_EXTENSION)
-
-
-def _add_bytes_to_tar(tar: tarfile.TarFile, name: str, data: bytes) -> None:
-    """Add in-memory bytes to a tar archive with deterministic metadata."""
-    info = tarfile.TarInfo(name=name)
-    info.size = len(data)
-    info.mtime = 0
-    info.uid = 0
-    info.gid = 0
-    info.mode = 0o644
-    tar.addfile(info, io.BytesIO(data))
-
-
-def _resolve_include_path(include_path: Any) -> Path | None:
-    """Resolve an include path to absolute, skipping system includes."""
-    if isinstance(include_path, str) and include_path.startswith("<"):
-        return None  # System include, not a local file
-    p = Path(include_path)
-    if not p.is_absolute():
-        p = CORE.relative_config_path(p)
-    return p
-
-
-def _default_target_dir(bundle_path: Path) -> Path:
-    """Compute the default extraction directory for a bundle."""
-    name = bundle_path.name
-    if name.lower().endswith(BUNDLE_EXTENSION):
-        name = name[: -len(BUNDLE_EXTENSION)]
-    return bundle_path.parent / name
-
-
-def _restore_preserved_dirs(preserved: dict[str, Path], target_dir: Path) -> None:
-    """Move preserved build cache directories back into target_dir.
-
-    If the bundle contained entries under a preserved directory name,
-    the extracted copy is removed so the original cache always wins.
-    """
-    for dirname, src in preserved.items():
-        dst = target_dir / dirname
-        if dst.exists():
-            shutil.rmtree(dst)
-        shutil.move(str(src), str(dst))
-
-
-def prepare_bundle_for_compile(
-    bundle_path: Path,
-    target_dir: Path | None = None,
-) -> Path:
-    """Extract a bundle for compilation, preserving build caches.
-
-    Unlike extract_bundle(), this preserves .esphome/ and .pioenvs/
-    directories in the target if they already exist (for incremental builds).
-
-    Args:
-        bundle_path: Path to the .tar.gz bundle file.
-        target_dir: Directory to extract into. Must be specified for
-                     build server use.
-
-    Returns:
-        Absolute path to the extracted config YAML file.
-    """
-
-    bundle_path = bundle_path.resolve()
-    if not bundle_path.is_file():
-        raise EsphomeError(f"Bundle file not found: {bundle_path}")
-
-    if target_dir is None:
-        target_dir = _default_target_dir(bundle_path)
-
-    target_dir = target_dir.resolve()
-    target_dir.mkdir(parents=True, exist_ok=True)
-
-    preserved: dict[str, Path] = {}
-
-    # Temporarily move preserved dirs out of the way
-    staging = target_dir / _BUNDLE_STAGING_DIR
-    for dirname in _PRESERVE_DIRS:
-        src = target_dir / dirname
-        if src.is_dir():
-            dst = staging / dirname
-            dst.parent.mkdir(parents=True, exist_ok=True)
-            shutil.move(str(src), str(dst))
-            preserved[dirname] = dst
-
-    try:
-        # Clean non-preserved content and extract fresh
-        for item in target_dir.iterdir():
-            if item.name == _BUNDLE_STAGING_DIR:
-                continue
-            if item.is_dir():
-                shutil.rmtree(item)
-            else:
-                item.unlink()
-
-        config_path = extract_bundle(bundle_path, target_dir)
-    finally:
-        # Restore preserved dirs (idempotent) and clean staging
-        _restore_preserved_dirs(preserved, target_dir)
-        if staging.is_dir():
-            shutil.rmtree(staging)
-
-    return config_path

