Initial plan

2026-06-25 10:24:17 +00:00 · 2026-02-20 06:05:27 +00:00
4031 changed files with 58951 additions and 162209 deletions
--- a/.ai/instructions.md
+++ b/.ai/instructions.md
@@ -14,7 +14,7 @@ This document provides essential context for AI models interacting with this pro
 *   **Build Systems:** PlatformIO is the primary build system. CMake is used as an alternative.
 *   **Configuration:** YAML.
 *   **Key Libraries/Dependencies:**
-    *   **Python:** `voluptuous` (for configuration validation), `PyYAML` (for parsing configuration files), `paho-mqtt` (for MQTT communication), `aioesphomeapi` (for the native API).
+    *   **Python:** `voluptuous` (for configuration validation), `PyYAML` (for parsing configuration files), `paho-mqtt` (for MQTT communication), `tornado` (for the web server), `aioesphomeapi` (for the native API).
    *   **C++:** `ArduinoJson` (for JSON serialization/deserialization), `AsyncMqttClient-esphome` (for MQTT), `ESPAsyncWebServer` (for the web server).
 *   **Package Manager(s):** `pip` (for Python dependencies), `platformio` (for C++/PlatformIO dependencies).
 *   **Communication Protocols:** Protobuf (for native API), MQTT, HTTP.
@@ -35,6 +35,7 @@ This document provides essential context for AI models interacting with this pro
    2.  **Code Generation** (`esphome/codegen.py`, `esphome/cpp_generator.py`): Manages Python to C++ code generation, template processing, and build flag management.
    3.  **Component System** (`esphome/components/`): Contains modular hardware and software components with platform-specific implementations and dependency management.
    4.  **Core Framework** (`esphome/core/`): Manages the application lifecycle, hardware abstraction, and component registration.
+    5.  **Dashboard** (`esphome/dashboard/`): A web-based interface for device configuration, management, and OTA updates.

 *   **Platform Support:**
    1.  **ESP32** (`components/esp32/`): Espressif ESP32 family. Supports multiple variants (Original, C2, C3, C5, C6, H2, P4, S2, S3) with ESP-IDF framework. Arduino framework supports only a subset of the variants (Original, C3, S2, S3).
@@ -58,19 +59,6 @@ This document provides essential context for AI models interacting with this pro
        - Protected/private fields: `lower_snake_case_with_trailing_underscore_`
        - Favor descriptive names over abbreviations

-*   **Python Idioms:**
-    *   **Assignment expressions (PEP 572):** Prefer the walrus operator (`:=`) wherever it removes a redundant lookup or a throwaway temporary. The most common case in component code is presence-checking a config key and then indexing it separately — fetch once with `.get()` and bind in the condition instead:
-        ```python
-        # Bad - looks up CONF_BLAH twice
-        if CONF_BLAH in config:
-            cg.add(var.set_blah(config[CONF_BLAH]))
-
-        # Good - single lookup, value bound inline
-        if (blah := config.get(CONF_BLAH)) is not None:
-            cg.add(var.set_blah(blah))
-        ```
-        The same applies to `while` loops and comprehensions where it avoids recomputing a value. Don't contort code to use it — reach for `:=` only when it genuinely cuts repetition or an extra assignment line.
-
 *   **C++ Field Visibility:**
    *   **Prefer `protected`:** Use `protected` for most class fields to enable extensibility and testing. Fields should be `lower_snake_case_with_trailing_underscore_`.
    *   **Use `private` for safety-critical cases:** Use `private` visibility when direct field access could introduce bugs or violate invariants:
@@ -136,28 +124,6 @@ This document provides essential context for AI models interacting with this pro
    *   **Indentation:** Use spaces (two per indentation level), not tabs
    *   **Type aliases:** Prefer `using type_t = int;` over `typedef int type_t;`
    *   **Line length:** Wrap lines at no more than 120 characters
-    *   **Constructor parameters vs setters:** Component properties that are both **required** and **invariant**
-        (never change after construction) should be constructor parameters rather than set via setter methods.
-        This makes the dependency explicit and prevents use of the object in an incompletely-initialized state.
-        In code generation, when calling `cg.new_Pvariable()` or the relevant helper function to create the component, pass these as arguments.
-        ```cpp
-        // Good - required invariant dependency as constructor parameter
-        class SourceTextSensor : public text_sensor::TextSensor, public Component {
-         public:
-          explicit SourceTextSensor(text::Text *source) : source_(source) {}
-         protected:
-          text::Text *source_;
-        };
-        ```
-        ```cpp
-        // Bad - required invariant dependency as setter
-        class SourceTextSensor : public text_sensor::TextSensor, public Component {
-         public:
-          void set_source(text::Text *source) { this->source_ = source; }
-         protected:
-          text::Text *source_{nullptr};
-        };
-        ```

 *   **Component Structure:**
    *   **Standard Files:**
@@ -251,123 +217,6 @@ This document provides essential context for AI models interacting with this pro
              var = await switch.new_switch(config)
          ```

-*   **Automations (Triggers, Actions, Conditions):**
-
-    Automations have three building blocks: **Triggers** (fire when something happens), **Actions** (do something), and **Conditions** (check if something is true).
-
-    *   **Triggers -- Callback method (preferred):**
-
-        Use `build_callback_automation()` for simple triggers. This eliminates the need for a C++ Trigger class by using a lightweight pointer-sized forwarder struct registered directly as a callback. No `CONF_TRIGGER_ID` in the schema.
-
-        **Python:**
-        ```python
-        from esphome import automation
-
-        CONFIG_SCHEMA = cv.Schema({
-            cv.GenerateID(): cv.declare_id(MyComponent),
-            cv.Optional(CONF_ON_STATE): automation.validate_automation({}),
-        }).extend(cv.COMPONENT_SCHEMA)
-
-        async def to_code(config):
-            var = cg.new_Pvariable(config[CONF_ID])
-            await cg.register_component(var, config)
-            for conf in config.get(CONF_ON_STATE, []):
-                await automation.build_callback_automation(
-                    var, "add_on_state_callback", [(bool, "x")], conf
-                )
-        ```
-
-        `build_callback_automation` arguments: `parent`, `callback_method` (C++ method name), `args` (template args as `[(type, name)]` tuples), `config`, and optional `forwarder` (defaults to `TriggerForwarder<Ts...>`).
-
-        For boolean filtering (e.g. `on_press`/`on_release`), use built-in forwarders with `args=[]`:
-        ```python
-        for conf_key, forwarder in (
-            (CONF_ON_PRESS, automation.TriggerOnTrueForwarder),
-            (CONF_ON_RELEASE, automation.TriggerOnFalseForwarder),
-        ):
-            for conf in config.get(conf_key, []):
-                await automation.build_callback_automation(
-                    var, "add_on_state_callback", [], conf, forwarder=forwarder
-                )
-        ```
-
-        **C++ -- no trigger class needed.** The callback registration method must be templatized to accept both `std::function` and lightweight forwarder structs (which avoid heap allocation):
-        ```cpp
-        class MyComponent : public Component {
-         public:
-          // Must be a template -- accepts both std::function and pointer-sized forwarder structs
-          template<typename F> void add_on_state_callback(F &&callback) {
-            this->state_callback_.add(std::forward<F>(callback));
-          }
-         protected:
-          // Use CallbackManager when callbacks are always registered (e.g. core components)
-          CallbackManager<void(bool)> state_callback_;
-          // Use LazyCallbackManager when callbacks are often not registered -- saves 8 bytes
-          // (nullptr vs empty std::vector) per instance when no callbacks are added
-          // LazyCallbackManager<void(bool)> state_callback_;
-        };
-        ```
-
-    *   **Triggers -- Trigger class method:**
-
-        Use `build_automation()` with a `Trigger<Ts...>` subclass only when the forwarder needs **mutable state beyond a single `Automation*` pointer** (e.g. edge detection tracking previous state, timing logic).
-
-        **Python:**
-        ```python
-        TurnOnTrigger = my_ns.class_("TurnOnTrigger", automation.Trigger.template())
-
-        CONFIG_SCHEMA = cv.Schema({
-            cv.Optional(CONF_ON_TURN_ON): automation.validate_automation(
-                {cv.GenerateID(CONF_TRIGGER_ID): cv.declare_id(TurnOnTrigger)}
-            ),
-        })
-
-        async def to_code(config):
-            for conf in config.get(CONF_ON_TURN_ON, []):
-                trigger = cg.new_Pvariable(conf[CONF_TRIGGER_ID], var)
-                await automation.build_automation(trigger, [], conf)
-        ```
-
-        **C++:**
-        ```cpp
-        class TurnOnTrigger : public Trigger<> {
-         public:
-          explicit TurnOnTrigger(MyComponent *parent) : last_on_{false} {
-            parent->add_on_state_callback([this](bool state) {
-              if (state && !this->last_on_)
-                this->trigger();
-              this->last_on_ = state;
-            });
-          }
-         protected:
-          bool last_on_;
-        };
-        ```
-
-    *   **Actions:**
-        ```cpp
-        template<typename... Ts> class MyAction : public Action<Ts...> {
-         public:
-          explicit MyAction(MyComponent *parent) : parent_(parent) {}
-          void play(const Ts &...) override { this->parent_->do_something(); }
-         protected:
-          MyComponent *parent_;
-        };
-        ```
-        Register with `@automation.register_action("my_component.do_something", MyAction, schema, synchronous=True)`. Use `synchronous=True` for actions that run to completion inside `play()` without deferring. Use `synchronous=False` if the action may suspend/defer execution (e.g. `delay`, `wait_until`, `script.wait`) or store trigger arguments for later use.
-
-    *   **Conditions:**
-        ```cpp
-        template<typename... Ts> class MyCondition : public Condition<Ts...> {
-         public:
-          explicit MyCondition(MyComponent *parent) : parent_(parent) {}
-          bool check(const Ts &...) override { return this->parent_->is_active(); }
-         protected:
-          MyComponent *parent_;
-        };
-        ```
-        Register with `@automation.register_condition("my_component.is_active", MyCondition, schema)`.
-
 *   **Configuration Validation:**
    *   **Common Validators:** `cv.int_`, `cv.float_`, `cv.string`, `cv.boolean`, `cv.int_range(min=0, max=100)`, `cv.positive_int`, `cv.percentage`.
    *   **Complex Validation:** `cv.All(cv.string, cv.Length(min=1, max=50))`, `cv.Any(cv.int_, cv.string)`.
@@ -403,49 +252,10 @@ This document provides essential context for AI models interacting with this pro
    *   **Component Tests:** YAML-based compilation tests are located in `tests/`. The structure is as follows:
        ```
        tests/
-        ├── test_build_components/
-        │   └── common/          # Shared bus packages (uart, i2c, spi, etc.)
-        │       ├── uart/        # UART at default baud rate
-        │       ├── uart_115200/ # UART at 115200 baud
-        │       ├── i2c/         # I2C bus
-        │       └── spi/         # SPI bus
-        └── components/[component]/
-            ├── common.yaml          # Component-only config (no bus definitions)
-            ├── test.esp32-idf.yaml      # config + compile
-            ├── test.esp8266-ard.yaml    # config + compile
-            ├── test-variant.esp32-idf.yaml  # variant test, config + compile
-            ├── validate.esp32-idf.yaml      # config-only (never compiled)
-            └── validate-legacy.esp32-idf.yaml  # config-only variant
+        ├── test_build_components/ # Base test configurations
+        └── components/[component]/ # Component-specific tests
        ```
        Run them using `script/test_build_components`. Use `-c <component>` to test specific components and `-t <target>` for specific platforms.
-
-    *   **Config-only test files (`validate.*.yaml`):** Use this prefix when a YAML file only needs to exercise schema/validation paths and does not need to be compiled. CI runs `validate.*.yaml` files with `esphome config` only and skips them during compile. The grammar mirrors `test.*.yaml`:
-        - `validate.<platform>.yaml` — base config-only test
-        - `validate-<variant>.<platform>.yaml` — config-only variant
-
-        Use this for things like deprecated-syntax migration tests, schema edge cases, or platform-specific validation branches where building firmware adds no signal. A component may have any mix of `test.*.yaml` and `validate.*.yaml` files. Validate files never participate in bus-grouping; each one runs as its own `esphome config` invocation.
-
-        When a PR's only edits to a component are `validate.*.yaml` files (no source changes, no `test.*.yaml` changes, and the component isn't pulled in as a dependency of another changed component), CI skips the compile stage for that component entirely and only runs config validation. This is decided in `script/determine-jobs.py` via `_component_change_is_validate_only` and surfaced as the `validate_only_components` output that the `test-build-components-split` job consumes.
-
-    *   **Test Grouping with Packages:** Components that use shared bus packages can be grouped together in CI to reduce build count. **Never define buses (uart, i2c, spi, modbus) directly in test YAML files** — always use packages from `test_build_components/common/`:
-        ```yaml
-        # test.esp32-idf.yaml — use packages for buses
-        packages:
-          uart: !include ../../test_build_components/common/uart_115200/esp32-idf.yaml
-
-        <<: !include common.yaml
-        ```
-        ```yaml
-        # common.yaml — component config only, NO bus definitions
-        my_component:
-          id: my_instance
-
-        sensor:
-          - platform: my_component
-            name: My Sensor
-        ```
-        Components that define buses directly are flagged as "NEEDS MIGRATION" and cannot be grouped, increasing CI build time.
-
    *   **Testing All Components Together:** To verify that all components can be tested together without ID conflicts or configuration issues, use:
        ```bash
        ./script/test_component_grouping.py -e config --all
@@ -455,6 +265,7 @@ This document provides essential context for AI models interacting with this pro
    *   **Debug Tools:**
        - `esphome config <file>.yaml` to validate configuration.
        - `esphome compile <file>.yaml` to compile without uploading.
+        - Check the Dashboard for real-time logs.
        - Use component-specific debug logging.
    *   **Common Issues:**
        - **Import Errors**: Check component dependencies and `PYTHONPATH`.
@@ -473,9 +284,8 @@ This document provides essential context for AI models interacting with this pro
    6.  **Pull Request:** Submit a PR against the `dev` branch. The Pull Request title should have a prefix of the component being worked on (e.g., `[display] Fix bug`, `[abc123] Add new component`). Update documentation, examples, and add `CODEOWNERS` entries as needed. Pull requests should always be made using the `.github/PULL_REQUEST_TEMPLATE.md` template - fill out all sections completely without removing any parts of the template.

 *   **Documentation Contributions:**
-    *   Documentation is hosted in the separate `esphome/esphome.io` repository.
+    *   Documentation is hosted in the separate `esphome/esphome-docs` repository.
    *   The contribution workflow is the same as for the codebase.
-    *   When editing a component's documentation page, also update the corresponding component index page to ensure both pages remain in sync.

 *   **Best Practices:**
    *   **Component Development:** Keep dependencies minimal, provide clear error messages, and write comprehensive docstrings and tests.
@@ -584,30 +394,6 @@ This document provides essential context for AI models interacting with this pro

        Note: Avoiding heap allocation after `setup()` is always required regardless of component type. The prioritization above is about the effort spent on container optimization (e.g., migrating from `std::vector` to `StaticVector`).

-        **Callback Managers:**
-
-        ESPHome provides two callback manager types in `esphome/core/helpers.h` for the observer pattern. Both support `std::function`, lambdas, and lightweight forwarder structs via their templatized `add()` method.
-
-        | Type | Idle overhead (32-bit) | When to use |
-        |------|----------------------|-------------|
-        | `CallbackManager<void(Ts...)>` | 12 bytes (empty `std::vector`) | Callbacks are always or almost always registered |
-        | `LazyCallbackManager<void(Ts...)>` | 4 bytes (`nullptr`) | Callbacks are often not registered (common case) |
-
-        `LazyCallbackManager` is a drop-in replacement for `CallbackManager` that defers allocation until the first callback is added. Prefer it for entity-level callbacks where most instances have no subscribers.
-
-        **Important:** Registration methods that add to a callback manager **must always be templatized** to accept both `std::function` and pointer-sized forwarder structs (used by `build_callback_automation`). Never use `std::function` in the method signature:
-        ```cpp
-        // Bad -- forces heap allocation for forwarder structs
-        void add_on_state_callback(std::function<void(bool)> &&callback) {
-          this->state_callback_.add(std::move(callback));
-        }
-
-        // Good -- accepts any callable without forcing std::function wrapping
-        template<typename F> void add_on_state_callback(F &&callback) {
-          this->state_callback_.add(std::forward<F>(callback));
-        }
-        ```
-
    *   **State Management:** Use `CORE.data` for component state that needs to persist during configuration generation. Avoid module-level mutable globals.

        **Bad Pattern (Module-Level Globals):**
@@ -656,7 +442,7 @@ This document provides essential context for AI models interacting with this pro
        If you need a real-world example, search for components that use `@dataclass` with `CORE.data` in the codebase. Note: Some components may use `TypedDict` for dictionary-based storage; both patterns are acceptable depending on your needs.

        **Why this matters:**
-        - Module-level globals persist between compilation runs if the host process (e.g. device-builder) doesn't fork/exec
+        - Module-level globals persist between compilation runs if the dashboard doesn't fork/exec
        - `CORE.data` automatically clears between runs
        - Namespacing under `DOMAIN` prevents key collisions between components
        - `@dataclass` provides type safety and cleaner attribute access
@@ -692,7 +478,7 @@ This document provides essential context for AI models interacting with this pro
    - [ ] Explored non-breaking alternatives
    - [ ] Added deprecation warnings if possible (use `ESPDEPRECATED` macro for C++)
    - [ ] Documented migration path in PR description with before/after examples
-    - [ ] Updated all internal usage and esphome.io
+    - [ ] Updated all internal usage and esphome-docs
    - [ ] Tested backward compatibility during deprecation period

 *   **Deprecation Pattern (C++):**
--- a/.clang-tidy
+++ b/.clang-tidy
@@ -5,30 +5,24 @@ Checks: >-
  -altera-*,
  -android-*,
  -boost-*,
-  -bugprone-derived-method-shadowing-base-method,
  -bugprone-easily-swappable-parameters,
  -bugprone-implicit-widening-of-multiplication-result,
-  -bugprone-invalid-enum-default-initialization,
  -bugprone-multi-level-implicit-pointer-conversion,
  -bugprone-narrowing-conversions,
-  -bugprone-tagged-union-member-count,
  -bugprone-signed-char-misuse,
  -bugprone-switch-missing-default-case,
  -cert-dcl50-cpp,
  -cert-err33-c,
  -cert-err58-cpp,
-  -cert-int09-c,
  -cert-oop57-cpp,
  -cert-str34-c,
  -clang-analyzer-optin.core.EnumCastOutOfRange,
  -clang-analyzer-optin.cplusplus.UninitializedObject,
  -clang-analyzer-osx.*,
-  -clang-analyzer-security.ArrayBound,
  -clang-diagnostic-delete-abstract-non-virtual-dtor,
  -clang-diagnostic-delete-non-abstract-non-virtual-dtor,
  -clang-diagnostic-deprecated-declarations,
  -clang-diagnostic-ignored-optimization-argument,
-  -clang-diagnostic-missing-designated-field-initializers,
  -clang-diagnostic-missing-field-initializers,
  -clang-diagnostic-shadow-field,
  -clang-diagnostic-unused-const-variable,
@@ -48,7 +42,6 @@ Checks: >-
  -cppcoreguidelines-owning-memory,
  -cppcoreguidelines-prefer-member-initializer,
  -cppcoreguidelines-pro-bounds-array-to-pointer-decay,
-  -cppcoreguidelines-pro-bounds-avoid-unchecked-container-access,
  -cppcoreguidelines-pro-bounds-constant-array-index,
  -cppcoreguidelines-pro-bounds-pointer-arithmetic,
  -cppcoreguidelines-pro-type-const-cast,
@@ -61,13 +54,12 @@ Checks: >-
  -cppcoreguidelines-rvalue-reference-param-not-moved,
  -cppcoreguidelines-special-member-functions,
  -cppcoreguidelines-use-default-member-init,
-  -cppcoreguidelines-use-enum-class,
  -cppcoreguidelines-virtual-class-destructor,
-  -fuchsia-default-arguments-calls,
-  -fuchsia-default-arguments-declarations,
  -fuchsia-multiple-inheritance,
  -fuchsia-overloaded-operator,
  -fuchsia-statically-constructed-objects,
+  -fuchsia-default-arguments-declarations,
+  -fuchsia-default-arguments-calls,
  -google-build-using-namespace,
  -google-explicit-constructor,
  -google-readability-braces-around-statements,
@@ -79,63 +71,49 @@ Checks: >-
  -llvm-else-after-return,
  -llvm-header-guard,
  -llvm-include-order,
-  -llvm-prefer-static-over-anonymous-namespace,
  -llvm-qualified-auto,
-  -llvm-use-ranges,
  -llvmlibc-*,
  -misc-const-correctness,
  -misc-include-cleaner,
-  -misc-multiple-inheritance,
  -misc-no-recursion,
  -misc-non-private-member-variables-in-classes,
-  -misc-override-with-different-visibility,
  -misc-unused-parameters,
  -misc-use-anonymous-namespace,
-  -misc-use-internal-linkage,
  -modernize-avoid-bind,
-  -modernize-avoid-variadic-functions,
  -modernize-avoid-c-arrays,
-  -modernize-avoid-c-style-cast,
+  -modernize-concat-nested-namespaces,
  -modernize-macro-to-enum,
  -modernize-return-braced-init-list,
  -modernize-type-traits,
  -modernize-use-auto,
  -modernize-use-constraints,
  -modernize-use-default-member-init,
-  -modernize-use-designated-initializers,
  -modernize-use-equals-default,
-  -modernize-use-integer-sign-comparison,
  -modernize-use-nodiscard,
  -modernize-use-nullptr,
-  -modernize-use-ranges,
+  -modernize-use-nodiscard,
+  -modernize-use-nullptr,
  -modernize-use-trailing-return-type,
  -mpi-*,
  -objc-*,
  -performance-enum-size,
-  -portability-avoid-pragma-once,
-  -portability-template-virtual-member-function,
-  -readability-ambiguous-smartptr-reset-call,
  -readability-avoid-nested-conditional-operator,
+  -readability-container-contains,
  -readability-container-data-pointer,
  -readability-convert-member-functions-to-static,
  -readability-else-after-return,
-  -readability-enum-initial-value,
  -readability-function-cognitive-complexity,
  -readability-implicit-bool-conversion,
  -readability-isolate-declaration,
  -readability-magic-numbers,
  -readability-make-member-function-const,
-  -readability-math-missing-parentheses,
  -readability-named-parameter,
  -readability-redundant-casting,
  -readability-redundant-inline-specifier,
  -readability-redundant-member-init,
-  -readability-redundant-parentheses,
-  -readability-redundant-typename,
+  -readability-redundant-string-init,
  -readability-uppercase-literal-suffix,
  -readability-use-anyofallof,
-  -readability-use-std-min-max,
-  -readability-use-concise-preprocessor-directives,
 WarningsAsErrors: '*'
 FormatStyle:     google
 CheckOptions:
--- a/.clang-tidy.hash
+++ b/.clang-tidy.hash
@@ -0,0 +1 @@
+3258307fa645ba77307e502075c02c4d710e92c48250839db3526d36a9655444
--- a/.claude/skills/pr-workflow/SKILL.md
+++ b/.claude/skills/pr-workflow/SKILL.md
@@ -29,7 +29,7 @@ Required fields:
 - **What does this implement/fix?**: Brief description of changes
 - **Types of changes**: Check ONE appropriate box (Bugfix, New feature, Breaking change, etc.)
 - **Related issue**: Use `fixes <link>` syntax if applicable
- **Pull request in esphome.io**: Link if docs are needed
+- **Pull request in esphome-docs**: Link if docs are needed
 - **Test Environment**: Check platforms you tested on
 - **Example config.yaml**: Include working example YAML
 - **Checklist**: Verify code is tested and tests added
@@ -54,9 +54,9 @@ Required fields:

 - fixes https://github.com/esphome/esphome/issues/XXX

-**Pull request in [esphome.io](https://github.com/esphome/esphome.io) with documentation (if applicable):**
+**Pull request in [esphome-docs](https://github.com/esphome/esphome-docs) with documentation (if applicable):**

- esphome/esphome.io#XXX
+- esphome/esphome-docs#XXX

 ## Test Environment

@@ -83,7 +83,7 @@ component_name:
  - [x] Tests have been added to verify that the new code works (under `tests/` folder).

 If user exposed functionality or configuration variables are added/changed:
-  - [ ] Documentation added/updated in [esphome.io](https://github.com/esphome/esphome.io).
+  - [ ] Documentation added/updated in [esphome-docs](https://github.com/esphome/esphome-docs).
 ```

 ## 5. Push and Create PR
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -12,7 +12,7 @@
    "--privileged",
    "-e",
    "GIT_EDITOR=code --wait"
-    // uncomment and edit the path in order to pass through local USB serial to the container
+    // uncomment and edit the path in order to pass though local USB serial to the conatiner
    // , "--device=/dev/ttyACM0"
  ],
  "appPort": 6052,
--- a/.dockerignore
+++ b/.dockerignore
@@ -115,4 +115,4 @@ examples/
 Dockerfile
 .git/
 tests/
-.?*
+.*
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -2,7 +2,7 @@
 blank_issues_enabled: false
 contact_links:
  - name: Report an issue with the ESPHome documentation
-    url: https://github.com/esphome/esphome.io/issues/new/choose
+    url: https://github.com/esphome/esphome-docs/issues/new/choose
    about: Report an issue with the ESPHome documentation.
  - name: Report an issue with the ESPHome web server
    url: https://github.com/esphome/esphome-webserver/issues/new/choose
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -6,9 +6,8 @@

 - [ ] Bugfix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) — [policy](https://developers.esphome.io/contributing/code/#what-constitutes-a-c-breaking-change)
- [ ] Developer breaking change (an API change that could break external components) — [policy](https://developers.esphome.io/contributing/code/#what-is-considered-public-c-api)
- [ ] Undocumented C++ API change (removal or change of undocumented public methods that lambda users may depend on) — [policy](https://developers.esphome.io/contributing/code/#c-user-expectations)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Developer breaking change (an API change that could break external components)
 - [ ] Code quality improvements to existing code or addition of tests
 - [ ] Other

@@ -16,16 +15,16 @@

 - fixes <link to issue>

-**Pull request in [esphome.io](https://github.com/esphome/esphome.io) with documentation (if applicable):**
+**Pull request in [esphome-docs](https://github.com/esphome/esphome-docs) with documentation (if applicable):**

- esphome/esphome.io#<esphome.io PR number goes here>
+- esphome/esphome-docs#<esphome-docs PR number goes here>

 ## Test Environment

 - [ ] ESP32
 - [ ] ESP32 IDF
 - [ ] ESP8266
- [ ] RP2040/RP2350
+- [ ] RP2040
 - [ ] BK72xx
 - [ ] RTL87xx
 - [ ] LN882x
@@ -43,4 +42,4 @@
  - [ ] Tests have been added to verify that the new code works (under `tests/` folder).

 If user exposed functionality or configuration variables are added/changed:
-  - [ ] Documentation added/updated in [esphome.io](https://github.com/esphome/esphome.io).
+  - [ ] Documentation added/updated in [esphome-docs](https://github.com/esphome/esphome-docs).
--- a/.github/actions/build-image/action.yaml
+++ b/.github/actions/build-image/action.yaml
@@ -15,6 +15,11 @@ inputs:
    description: "Version to build"
    required: true
    example: "2023.12.0"
+  base_os:
+    description: "Base OS to use"
+    required: false
+    default: "debian"
+    example: "debian"
 runs:
  using: "composite"
  steps:
@@ -42,7 +47,7 @@ runs:

    - name: Build and push to ghcr by digest
      id: build-ghcr
-      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+      uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
      env:
        DOCKER_BUILD_SUMMARY: false
        DOCKER_BUILD_RECORD_UPLOAD: false
@@ -55,6 +60,7 @@ runs:
        build-args: |
          BUILD_TYPE=${{ inputs.build_type }}
          BUILD_VERSION=${{ inputs.version }}
+          BUILD_OS=${{ inputs.base_os }}
        outputs: |
          type=image,name=ghcr.io/${{ steps.tags.outputs.image_name }},push-by-digest=true,name-canonical=true,push=true

@@ -67,7 +73,7 @@ runs:

    - name: Build and push to dockerhub by digest
      id: build-dockerhub
-      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+      uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
      env:
        DOCKER_BUILD_SUMMARY: false
        DOCKER_BUILD_RECORD_UPLOAD: false
@@ -80,6 +86,7 @@ runs:
        build-args: |
          BUILD_TYPE=${{ inputs.build_type }}
          BUILD_VERSION=${{ inputs.version }}
+          BUILD_OS=${{ inputs.base_os }}
        outputs: |
          type=image,name=docker.io/${{ steps.tags.outputs.image_name }},push-by-digest=true,name-canonical=true,push=true

--- a/.github/actions/cache-esp-idf/action.yml
+++ b/.github/actions/cache-esp-idf/action.yml
@@ -1,52 +0,0 @@
-name: Cache ESP-IDF
-description: >
-  Resolve the pinned ESP-IDF version and cache the native ESP-IDF install
-  (toolchains + source) at ~/.esphome-idf. Every job that installs ESP-IDF
-  natively (clang-tidy for IDF/Arduino and the component test batches) shares
-  one cache, since the install is identical (ESPHOME_IDF_DEFAULT_TARGETS
-  defaults to "all", so all toolchains are present regardless of the chip).
-  Callers must set env ESPHOME_ESP_IDF_PREFIX: ~/.esphome-idf and have the
-  Python venv already restored.
-inputs:
-  framework:
-    description: 'Which pinned IDF version to key on: "espidf" (recommended) or "arduino".'
-    default: espidf
-  restore-only:
-    description: >
-      When "true", only restore -- never save the cache, even on dev. Use from
-      jobs that may not produce an ESP-IDF install (e.g. a component batch with
-      no esp32 target), so a partial/empty install is never written to the key.
-    default: "false"
-runs:
-  using: composite
-  steps:
-    - name: Resolve ESP-IDF version for cache key
-      # The native-IDF version is pinned in code, not in any file that feeds the
-      # other cache keys, so resolve it explicitly. Keying on it means the cache
-      # invalidates on a version bump (actions/cache never overwrites a key).
-      id: version
-      shell: bash
-      run: |
-        . venv/bin/activate
-        if [ "${{ inputs.framework }}" = "arduino" ]; then
-          version=$(python -c 'from esphome.components.esp32 import ARDUINO_FRAMEWORK_VERSION_LOOKUP as A, ARDUINO_IDF_VERSION_LOOKUP as L; print(L[A["recommended"]])')
-        else
-          version=$(python -c 'from esphome.components.esp32 import ESP_IDF_FRAMEWORK_VERSION_LOOKUP as L; print(L["recommended"])')
-        fi
-        echo "version=$version" >> "$GITHUB_OUTPUT"
-    # Mirror the adjacent PlatformIO cache: only dev-branch runs write the
-    # shared cache (so it lives in the default-branch scope readable by all
-    # PRs), and PRs are restore-only -- they never push multi-GB artifacts into
-    # their own scope / the repo quota (e.g. on a version-bump PR).
-    - name: Cache ESP-IDF install (write on dev)
-      if: github.ref == 'refs/heads/dev' && inputs.restore-only != 'true'
-      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-      with:
-        path: ~/.esphome-idf
-        key: ${{ runner.os }}-esphome-idf-${{ steps.version.outputs.version }}
-    - name: Cache ESP-IDF install (restore-only off dev)
-      if: github.ref != 'refs/heads/dev' || inputs.restore-only == 'true'
-      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-      with:
-        path: ~/.esphome-idf
-        key: ${{ runner.os }}-esphome-idf-${{ steps.version.outputs.version }}
--- a/.github/actions/restore-python/action.yml
+++ b/.github/actions/restore-python/action.yml
@@ -22,23 +22,11 @@ runs:
        python-version: ${{ inputs.python-version }}
    - name: Restore Python virtual environment
      id: cache-venv
-      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
      with:
        path: venv
        # yamllint disable-line rule:line-length
        key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-venv-${{ inputs.cache-key }}
-    - name: Set up uv
-      # Only needed on cache miss to populate the venv. ``uv pip install``
-      # detects the activated venv via ``VIRTUAL_ENV`` so the venv layout
-      # downstream jobs rely on is preserved.
-      if: steps.cache-venv.outputs.cache-hit != 'true'
-      uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-      with:
-        enable-cache: true
-        # Pin uv version so the action does not have to fetch the
-        # manifest from raw.githubusercontent.com on every cache
-        # miss; that fetch flakes on Windows runners.
-        version: "0.11.15"
    - name: Create Python virtual environment
      if: steps.cache-venv.outputs.cache-hit != 'true' && runner.os != 'Windows'
      shell: bash
@@ -46,8 +34,8 @@ runs:
        python -m venv venv
        source venv/bin/activate
        python --version
-        uv pip install -r requirements.txt -r requirements_test.txt
-        uv pip install -e .
+        pip install -r requirements.txt -r requirements_test.txt
+        pip install -e .
    - name: Create Python virtual environment
      if: steps.cache-venv.outputs.cache-hit != 'true' && runner.os == 'Windows'
      shell: bash
@@ -55,5 +43,5 @@ runs:
        python -m venv venv
        source ./venv/Scripts/activate
        python --version
-        uv pip install -r requirements.txt -r requirements_test.txt
-        uv pip install -e .
+        pip install -r requirements.txt -r requirements_test.txt
+        pip install -e .
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1 +1 @@
-../AGENTS.md
+../.ai/instructions.md
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,7 +5,6 @@ updates:
    directory: "/"
    schedule:
      interval: daily
-    open-pull-requests-limit: 10
    ignore:
      # Hypotehsis is only used for testing and is updated quite often
      - dependency-name: hypothesis
--- a/.github/scripts/auto-label-pr/constants.js
+++ b/.github/scripts/auto-label-pr/constants.js
@@ -4,7 +4,6 @@ module.exports = {
  CODEOWNERS_MARKER: '<!-- codeowners-request -->',
  TOO_BIG_MARKER: '<!-- too-big-request -->',
  DEPRECATED_COMPONENT_MARKER: '<!-- deprecated-component-request -->',
-  ORG_FORK_MARKER: '<!-- maintainer-access-warning -->',

  MANAGED_LABELS: [
    'new-component',
@@ -15,7 +14,6 @@ module.exports = {
    'chained-pr',
    'core',
    'small-pr',
-    'medium-pr',
    'dashboard',
    'github-actions',
    'by-code-owner',
@@ -29,15 +27,11 @@ module.exports = {
    'new-feature',
    'breaking-change',
    'developer-breaking-change',
-    'undocumented-api-change',
    'code-quality',
    'deprecated-component'
  ],

  DOCS_PR_PATTERNS: [
-    /https:\/\/github\.com\/esphome\/esphome\.io\/pull\/\d+/,
-    /esphome\/esphome\.io#\d+/,
-    // Keep matching the old esphome-docs name during the transition period
    /https:\/\/github\.com\/esphome\/esphome-docs\/pull\/\d+/,
    /esphome\/esphome-docs#\d+/
  ]
--- a/.github/scripts/auto-label-pr/detectors.js
+++ b/.github/scripts/auto-label-pr/detectors.js
@@ -1,37 +1,5 @@
+const fs = require('fs');
 const { DOCS_PR_PATTERNS } = require('./constants');
-const {
-  COMPONENT_REGEX,
-  detectComponents,
-  hasCoreChanges,
-  hasDashboardChanges,
-  hasGitHubActionsChanges,
-} = require('../detect-tags');
-const { loadCodeowners, getEffectiveOwners } = require('../codeowners');
-
-// Top-level `CONFIG_SCHEMA = ...` (assignment) or `CONFIG_SCHEMA: ConfigType = ...` (annotation).
-// Ruff/Black enforce exactly one space around `=` and no space before `:`,
-// so we can match strictly: `CONFIG_SCHEMA ` or `CONFIG_SCHEMA:`.
-const CONFIG_SCHEMA_REGEX = /^CONFIG_SCHEMA[ :]/m;
-
-// Fetch a file's contents from the PR head SHA via the GitHub API.
-// The auto-label workflow runs on `pull_request_target`, which checks out the
-// base branch — files added by the PR don't exist in the workspace, so we have
-// to fetch them from the head SHA. Returns null if the file can't be fetched.
-async function fetchPrFileContent(github, context, path) {
-  try {
-    const { owner, repo } = context.repo;
-    const { data } = await github.rest.repos.getContent({
-      owner,
-      repo,
-      path,
-      ref: context.payload.pull_request.head.sha,
-    });
-    return Buffer.from(data.content, 'base64').toString('utf8');
-  } catch (error) {
-    console.log(`Failed to fetch ${path} from PR head:`, error.message);
-    return null;
-  }
-}

 // Strategy: Merge branch detection
 async function detectMergeBranch(context) {
@@ -52,13 +20,15 @@ async function detectMergeBranch(context) {
 // Strategy: Component and platform labeling
 async function detectComponentPlatforms(changedFiles, apiData) {
  const labels = new Set();
+  const componentRegex = /^esphome\/components\/([^\/]+)\//;
  const targetPlatformRegex = new RegExp(`^esphome\/components\/(${apiData.targetPlatforms.join('|')})/`);

-  for (const comp of detectComponents(changedFiles)) {
-    labels.add(`component: ${comp}`);
-  }
-
  for (const file of changedFiles) {
+    const componentMatch = file.match(componentRegex);
+    if (componentMatch) {
+      labels.add(`component: ${componentMatch[1]}`);
+    }
+
    const platformMatch = file.match(targetPlatformRegex);
    if (platformMatch) {
      labels.add(`platform: ${platformMatch[1]}`);
@@ -69,85 +39,71 @@ async function detectComponentPlatforms(changedFiles, apiData) {
 }

 // Strategy: New component detection
-async function detectNewComponents(github, context, prFiles) {
+async function detectNewComponents(prFiles) {
  const labels = new Set();
-  let hasYamlLoadable = false;
  const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);

  for (const file of addedFiles) {
    const componentMatch = file.match(/^esphome\/components\/([^\/]+)\/__init__\.py$/);
-    if (!componentMatch) continue;
-
-    labels.add('new-component');
-    const content = await fetchPrFileContent(github, context, file);
-    if (content === null) {
-      // Safe default: assume YAML-loadable so needs-docs behaviour is unchanged on fetch failure
-      hasYamlLoadable = true;
-      continue;
-    }
-    if (content.includes('IS_TARGET_PLATFORM = True')) {
-      labels.add('new-target-platform');
-    }
-    if (CONFIG_SCHEMA_REGEX.test(content)) {
-      hasYamlLoadable = true;
+    if (componentMatch) {
+      try {
+        const content = fs.readFileSync(file, 'utf8');
+        if (content.includes('IS_TARGET_PLATFORM = True')) {
+          labels.add('new-target-platform');
+        }
+      } catch (error) {
+        console.log(`Failed to read content of ${file}:`, error.message);
+      }
+      labels.add('new-component');
    }
  }

-  return { labels, hasYamlLoadable };
+  return labels;
 }

 // Strategy: New platform detection
-async function detectNewPlatforms(github, context, prFiles, apiData) {
+async function detectNewPlatforms(prFiles, apiData) {
  const labels = new Set();
-  let hasYamlLoadable = false;
  const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);

-  const platformPathPatterns = [
-    /^esphome\/components\/([^\/]+)\/([^\/]+)\.py$/,
-    /^esphome\/components\/([^\/]+)\/([^\/]+)\/__init__\.py$/,
-  ];
-
-  const removedFiles = new Set(prFiles.filter(file => file.status === 'removed').map(file => file.filename));
-
  for (const file of addedFiles) {
-    for (const re of platformPathPatterns) {
-      const match = file.match(re);
-      if (!match) continue;
-      const platform = match[2];
-      if (!apiData.platformComponents.includes(platform)) break;
-
-      // Skip if this is a restructure between flat and subdirectory forms (either direction):
-      //   <component>/<platform>.py  <->  <component>/<platform>/__init__.py
-      const flatEquivalent = `esphome/components/${match[1]}/${platform}.py`;
-      const subdirEquivalent = `esphome/components/${match[1]}/${platform}/__init__.py`;
-      if (removedFiles.has(flatEquivalent) || removedFiles.has(subdirEquivalent)) break;
-
-      labels.add('new-platform');
-      const content = await fetchPrFileContent(github, context, file);
-      if (content === null) {
-        // Safe default: assume YAML-loadable so needs-docs behaviour is unchanged on fetch failure
-        hasYamlLoadable = true;
-      } else if (CONFIG_SCHEMA_REGEX.test(content)) {
-        hasYamlLoadable = true;
+    const platformFileMatch = file.match(/^esphome\/components\/([^\/]+)\/([^\/]+)\.py$/);
+    if (platformFileMatch) {
+      const [, component, platform] = platformFileMatch;
+      if (apiData.platformComponents.includes(platform)) {
+        labels.add('new-platform');
+      }
+    }
+
+    const platformDirMatch = file.match(/^esphome\/components\/([^\/]+)\/([^\/]+)\/__init__\.py$/);
+    if (platformDirMatch) {
+      const [, component, platform] = platformDirMatch;
+      if (apiData.platformComponents.includes(platform)) {
+        labels.add('new-platform');
      }
-      break;
    }
  }

-  return { labels, hasYamlLoadable };
+  return labels;
 }

 // Strategy: Core files detection
 async function detectCoreChanges(changedFiles) {
  const labels = new Set();
-  if (hasCoreChanges(changedFiles)) {
+  const coreFiles = changedFiles.filter(file =>
+    file.startsWith('esphome/core/') ||
+    (file.startsWith('esphome/') && file.split('/').length === 2)
+  );
+
+  if (coreFiles.length > 0) {
    labels.add('core');
  }
+
  return labels;
 }

 // Strategy: PR size detection
-async function detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, MEDIUM_PR_THRESHOLD, TOO_BIG_THRESHOLD) {
+async function detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, TOO_BIG_THRESHOLD) {
  const labels = new Set();

  if (totalChanges <= SMALL_PR_THRESHOLD) {
@@ -155,11 +111,6 @@ async function detectPRSize(prFiles, totalAdditions, totalDeletions, totalChange
    return labels;
  }

-  if (totalChanges <= MEDIUM_PR_THRESHOLD) {
-    labels.add('medium-pr');
-    return labels;
-  }
-
  const testAdditions = prFiles
    .filter(file => file.filename.startsWith('tests/'))
    .reduce((sum, file) => sum + (file.additions || 0), 0);
@@ -180,33 +131,80 @@ async function detectPRSize(prFiles, totalAdditions, totalDeletions, totalChange
 // Strategy: Dashboard changes
 async function detectDashboardChanges(changedFiles) {
  const labels = new Set();
-  if (hasDashboardChanges(changedFiles)) {
+  const dashboardFiles = changedFiles.filter(file =>
+    file.startsWith('esphome/dashboard/') ||
+    file.startsWith('esphome/components/dashboard_import/')
+  );
+
+  if (dashboardFiles.length > 0) {
    labels.add('dashboard');
  }
+
  return labels;
 }

 // Strategy: GitHub Actions changes
 async function detectGitHubActionsChanges(changedFiles) {
  const labels = new Set();
-  if (hasGitHubActionsChanges(changedFiles)) {
+  const githubActionsFiles = changedFiles.filter(file =>
+    file.startsWith('.github/workflows/')
+  );
+
+  if (githubActionsFiles.length > 0) {
    labels.add('github-actions');
  }
+
  return labels;
 }

 // Strategy: Code owner detection
 async function detectCodeOwner(github, context, changedFiles) {
  const labels = new Set();
+  const { owner, repo } = context.repo;

  try {
-    const codeownersPatterns = loadCodeowners();
+    const { data: codeownersFile } = await github.rest.repos.getContent({
+      owner,
+      repo,
+      path: 'CODEOWNERS',
+    });
+
+    const codeownersContent = Buffer.from(codeownersFile.content, 'base64').toString('utf8');
    const prAuthor = context.payload.pull_request.user.login;

-    // Check if PR author is a codeowner of any changed file
-    const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-    if (effective.users.has(prAuthor)) {
-      labels.add('by-code-owner');
+    const codeownersLines = codeownersContent.split('\n')
+      .map(line => line.trim())
+      .filter(line => line && !line.startsWith('#'));
+
+    const codeownersRegexes = codeownersLines.map(line => {
+      const parts = line.split(/\s+/);
+      const pattern = parts[0];
+      const owners = parts.slice(1);
+
+      let regex;
+      if (pattern.endsWith('*')) {
+        const dir = pattern.slice(0, -1);
+        regex = new RegExp(`^${dir.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}`);
+      } else if (pattern.includes('*')) {
+        // First escape all regex special chars except *, then replace * with .*
+        const regexPattern = pattern
+          .replace(/[.+?^${}()|[\]\\]/g, '\\$&')
+          .replace(/\*/g, '.*');
+        regex = new RegExp(`^${regexPattern}$`);
+      } else {
+        regex = new RegExp(`^${pattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}$`);
+      }
+
+      return { regex, owners };
+    });
+
+    for (const file of changedFiles) {
+      for (const { regex, owners } of codeownersRegexes) {
+        if (regex.test(file) && owners.some(owner => owner === `@${prAuthor}`)) {
+          labels.add('by-code-owner');
+          return labels;
+        }
+      }
    }
  } catch (error) {
    console.log('Failed to read or parse CODEOWNERS file:', error.message);
@@ -240,7 +238,6 @@ async function detectPRTemplateCheckboxes(context) {
    { pattern: /- \[x\] New feature \(non-breaking change which adds functionality\)/i, label: 'new-feature' },
    { pattern: /- \[x\] Breaking change \(fix or feature that would cause existing functionality to not work as expected\)/i, label: 'breaking-change' },
    { pattern: /- \[x\] Developer breaking change \(an API change that could break external components\)/i, label: 'developer-breaking-change' },
-    { pattern: /- \[x\] Undocumented C\+\+ API change \(removal or change of undocumented public methods that lambda users may depend on\)/i, label: 'undocumented-api-change' },
    { pattern: /- \[x\] Code quality improvements to existing code or addition of tests/i, label: 'code-quality' }
  ];

@@ -261,7 +258,7 @@ async function detectDeprecatedComponents(github, context, changedFiles) {
  const { owner, repo } = context.repo;

  // Compile regex once for better performance