esphome/codegen.py

@@ -11,7 +11,6 @@
 from esphome.cpp_generator import (  # noqa: F401
     ArrayInitializer,
     Expression,
-    FlashStringLiteral,
     LineComment,
     LogStringLiteral,
     MockObj,
@@ -70,7 +69,6 @@ from esphome.cpp_types import (  # noqa: F401
     JsonObjectConst,
     Parented,
     PollingComponent,
-    StringRef,
     arduino_json_ns,
     bool_,
     const_char_ptr,
@@ -79,7 +77,6 @@ from esphome.cpp_types import (  # noqa: F401
     float_,
     global_ns,
     gpio_Flags,
-    int8,
     int16,
     int32,
     int64,
@@ -89,7 +86,6 @@ from esphome.cpp_types import (  # noqa: F401
     size_t,
     std_ns,
     std_shared_ptr,
-    std_span,
     std_string,
     std_string_ref,
     std_vector,

esphome/compiled_config.py

@@ -1,76 +0,0 @@
-"""Validated-config cache for the upload/logs fast path.
-
-compile dumps the validated config to <data_dir>/storage/<file>.validated.yaml;
-the next upload/logs for that YAML reuses it instead of running the full
-read_config pipeline. YAML round-trip (yaml_util.dump/load_yaml) keeps
-!lambda/!include/IDs/paths intact; mtime gates staleness.
-"""
-
-from __future__ import annotations
-
-import logging
-from pathlib import Path
-
-from esphome.core import CORE
-from esphome.helpers import write_file
-from esphome.storage_json import StorageJSON, ext_storage_path
-from esphome.types import ConfigType
-
-_LOGGER = logging.getLogger(__name__)
-
-
-def compiled_config_path(config_filename: str) -> Path:
-    """Path to the cached validated config alongside the storage sidecar."""
-    return CORE.data_dir / "storage" / f"{config_filename}.validated.yaml"
-
-
-def _cache_is_fresh(cache_path: Path, source_path: Path) -> bool:
-    """True iff the cache file exists and isn't older than the source."""
-    try:
-        return cache_path.stat().st_mtime >= source_path.stat().st_mtime
-    except OSError:
-        return False
-
-
-def save_compiled_config(config: ConfigType) -> None:
-    """Write the validated-config cache. Always-write so mtime stays fresh.
-
-    Mode 0600 because show_secrets=True resolves !secret inline.
-    Failures are non-fatal: the fast path falls back to read_config.
-    """
-    from esphome import yaml_util
-
-    try:
-        rendered = yaml_util.dump(config, show_secrets=True)
-        write_file(compiled_config_path(CORE.config_filename), rendered, private=True)
-    except Exception as err:  # noqa: BLE001  # pylint: disable=broad-except
-        _LOGGER.debug("Skipping compiled config cache write: %s", err)
-
-
-def load_compiled_config(conf_path: Path) -> ConfigType | None:
-    """Load the cached validated config and apply storage metadata to CORE.
-
-    Returns None (caller falls back to read_config) when the cache is
-    missing, older than the source YAML, unparseable, or the sidecar
-    is incomplete.
-    """
-    cache_path = compiled_config_path(conf_path.name)
-    if not _cache_is_fresh(cache_path, conf_path):
-        return None
-
-    from esphome import yaml_util
-
-    try:
-        config = yaml_util.load_yaml(cache_path, clear_secrets=False)
-    except Exception:  # noqa: BLE001  # pylint: disable=broad-except
-        return None
-
-    storage = StorageJSON.load(ext_storage_path(conf_path.name))
-    if storage is None:
-        return None
-    # apply_to_core assumes a real compile wrote the sidecar; wizard-only
-    # sidecars leave both of these unset and can't drive upload/logs.
-    if not storage.core_platform and not storage.target_platform:
-        return None
-    storage.apply_to_core()
-    return config

esphome/components/a01nyub/a01nyub.cpp

@@ -4,7 +4,8 @@
 #include "esphome/core/helpers.h"
 #include "esphome/core/log.h"
 
-namespace esphome::a01nyub {
+namespace esphome {
+namespace a01nyub {
 
 static const char *const TAG = "a01nyub.sensor";
 