-  const componentFileRegex = COMPONENT_REGEX;
+  const componentFileRegex = /^esphome\/components\/([^\/]+)\//;

  // Get files that are modified or added in components directory
  const componentFiles = changedFiles.filter(file => componentFileRegex.test(file));
@@ -279,20 +276,19 @@ async function detectDeprecatedComponents(github, context, changedFiles) {
    }
  }

-  // Get base branch ref to check if deprecation already exists for the component
-  // This prevents flagging a PR that simply adds deprecation
-  const baseRef = context.payload.pull_request.base.ref;
+  // Get PR head to fetch files from the PR branch
+  const prNumber = context.payload.pull_request.number;

  // Check each component's __init__.py for DEPRECATED_COMPONENT constant
  for (const component of components) {
    const initFile = `esphome/components/${component}/__init__.py`;
    try {
-      // Fetch file content from base branch using GitHub API
+      // Fetch file content from PR head using GitHub API
      const { data: fileData } = await github.rest.repos.getContent({
        owner,
        repo,
        path: initFile,
-        ref: baseRef
+        ref: `refs/pull/${prNumber}/head`
      });

      // Decode base64 content
@@ -325,26 +321,8 @@ async function detectDeprecatedComponents(github, context, changedFiles) {
  return { labels, deprecatedInfo };
 }

-// Strategy: Detect when maintainers cannot modify the PR branch
-function detectMaintainerAccess(context) {
-  const pr = context.payload.pull_request;
-
-  // Only relevant for cross-repo PRs (forks)
-  if (!pr.head.repo || pr.head.repo.full_name === pr.base.repo.full_name) {
-    return null;
-  }
-
-  if (pr.maintainer_can_modify) {
-    return null;
-  }
-
-  const isOrgFork = pr.head.repo.owner.type === 'Organization';
-  console.log(`Maintainer cannot modify PR branch (${isOrgFork ? 'org fork: ' + pr.head.repo.owner.login : 'user disabled'})`);
-  return { isOrgFork, orgName: pr.head.repo.owner.login };
-}
-
 // Strategy: Requirements detection
-async function detectRequirements(allLabels, prFiles, context, hasYamlLoadable) {
+async function detectRequirements(allLabels, prFiles, context) {
  const labels = new Set();

  // Check for missing tests
@@ -352,15 +330,8 @@ async function detectRequirements(allLabels, prFiles, context, hasYamlLoadable)
    labels.add('needs-tests');
  }

-  // Check for missing docs.
-  // `new-feature` (PR-body checkbox) always counts. `new-component` / `new-platform`
-  // only count when at least one newly added file defines a top-level CONFIG_SCHEMA,
-  // i.e. the new component/platform is actually loadable from YAML.
-  const docsEligible =
-    allLabels.has('new-feature') ||
-    ((allLabels.has('new-component') || allLabels.has('new-platform')) && hasYamlLoadable);
-
-  if (docsEligible) {
+  // Check for missing docs
+  if (allLabels.has('new-component') || allLabels.has('new-platform') || allLabels.has('new-feature')) {
    const prBody = context.payload.pull_request.body || '';
    const hasDocsLink = DOCS_PR_PATTERNS.some(pattern => pattern.test(prBody));

@@ -398,6 +369,5 @@ module.exports = {
  detectTests,
  detectPRTemplateCheckboxes,
  detectDeprecatedComponents,
-  detectMaintainerAccess,
  detectRequirements
 };
--- a/.github/scripts/auto-label-pr/index.js
+++ b/.github/scripts/auto-label-pr/index.js
@@ -12,10 +12,9 @@ const {
  detectTests,
  detectPRTemplateCheckboxes,
  detectDeprecatedComponents,
-  detectMaintainerAccess,
  detectRequirements
 } = require('./detectors');
-const { handleReviews, handleMaintainerAccessComment } = require('./reviews');
+const { handleReviews } = require('./reviews');
 const { applyLabels, removeOldLabels } = require('./labels');

 // Fetch API data
@@ -36,7 +35,6 @@ async function fetchApiData() {
 module.exports = async ({ github, context }) => {
  // Environment variables
  const SMALL_PR_THRESHOLD = parseInt(process.env.SMALL_PR_THRESHOLD);
-  const MEDIUM_PR_THRESHOLD = parseInt(process.env.MEDIUM_PR_THRESHOLD);
  const MAX_LABELS = parseInt(process.env.MAX_LABELS);
  const TOO_BIG_THRESHOLD = parseInt(process.env.TOO_BIG_THRESHOLD);
  const COMPONENT_LABEL_THRESHOLD = parseInt(process.env.COMPONENT_LABEL_THRESHOLD);
@@ -106,8 +104,8 @@ module.exports = async ({ github, context }) => {
  const [
    branchLabels,
    componentLabels,
-    newComponentResult,
-    newPlatformResult,
+    newComponentLabels,
+    newPlatformLabels,
    coreLabels,
    sizeLabels,
    dashboardLabels,
@@ -115,31 +113,22 @@ module.exports = async ({ github, context }) => {
    codeOwnerLabels,
    testLabels,
    checkboxLabels,
-    deprecatedResult,
-    maintainerAccess
+    deprecatedResult
  ] = await Promise.all([
    detectMergeBranch(context),
    detectComponentPlatforms(changedFiles, apiData),
-    detectNewComponents(github, context, prFiles),
-    detectNewPlatforms(github, context, prFiles, apiData),
+    detectNewComponents(prFiles),
+    detectNewPlatforms(prFiles, apiData),
    detectCoreChanges(changedFiles),
-    detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, MEDIUM_PR_THRESHOLD, TOO_BIG_THRESHOLD),
+    detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, TOO_BIG_THRESHOLD),
    detectDashboardChanges(changedFiles),
    detectGitHubActionsChanges(changedFiles),
    detectCodeOwner(github, context, changedFiles),
    detectTests(changedFiles),
    detectPRTemplateCheckboxes(context),
-    detectDeprecatedComponents(github, context, changedFiles),
-    detectMaintainerAccess(context)
+    detectDeprecatedComponents(github, context, changedFiles)
  ]);

-  // Extract new-component / new-platform results
-  const newComponentLabels = newComponentResult.labels;
-  const newPlatformLabels = newPlatformResult.labels;
-  // Eligible for needs-docs only if any newly added component or platform file
-  // defines a top-level CONFIG_SCHEMA (i.e. is actually loadable from YAML).
-  const hasYamlLoadable = newComponentResult.hasYamlLoadable || newPlatformResult.hasYamlLoadable;
-
  // Extract deprecated component info
  const deprecatedLabels = deprecatedResult.labels;
  const deprecatedInfo = deprecatedResult.deprecatedInfo;
@@ -161,7 +150,7 @@ module.exports = async ({ github, context }) => {
  ]);

  // Detect requirements based on all other labels
-  const requirementLabels = await detectRequirements(allLabels, prFiles, context, hasYamlLoadable);
+  const requirementLabels = await detectRequirements(allLabels, prFiles, context);
  for (const label of requirementLabels) {
    allLabels.add(label);
  }
@@ -187,11 +176,8 @@ module.exports = async ({ github, context }) => {

  console.log('Computed labels:', finalLabels.join(', '));

-  // Handle reviews and org fork comment
-  await Promise.all([
-    handleReviews(github, context, finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, MAX_LABELS, TOO_BIG_THRESHOLD),
-    handleMaintainerAccessComment(github, context, maintainerAccess)
-  ]);
+  // Handle reviews
+  await handleReviews(github, context, finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, MAX_LABELS, TOO_BIG_THRESHOLD);

  // Apply labels
  await applyLabels(github, context, finalLabels);
--- a/.github/scripts/auto-label-pr/package.json
+++ b/.github/scripts/auto-label-pr/package.json
@@ -1,7 +0,0 @@
-{
-  "name": "auto-label-pr",
-  "private": true,
-  "scripts": {
-    "test": "node --test tests/*.test.js"
-  }
-}
--- a/.github/scripts/auto-label-pr/reviews.js
+++ b/.github/scripts/auto-label-pr/reviews.js
@@ -2,8 +2,7 @@ const {
  BOT_COMMENT_MARKER,
  CODEOWNERS_MARKER,
  TOO_BIG_MARKER,
-  DEPRECATED_COMPONENT_MARKER,
-  ORG_FORK_MARKER
+  DEPRECATED_COMPONENT_MARKER
 } = require('./constants');

 // Generate review messages
@@ -41,36 +40,16 @@ function generateReviewMessages(finalLabels, originalLabelCount, deprecatedInfo,

    let message = `${TOO_BIG_MARKER}\n### 📦 Pull Request Size\n\n`;

-    message +=
-      `Hey @${prAuthor}, thanks for the contribution! Just a heads up, ` +
-      `this PR is on the large side `;
-
    if (tooManyLabels && tooManyChanges) {
-      message +=
-        `(${nonTestChanges} line changes excluding tests, across ` +
-        `${originalLabelCount} different components/areas)`;
+      message += `This PR is too large with ${nonTestChanges} line changes (excluding tests) and affects ${originalLabelCount} different components/areas.`;
    } else if (tooManyLabels) {
-      message +=
-        `(it touches ${originalLabelCount} different components/areas)`;
+      message += `This PR affects ${originalLabelCount} different components/areas.`;
    } else {
-      message += `(${nonTestChanges} line changes excluding tests)`;
+      message += `This PR is too large with ${nonTestChanges} line changes (excluding tests).`;
    }

-    message += `, which makes it harder for maintainers to review.\n\n`;
-    message +=
-      `Smaller, focused PRs tend to be reviewed much faster since they ` +
-      `fit into the short gaps between other maintainer work; large ones ` +
-      `often have to wait for a rare long uninterrupted block of time. ` +
-      `If you can break this up into smaller pieces that can be reviewed ` +
-      `independently, it will almost certainly land faster overall.\n\n`;
-    message +=
-      `Before putting more time in, it's also worth popping into ` +
-      `\`#devs\` on [Discord](https://esphome.io/chat) so we can help ` +
-      `you scope things and flag anything already in flight.\n\n`;
-    message +=
-      `For more details (including how to split the work up), see: ` +
-      `https://developers.esphome.io/contributing/submitting-your-work/` +
-      `#how-to-approach-large-submissions`;
+    message += ` Please consider breaking it down into smaller, focused PRs to make review easier and reduce the risk of conflicts.\n\n`;
+    message += `For guidance on breaking down large PRs, see: https://developers.esphome.io/contributing/submitting-your-work/#how-to-approach-large-submissions`;

    messages.push(message);
  }
@@ -157,63 +136,6 @@ async function handleReviews(github, context, finalLabels, originalLabelCount, d
  }
 }

-// Handle maintainer access warning comment
-async function handleMaintainerAccessComment(github, context, maintainerAccess) {
-  if (!maintainerAccess) {
-    return;
-  }
-
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-  const prAuthor = context.payload.pull_request.user.login;
-
-  // Check if we already posted the warning (iterate pages to exit early)
-  let existingComment;
-  for await (const { data: comments } of github.paginate.iterator(
-    github.rest.issues.listComments,
-    { owner, repo, issue_number: pr_number }
-  )) {
-    existingComment = comments.find(comment =>
-      comment.user.type === 'Bot' &&
-      comment.body && comment.body.includes(ORG_FORK_MARKER)
-    );
-    if (existingComment) {
-      break;
-    }
-  }
-
-  if (existingComment) {
-    console.log('Maintainer access warning comment already exists, skipping');
-    return;
-  }
-
-  let body;
-  if (maintainerAccess.isOrgFork) {
-    body = `${ORG_FORK_MARKER}\n### ⚠️ Organization Fork Detected\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `It looks like this PR was submitted from a fork owned by the **${maintainerAccess.orgName}** organization. ` +
-      `GitHub does not allow maintainers to push changes to pull request branches when the fork is owned by an organization. ` +
-      `This means we won't be able to make small adjustments or fixups to your PR directly.\n\n` +
-      `To allow maintainer collaboration, please re-submit this PR from a personal fork instead.\n\n` +
-      `See: [Setting up the local repository](https://developers.esphome.io/contributing/development-environment/?h=org#set-up-the-local-repository) for more details.`;
-  } else {
-    body = `${ORG_FORK_MARKER}\n### ⚠️ Maintainer Access Disabled\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `It looks like this PR does not have the "Allow edits from maintainers" option enabled. ` +
-      `This means we won't be able to make small adjustments or fixups to your PR directly.\n\n` +
-      `Please enable this option in the PR sidebar to allow maintainer collaboration.`;
-  }
-
-  await github.rest.issues.createComment({
-    owner,
-    repo,
-    issue_number: pr_number,
-    body
-  });
-  console.log('Created maintainer access warning comment');
-}
-
 module.exports = {
-  handleReviews,
-  handleMaintainerAccessComment
+  handleReviews
 };
--- a/.github/scripts/auto-label-pr/tests/detectors.test.js
+++ b/.github/scripts/auto-label-pr/tests/detectors.test.js
@@ -1,147 +0,0 @@
-const { describe, it } = require('node:test');
-const assert = require('node:assert/strict');
-const { detectNewPlatforms, detectNewComponents } = require('../detectors');
-
-// Minimal GitHub API mock — only repos.getContent is called by detectNewPlatforms/detectNewComponents
-// to check for CONFIG_SCHEMA in newly added files.
-function makeGithub(content = '') {
-  return {
-    rest: {
-      repos: {
-        getContent: async () => ({
-          data: { content: Buffer.from(content).toString('base64') }
-        })
-      }
-    }
-  };
-}
-
-const CONTEXT = {
-  repo: { owner: 'esphome', repo: 'esphome' },
-  payload: { pull_request: { head: { sha: 'abc123' }, base: { ref: 'dev' } } }
-};
-
-const API_DATA = {
-  targetPlatforms: ['esp32', 'esp8266', 'rp2040'],
-  platformComponents: ['cover', 'sensor', 'binary_sensor', 'switch', 'light', 'fan', 'climate', 'valve']
-};
-
-const WITH_SCHEMA = 'CONFIG_SCHEMA = cv.Schema({})';
-const WITHOUT_SCHEMA = 'CODEOWNERS = ["@esphome/core"]';
-
-// ---------------------------------------------------------------------------
-// detectNewPlatforms
-// ---------------------------------------------------------------------------
-
-describe('detectNewPlatforms', () => {
-  describe('restructure detection (no false positives)', () => {
-    it('flat .py -> subdir __init__.py is not a new platform', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/endstop/cover.py', status: 'removed' },
-        { filename: 'esphome/components/endstop/cover/__init__.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-
-    it('subdir __init__.py -> flat .py is not a new platform', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/endstop/cover/__init__.py', status: 'removed' },
-        { filename: 'esphome/components/endstop/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-  });
-
-  describe('genuine new platforms', () => {
-    it('new subdir platform with CONFIG_SCHEMA sets new-platform and hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover/__init__.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, true);
-    });
-
-    it('new flat platform with CONFIG_SCHEMA sets new-platform and hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, true);
-    });
-
-    it('new platform without CONFIG_SCHEMA sets new-platform but not hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITHOUT_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, false);
-    });
-
-    it('non-platform file addition produces no labels', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/sensor.py', status: 'added' },
-      ];
-      // Override platformComponents so 'sensor' is not a recognized platform -> no label expected.
-      const nonPlatformApiData = { ...API_DATA, platformComponents: ['cover'] };
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, nonPlatformApiData);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-  });
-});
-
-// ---------------------------------------------------------------------------
-// detectNewComponents
-// ---------------------------------------------------------------------------
-
-describe('detectNewComponents', () => {
-  it('new top-level __init__.py sets new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/actuator/__init__.py', status: 'added', },
-    ];
-    const result = await detectNewComponents(makeGithub(WITHOUT_SCHEMA), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.equal(result.hasYamlLoadable, false);
-  });
-
-  it('new top-level __init__.py with CONFIG_SCHEMA sets hasYamlLoadable', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/my_component/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.equal(result.hasYamlLoadable, true);
-  });
-
-  it('new top-level __init__.py with IS_TARGET_PLATFORM sets new-target-platform', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/my_platform/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub('IS_TARGET_PLATFORM = True'), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.ok(result.labels.has('new-target-platform'));
-  });
-
-  it('modified __init__.py does not set new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/existing/__init__.py', status: 'modified' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.equal(result.labels.size, 0);
-  });
-
-  it('nested __init__.py does not set new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/endstop/cover/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.equal(result.labels.size, 0);
-  });
-});
--- a/.github/scripts/codeowners.js
+++ b/.github/scripts/codeowners.js
@@ -1,227 +0,0 @@
-// Shared CODEOWNERS parsing and matching utilities.
-//
-// Used by:
-//   - codeowner-review-request.yml
-//   - codeowner-approved-label-update.yml
-//   - auto-label-pr/detectors.js (detectCodeOwner)
-
-/**
- * Convert a CODEOWNERS glob pattern to a RegExp.
- *
- * Handles **, *, and ? wildcards after escaping regex-special characters.
- */
-function globToRegex(pattern) {
-  let regexStr = pattern
-    .replace(/([.+^=!:${}()|[\]\\])/g, '\\$1')
-    .replace(/\*\*/g, '\x00GLOBSTAR\x00')  // protect ** from next replace
-    .replace(/\*/g, '[^/]*')               // single star
-    .replace(/\x00GLOBSTAR\x00/g, '.*')    // restore globstar
-    .replace(/\?/g, '.');
-  return new RegExp('^' + regexStr + '$');
-}
-
-/**
- * Parse raw CODEOWNERS file content into an array of
- * { pattern, regex, owners } objects.
- *
- * Each `owners` entry is the raw string from the file (e.g. "@user" or
- * "@esphome/core").
- */
-function parseCodeowners(content) {
-  const lines = content
-    .split('\n')
-    .map(line => line.trim())
-    .filter(line => line && !line.startsWith('#'));
-
-  const patterns = [];
-  for (const line of lines) {
-    const parts = line.split(/\s+/);
-    if (parts.length < 2) continue;
-
-    const pattern = parts[0];
-    const owners = parts.slice(1);
-    const regex = globToRegex(pattern);
-    patterns.push({ pattern, regex, owners });
-  }
-  return patterns;
-}
-
-/**
- * Fetch and parse the CODEOWNERS file via the GitHub API.
- *
- * @param {object} github  - octokit instance from actions/github-script
- * @param {string} owner   - repo owner
- * @param {string} repo    - repo name
- * @param {string} [ref]   - git ref (SHA / branch) to read from
- * @returns {Array<{pattern: string, regex: RegExp, owners: string[]}>}
- */
-async function fetchCodeowners(github, owner, repo, ref) {
-  const params = { owner, repo, path: 'CODEOWNERS' };
-  if (ref) params.ref = ref;
-
-  const { data: file } = await github.rest.repos.getContent(params);
-  const content = Buffer.from(file.content, 'base64').toString('utf8');
-  return parseCodeowners(content);
-}
-
-/**
- * Classify raw owner strings into individual users and teams.
- *
- * @param {string[]} rawOwners - e.g. ["@user1", "@esphome/core"]
- * @returns {{ users: string[], teams: string[] }}
- *   users  – login names without "@"
- *   teams  – team slugs without the "org/" prefix
- */
-function classifyOwners(rawOwners) {
-  const users = [];
-  const teams = [];
-  for (const o of rawOwners) {
-    const clean = o.startsWith('@') ? o.slice(1) : o;
-    if (clean.includes('/')) {
-      teams.push(clean.split('/')[1]);
-    } else {
-      users.push(clean);
-    }
-  }
-  return { users, teams };
-}
-
-/**
- * For each file, find its effective codeowners using GitHub's
- * "last match wins" semantics, then union across all files.
- *
- * @param {string[]} files              - list of file paths
- * @param {Array}    codeownersPatterns  - from parseCodeowners / fetchCodeowners
- * @returns {{ users: Set<string>, teams: Set<string>, matchedFileCount: number }}
- */
-function getEffectiveOwners(files, codeownersPatterns) {
-  const users = new Set();
-  const teams = new Set();
-  let matchedFileCount = 0;
-
-  for (const file of files) {
-    // Last matching pattern wins for each file
-    let effectiveOwners = null;
-    for (const { regex, owners } of codeownersPatterns) {
-      if (regex.test(file)) {
-        effectiveOwners = owners;
-      }
-    }
-    if (effectiveOwners) {
-      matchedFileCount++;
-      const classified = classifyOwners(effectiveOwners);
-      for (const u of classified.users) users.add(u);
-      for (const t of classified.teams) teams.add(t);
-    }
-  }
-
-  return { users, teams, matchedFileCount };
-}
-
-/**
- * Read and parse the CODEOWNERS file from disk.
- *
- * Use this when the repo is already checked out (avoids an API call).
- *
- * @param {string} [repoRoot='.'] - path to the repo root
- * @returns {Array<{pattern: string, regex: RegExp, owners: string[]}>}
- */
-function loadCodeowners(repoRoot = '.') {
-  const fs = require('fs');
-  const path = require('path');
-  const content = fs.readFileSync(path.join(repoRoot, 'CODEOWNERS'), 'utf8');
-  return parseCodeowners(content);
-}
-
-/** Possible label actions returned by determineLabelAction. */
-const LabelAction = Object.freeze({
-  ADD: 'add',
-  REMOVE: 'remove',
-  NONE: 'none',
-});
-
-/**
- * Determine what label action is needed for a PR based on codeowner approvals.
- *
- * Checks changed files against CODEOWNERS patterns, reviews, and current labels
- * to decide if the label should be added, removed, or left unchanged.
- *
- * @param {object} github              - octokit instance from actions/github-script
- * @param {string} owner               - repo owner
- * @param {string} repo                - repo name
- * @param {number} pr_number           - pull request number
- * @param {Array}  codeownersPatterns   - from loadCodeowners / fetchCodeowners
- * @param {string} labelName           - label to manage
- * @returns {Promise<LabelAction>}
- */
-async function determineLabelAction(github, owner, repo, pr_number, codeownersPatterns, labelName) {
-  // Get the list of changed files in this PR
-  const prFiles = await github.paginate(
-    github.rest.pulls.listFiles,
-    { owner, repo, pull_number: pr_number }
-  );
-
-  const changedFiles = prFiles.map(file => file.filename);
-  console.log(`Found ${changedFiles.length} changed files`);
-
-  if (changedFiles.length === 0) {
-    console.log('No changed files found');
-    return LabelAction.NONE;
-  }
-
-  // Get effective owners using last-match-wins semantics
-  const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-  const componentCodeowners = effective.users;
-
-  console.log(`Component-specific codeowners: ${Array.from(componentCodeowners).join(', ') || '(none)'}`);
-
-  // Get current labels
-  const { data: currentLabels } = await github.rest.issues.listLabelsOnIssue({
-    owner, repo, issue_number: pr_number
-  });
-  const hasLabel = currentLabels.some(label => label.name === labelName);
-
-  if (componentCodeowners.size === 0) {
-    console.log('No component-specific codeowners found');
-    return hasLabel ? LabelAction.REMOVE : LabelAction.NONE;
-  }
-
-  // Get all reviews and find latest per user
-  const reviews = await github.paginate(
-    github.rest.pulls.listReviews,
-    { owner, repo, pull_number: pr_number }
-  );
-
-  const latestReviewByUser = new Map();
-  for (const review of reviews) {
-    if (!review.user || review.user.type === 'Bot' || review.state === 'COMMENTED') continue;
-    latestReviewByUser.set(review.user.login, review);
-  }
-
-  // Check if any component-specific codeowner has an active approval
-  let hasCodeownerApproval = false;
-  for (const [login, review] of latestReviewByUser) {
-    if (review.state === 'APPROVED' && componentCodeowners.has(login)) {
-      console.log(`Codeowner '${login}' has approved`);
-      hasCodeownerApproval = true;
-      break;
-    }
-  }
-
-  if (hasCodeownerApproval && !hasLabel) return LabelAction.ADD;
-  if (!hasCodeownerApproval && hasLabel) return LabelAction.REMOVE;
-
-  console.log(`Label already ${hasLabel ? 'present' : 'absent'}, no change needed`);
-  return LabelAction.NONE;
-}
-
-module.exports = {
-  globToRegex,
-  parseCodeowners,
-  fetchCodeowners,
-  loadCodeowners,
-  classifyOwners,
-  getEffectiveOwners,
-  LabelAction,
-  determineLabelAction
-};
--- a/.github/scripts/detect-tags.js
+++ b/.github/scripts/detect-tags.js
@@ -1,65 +0,0 @@
-/**
- * Shared tag detection from changed file paths.
- * Used by pr-title-check and auto-label-pr workflows.
- */
-
-const COMPONENT_REGEX = /^esphome\/components\/([^\/]+)\//;
-
-/**
- * Detect component names from changed files.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {Set<string>} Set of component names
- */
-function detectComponents(changedFiles) {
-  const components = new Set();
-  for (const file of changedFiles) {
-    const match = file.match(COMPONENT_REGEX);
-    if (match) {
-      components.add(match[1]);
-    }
-  }
-  return components;
-}
-
-/**
- * Detect if core files were changed.
- * Core files are in esphome/core/ or top-level esphome/ directory.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasCoreChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('esphome/core/') ||
-    (file.startsWith('esphome/') && file.split('/').length === 2)
-  );
-}
-
-/**
- * Detect if dashboard files were changed.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasDashboardChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('esphome/components/dashboard_import/')
-  );
-}
-
-/**
- * Detect if GitHub Actions files were changed.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasGitHubActionsChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('.github/workflows/')
-  );
-}
-
-module.exports = {
-  COMPONENT_REGEX,
-  detectComponents,
-  hasCoreChanges,
-  hasDashboardChanges,
-  hasGitHubActionsChanges,
-};
--- a/.github/workflows/auto-label-pr.yml
+++ b/.github/workflows/auto-label-pr.yml
@@ -6,14 +6,12 @@ on:
  pull_request_target:
    types: [labeled, opened, reopened, synchronize, edited]

-# All PR/label/review writes are performed with the App token minted below,
-# so the workflow's GITHUB_TOKEN only needs read access for checkout.
 permissions:
-  contents: read  # actions/checkout reads the workflow source
+  pull-requests: write
+  contents: read

 env:
  SMALL_PR_THRESHOLD: 30
-  MEDIUM_PR_THRESHOLD: 100
  MAX_LABELS: 15
  TOO_BIG_THRESHOLD: 1000
  COMPONENT_LABEL_THRESHOLD: 10
@@ -21,24 +19,20 @@ env:
 jobs:
  label:
    runs-on: ubuntu-latest
-    if: github.event.pull_request.state == 'open' && (github.event.action != 'labeled' || github.event.sender.type != 'Bot')
+    if: github.event.action != 'labeled' || github.event.sender.type != 'Bot'
    steps:
      - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by auto-label-pr/*.js.
-          permission-contents: read       # repos.getContent for CODEOWNERS and file lookups in detectors.js
-          permission-issues: write        # listLabelsOnIssue, addLabels, removeLabel, list/createComment
-          permission-pull-requests: write  # pulls.listFiles, list/create/update/dismissReview

      - name: Auto Label PR
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
--- a/.github/workflows/ci-api-proto.yml
+++ b/.github/workflows/ci-api-proto.yml
@@ -12,8 +12,8 @@ on:
      - ".github/workflows/ci-api-proto.yml"

 permissions:
-  contents: read        # actions/checkout for the PR head
-  pull-requests: write  # pulls.createReview / listReviews / dismissReview when generated proto files are stale
+  contents: read
+  pull-requests: write

 jobs:
  check:
@@ -21,21 +21,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.11"
-      - name: Set up uv
-        # ``--system`` (below) installs into the setup-python interpreter;
-        # no venv is created or restored by this workflow.
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-        with:
-          enable-cache: true
-          # Pin uv version so the action does not have to fetch the
-          # manifest from raw.githubusercontent.com on every cache
-          # miss; that fetch flakes on Windows runners.
-          version: "0.11.15"

      - name: Install apt dependencies
        run: |
@@ -44,7 +34,7 @@ jobs:
          sudo apt install -y protobuf-compiler
          protoc --version
      - name: Install python dependencies
-        run: uv pip install --system aioesphomeapi -c requirements.txt -r requirements_dev.txt
+        run: pip install aioesphomeapi -c requirements.txt -r requirements_dev.txt
      - name: Generate files
        run: script/api_protobuf/api_protobuf.py
      - name: Check for changes
@@ -57,7 +47,7 @@ jobs:
          fi
      - if: failure()
        name: Review PR
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
            await github.rest.pulls.createReview({
@@ -72,7 +62,7 @@ jobs:
        run: git diff
      - if: failure()
        name: Archive artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: generated-proto-files
          path: |
@@ -80,7 +70,7 @@ jobs:
            esphome/components/api/api_pb2_service.*
      - if: success()
        name: Dismiss review
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
            let reviews = await github.rest.pulls.listReviews({
--- a/.github/workflows/ci-clang-tidy-hash.yml
+++ b/.github/workflows/ci-clang-tidy-hash.yml
@@ -0,0 +1,76 @@
+name: Clang-tidy Hash CI
+
+on:
+  pull_request:
+    paths:
+      - ".clang-tidy"
+      - "platformio.ini"
+      - "requirements_dev.txt"
+      - "sdkconfig.defaults"
+      - ".clang-tidy.hash"
+      - "script/clang_tidy_hash.py"
+      - ".github/workflows/ci-clang-tidy-hash.yml"
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  verify-hash:
+    name: Verify clang-tidy hash
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        with:
+          python-version: "3.11"
+
+      - name: Verify hash
+        run: |
+          python script/clang_tidy_hash.py --verify
+
+      - if: failure()
+        name: Show hash details
+        run: |
+          python script/clang_tidy_hash.py
+          echo "## Job Failed" | tee -a $GITHUB_STEP_SUMMARY
+          echo "You have modified clang-tidy configuration but have not updated the hash." | tee -a $GITHUB_STEP_SUMMARY
+          echo "Please run 'script/clang_tidy_hash.py --update' and commit the changes." | tee -a $GITHUB_STEP_SUMMARY
+
+      - if: failure()
+        name: Request changes
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            await github.rest.pulls.createReview({
+              pull_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              event: 'REQUEST_CHANGES',
+              body: 'You have modified clang-tidy configuration but have not updated the hash.\nPlease run `script/clang_tidy_hash.py --update` and commit the changes.'
+            })
+
+      - if: success()
+        name: Dismiss review
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            let reviews = await github.rest.pulls.listReviews({
+              pull_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            });
+            for (let review of reviews.data) {
+              if (review.user.login === 'github-actions[bot]' && review.state === 'CHANGES_REQUESTED') {
+                await github.rest.pulls.dismissReview({
+                  pull_number: context.issue.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  review_id: review.id,
+                  message: 'Clang-tidy hash now matches configuration.'
+                });
+              }
+            }
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -1,41 +1,29 @@
 ---
 name: CI for docker images

-# Only run on PRs that touch the docker image, its build inputs, or any code
-# whose toolchain the compile smoke test exercises (core + target platforms).
+# Only run when docker paths change

 on:
-  pull_request:
+  push:
+    branches: [dev, beta, release]
+    paths:
+      - "docker/**"
+      - ".github/workflows/ci-docker.yml"
+      - "requirements*.txt"
+      - "platformio.ini"
+      - "script/platformio_install_deps.py"
+
+  pull_request:
    paths:
-      # Docker image and its build inputs.
      - "docker/**"
      - ".github/workflows/ci-docker.yml"
      - "requirements*.txt"
-      - "pyproject.toml"
      - "platformio.ini"
-      - "esphome/idf_component.yml"
      - "script/platformio_install_deps.py"
-      # Core, build pipeline, toolchain, and target-platform changes can change
-      # how a toolchain is set up or built, so re-run the per-toolchain compile
-      # smoke test when they change.
-      - "esphome/core/**"
-      - "esphome/writer.py"
-      - "esphome/build_gen/**"
-      - "esphome/espidf/**"
-      - "esphome/platformio/**"
-      - "esphome/components/bk72xx/**"
-      - "esphome/components/esp32/**"
-      - "esphome/components/esp8266/**"
-      - "esphome/components/host/**"
-      - "esphome/components/libretiny/**"
-      - "esphome/components/ln882x/**"
-      - "esphome/components/nrf52/**"
-      - "esphome/components/rp2040/**"
-      - "esphome/components/rtl87xx/**"
-      - "esphome/components/zephyr/**"

 permissions:
-  contents: read  # actions/checkout only
+  contents: read
+  packages: read

 concurrency:
  # yamllint disable-line rule:line-length
@@ -46,9 +34,6 @@ jobs:
  check-docker:
    name: Build docker containers
    runs-on: ${{ matrix.os }}
-    permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # push branch-tagged images to ghcr.io for local testing
    strategy:
      fail-fast: false
      matrix:
@@ -57,161 +42,23 @@ jobs:
          - "ha-addon"
          - "docker"
          # - "lint"
-    outputs:
-      tag: ${{ steps.tag.outputs.tag }}
-      push: ${{ steps.tag.outputs.push }}
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.11"
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

-      - name: Determine tag and whether to push
-        id: tag
+      - name: Set TAG
        run: |
-          # Sanitize the branch name into a valid docker tag: replace invalid
-          # characters, ensure the first character is valid (tags must start
-          # with [A-Za-z0-9_]), and cap the length at 128 characters.
-          branch="${{ github.head_ref || github.ref_name }}"
-          tag="${branch//[^a-zA-Z0-9_.-]/-}"
-          case "$tag" in
-            [a-zA-Z0-9_]*) ;;
-            *) tag="pr-${tag}" ;;
-          esac
-          tag="${tag:0:128}"
-          echo "tag=${tag}" >> "$GITHUB_OUTPUT"
-          # Only push branch images for same-repo pull requests. Push events
-          # only fire for dev/beta/release, whose images are owned by the
-          # release pipeline -- never overwrite those from here.
-          if [ "${{ github.event_name }}" = "pull_request" ] \
-            && [ "${{ github.repository }}" = "esphome/esphome" ] \
-            && [ "${{ github.event.pull_request.head.repo.full_name }}" = "esphome/esphome" ]; then
-            echo "push=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "push=false" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Log in to the GitHub container registry
-        if: steps.tag.outputs.push == 'true'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          echo "TAG=check" >> $GITHUB_ENV

      - name: Run build
        run: |
          docker/build.py \
-            --tag "${{ steps.tag.outputs.tag }}" \
+            --tag "${TAG}" \
            --arch "${{ matrix.os == 'ubuntu-24.04-arm' && 'aarch64' || 'amd64' }}" \
            --build-type "${{ matrix.build_type }}" \
-            --registry ghcr \
-            build ${{ steps.tag.outputs.push == 'true' && '--push --no-cache-to' || '' }} ${{ (matrix.os == 'ubuntu-24.04' && matrix.build_type == 'docker') && '--load' || '' }}
-
-      # The amd64 "docker" image is also loaded locally (above) and handed to
-      # compile-test as an artifact, so the smoke test reuses this build instead
-      # of building the image a second time. Using an artifact (rather than the
-      # pushed image) keeps it working for fork PRs, which never push to ghcr.io.
-      - name: Export image for compile-test
-        if: matrix.os == 'ubuntu-24.04' && matrix.build_type == 'docker'
-        run: docker save "ghcr.io/esphome/esphome-amd64:${{ steps.tag.outputs.tag }}" | gzip > compile-test-image.tar.gz
-
-      - name: Upload compile-test image artifact
-        if: matrix.os == 'ubuntu-24.04' && matrix.build_type == 'docker'
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          # The tar is already gzipped, so upload it as-is. archive: false skips
-          # the redundant zip and makes the file name the artifact name (the
-          # `name` input is ignored in that mode).
-          path: compile-test-image.tar.gz
-          retention-days: 1
-          archive: false
-
-  manifest:
-    name: Push ${{ matrix.build_type }} manifest to ghcr.io
-    needs: [check-docker]
-    if: needs.check-docker.outputs.push == 'true'
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read   # actions/checkout to run docker/build.py
-      packages: write  # buildx imagetools writes the multi-arch tag to ghcr.io
-    strategy:
-      fail-fast: false
-      matrix:
-        build_type:
-          - "ha-addon"
-          - "docker"
-    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-        with:
-          python-version: "3.11"
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
-
-      - name: Log in to the GitHub container registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Create and push manifest
-        run: |
-          docker/build.py \
-            --tag "${{ needs.check-docker.outputs.tag }}" \
-            --build-type "${{ matrix.build_type }}" \
-            --registry ghcr \
-            manifest
-
-  # Smoke-test the built image by compiling one minimal config per target
-  # platform / toolchain. This catches missing system dependencies in the image
-  # that only surface when a given toolchain is downloaded and run. The image is
-  # the amd64 "docker" build produced by check-docker (shared as an artifact).
-  compile-test:
-    name: Compile ${{ matrix.id }}
-    needs: check-docker
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read  # actions/checkout to load the test configs
-    strategy:
-      fail-fast: false
-      # Cap concurrency so this smoke test doesn't hog all the shared runners.
-      max-parallel: 2
-      matrix:
-        # One entry per distinct toolchain. ESP32 variants (c3/c6/s2/s3/p4)
-        # share a toolchain bundle, so esp32 is exercised on the base variant
-        # across the full framework x toolchain cross-product (arduino/esp-idf
-        # framework, each built with the platformio and native esp-idf
-        # toolchains) so both toolchains stay covered regardless of which one is
-        # the default.
-        id:
-          - esp8266-arduino
-          - esp32-arduino-platformio
-          - esp32-arduino-esp-idf
-          - esp32-idf-platformio
-          - esp32-idf-esp-idf
-          - rp2040-arduino
-          - bk72xx-arduino
-          - rtl87xx-arduino
-          - ln882x-arduino
-          - nrf52
-          - host
-    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-      - name: Download image artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-        with:
-          name: compile-test-image.tar.gz
-      - name: Load image
-        run: docker load --input compile-test-image.tar.gz
-      - name: Compile ${{ matrix.id }}
-        run: |
-          docker run --rm \
-            -v "${{ github.workspace }}/docker/test_configs:/config" \
-            "ghcr.io/esphome/esphome-amd64:${{ needs.check-docker.outputs.tag }}" \
-            compile "${{ matrix.id }}.yaml"
+            build
--- a/.github/workflows/ci-github-scripts.yml
+++ b/.github/workflows/ci-github-scripts.yml
@@ -1,27 +0,0 @@
-name: CI - GitHub Scripts
-
-on:
-  push:
-    branches: [dev, beta, release]
-    paths:
-      - ".github/scripts/**"
-      - ".github/workflows/ci-github-scripts.yml"
-  pull_request:
-    paths:
-      - ".github/scripts/**"
-      - ".github/workflows/ci-github-scripts.yml"
-
-permissions:
-  contents: read
-
-jobs:
-  test-auto-label-pr:
-    name: Test auto-label-pr scripts
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-
-      - name: Run tests
-        working-directory: .github/scripts/auto-label-pr
-        run: npm test
--- a/.github/workflows/ci-memory-impact-comment.yml
+++ b/.github/workflows/ci-memory-impact-comment.yml
@@ -7,9 +7,9 @@ on:
    types: [completed]

 permissions:
-  contents: read        # actions/checkout of the base repo at the PR's target branch
-  pull-requests: write  # gh api to look up the PR by head SHA and post/update the memory-impact comment
-  actions: read         # gh run download for the memory-analysis artifacts produced by the CI workflow run
+  contents: read
+  pull-requests: write
+  actions: read

 jobs:
  memory-impact-comment:
@@ -49,7 +49,7 @@ jobs:

      - name: Check out code from base repository
        if: steps.pr.outputs.skip != 'true'
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          # Always check out from the base repository (esphome/esphome), never from forks
          # Use the PR's target branch to ensure we run trusted code from the main repo
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
--- a/.github/workflows/close-pr-from-fork-default-branch.yml
+++ b/.github/workflows/close-pr-from-fork-default-branch.yml
@@ -1,72 +0,0 @@
-name: Close PR From Fork Default Branch
-
-on:
-  # pull_request_target is required so we have permission to comment and close PRs from forks.
-  pull_request_target:
-    types: [opened, reopened]
-
-permissions:
-  pull-requests: write  # pulls.update to close the PR opened from a fork's default branch
-  issues: write         # issues.createComment to explain to the contributor why the PR was closed
-
-jobs:
-  close:
-    name: Close PR opened from fork's default branch
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
-      && github.event.pull_request.head.ref == github.event.repository.default_branch
-    steps:
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const prNumber = context.payload.pull_request.number;
-            const author = context.payload.pull_request.user.login;
-            const defaultBranch = context.payload.repository.default_branch;
-            const headRepo = context.payload.pull_request.head.repo.full_name;
-
-            const body = [
-              `Hi @${author}, thanks for opening a pull request! :tada:`,
-              ``,
-              `It looks like this PR was opened from the \`${defaultBranch}\` branch of your fork (\`${headRepo}\`), which is the same name as this repository's default branch. Working directly on \`${defaultBranch}\` in your fork causes a few problems:`,
-              ``,
-              `- Your fork's \`${defaultBranch}\` branch will permanently diverge from \`esphome/esphome:${defaultBranch}\`, making it hard to keep your fork up to date.`,
-              `- Any additional commits you push to \`${defaultBranch}\` will be added to this PR, so you can't easily work on multiple changes at once.`,
-              `- Pushing maintainer fixes to your branch is awkward, since it means committing directly to your fork's default branch.`,