@@ -29,9 +30,7 @@ void A01nyubComponent::check_buffer_() {
       ESP_LOGV(TAG, "Distance from sensor: %f mm, %f m", distance, meters);
       this->publish_state(meters);
     } else {
-      char hex_buf[format_hex_pretty_size(4)];
-      ESP_LOGW(TAG, "Invalid data read from sensor: %s",
-               format_hex_pretty_to(hex_buf, this->buffer_.data(), this->buffer_.size()));
+      ESP_LOGW(TAG, "Invalid data read from sensor: %s", format_hex_pretty(this->buffer_).c_str());
     }
   } else {
     ESP_LOGW(TAG, "checksum failed: %02x != %02x", checksum, this->buffer_[3]);
@@ -41,4 +40,5 @@ void A01nyubComponent::check_buffer_() {
 
 void A01nyubComponent::dump_config() { LOG_SENSOR("", "A01nyub Sensor", this); }
 
-}  // namespace esphome::a01nyub
+}  // namespace a01nyub
+}  // namespace esphome

esphome/components/a01nyub/a01nyub.h

@@ -6,7 +6,8 @@
 #include "esphome/components/sensor/sensor.h"
 #include "esphome/components/uart/uart.h"
 
-namespace esphome::a01nyub {
+namespace esphome {
+namespace a01nyub {
 
 class A01nyubComponent : public sensor::Sensor, public Component, public uart::UARTDevice {
  public:
@@ -22,4 +23,5 @@ class A01nyubComponent : public sensor::Sensor, public Component, public uart::U
   std::vector<uint8_t> buffer_;
 };
 
-}  // namespace esphome::a01nyub
+}  // namespace a01nyub
+}  // namespace esphome

esphome/components/a02yyuw/a02yyuw.cpp

@@ -4,7 +4,8 @@
 #include "esphome/core/helpers.h"
 #include "esphome/core/log.h"
 
-namespace esphome::a02yyuw {
+namespace esphome {
+namespace a02yyuw {
 
 static const char *const TAG = "a02yyuw.sensor";
 
@@ -28,9 +29,7 @@ void A02yyuwComponent::check_buffer_() {
       ESP_LOGV(TAG, "Distance from sensor: %f mm", distance);
       this->publish_state(distance);
     } else {
-      char hex_buf[format_hex_pretty_size(4)];
-      ESP_LOGW(TAG, "Invalid data read from sensor: %s",
-               format_hex_pretty_to(hex_buf, this->buffer_.data(), this->buffer_.size()));
+      ESP_LOGW(TAG, "Invalid data read from sensor: %s", format_hex_pretty(this->buffer_).c_str());
     }
   } else {
     ESP_LOGW(TAG, "checksum failed: %02x != %02x", checksum, this->buffer_[3]);
@@ -40,4 +39,5 @@ void A02yyuwComponent::check_buffer_() {
 
 void A02yyuwComponent::dump_config() { LOG_SENSOR("", "A02yyuw Sensor", this); }
 
-}  // namespace esphome::a02yyuw
+}  // namespace a02yyuw
+}  // namespace esphome

esphome/components/a02yyuw/a02yyuw.h

@@ -6,7 +6,8 @@
 #include "esphome/components/sensor/sensor.h"
 #include "esphome/components/uart/uart.h"
 
-namespace esphome::a02yyuw {
+namespace esphome {
+namespace a02yyuw {
 
 class A02yyuwComponent : public sensor::Sensor, public Component, public uart::UARTDevice {
  public:
@@ -22,4 +23,5 @@ class A02yyuwComponent : public sensor::Sensor, public Component, public uart::U
   std::vector<uint8_t> buffer_;
 };
 
-}  // namespace esphome::a02yyuw
+}  // namespace a02yyuw
+}  // namespace esphome

esphome/components/a4988/a4988.cpp

@@ -1,7 +1,8 @@
 #include "a4988.h"
 #include "esphome/core/log.h"
 
-namespace esphome::a4988 {
+namespace esphome {
+namespace a4988 {
 
 static const char *const TAG = "a4988.stepper";
 
@@ -50,4 +51,5 @@ void A4988::loop() {
   this->step_pin_->digital_write(false);
 }
 
-}  // namespace esphome::a4988
+}  // namespace a4988
+}  // namespace esphome