-              `- It makes local collaboration painful — \`${defaultBranch}\` in a checkout becomes ambiguous between upstream and your fork, and maintainers end up with naming collisions when fetching your branch.`,
-              ``,
-              `Please re-open this as a new PR from a dedicated feature branch. The usual flow looks like:`,
-              ``,
-              `\`\`\`bash`,
-              `# Make sure your fork's ${defaultBranch} is up to date with upstream`,
-              `git remote add upstream https://github.com/${owner}/${repo}.git  # if you haven't already`,
-              `git fetch upstream`,
-              `git checkout ${defaultBranch}`,
-              `git reset --hard upstream/${defaultBranch}`,
-              `git push --force-with-lease origin ${defaultBranch}`,
-              ``,
-              `# Create a new branch for your change and cherry-pick / re-apply your commits there`,
-              `git checkout -b my-feature-branch upstream/${defaultBranch}`,
-              `# ...re-apply your changes, then:`,
-              `git push origin my-feature-branch`,
-              `\`\`\``,
-              ``,
-              `Then open a new pull request from \`my-feature-branch\` into \`${owner}/${repo}:${defaultBranch}\`.`,
-              ``,
-              `Closing this PR for now — sorry for the friction, and thanks again for contributing! :heart:`,
-            ].join('\n');
-
-            await github.rest.issues.createComment({
-              owner,
-              repo,
-              issue_number: prNumber,
-              body,
-            });
-
-            await github.rest.pulls.update({
-              owner,
-              repo,
-              pull_number: prNumber,
-              state: 'closed',
-            });
--- a/.github/workflows/codeowner-approved-label-update.yml
+++ b/.github/workflows/codeowner-approved-label-update.yml
@@ -1,81 +0,0 @@
-# Adds/removes a 'code-owner-approved' label when a component-specific
-# codeowner approves (or dismisses) a PR.
-#
-# Uses pull_request_target so that fork PRs do not require workflow approval.
-# The label is reconciled on every PR update; for review events specifically,
-# this means the label is applied on the next push after a codeowner review.
-
-name: Codeowner Approved Label
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened, ready_for_review]
-    branches-ignore:
-      - release
-      - beta
-
-permissions:
-  issues: write       # issues.addLabels / removeLabel to manage the 'code-owner-approved' label on the PR
-  pull-requests: read  # listReviews to determine whether a codeowner has approved
-  contents: read       # actions/checkout to read CODEOWNERS and the shared codeowners.js helper
-
-jobs:
-  codeowner-approved:
-    name: Run
-    if: ${{ github.repository == 'esphome/esphome' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout base branch
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-          sparse-checkout: |
-            .github/scripts/codeowners.js
-            CODEOWNERS
-
-      - name: Check codeowner approval and update label
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        with:
-          script: |
-            const { loadCodeowners, determineLabelAction, LabelAction } = require('./.github/scripts/codeowners.js');
-
-            const owner = context.repo.owner;
-            const repo = context.repo.repo;
-            const pr_number = parseInt(process.env.PR_NUMBER, 10);
-            const LABEL_NAME = 'code-owner-approved';
-
-            console.log(`Processing PR #${pr_number} for codeowner approval label`);
-
-            const codeownersPatterns = loadCodeowners();
-            const action = await determineLabelAction(
-              github, owner, repo, pr_number, codeownersPatterns, LABEL_NAME
-            );
-
-            if (action === LabelAction.NONE) {
-              console.log('No label change needed');
-              return;
-            }
-
-            try {
-              if (action === LabelAction.ADD) {
-                await github.rest.issues.addLabels({
-                  owner, repo, issue_number: pr_number, labels: [LABEL_NAME]
-                });
-                console.log(`Added '${LABEL_NAME}' label`);
-              } else if (action === LabelAction.REMOVE) {
-                await github.rest.issues.removeLabel({
-                  owner, repo, issue_number: pr_number, name: LABEL_NAME
-                });
-                console.log(`Removed '${LABEL_NAME}' label`);
-              }
-            } catch (error) {
-              if (error.status === 403) {
-                console.log(`Warning: insufficient permissions to update label (expected for fork PRs)`);
-              } else if (error.status === 404) {
-                console.log(`Label '${LABEL_NAME}' not present, nothing to remove`);
-              } else {
-                throw error;
-              }
-            }
--- a/.github/workflows/codeowner-review-request.yml
+++ b/.github/workflows/codeowner-review-request.yml
@@ -13,14 +13,10 @@ on:
  # Needs to be pull_request_target to get write permissions
  pull_request_target:
    types: [opened, reopened, synchronize, ready_for_review]
-    branches-ignore:
-      - release
-      - beta

-# PR/review writes (requestReviewers, issues.createComment) are performed with the App token minted below,
-# so the workflow's GITHUB_TOKEN only needs read access for checkout.
 permissions:
-  contents: read  # actions/checkout to read CODEOWNERS and the shared codeowners.js helper
+  pull-requests: write
+  contents: read

 jobs:
  request-codeowner-reviews:
@@ -28,28 +24,10 @@ jobs:
    if: ${{ github.repository == 'esphome/esphome' && !github.event.pull_request.draft }}
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout base branch
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by the github-script step below.
-          permission-pull-requests: write  # pulls.listFiles, pulls.get, pulls.listReviews, pulls.requestReviewers
-          permission-issues: write         # issues.listComments and issues.createComment (PR comments use the issues API)
-
      - name: Request reviews from component codeowners
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
-            const { loadCodeowners, getEffectiveOwners } = require('./.github/scripts/codeowners.js');
-
            const owner = context.repo.owner;
            const repo = context.repo.repo;
            const pr_number = context.payload.pull_request.number;
@@ -60,15 +38,12 @@ jobs:
            const BOT_COMMENT_MARKER = '<!-- codeowner-review-request-bot -->';

            try {
-              // Get the list of changed files in this PR (with pagination)
-              const files = await github.paginate(
-                github.rest.pulls.listFiles,
-                {
-                  owner,
-                  repo,
-                  pull_number: pr_number
-                }
-              );
+              // Get the list of changed files in this PR
+              const { data: files } = await github.rest.pulls.listFiles({
+                owner,
+                repo,
+                pull_number: pr_number
+              });

              const changedFiles = files.map(file => file.filename);
              console.log(`Found ${changedFiles.length} changed files`);
@@ -78,10 +53,32 @@ jobs:
                return;
              }

-              // Parse CODEOWNERS from the checked-out base branch
-              const codeownersPatterns = loadCodeowners();
+              // Fetch CODEOWNERS file from root
+              const { data: codeownersFile } = await github.rest.repos.getContent({
+                owner,
+                repo,
+                path: 'CODEOWNERS',
+                ref: context.payload.pull_request.base.sha
+              });
+              const codeownersContent = Buffer.from(codeownersFile.content, 'base64').toString('utf8');

-              console.log(`Parsed ${codeownersPatterns.length} codeowner patterns`);
+              // Parse CODEOWNERS file to extract all patterns and their owners
+              const codeownersLines = codeownersContent.split('\n')
+                .map(line => line.trim())
+                .filter(line => line && !line.startsWith('#'));
+
+              const codeownersPatterns = [];
+
+              // Convert CODEOWNERS pattern to regex (robust glob handling)
+              function globToRegex(pattern) {
+                // Escape regex special characters except for glob wildcards
+                let regexStr = pattern
+                  .replace(/([.+^=!:${}()|[\]\\])/g, '\\$1') // escape regex chars
+                  .replace(/\*\*/g, '.*') // globstar
+                  .replace(/\*/g, '[^/]*') // single star
+                  .replace(/\?/g, '.'); // question mark
+                return new RegExp('^' + regexStr + '$');
+              }

              // Helper function to create comment body
              function createCommentBody(reviewersList, teamsList, matchedFileCount, isSuccessful = true) {
@@ -96,11 +93,50 @@ jobs:
                }
              }

-              // Match changed files against CODEOWNERS patterns using last-match-wins semantics
-              const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-              const matchedOwners = effective.users;
-              const matchedTeams = effective.teams;
-              const matchedFileCount = effective.matchedFileCount;
+              for (const line of codeownersLines) {
+                const parts = line.split(/\s+/);
+                if (parts.length < 2) continue;
+
+                const pattern = parts[0];
+                const owners = parts.slice(1);
+
+                // Use robust glob-to-regex conversion
+                const regex = globToRegex(pattern);
+                codeownersPatterns.push({ pattern, regex, owners });
+              }
+
+              console.log(`Parsed ${codeownersPatterns.length} codeowner patterns`);
+
+              // Match changed files against CODEOWNERS patterns
+              const matchedOwners = new Set();
+              const matchedTeams = new Set();
+              const fileMatches = new Map(); // Track which files matched which patterns
+
+              for (const file of changedFiles) {
+                for (const { pattern, regex, owners } of codeownersPatterns) {
+                  if (regex.test(file)) {
+                    console.log(`File '${file}' matches pattern '${pattern}' with owners: ${owners.join(', ')}`);
+
+                    if (!fileMatches.has(file)) {
+                      fileMatches.set(file, []);
+                    }
+                    fileMatches.get(file).push({ pattern, owners });
+
+                    // Add owners to the appropriate set (remove @ prefix)
+                    for (const owner of owners) {
+                      const cleanOwner = owner.startsWith('@') ? owner.slice(1) : owner;
+                      if (cleanOwner.includes('/')) {
+                        // Team mention (org/team-name)
+                        const teamName = cleanOwner.split('/')[1];
+                        matchedTeams.add(teamName);
+                      } else {
+                        // Individual user
+                        matchedOwners.add(cleanOwner);
+                      }
+                    }
+                  }
+                }
+              }

              if (matchedOwners.size === 0 && matchedTeams.size === 0) {
                console.log('No codeowners found for any changed files');
@@ -134,14 +170,11 @@ jobs:
              }

              // Check for completed reviews to avoid re-requesting users who have already reviewed
-              const reviews = await github.paginate(
-                github.rest.pulls.listReviews,
-                {
-                  owner,
-                  repo,
-                  pull_number: pr_number
-                }
-              );
+              const { data: reviews } = await github.rest.pulls.listReviews({
+                owner,
+                repo,
+                pull_number: pr_number
+              });

              const reviewedUsers = new Set();
              reviews.forEach(review => {
@@ -214,7 +247,7 @@ jobs:
              }

              const totalReviewers = reviewersList.length + teamsList.length;
-              console.log(`Requesting reviews from ${reviewersList.length} users and ${teamsList.length} teams for ${matchedFileCount} matched files`);
+              console.log(`Requesting reviews from ${reviewersList.length} users and ${teamsList.length} teams for ${fileMatches.size} matched files`);

              // Request reviews
              try {
@@ -246,7 +279,7 @@ jobs:

                // Only add a comment if there are new codeowners to mention (not previously pinged)
                if (reviewersList.length > 0 || teamsList.length > 0) {
-                  const commentBody = createCommentBody(reviewersList, teamsList, matchedFileCount, true);
+                  const commentBody = createCommentBody(reviewersList, teamsList, fileMatches.size, true);

                  await github.rest.issues.createComment({
                    owner,
@@ -264,7 +297,7 @@ jobs:

                  // Only try to add a comment if there are new codeowners to mention
                  if (reviewersList.length > 0 || teamsList.length > 0) {
-                    const commentBody = createCommentBody(reviewersList, teamsList, matchedFileCount, false);
+                    const commentBody = createCommentBody(reviewersList, teamsList, fileMatches.size, false);

                    try {
                      await github.rest.issues.createComment({
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -16,9 +16,6 @@ on:
  schedule:
    - cron: "30 18 * * 4"

-# Deny by default; the analyze job opts in to exactly what it needs.
-permissions: {}
-
 jobs:
  analyze:
    name: Analyze (${{ matrix.language }})
@@ -29,10 +26,15 @@ jobs:
    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
    permissions:
-      security-events: write  # upload CodeQL SARIF results to the Code Scanning API
-      packages: read          # fetch internal or private CodeQL query packs
-      actions: read           # required by codeql-action when run from a private repo
-      contents: read          # actions/checkout to scan the repository
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read

    strategy:
      fail-fast: false
@@ -52,11 +54,11 @@ jobs:
            # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
    steps:
      - name: Checkout repository
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
        with:
          languages: ${{ matrix.language }}
          build-mode: ${{ matrix.build-mode }}
@@ -84,6 +86,6 @@ jobs:
          exit 1

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/external-component-bot.yml
+++ b/.github/workflows/external-component-bot.yml
@@ -4,29 +4,20 @@ on:
  pull_request_target:
    types: [opened, synchronize]

-# All API calls (pulls.listFiles + issues.{list,create,update}Comment) are performed with
-# the App token minted below, so the workflow's GITHUB_TOKEN does not need any scopes.
-permissions: {}
+permissions:
+  contents: read       #  Needed to fetch PR details
+  issues: write        #  Needed to create and update comments (PR comments are managed via the issues REST API)
+  pull-requests: write  # also needed?

 jobs:
  external-comment:
    name: External component comment
    runs-on: ubuntu-latest
    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # pulls.listFiles + issues.{list,create,update}Comment on PRs. For PR resources
-          # the issues.*Comment APIs require the pull-requests scope, not issues.
-          permission-pull-requests: write
-
      - name: Add external component comment
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            // Generate external component usage instructions
            function generateExternalComponentInstructions(prNumber, componentNames, owner, repo) {
--- a/.github/workflows/issue-codeowner-notify.yml
+++ b/.github/workflows/issue-codeowner-notify.yml
@@ -9,8 +9,8 @@ on:
    types: [labeled]

 permissions:
-  issues: write   # issues.createComment to mention component codeowners on the newly labelled issue
-  contents: read  # repos.getContent to fetch CODEOWNERS from the default branch
+  issues: write
+  contents: read

 jobs:
  notify-codeowners:
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Notify codeowners for component issues
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
            const owner = context.repo.owner;
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -6,12 +6,6 @@ on:
    - cron: "30 0 * * *"  # Run daily at 00:30 UTC
  workflow_dispatch:

-# Deny by default; the lock job opts in to exactly what the reusable workflow needs.
-permissions: {}
-
 jobs:
  lock:
-    permissions:
-      issues: write         # issues.lock on closed issues
-      pull-requests: write  # issues.lock on closed pull requests
-    uses: esphome/workflows/.github/workflows/lock.yml@025a1e6255610c498ed590403b7e510b69e474df  # 2026.4.1
+    uses: esphome/workflows/.github/workflows/lock.yml@main
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -1,98 +0,0 @@
-name: PR Title Check
-
-on:
-  pull_request:
-    types: [opened, edited, synchronize, reopened]
-    branches-ignore:
-      - release
-      - beta
-
-permissions:
-  contents: read       # actions/checkout to load detect-tags.js
-  pull-requests: read  # pulls.listFiles to map changed files to component/core/dashboard/ci tags
-
-jobs:
-  check:
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const {
-              detectComponents,
-              hasCoreChanges,
-              hasDashboardChanges,
-              hasGitHubActionsChanges,
-            } = require('./.github/scripts/detect-tags.js');
-
-            const title = context.payload.pull_request.title;
-            const user = context.payload.pull_request.user;
-
-            // Skip bot PRs (e.g. dependabot, esphome[bot] device-class sync) -
-            // they have their own title formats.
-            if (user.type === 'Bot') {
-              return;
-            }
-
-            // Block titles starting with "word:" or "word(scope):" patterns
-            const commitStylePattern = /^\w+(\(.*?\))?[!]?\s*:/;
-            if (commitStylePattern.test(title)) {
-              core.setFailed(
-                `PR title should not start with a "prefix:" style format.\n` +
-                `Please use the format: [component] Brief description\n`
-              );
-              return;
-            }
-
-            // Get changed files to detect tags
-            const files = await github.paginate(github.rest.pulls.listFiles, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-            });
-            const filenames = files.map(f => f.filename);
-
-            // Detect tags from changed files using shared logic
-            const tags = new Set();
-
-            for (const comp of detectComponents(filenames)) {
-              tags.add(comp);
-            }
-            if (hasCoreChanges(filenames)) tags.add('core');
-            if (hasDashboardChanges(filenames)) tags.add('dashboard');
-            if (hasGitHubActionsChanges(filenames)) tags.add('ci');
-
-            if (tags.size === 0) {
-              return;
-            }
-
-            // Check for MDX syntax characters not wrapped in backticks.
-            // Astro docs MDX treats bare `<` as JSX component opening tags and
-            // bare `{` as JS expressions, so both must be escaped in changelog entries.
-            const stripped = title.replace(/`[^`]*`/g, '');
-            if (/[<>{}]/.test(stripped)) {
-              core.setFailed(
-                'PR title contains `<`, `>`, `{`, or `}` not wrapped in backticks.\n' +
-                'Astro docs MDX interprets bare `<` as JSX components and bare `{` as JS expressions.\n' +
-                'Please wrap these characters with backticks, e.g.: [component] Add `<feature>` support'
-              );
-              return;
-            }
-
-            // Check title starts with [tag] prefix
-            const bracketPattern = /^\[\w+\]/;
-            if (!bracketPattern.test(title)) {
-              const suggestion = [...tags].map(c => `[${c}]`).join('');
-              // Skip if the suggested prefix would be too long for a readable title
-              if (suggestion.length > 40) {
-                return;
-              }
-              core.setFailed(
-                `PR modifies: ${[...tags].join(', ')}\n` +
-                `Title must start with a [tag] prefix.\n` +
-                `Suggested: ${suggestion} <description>`
-              );
-            }
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,7 +9,7 @@ on:
    - cron: "0 2 * * *"

 permissions:
-  contents: read  # actions/checkout for all jobs; deploy jobs add their own scopes when they need to write
+  contents: read

 jobs:
  init:
@@ -20,7 +20,7 @@ jobs:
      branch_build: ${{ steps.tag.outputs.branch_build }}
      deploy_env: ${{ steps.tag.outputs.deploy_env }}
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Get tag
        id: tag
        # yamllint disable rule:line-length
@@ -57,10 +57,10 @@ jobs:
    if: github.repository == 'esphome/esphome' && github.event_name == 'release'
    runs-on: ubuntu-latest
    permissions:
-      contents: read   # actions/checkout to build the sdist/wheel
-      id-token: write  # OIDC token for PyPI Trusted Publishing (pypa/gh-action-pypi-publish)
+      contents: read
+      id-token: write
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
@@ -70,7 +70,7 @@ jobs:
          pip3 install build
          python3 -m build
      - name: Publish
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
        with:
          skip-existing: true

@@ -78,8 +78,8 @@ jobs:
    name: Build ESPHome ${{ matrix.platform.arch }}
    if: github.repository == 'esphome/esphome'
    permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # docker/login-action + build-push-action push image digests to ghcr.io
+      contents: read
+      packages: write
    runs-on: ${{ matrix.platform.os }}
    needs: [init]
    strategy:
@@ -92,22 +92,22 @@ jobs:
            os: "ubuntu-24.04-arm"

    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.11"

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to docker hub
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Log in to the GitHub container registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -138,7 +138,7 @@ jobs:
      #     version: ${{ needs.init.outputs.tag }}

      - name: Upload digests
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: digests-${{ matrix.platform.arch }}
          path: /tmp/digests
@@ -152,8 +152,8 @@ jobs:
      - deploy-docker
    if: github.repository == 'esphome/esphome'
    permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # docker/login-action + build-push-action push image digests to ghcr.io
+      contents: read
+      packages: write
    strategy:
      fail-fast: false
      matrix:
@@ -168,27 +168,27 @@ jobs:
          - ghcr
          - dockerhub
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Download digests
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          pattern: digests-*
          path: /tmp/digests
          merge-multiple: true

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to docker hub
        if: matrix.registry == 'dockerhub'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Log in to the GitHub container registry
        if: matrix.registry == 'ghcr'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -212,6 +212,72 @@ jobs:
          docker buildx imagetools create $(jq -Rcnr 'inputs | . / "," | map("-t " + .) | join(" ")' <<< "${{ steps.tags.outputs.tags}}") \
            $(printf '${{ steps.tags.outputs.image }}@sha256:%s ' *)

+  deploy-ha-addon-repo:
+    if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
+    runs-on: ubuntu-latest
+    needs:
+      - init
+      - deploy-manifest
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
+          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
+          owner: esphome
+          repositories: home-assistant-addon
+
+      - name: Trigger Workflow
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            let description = "ESPHome";
+            if (context.eventName == "release") {
+              description = ${{ toJSON(github.event.release.body) }};
+            }
+            github.rest.actions.createWorkflowDispatch({
+              owner: "esphome",
+              repo: "home-assistant-addon",
+              workflow_id: "bump-version.yml",
+              ref: "main",
+              inputs: {
+                version: "${{ needs.init.outputs.tag }}",
+                content: description
+              }
+            })
+
+  deploy-esphome-schema:
+    if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
+    runs-on: ubuntu-latest
+    needs: [init]
+    environment: ${{ needs.init.outputs.deploy_env }}
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
+          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
+          owner: esphome
+          repositories: esphome-schema
+
+      - name: Trigger Workflow
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            github.rest.actions.createWorkflowDispatch({
+              owner: "esphome",
+              repo: "esphome-schema",
+              workflow_id: "generate-schemas.yml",
+              ref: "main",
+              inputs: {
+                version: "${{ needs.init.outputs.tag }}",
+              }
+            })
+
  version-notifier:
    if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
    runs-on: ubuntu-latest
@@ -221,20 +287,19 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
          owner: esphome
          repositories: version-notifier
-          permission-actions: write  # actions.createWorkflowDispatch on the target repo (only API call made with this token)

      - name: Trigger Workflow
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
-            await github.rest.actions.createWorkflowDispatch({
+            github.rest.actions.createWorkflowDispatch({
              owner: "esphome",
              repo: "version-notifier",
              workflow_id: "notify.yml",
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -7,8 +7,8 @@ on:
  workflow_dispatch:

 permissions:
-  issues: write         # actions/stale labels, comments on, and closes stale issues
-  pull-requests: write  # actions/stale labels, comments on, and closes stale pull requests
+  issues: write
+  pull-requests: write

 concurrency:
  group: lock
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Stale
-        uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
+        uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
        with:
          debug-only: ${{ github.ref != 'refs/heads/dev' }} # Dry-run when not run on dev branch
          remove-stale-when-updated: true
--- a/.github/workflows/status-check-labels.yml
+++ b/.github/workflows/status-check-labels.yml
@@ -2,32 +2,30 @@ name: Status check labels

 on:
  pull_request:
-    types: [opened, reopened, labeled, unlabeled, synchronize]
-
-permissions:
-  pull-requests: read  # issues.listLabelsOnIssue to detect blocking labels (needs-docs, merge-after-release, chained-pr)
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+    types: [labeled, unlabeled]

 jobs:
  check:
-    name: Check blocking labels
+    name: Check ${{ matrix.label }}
    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        label:
+          - needs-docs
+          - merge-after-release
+          - chained-pr
    steps:
-      - name: Check for blocking labels
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      - name: Check for ${{ matrix.label }} label
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
-            const blockingLabels = ['needs-docs', 'merge-after-release', 'chained-pr'];
            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number
            });
-            const labelNames = labels.map(l => l.name);
-            const found = blockingLabels.filter(bl => labelNames.includes(bl));
-            if (found.length > 0) {
-              core.setFailed(`Pull request cannot be merged, it has blocking label(s): ${found.join(', ')}`);
+            const hasLabel = labels.find(label => label.name === '${{ matrix.label }}');
+            if (hasLabel) {
+              core.setFailed('Pull request cannot be merged, it is labeled as ${{ matrix.label }}');
            }
--- a/.github/workflows/sync-device-classes.yml
+++ b/.github/workflows/sync-device-classes.yml
@@ -6,32 +6,17 @@ on:
  schedule:
    - cron: "45 6 * * *"

-# Repo writes (branch push, PR open) happen via the App token minted below,
-# so the workflow's GITHUB_TOKEN does not need any write scopes.
-permissions:
-  contents: read  # actions/checkout for this repo and home-assistant/core
-
 jobs:
  sync:
    name: Sync Device Classes
    runs-on: ubuntu-latest
    if: github.repository == 'esphome/esphome'
    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by peter-evans/create-pull-request.
-          permission-contents: write       # git.createCommit + refs.create/update to push the sync/device-classes branch
-          permission-pull-requests: write  # pulls.create / pulls.update to open or refresh the sync PR
-
      - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

      - name: Checkout Home Assistant
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          repository: home-assistant/core
          path: lib/home-assistant
@@ -39,61 +24,24 @@ jobs:
      - name: Setup Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
-          python-version: "3.14"
-
-      - name: Set up uv
-        # An order of magnitude faster than pip on cold boots, with its
-        # own wheel cache. ``--system`` (below) installs into the
-        # setup-python interpreter so subsequent ``pre-commit`` /
-        # ``script/run-in-env.py`` steps find the deps without a
-        # ``uv run`` prefix.
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-        with:
-          enable-cache: true
-          # Pin uv version so the action does not have to fetch the
-          # manifest from raw.githubusercontent.com on every cache
-          # miss; that fetch flakes on Windows runners.
-          version: "0.11.15"
+          python-version: 3.13

      - name: Install Home Assistant
        run: |
-          uv pip install --system -e lib/home-assistant
-          uv pip install --system -r requirements.txt -r requirements_test.txt pre-commit
+          python -m pip install --upgrade pip
+          pip install -e lib/home-assistant
+          pip install -r requirements_test.txt pre-commit

      - name: Sync
        run: |
          python ./script/sync-device_class.py

-      - name: Apply pre-commit auto-fixes
-        # First pass: let formatters (ruff, end-of-file-fixer, etc.) modify
-        # files. pre-commit exits non-zero whenever a hook touches anything,
-        # which would otherwise abort the workflow before the auto-fixes
-        # can flow into the sync PR.
-        #
-        # SKIP:
-        #   - no-commit-to-branch is a local guard against committing on
-        #     dev/release/beta; CI runs on dev by definition, and
-        #     peter-evans/create-pull-request creates the branch itself.
-        #   - pylint surfaces import-error / relative-beyond-top-level
-        #     noise here because this workflow installs only a subset of
-        #     the runtime deps (HA + requirements*.txt); main CI already
-        #     gates pylint on real PRs.
-        env:
-          SKIP: pylint,no-commit-to-branch
-        run: python script/run-in-env.py pre-commit run --all-files || true
-
-      - name: Verify pre-commit clean
-        # Second pass: re-run all hooks against the now-fixed tree.
-        # Auto-fixers exit 0 (nothing to change); any remaining failure
-        # from a check-only hook (flake8 / yamllint / ci-custom) is a
-        # real issue and fails the workflow loudly. Same SKIP list as
-        # above for the same reasons.
-        env:
-          SKIP: pylint,no-commit-to-branch
-        run: python script/run-in-env.py pre-commit run --all-files
+      - name: Run pre-commit hooks
+        run: |
+          python script/run-in-env.py pre-commit run --all-files

      - name: Commit changes
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
        with:
          commit-message: "Synchronise Device Classes from Home Assistant"
          committer: esphomebot <esphome@openhomefoundation.org>
@@ -102,4 +50,4 @@ jobs:
          delete-branch: true
          title: "Synchronise Device Classes from Home Assistant"
          body-path: .github/PULL_REQUEST_TEMPLATE.md
-          token: ${{ steps.generate-token.outputs.token }}
+          token: ${{ secrets.DEVICE_CLASS_SYNC_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -141,12 +141,10 @@ tests/.esphome/

 sdkconfig.*
 !sdkconfig.defaults
-!sdkconfig.defaults.*

 .tests/

 /components
 /managed_components
-/dependencies.lock

 api-docs/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -6,12 +6,12 @@ ci:
  autoupdate_commit_msg: 'pre-commit: autoupdate'
  autoupdate_schedule: off  # Disabled until ruff versions are synced between deps and pre-commit
  # Skip hooks that have issues in pre-commit CI environment
-  skip: [pylint]
+  skip: [pylint, clang-tidy-hash]

 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    # Ruff version.
-    rev: v0.15.15
+    rev: v0.15.1
    hooks:
      # Run the linter.
      - id: ruff
@@ -37,7 +37,7 @@ repos:
      - id: end-of-file-fixer
      - id: trailing-whitespace
  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.21.2
+    rev: v3.20.0
    hooks:
      - id: pyupgrade
        args: [--py311-plus]
@@ -55,11 +55,13 @@ repos:
    hooks:
      - id: pylint
        name: pylint
-        entry: python script/run-in-env.py pylint
+        entry: python3 script/run-in-env.py pylint
        language: system
        types: [python]
-        files: ^esphome/.+\.py$
-      - id: ci-custom
-        name: ci-custom
-        entry: python script/run-in-env.py script/ci-custom.py
-        language: system
+      - id: clang-tidy-hash
+        name: Update clang-tidy hash
+        entry: python script/clang_tidy_hash.py --update-if-changed
+        language: python
+        files: ^(\.clang-tidy|platformio\.ini|requirements_dev\.txt)$
+        pass_filenames: false
+        additional_dependencies: []
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1 +1 @@
-AGENTS.md
+.ai/instructions.md
--- a/45
+++ b/45
@@ -19,6 +19,7 @@ esphome/components/ac_dimmer/* @glmnet
 esphome/components/adc/* @esphome/core
 esphome/components/adc128s102/* @DeerMaximum
 esphome/components/addressable_light/* @justfalter
+esphome/components/ade7880/* @kpfleming
 esphome/components/ade7953/* @angelnu
 esphome/components/ade7953_base/* @angelnu
 esphome/components/ade7953_i2c/* @angelnu
@@ -27,7 +28,7 @@ esphome/components/ads1118/* @solomondg1
 esphome/components/ags10/* @mak-42
 esphome/components/aic3204/* @kbx81
 esphome/components/airthings_ble/* @jeromelaban
-esphome/components/airthings_wave_base/* @jeromelaban @ncareau
+esphome/components/airthings_wave_base/* @jeromelaban @kpfleming @ncareau
 esphome/components/airthings_wave_mini/* @ncareau
 esphome/components/airthings_wave_plus/* @jeromelaban @precurse
 esphome/components/alarm_control_panel/* @grahambrown11 @hwstar
@@ -53,9 +54,6 @@ esphome/components/atm90e32/* @circuitsetup @descipher
 esphome/components/audio/* @kahrendt
 esphome/components/audio_adc/* @kbx81
 esphome/components/audio_dac/* @kbx81
-esphome/components/audio_file/* @kahrendt
-esphome/components/audio_file/media_source/* @kahrendt
-esphome/components/audio_http/* @kahrendt
 esphome/components/axs15231/* @clydebarrow
 esphome/components/b_parasite/* @rbaron
 esphome/components/ballu/* @bazuchan
@@ -83,7 +81,6 @@ esphome/components/bme680_bsec/* @trvrnrth
 esphome/components/bme68x_bsec2/* @kbx81 @neffs
 esphome/components/bme68x_bsec2_i2c/* @kbx81 @neffs
 esphome/components/bmi160/* @flaviut
-esphome/components/bmi270/* @clydebarrow
 esphome/components/bmp280_base/* @ademuri
 esphome/components/bmp280_i2c/* @ademuri
 esphome/components/bmp280_spi/* @ademuri
@@ -93,7 +90,6 @@ esphome/components/bmp3xx_i2c/* @latonita
 esphome/components/bmp3xx_spi/* @latonita
 esphome/components/bmp581_base/* @danielkent-net @kahrendt
 esphome/components/bmp581_i2c/* @danielkent-net @kahrendt
-esphome/components/bmp581_spi/* @danielkent-net @kahrendt
 esphome/components/bp1658cj/* @Cossid
 esphome/components/bp5758d/* @Cossid
 esphome/components/bthome_mithermometer/* @nagyrobi
@@ -134,22 +130,20 @@ esphome/components/dashboard_import/* @esphome/core
 esphome/components/datetime/* @jesserockz @rfdarter
 esphome/components/debug/* @esphome/core
 esphome/components/delonghi/* @grob6000
-esphome/components/dew_point/* @CFlix
 esphome/components/dfplayer/* @glmnet
 esphome/components/dfrobot_sen0395/* @niklasweber
 esphome/components/dht/* @OttoWinter
 esphome/components/display_menu_base/* @numo68
-esphome/components/dlms_meter/* @latonita @PolarGoose @SimonFischer04 @Tomer27cz
+esphome/components/dlms_meter/* @SimonFischer04
 esphome/components/dps310/* @kbx81
 esphome/components/ds1307/* @badbadc0ffee
 esphome/components/ds2484/* @mrk-its
-esphome/components/dsmr/* @glmnet @PolarGoose
+esphome/components/dsmr/* @glmnet @PolarGoose @zuidwijk
 esphome/components/duty_time/* @dudanov
 esphome/components/ee895/* @Stock-M
 esphome/components/ektf2232/touchscreen/* @jesserockz
 esphome/components/emc2101/* @ellull
 esphome/components/emmeti/* @E440QF
-esphome/components/emontx/* @FredM67 @glynhudson @TrystanLea
 esphome/components/ens160/* @latonita
 esphome/components/ens160_base/* @latonita @vincentscode
 esphome/components/ens160_i2c/* @latonita
@@ -219,8 +213,6 @@ esphome/components/hbridge/light/* @DotNetDann
 esphome/components/hbridge/switch/* @dwmw2
 esphome/components/hc8/* @omartijn
 esphome/components/hdc2010/* @optimusprimespace @ssieb
-esphome/components/hdc2080/* @G-Pereira @jesserockz
-esphome/components/hdc302x/* @joshuasing
 esphome/components/he60r/* @clydebarrow
 esphome/components/heatpumpir/* @rob-deutsch
 esphome/components/hitachi_ac424/* @sourabhjaiswal
@@ -248,6 +240,7 @@ esphome/components/hyt271/* @Philippe12
 esphome/components/i2c/* @esphome/core
 esphome/components/i2c_device/* @gabest11
 esphome/components/i2s_audio/* @jesserockz
+esphome/components/i2s_audio/media_player/* @jesserockz
 esphome/components/i2s_audio/microphone/* @jesserockz
 esphome/components/i2s_audio/speaker/* @jesserockz @kahrendt
 esphome/components/iaqcore/* @yozik04
@@ -291,7 +284,6 @@ esphome/components/lock/* @esphome/core
 esphome/components/logger/* @esphome/core
 esphome/components/logger/select/* @clydebarrow
 esphome/components/lps22/* @nagisa
-esphome/components/lsm6ds/* @clydebarrow
 esphome/components/ltr390/* @latonita @sjtrny
 esphome/components/ltr501/* @latonita
 esphome/components/ltr_als_ps/* @latonita
@@ -323,7 +315,6 @@ esphome/components/mcp9808/* @k7hpn
 esphome/components/md5/* @esphome/core
 esphome/components/mdns/* @esphome/core
 esphome/components/media_player/* @jesserockz
-esphome/components/media_source/* @kahrendt
 esphome/components/micro_wake_word/* @jesserockz @kahrendt
 esphome/components/micronova/* @edenhaus @jorre05
 esphome/components/microphone/* @jesserockz @kahrendt
@@ -334,7 +325,6 @@ esphome/components/mipi_dsi/* @clydebarrow
 esphome/components/mipi_rgb/* @clydebarrow
 esphome/components/mipi_spi/* @clydebarrow
 esphome/components/mitsubishi/* @RubyBailey
-esphome/components/mitsubishi_cn105/* @crnjan
 esphome/components/mixer/speaker/* @kahrendt
 esphome/components/mlx90393/* @functionpointer
 esphome/components/mlx90614/* @jesserockz
@@ -348,11 +338,9 @@ esphome/components/modbus_controller/select/* @martgras @stegm
 esphome/components/modbus_controller/sensor/* @martgras
 esphome/components/modbus_controller/switch/* @martgras
 esphome/components/modbus_controller/text_sensor/* @martgras
-esphome/components/modbus_server/* @exciton
 esphome/components/mopeka_ble/* @Fabian-Schmidt @spbrogan
 esphome/components/mopeka_pro_check/* @spbrogan
 esphome/components/mopeka_std_check/* @Fabian-Schmidt
-esphome/components/motion/* @esphome/core
 esphome/components/mpl3115a2/* @kbickar
 esphome/components/mpu6886/* @fabaff
 esphome/components/ms8607/* @e28eta
@@ -381,7 +369,6 @@ esphome/components/pca6416a/* @Mat931
 esphome/components/pca9554/* @bdraco @clydebarrow @hwstar
 esphome/components/pcf85063/* @brogon
 esphome/components/pcf8563/* @KoenBreeman
-esphome/components/pcm5122/* @remcom
 esphome/components/pi4ioe5v6408/* @jesserockz
 esphome/components/pid/* @OttoWinter
 esphome/components/pipsolar/* @andreashergert1984
@@ -408,7 +395,6 @@ esphome/components/qmp6988/* @andrewpc
 esphome/components/qr_code/* @wjtje
 esphome/components/qspi_dbi/* @clydebarrow
 esphome/components/qwiic_pir/* @kahrendt
-esphome/components/radio_frequency/* @kbx81
 esphome/components/radon_eye_ble/* @jeffeb3
 esphome/components/radon_eye_rd200/* @jeffeb3
 esphome/components/rc522/* @glmnet
@@ -419,15 +405,12 @@ esphome/components/resampler/speaker/* @kahrendt
 esphome/components/restart/* @esphome/core
 esphome/components/rf_bridge/* @jesserockz
 esphome/components/rgbct/* @jesserockz
-esphome/components/ring_buffer/* @kahrendt
-esphome/components/router/speaker/* @kahrendt
 esphome/components/rp2040/* @jesserockz
-esphome/components/rp2040_ble/* @bdraco
 esphome/components/rp2040_pio_led_strip/* @Papa-DMan
 esphome/components/rp2040_pwm/* @jesserockz
 esphome/components/rpi_dpi_rgb/* @clydebarrow
 esphome/components/rtl87xx/* @kuba2k2
-esphome/components/rtttl/* @glmnet @ximex
+esphome/components/rtttl/* @glmnet
 esphome/components/runtime_image/* @clydebarrow @guillempages @kahrendt
 esphome/components/runtime_stats/* @bdraco
 esphome/components/rx8130/* @beormund
@@ -445,15 +428,8 @@ esphome/components/select/* @esphome/core
 esphome/components/sen0321/* @notjj
 esphome/components/sen21231/* @shreyaskarnik
 esphome/components/sen5x/* @martgras
-esphome/components/sen6x/* @martgras @mebner86 @tuct
-esphome/components/sendspin/* @kahrendt
-esphome/components/sendspin/media_player/* @kahrendt
-esphome/components/sendspin/media_source/* @kahrendt
-esphome/components/sendspin/sensor/* @kahrendt
-esphome/components/sendspin/text_sensor/* @kahrendt
 esphome/components/sensirion_common/* @martgras
 esphome/components/sensor/* @esphome/core
-esphome/components/serial_proxy/* @kbx81
 esphome/components/sfa30/* @ghsensdev
 esphome/components/sgp40/* @SenexCrenshaw
 esphome/components/sgp4x/* @martgras @SenexCrenshaw
@@ -474,12 +450,8 @@ esphome/components/sn74hc165/* @jesserockz
 esphome/components/socket/* @esphome/core
 esphome/components/sonoff_d1/* @anatoly-savchenkov
 esphome/components/sound_level/* @kahrendt
-esphome/components/spa06_base/* @danielkent-net
-esphome/components/spa06_i2c/* @danielkent-net
-esphome/components/spa06_spi/* @danielkent-net
 esphome/components/speaker/* @jesserockz @kahrendt
 esphome/components/speaker/media_player/* @kahrendt @synesthesiam
-esphome/components/speaker_source/* @kahrendt
 esphome/components/spi/* @clydebarrow @esphome/core
 esphome/components/spi_device/* @clydebarrow
 esphome/components/spi_led_strip/* @clydebarrow
@@ -561,7 +533,6 @@ esphome/components/uart/packet_transport/* @clydebarrow
 esphome/components/udp/* @clydebarrow
 esphome/components/ufire_ec/* @pvizeli
 esphome/components/ufire_ise/* @pvizeli
-esphome/components/ufm01/* @ljungqvist
 esphome/components/ultrasonic/* @ssieb @swoboda1337
 esphome/components/update/* @jesserockz
 esphome/components/uponor_smatrix/* @kroimon
@@ -599,7 +570,6 @@ esphome/components/wk2212_spi/* @DrCoolZic
 esphome/components/wl_134/* @hobbypunk90
 esphome/components/wts01/* @alepee
 esphome/components/x9c/* @EtienneMD
-esphome/components/xdb401/* @RT530
 esphome/components/xgzp68xx/* @gcormier
 esphome/components/xiaomi_hhccjcy10/* @fariouche
 esphome/components/xiaomi_lywsd02mmc/* @juanluss31
@@ -612,8 +582,7 @@ esphome/components/xl9535/* @mreditor97
 esphome/components/xpt2046/touchscreen/* @nielsnl68 @numo68
 esphome/components/xxtea/* @clydebarrow
 esphome/components/zephyr/* @tomaszduda23
-esphome/components/zephyr_mcumgr/ota/* @tomaszduda23
 esphome/components/zhlt01/* @cfeenstra1024
-esphome/components/zigbee/* @luar123 @tomaszduda23
+esphome/components/zigbee/* @tomaszduda23
 esphome/components/zio_ultrasonic/* @kahrendt
 esphome/components/zwave_proxy/* @kbx81
--- a/2
+++ b/2
@@ -48,7 +48,7 @@ PROJECT_NAME           = ESPHome
 # could be handy for archiving the generated documentation or if some version
 # control system is used.

-PROJECT_NUMBER         = 2026.7.0-dev
+PROJECT_NUMBER         = 2026.3.0-dev

 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -1 +1 @@
-AGENTS.md
+.ai/instructions.md
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -4,5 +4,4 @@ include requirements.txt
 recursive-include esphome *.yaml
 recursive-include esphome *.cpp *.h *.tcc *.c
 recursive-include esphome *.py.script
-recursive-include esphome *.jinja
 recursive-include esphome LICENSE.txt
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# ESPHome [![Discord Chat](https://img.shields.io/discord/429907082951524364.svg)](https://discord.gg/KhAMKrd) [![GitHub release](https://img.shields.io/github/release/esphome/esphome.svg)](https://GitHub.com/esphome/esphome/releases/) [![CodSpeed](https://img.shields.io/endpoint?url=https://codspeed.io/badge.json)](https://codspeed.io/esphome/esphome)
+# ESPHome [![Discord Chat](https://img.shields.io/discord/429907082951524364.svg)](https://discord.gg/KhAMKrd) [![GitHub release](https://img.shields.io/github/release/esphome/esphome.svg)](https://GitHub.com/esphome/esphome/releases/)

 <a href="https://esphome.io/">
  <picture>
--- a/THREAT_MODEL.md
+++ b/THREAT_MODEL.md
@@ -1,102 +0,0 @@
-# ESPHome Threat Model
-
-This document defines the trust boundary for the **ESPHome** repository — the
-Python compiler/CLI and the device firmware it generates — so that real security
-bugs can be told apart from defense-in-depth improvements. It gives contributors,
-reviewers, and security researchers a clear answer to one question:
-**does this issue let an _unauthenticated_ attacker do something they shouldn't?**
-
-Related documents:
-
- Deployment guidance for operators:
-  https://esphome.io/guides/security_best_practices/
- The **Device Builder dashboard** (the web UI, its authentication, ingress,
-  Origin/Host gates, and peer-link pairing) lives in a separate repository and
-  has its own threat model. If your report concerns any of that, please read and
-  report there instead:
-  https://github.com/esphome/device-builder/blob/main/docs/THREAT_MODEL.md
-
-## The trust boundary
-
-For this repository there are two trusted inputs by design:
-
-1. **The configuration.** Anyone who can supply or edit a YAML config is trusted
-   (see below).
-2. **Authenticated peers of a running device** — clients holding the device's
-   API encryption key / password, OTA password, or web server credentials.
-
-The security boundary is therefore **unauthenticated network traffic vs. those
-trusted inputs.** A bug that lets an unauthenticated attacker cross it is a
-security bug.
-
-## Config authors are host-equivalent by design
-
-Anyone who can supply or edit a configuration is **trusted with full code
-execution on the host that runs `esphome`**, on purpose. This is what the product
-does, not a flaw. A config author can already, through fully supported features:
-
- Run arbitrary **Python** at validation/compile time via `external_components:`
-  (and other component-import mechanisms) — ESPHome imports those packages as
-  ordinary Python.
- Run arbitrary **shell** commands through the compile/validate/flash toolchain
-  that ESPHome invokes as subprocesses.
- Read and write arbitrary files reachable by the process (e.g. via `!include`,
-  `packages:`, `dashboard_import:`, and generated build output).
-
-Because of this, a malicious config author is equivalent to shell access on the
-host running the build.
-
-## What is *not* a security vulnerability
-
-If exploiting an issue requires the ability to supply or edit configuration, it
-is **not** a vulnerability in ESPHome, because that ability already grants host
-code execution. This explicitly includes, among others:
-
- Template / expression injection in substitutions or any YAML string value
-  (e.g. Jinja `${...}` evaluation reaching Python internals). This grants no
-  capability a config author lacks.
- `!include` / `packages:` / `dashboard_import:` reading or fetching content
-  from surprising or remote locations.
- The validator or compiler crashing or behaving unexpectedly on adversarial
-  YAML.
- ESPHome running as root in the official container — that is the documented
-  deployment posture, reachable by the same caller through the features above.
-
-These do not warrant a CVE or coordinated disclosure. Hardening in these areas
-(for example, sandboxing template evaluation as least-surprise defense-in-depth)
-is welcome as a normal enhancement PR, framed as cleanliness rather than a
-security fix — not as a vulnerability remediation.
-
-## What we do defend
-
-These *are* security bugs in this repo, and we want to hear about them privately:
-
- Memory-safety or protocol bugs in the generated **device firmware** that are
-  remotely triggerable over the network (native API, web server, OTA, BLE,
-  captive portal, etc.) **without** valid credentials.
- Authentication or encryption bypass on the device — reaching API calls, OTA
-  updates, or the web server without the configured key/password.
- Flaws that weaken the device's API encryption (Noise), OTA, or web server auth
-  below their documented guarantees.
-
-## Explicitly out of scope
-
- Local attackers who already have shell access on the host that runs `esphome`.
- Supply-chain attacks against ESPHome or its dependencies.
- Operator-supplied hostile YAML (covered above — config authoring is trusted).
- Attacks that require an already-authenticated device peer (someone who already
-  holds the API key / OTA / web credentials).
- Anything in the dashboard / device-builder — report that in its own repository
-  (linked at the top).
- Deployments where the operator removed protections or exposed credentials. See
-  the security best practices guide:
-  https://esphome.io/guides/security_best_practices/
-
-## Reporting a vulnerability
-
-If you believe you've found an issue that crosses the unauthenticated boundary
-above, please report it privately via GitHub Security Advisories rather than a
-public issue. For issues that require config-write access, please review this
-document first — they are very likely out of scope by design. For dashboard /
-device-builder issues, report against that repository and consult its threat
-model (linked at the top).
--- a/codecov.yml
+++ b/codecov.yml
@@ -1,18 +0,0 @@
-coverage:
-  status:
-    patch:
-      default:
-        target: 100%
-        threshold: 0%
-    project:
-      default:
-        informational: true
-
-ignore:
-  - "esphome/components/**/*"
-  - "esphome/analyze_memory/**/*"
-  - "tests/integration/**/*"
-
-comment:
-  layout: "reach, diff, flags, files"
-  require_changes: true
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,9 +1,10 @@
 ARG BUILD_VERSION=dev
-ARG BUILD_BASE_VERSION=2026.06.0
+ARG BUILD_OS=alpine
+ARG BUILD_BASE_VERSION=2025.04.0
 ARG BUILD_TYPE=docker

-FROM ghcr.io/esphome/docker-base:debian-${BUILD_BASE_VERSION} AS base-source-docker
-FROM ghcr.io/esphome/docker-base:debian-ha-addon-${BUILD_BASE_VERSION} AS base-source-ha-addon
+FROM ghcr.io/esphome/docker-base:${BUILD_OS}-${BUILD_BASE_VERSION} AS base-source-docker
+FROM ghcr.io/esphome/docker-base:${BUILD_OS}-ha-addon-${BUILD_BASE_VERSION} AS base-source-ha-addon

 ARG BUILD_TYPE
 FROM base-source-${BUILD_TYPE} AS base
@@ -12,14 +13,14 @@ RUN git config --system --add safe.directory "*" \
    && git config --system advice.detachedHead false

 # Install build tools for Python packages that require compilation
-# (e.g., ruamel.yaml.clib used by ESP-IDF's idf-component-manager).
-# Also install libusb-1.0 at runtime so the ESP-IDF tools installer can
-# validate openocd-esp32 (it dynamically links libusb-1.0.so.0); without
-# it idf_tools.py rejects the openocd install with exit 127 and aborts
-# the whole framework setup.
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends build-essential libusb-1.0-0 \
-    && rm -rf /var/lib/apt/lists/*
+# (e.g., ruamel.yaml.clibz used by ESP-IDF's idf-component-manager)
+RUN if command -v apk > /dev/null; then \
+        apk add --no-cache build-base; \
+    else \
+        apt-get update \
+        && apt-get install -y --no-install-recommends build-essential \
+        && rm -rf /var/lib/apt/lists/*; \
+    fi

 ENV PIP_DISABLE_PIP_VERSION_CHECK=1

@@ -31,9 +32,6 @@ RUN \
    uv pip install --no-cache-dir \
    -r /requirements.txt

-# Install the ESPHome Device Builder dashboard.
-RUN uv pip install --no-cache-dir esphome-device-builder==1.0.12
-
 RUN \
    platformio settings set enable_telemetry No \
    && platformio settings set check_platformio_interval 1000000 \
--- a/docker/build.py
+++ b/docker/build.py
@@ -20,10 +20,6 @@ TYPE_HA_ADDON = "ha-addon"
 TYPE_LINT = "lint"
 TYPES = [TYPE_DOCKER, TYPE_HA_ADDON, TYPE_LINT]

-REGISTRY_GHCR = "ghcr"
-REGISTRY_DOCKERHUB = "dockerhub"
-REGISTRIES = [REGISTRY_GHCR, REGISTRY_DOCKERHUB]
-

 parser = argparse.ArgumentParser()
 parser.add_argument(
@@ -38,12 +34,6 @@ parser.add_argument(
 parser.add_argument(
    "--build-type", choices=TYPES, required=True, help="The type of build to run"
 )
-parser.add_argument(
-    "--registry",
-    choices=REGISTRIES,
-    action="append",
-    help="Restrict to specific registries (default: all). May be passed multiple times.",
-)
 parser.add_argument(
    "--dry-run", action="store_true", help="Don't run any commands, just print them"
 )
@@ -55,11 +45,6 @@ build_parser.add_argument("--push", help="Also push the images", action="store_t
 build_parser.add_argument(
    "--load", help="Load the docker image locally", action="store_true"
 )
-build_parser.add_argument(
-    "--no-cache-to",
-    help="Don't write the build cache (avoids polluting the shared cache)",
-    action="store_true",
-)
 manifest_parser = subparsers.add_parser(
    "manifest", help="Create a manifest from already pushed images"
 )
@@ -110,14 +95,11 @@ def main():
                print("Command failed")
                sys.exit(1)

-    registries = args.registry or REGISTRIES
-
    # detect channel from tag
    match = re.match(r"^(\d+\.\d+)(?:\.\d+)?(b\d+)?$", args.tag)
    major_minor_version = None
    if match is None:
-        # Custom tag (e.g. a branch name) -- push only the tag itself
-        channel = None
+        channel = CHANNEL_DEV
    elif match.group(2) is None:
        major_minor_version = match.group(1)
        channel = CHANNEL_RELEASE
@@ -146,18 +128,11 @@ def main():
            CHANNEL_DEV: "cache-dev",
            CHANNEL_BETA: "cache-beta",
            CHANNEL_RELEASE: "cache-latest",
-        }.get(channel, "cache-dev")
-        # Cache images live alongside the pushed images; prefer GHCR when it is
-        # one of the selected registries, otherwise fall back to Docker Hub so a
-        # registry-restricted build doesn't need GHCR auth.
-        cache_prefix = "ghcr.io/" if REGISTRY_GHCR in registries else ""
-        cache_img = f"{cache_prefix}{params.build_to}:{cache_tag}"
+        }[channel]
+        cache_img = f"ghcr.io/{params.build_to}:{cache_tag}"

-        imgs = []
-        if REGISTRY_DOCKERHUB in registries:
-            imgs += [f"{params.build_to}:{tag}" for tag in tags_to_push]
-        if REGISTRY_GHCR in registries:
-            imgs += [f"ghcr.io/{params.build_to}:{tag}" for tag in tags_to_push]
+        imgs = [f"{params.build_to}:{tag}" for tag in tags_to_push]
+        imgs += [f"ghcr.io/{params.build_to}:{tag}" for tag in tags_to_push]

        # 3. build
        cmd = [
@@ -180,9 +155,7 @@ def main():
        for img in imgs:
            cmd += ["--tag", img]
        if args.push:
-            cmd += ["--push"]
-            if not args.no_cache_to:
-                cmd += ["--cache-to", f"type=registry,ref={cache_img},mode=max"]
+            cmd += ["--push", "--cache-to", f"type=registry,ref={cache_img},mode=max"]
        if args.load:
            cmd += ["--load"]

@@ -190,22 +163,20 @@ def main():
    elif args.command == "manifest":
        manifest = DockerParams.for_type_arch(args.build_type, ARCH_AMD64).manifest_to

-        targets = []
-        if REGISTRY_DOCKERHUB in registries:
-            targets += [f"{manifest}:{tag}" for tag in tags_to_push]
-        if REGISTRY_GHCR in registries:
-            targets += [f"ghcr.io/{manifest}:{tag}" for tag in tags_to_push]
-        # Use buildx imagetools (not `docker manifest`) so the per-arch sources,
-        # which buildx pushes as single-platform manifest lists, are combined
-        # and pushed correctly in one step.
+        targets = [f"{manifest}:{tag}" for tag in tags_to_push]
+        targets += [f"ghcr.io/{manifest}:{tag}" for tag in tags_to_push]
+        # 1. Create manifests
        for target in targets:
-            cmd = ["docker", "buildx", "imagetools", "create", "--tag", target]
+            cmd = ["docker", "manifest", "create", target]
            for arch in ARCHS:
                src = f"{DockerParams.for_type_arch(args.build_type, arch).build_to}:{args.tag}"
                if target.startswith("ghcr.io"):
                    src = f"ghcr.io/{src}"
                cmd.append(src)
            run_command(*cmd)
+        # 2. Push manifests
+        for target in targets:
+            run_command("docker", "manifest", "push", target)


 if __name__ == "__main__":
--- a/docker/docker_entrypoint.sh
+++ b/docker/docker_entrypoint.sh
@@ -27,12 +27,4 @@ if [[ -d /build ]]; then
    export ESPHOME_BUILD_PATH=/build
 fi

-# The default CMD is "dashboard /config". Route the dashboard to the new
-# Device Builder, but pass every other subcommand (compile, run, config,
-# logs, ...) straight through to the esphome CLI so direct CLI use keeps working.
-if [[ "$1" == "dashboard" ]]; then
-    shift
-    exec esphome-device-builder "$@"
-fi
-
 exec esphome "$@"
--- a/docker/ha-addon-rootfs/etc/nginx/includes/mime.types
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/mime.types
@@ -0,0 +1,96 @@
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}
--- a/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf
@@ -0,0 +1,16 @@
+proxy_http_version          1.1;
+proxy_ignore_client_abort   off;
+proxy_read_timeout          86400s;
+proxy_redirect              off;
+proxy_send_timeout          86400s;
+proxy_max_temp_file_size    0;
+
+proxy_set_header Accept-Encoding "";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Authorization "";
--- a/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf
@@ -0,0 +1,8 @@
+root            /dev/null;
+server_name     $hostname;
+
+client_max_body_size 512m;
+
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;
--- a/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf
@@ -0,0 +1,8 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
--- a/docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf
@@ -0,0 +1,3 @@
+upstream esphome {
+    server unix:/var/run/esphome.sock;
+}
--- a/docker/ha-addon-rootfs/etc/nginx/nginx.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/nginx.conf
@@ -0,0 +1,30 @@
+daemon off;
+user root;
+pid /var/run/nginx.pid;
+worker_processes 1;
+error_log /proc/1/fd/1 error;
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/includes/mime.types;
+
+    access_log              off;
+    default_type            application/octet-stream;
+    gzip                    on;
+    keepalive_timeout       65;
+    sendfile                on;
+    server_tokens           off;
+
+    tcp_nodelay             on;
+    tcp_nopush              on;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    include /etc/nginx/includes/upstream.conf;
+    include /etc/nginx/servers/*.conf;
+}
--- a/docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep
+++ b/docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep
@@ -0,0 +1 @@
+Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)
--- a/docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl
+++ b/docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl
@@ -0,0 +1,28 @@
+server {
+    {{ if not .ssl }}
+    listen 6052 default_server;
+    {{ else }}
+    listen 6052 default_server ssl http2;
+    {{ end }}
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    {{ if .ssl }}
+    include /etc/nginx/includes/ssl_params.conf;
+
+    ssl_certificate /ssl/{{ .certfile }};
+    ssl_certificate_key /ssl/{{ .keyfile }};
+
+    # Redirect http requests to https on the same port.
+    # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/
+    error_page 497 https://$http_host$request_uri;
+    {{ end }}
+
+    # Clear Home Assistant Ingress header
+    proxy_set_header X-HA-Ingress "";
+
+    location / {
+        proxy_pass http://esphome;
+    }
+}
--- a/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl
+++ b/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl
@@ -0,0 +1,18 @@
+server {
+    listen 127.0.0.1:{{ .port }} default_server;
+    listen {{ .interface }}:{{ .port }} default_server;
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    # Set Home Assistant Ingress header
+    proxy_set_header X-HA-Ingress "YES";
+
+    location / {
+        allow   172.30.32.2;
+        allow   127.0.0.1;
+        deny    all;
+
+        proxy_pass http://esphome;
+    }
+}
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run
@@ -16,7 +16,7 @@ fi

 port=$(bashio::addon.ingress_port)

-# Wait for the ESPHome Device Builder to become available
+# Wait for NGINX to become available
 bashio::net.wait_for "${port}" "127.0.0.1" 300

 config=$(\
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish
@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 # ==============================================================================
 # Home Assistant Community Add-on: ESPHome
-# Take down the S6 supervision tree when ESPHome Device Builder fails
+# Take down the S6 supervision tree when ESPHome dashboard fails
 # ==============================================================================
 declare exit_code
 readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
@@ -10,7 +10,7 @@ readonly exit_code_service="${1}"
 readonly exit_code_signal="${2}"

 bashio::log.info \
-  "Service ESPHome Device Builder exited with code ${exit_code_service}" \
+  "Service ESPHome dashboard exited with code ${exit_code_service}" \
  "(by signal ${exit_code_signal})"

 if [[ "${exit_code_service}" -eq 256 ]]; then
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run
@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 # ==============================================================================
 # Community Hass.io Add-ons: ESPHome
-# Runs the ESPHome Device Builder
+# Runs the ESPHome dashboard
 # ==============================================================================
 readonly pio_cache_base=/data/cache/platformio

@@ -49,21 +49,5 @@ if bashio::fs.directory_exists '/config/esphome/.esphome'; then
    rm -rf /config/esphome/.esphome
 fi

-# Only signal device-builder to expose the public LAN port when the operator
-# mapped port 6052, matching the legacy dashboard where nginx listened on the
-# fixed port 6052 only when it was configured. We use the mapping purely as a
-# presence check and don't forward the published value; device-builder binds
-# its default port 6052 (the fixed container port, as the legacy
-# "listen 6052" did). --ha-addon-allow-public is inert on its own: the no-auth
-# gate is the DISABLE_HA_AUTHENTICATION env var set above, so both opt-ins are
-# required to bind 6052 unauthenticated; either alone stays ingress-only.
-set --
-if bashio::var.has_value "$(bashio::addon.port 6052)"; then
-    set -- --ha-addon-allow-public
-fi
-
-bashio::log.info "Starting ESPHome Device Builder..."
-exec esphome-device-builder /config/esphome \
-    --ha-addon \
-    --ingress-port "$(bashio::addon.ingress_port)" \
-    "$@"
+bashio::log.info "Starting ESPHome dashboard..."
+exec esphome dashboard /config/esphome --socket /var/run/esphome.sock --ha-addon
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run
@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Configures NGINX for use with ESPHome
+# ==============================================================================
+mkdir -p /var/log/nginx
+
+# Generate Ingress configuration
+bashio::var.json \
+    interface "$(bashio::addon.ip_address)" \
+    port "^$(bashio::addon.ingress_port)" \
+    | tempio \
+        -template /etc/nginx/templates/ingress.gtpl \
+        -out /etc/nginx/servers/ingress.conf
+
+# Generate direct access configuration, if enabled.
+if bashio::var.has_value "$(bashio::addon.port 6052)"; then
+    bashio::config.require.ssl
+    bashio::var.json \
+        certfile "$(bashio::config 'certfile')" \
+        keyfile "$(bashio::config 'keyfile')" \
+        ssl "^$(bashio::config 'ssl')" \
+        | tempio \
+            -template /etc/nginx/templates/direct.gtpl \
+            -out /etc/nginx/servers/direct.conf
+fi
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type
@@ -0,0 +1 @@
+oneshot
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up
@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx/run
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/esphome
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/esphome
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish
@@ -0,0 +1,25 @@
+#!/command/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Take down the S6 supervision tree when NGINX fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+
+bashio::log.info \
+  "Service NGINX exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run
@@ -0,0 +1,15 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Runs the NGINX proxy
+# ==============================================================================
+
+bashio::log.info "Waiting for ESPHome dashboard to come up..."
+
+while [[ ! -S /var/run/esphome.sock ]]; do
+  sleep 0.5
+done
+
+bashio::log.info "Starting NGINX..."
+exec nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type
@@ -0,0 +1 @@
+longrun
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
--- a/docker/test_configs/bk72xx-arduino.yaml
+++ b/docker/test_configs/bk72xx-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-bk72xx-arduino
-
-bk72xx:
-  board: generic-bk7231n-qfn32-tuya
-
-logger:
--- a/docker/test_configs/esp32-arduino-esp-idf.yaml
+++ b/docker/test_configs/esp32-arduino-esp-idf.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-ard-idf
-
-esp32:
-  variant: esp32
-  framework:
-    type: arduino
-  toolchain: esp-idf
-
-logger:
--- a/docker/test_configs/esp32-arduino-platformio.yaml
+++ b/docker/test_configs/esp32-arduino-platformio.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-ard-pio
-
-esp32:
-  variant: esp32
-  framework:
-    type: arduino
-  toolchain: platformio
-
-logger:
--- a/docker/test_configs/esp32-idf-esp-idf.yaml
+++ b/docker/test_configs/esp32-idf-esp-idf.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-idf-idf
-
-esp32:
-  variant: esp32
-  framework:
-    type: esp-idf
-  toolchain: esp-idf
-
-logger:
--- a/docker/test_configs/esp32-idf-platformio.yaml
+++ b/docker/test_configs/esp32-idf-platformio.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-idf-pio
-
-esp32:
-  variant: esp32
-  framework:
-    type: esp-idf
-  toolchain: platformio
-
-logger:
--- a/docker/test_configs/esp8266-arduino.yaml
+++ b/docker/test_configs/esp8266-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-esp8266-arduino
-
-esp8266:
-  board: d1_mini
-
-logger:
--- a/docker/test_configs/host.yaml
+++ b/docker/test_configs/host.yaml
@@ -1,6 +0,0 @@
-esphome:
-  name: docker-test-host
-
-host:
-
-logger:
--- a/docker/test_configs/ln882x-arduino.yaml
+++ b/docker/test_configs/ln882x-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-ln882x-arduino
-
-ln882x:
-  board: generic-ln882hki
-
-logger:
--- a/docker/test_configs/nrf52.yaml
+++ b/docker/test_configs/nrf52.yaml
@@ -1,8 +0,0 @@
-esphome:
-  name: docker-test-nrf52
-
-nrf52:
-  board: adafruit_itsybitsy_nrf52840
-  bootloader: adafruit_nrf52_sd140_v6
-
-logger:
--- a/docker/test_configs/rp2040-arduino.yaml
+++ b/docker/test_configs/rp2040-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-rp2040-arduino
-
-rp2040:
-  variant: rp2040
-
-logger:
--- a/docker/test_configs/rtl87xx-arduino.yaml
+++ b/docker/test_configs/rtl87xx-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-rtl87xx-arduino
-
-rtl87xx:
-  board: generic-rtl8710bn-2mb-788k
-
-logger:
--- a/esphome/main.py
+++ b/esphome/main.py
--- a/esphome/address_cache.py
+++ b/esphome/address_cache.py
@@ -101,17 +101,6 @@ class AddressCache:
        """Check if any cache entries exist."""
        return bool(self.mdns_cache or self.dns_cache)

-    def add_mdns_addresses(self, hostname: str, addresses: list[str]) -> None:
-        """Store resolved mDNS addresses for ``hostname`` in the cache.
-
-        Callers that discover ``.local`` hosts (e.g. via mDNS browse) can use
-        this to avoid a second resolution round-trip during the upload path.
-        No-op when ``addresses`` is empty.
-        """
-        if not addresses:
-            return
-        self.mdns_cache[normalize_hostname(hostname)] = addresses
-
    @classmethod
    def from_cli_args(
        cls, mdns_args: Iterable[str], dns_args: Iterable[str]
--- a/esphome/analyze_memory/init.py
+++ b/esphome/analyze_memory/init.py
@@ -1,6 +1,6 @@
 """Memory usage analyzer for ESPHome compiled binaries."""

-from collections import Counter, defaultdict
+from collections import defaultdict
 from dataclasses import dataclass, field
 import logging
 from pathlib import Path
@@ -24,7 +24,7 @@ from .helpers import (
 from .toolchain import find_tool, resolve_tool_path, run_tool

 if TYPE_CHECKING:
-    from esphome.platformio.toolchain import IDEData
+    from esphome.platformio_api import IDEData

 _LOGGER = logging.getLogger(__name__)

@@ -40,15 +40,6 @@ _READELF_SECTION_PATTERN = re.compile(
    r"\s*\[\s*\d+\]\s+([\.\w]+)\s+\w+\s+[\da-fA-F]+\s+[\da-fA-F]+\s+([\da-fA-F]+)"
 )

-# Regex for extracting call targets from objdump disassembly
-# Matches direct call instructions across architectures:
-#   Xtensa: call0/call4/call8/call12/callx0/callx4/callx8/callx12 <addr> <symbol>
-#   ARM:    bl/blx <addr> <symbol>
-# Captures the mangled symbol name inside angle brackets.
-_CALL_TARGET_PATTERN = re.compile(
-    r"\t(?:call(?:0|4|8|12)|callx(?:0|4|8|12)|blx?)\s+[\da-fA-F]+ <([^>]+)>"
-)
-
 # Component category prefixes
 _COMPONENT_PREFIX_ESPHOME = "[esphome]"
 _COMPONENT_PREFIX_EXTERNAL = "[external]"
@@ -56,10 +47,6 @@ _COMPONENT_PREFIX_LIB = "[lib]"
 _COMPONENT_CORE = f"{_COMPONENT_PREFIX_ESPHOME}core"
 _COMPONENT_API = f"{_COMPONENT_PREFIX_ESPHOME}api"

-# Placement new storage suffix (generated by codegen Pvariable)
-_PSTORAGE_SUFFIX = "__pstorage"
-
-
 # C++ namespace prefixes
 _NAMESPACE_ESPHOME = "esphome::"
 _NAMESPACE_STD = "std::"
@@ -205,27 +192,20 @@ class MemoryAnalyzer:
        self._cswtch_symbols: list[tuple[str, int, str, str]] = []
        # Library symbol mapping: symbol_name -> library_name
        self._lib_symbol_map: dict[str, str] = {}
-        # Source file symbol mapping: symbol_name -> component_name
-        # Used for extern "C" and other symbols without C++ namespace
-        self._source_symbol_map: dict[str, str] = {}
        # Library dir to name mapping: "lib641" -> "espsoftwareserial",
        # "espressif__mdns" -> "mdns"
        self._lib_hash_to_name: dict[str, str] = {}
        # Heuristic category to library redirect: "mdns_lib" -> "[lib]mdns"
        self._heuristic_to_lib: dict[str, str] = {}
-        # Function call counts: mangled_name -> call_count
-        self._function_call_counts: Counter[str] = Counter()

    def analyze(self) -> dict[str, ComponentMemory]:
        """Analyze the ELF file and return component memory usage."""
        self._parse_sections()
        self._parse_symbols()
        self._scan_libraries()
-        self._scan_source_symbols()
        self._categorize_symbols()
        self._analyze_cswtch_symbols()
        self._analyze_sdk_libraries()
-        self._analyze_function_calls()
        return dict(self.components)

    def _parse_sections(self) -> None:
@@ -336,13 +316,6 @@ class MemoryAnalyzer:
        # Demangle C++ names if needed
        demangled = self._demangle_symbol(symbol_name)

-        # Check for placement new storage symbols (generated by codegen)
-        # Format: {component}__{id}__pstorage
-        if demangled.endswith(_PSTORAGE_SUFFIX) and (
-            component := self._match_pstorage_component(demangled)
-        ):
-            return component
-
        # Check for special component classes first (before namespace pattern)
        # This handles cases like esphome::ESPHomeOTAComponent which should map to ota
        if _NAMESPACE_ESPHOME in demangled:
@@ -378,11 +351,6 @@ class MemoryAnalyzer:
        if lib_name := self._lib_symbol_map.get(symbol_name):
            return f"{_COMPONENT_PREFIX_LIB}{lib_name}"

-        # Check source file mapping (catches extern "C" functions in ESPHome sources)
-        # Must be before heuristic patterns since source attribution is authoritative
-        if component := self._source_symbol_map.get(symbol_name):
-            return component
-
        # Check against symbol patterns
        for component, patterns in SYMBOL_PATTERNS.items():
            if any(pattern in symbol_name for pattern in patterns):
@@ -410,33 +378,14 @@ class MemoryAnalyzer:
        # Track uncategorized symbols for analysis
        return "other"

-    def _match_pstorage_component(self, symbol_name: str) -> str | None:
-        """Match a __pstorage symbol to its ESPHome component.
-
-        Symbol format: {component}__{id}__pstorage
-        The component namespace is embedded by codegen before the double underscore.
-        """
-        prefix = symbol_name[: -len(_PSTORAGE_SUFFIX)]
-        # Extract component namespace before the first double underscore
-        dunder_pos = prefix.find("__")
-        if dunder_pos == -1:
-            return None
-        component_name = prefix[:dunder_pos]
-        if component_name in get_esphome_components():
-            return f"{_COMPONENT_PREFIX_ESPHOME}{component_name}"
-        if component_name in self.external_components:
-            return f"{_COMPONENT_PREFIX_EXTERNAL}{component_name}"
-        return None
-
    def _batch_demangle_symbols(self, symbols: list[str]) -> None:
        """Batch demangle C++ symbol names for efficiency."""
        if not symbols:
            return

        _LOGGER.info("Demangling %d symbols", len(symbols))
-        demangled = batch_demangle(symbols, objdump_path=self.objdump_path)
-        self._demangle_cache.update(demangled)
-        _LOGGER.info("Successfully demangled %d symbols", len(demangled))
+        self._demangle_cache = batch_demangle(symbols, objdump_path=self.objdump_path)
+        _LOGGER.info("Successfully demangled %d symbols", len(self._demangle_cache))

    def _demangle_symbol(self, symbol: str) -> str:
        """Get demangled C++ symbol name from cache."""
@@ -691,7 +640,6 @@ class MemoryAnalyzer:
            return None

        symbol_map: dict[str, str] = {}
-        source_symbol_map: dict[str, str] = {}
        current_symbol: str | None = None
        section_prefixes = (".text.", ".rodata.", ".data.", ".bss.", ".literal.")

@@ -727,18 +675,9 @@ class MemoryAnalyzer:
                    if dir_key in source_path:
                        symbol_map[current_symbol] = lib_name
                        break
-                else:
-                    # Map ESPHome source files to components for extern "C"
-                    # and other symbols without C++ namespace
-                    component = self._source_file_to_component(source_path)
-                    if component.startswith(
-                        (_COMPONENT_PREFIX_ESPHOME, _COMPONENT_PREFIX_EXTERNAL)
-                    ):
-                        source_symbol_map[current_symbol] = component

            current_symbol = None

-        self._source_symbol_map = source_symbol_map
        return symbol_map or None

    def _scan_libraries(self) -> None:
@@ -789,115 +728,6 @@ class MemoryAnalyzer:
            len(libraries),
        )

-    def _scan_source_symbols(self) -> None:
-        """Scan ESPHome source object files to map extern "C" symbols to components.
-
-        When no linker map file is available, this uses ``nm`` to scan ``.o`` files
-        under ``src/`` (including ``src/main.cpp.o`` and everything beneath
-        ``src/esphome/``) and build a symbol-to-component mapping. This catches
-        ``extern "C"`` functions, the ESPHome-generated ``setup()``/``loop()``
-        entry points in ``main.cpp``, and other symbols that lack C++ namespace
-        prefixes.
-
-        Skips scanning if ``_source_symbol_map`` was already populated by
-        ``_parse_map_file()``.
-        """
-        if self._source_symbol_map or not self.nm_path:
-            return
-
-        obj_dir = self._find_object_files_dir()
-        if obj_dir is None:
-            return
-
-        # Scan all ESPHome-owned source object files: src/main.cpp.o and src/esphome/...
-        src_dir = obj_dir / "src"
-        if not src_dir.is_dir():
-            return
-
-        obj_files = sorted(src_dir.rglob("*.o"))
-        if not obj_files:
-            return
-
-        # Run nm with --print-file-name to get file:symbol mapping
-        result = run_tool(
-            [self.nm_path, "--print-file-name", "-g", "--defined-only"]
-            + [str(f) for f in obj_files],
-        )
-        if result is None or result.returncode != 0:
-            _LOGGER.debug("nm scan of source objects failed")
-            return
-
-        self._source_symbol_map = self._parse_nm_source_output(result.stdout, obj_dir)
-        if self._source_symbol_map:
-            _LOGGER.info(
-                "Built source symbol map from nm: %d symbols",
-                len(self._source_symbol_map),
-            )
-
-    def _parse_nm_source_output(self, output: str, base_dir: Path) -> dict[str, str]:
-        """Parse nm output to map non-namespaced symbols to ESPHome components.
-
-        Extracts global defined symbols from ESPHome source object files that
-        don't use C++ namespacing (e.g. ``extern "C"`` functions).
-
-        Args:
-            output: Raw stdout from ``nm --print-file-name -g --defined-only``
-                or ``nm --print-file-name -S``.
-            base_dir: Build directory for computing relative paths.
-
-        Returns:
-            Dict mapping symbol names to component names.
-        """
-        source_map: dict[str, str] = {}
-        for line in output.splitlines():
-            # Format: /path/to/file.o: addr type name
-            #     or: /path/to/file.o: addr size type name (with -S)
-            colon_idx = line.rfind(".o:")
-            if colon_idx == -1:
-                continue
-
-            file_path = line[: colon_idx + 2]
-            fields = line[colon_idx + 3 :].split()
-            if len(fields) < 3:
-                continue
-
-            # With -S flag, format is: addr size type name
-            # Without -S flag: addr type name
-            # type is a single char; size is hex digits
-            # Detect by checking if fields[1] is a single uppercase letter (type)
-            if len(fields[1]) == 1 and fields[1].isalpha():
-                # addr type name
-                sym_type = fields[1]
-                symbol_name = fields[2]
-            elif len(fields) >= 4:
-                # addr size type name
-                sym_type = fields[2]
-                symbol_name = fields[3]
-            else:
-                continue
-
-            # Only global defined symbols (uppercase type)
-            if not sym_type.isupper() or sym_type == "U":
-                continue
-
-            # Skip symbols already in esphome:: namespace
-            if symbol_name.startswith("_ZN7esphome"):
-                continue
-
-            # Make path relative to base_dir for _source_file_to_component
-            try:
-                rel_path = str(Path(file_path).relative_to(base_dir))
-            except ValueError:
-                continue
-
-            component = self._source_file_to_component(rel_path)
-            if component.startswith(
-                (_COMPONENT_PREFIX_ESPHOME, _COMPONENT_PREFIX_EXTERNAL)
-            ):
-                source_map[symbol_name] = component
-
-        return source_map
-
    def _find_object_files_dir(self) -> Path | None:
        """Find the directory containing object files for this build.

@@ -1067,10 +897,6 @@ class MemoryAnalyzer:
                if component_name in self.external_components:
                    return f"{_COMPONENT_PREFIX_EXTERNAL}{component_name}"

-        # ESPHome-generated entry point: src/main.cpp.o (contains setup()/loop())
-        if len(parts) >= 2 and parts[-2:] == ("src", "main.cpp.o"):
-            return _COMPONENT_CORE
-
        # ESPHome core: src/esphome/core/... or src/esphome/...
        if "core" in parts and "esphome" in parts:
            return _COMPONENT_CORE
@@ -1185,43 +1011,6 @@ class MemoryAnalyzer:
            total_size,
        )

-    def _analyze_function_calls(self) -> None:
-        """Count function call sites by parsing disassembly output.
-
-        Parses direct call instructions (call0/call8/bl/blx) from objdump -d
-        to count how many times each function is called. This helps identify
-        inlining candidates — frequently called small functions benefit most
-        from inlining.
-        """
-        result = run_tool(
-            [self.objdump_path, "-d", str(self.elf_path)],
-            timeout=60,
-        )
-        if result is None or result.returncode != 0:
-            _LOGGER.debug("Failed to disassemble ELF for function call analysis")
-            return
-
-        self._function_call_counts = Counter(
-            match.group(1)
-            for line in result.stdout.splitlines()
-            if (match := _CALL_TARGET_PATTERN.search(line))
-        )
-
-        # Demangle any call targets not already in the cache
-        missing = [
-            name
-            for name in self._function_call_counts
-            if name not in self._demangle_cache
-        ]
-        if missing:
-            self._batch_demangle_symbols(missing)
-
-        _LOGGER.debug(
-            "Function call analysis: %d unique targets, %d total calls",
-            len(self._function_call_counts),
-            sum(self._function_call_counts.values()),
-        )
-
    def get_unattributed_ram(self) -> tuple[int, int, int]:
        """Get unattributed RAM sizes (SDK/framework overhead).

--- a/esphome/analyze_memory/cli.py
+++ b/esphome/analyze_memory/cli.py
@@ -6,7 +6,6 @@ from collections import defaultdict
 from collections.abc import Callable
 import heapq
 from operator import itemgetter
-from pathlib import Path
 import sys
 from typing import TYPE_CHECKING

@@ -16,7 +15,6 @@ from . import (
    _COMPONENT_PREFIX_ESPHOME,
    _COMPONENT_PREFIX_EXTERNAL,
    _COMPONENT_PREFIX_LIB,
-    _PSTORAGE_SUFFIX,
    RAM_SECTIONS,
    MemoryAnalyzer,
 )
@@ -25,17 +23,6 @@ if TYPE_CHECKING:
    from . import ComponentMemory


-def _format_pstorage_name(name: str) -> str:
-    """Format a __pstorage symbol as 'storage for {id}'."""
-    if not name.endswith(_PSTORAGE_SUFFIX):
-        return name
-    prefix = name[: -len(_PSTORAGE_SUFFIX)]
-    # Strip component namespace prefix: {component}__{id} -> {id}
-    dunder_pos = prefix.find("__")
-    var_id = prefix[dunder_pos + 2 :] if dunder_pos != -1 else prefix
-    return f"storage for {var_id}"
-
-
 class MemoryAnalyzerCLI(MemoryAnalyzer):
    """Memory analyzer with CLI-specific report generation."""

@@ -161,14 +148,11 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
        If section is one of the RAM sections (.data or .bss), a label like
        " [data]" or " [bss]" is appended. For non-RAM sections or when
        section is None, no section label is added.
-
-        Placement new storage symbols are formatted as "storage for {id}".
        """
-        display_name = _format_pstorage_name(demangled)
        section_label = ""
        if section in RAM_SECTIONS:
            section_label = f" [{section[1:]}]"  # .data -> [data], .bss -> [bss]
-        return f"{display_name} ({size:,} B){section_label}"
+        return f"{demangled} ({size:,} B){section_label}"

    def _add_top_symbols(self, lines: list[str]) -> None:
        """Add a section showing the top largest symbols in the binary."""
@@ -191,13 +175,11 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
        for i, (_, demangled, size, section, component) in enumerate(top_symbols):
            # Format section label
            section_label = f"[{section[1:]}]" if section else ""
-            # Format storage symbols readably
-            display_name = _format_pstorage_name(demangled)
-            # Truncate if too long
+            # Truncate demangled name if too long
            demangled_display = (
-                f"{display_name[:truncate_limit]}..."
-                if len(display_name) > self.COL_TOP_SYMBOL_NAME
-                else display_name
+                f"{demangled[:truncate_limit]}..."
+                if len(demangled) > self.COL_TOP_SYMBOL_NAME
+                else demangled
            )
            lines.append(
                f"{i + 1:>2}. {size:>7,} B {section_label:<8} {demangled_display:<{self.COL_TOP_SYMBOL_NAME}} {component}"
@@ -249,110 +231,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
                    lines.append(f"    {size:>6,} B  {sym_name}")
            lines.append("")

-    # Number of top called functions to show
-    TOP_CALLS_LIMIT: int = 50
-    # Number of inlining candidates to show
-    INLINE_CANDIDATES_LIMIT: int = 25
-    # Maximum function size in bytes to consider for inlining
-    INLINE_SIZE_THRESHOLD: int = 16
-
-    def _build_symbol_sizes(self) -> dict[str, int]:
-        """Build a size lookup from all component symbols: mangled_name -> size."""
-        return {
-            symbol: size
-            for symbols in self._component_symbols.values()
-            for symbol, _, size, _ in symbols
-        }
-
-    def _format_call_row(
-        self, index: int, mangled: str, count: int, symbol_sizes: dict[str, int]
-    ) -> str:
-        """Format a single row for call frequency tables."""
-        demangled = self._demangle_cache.get(mangled, mangled)
-        if len(demangled) > 80:
-            demangled = f"{demangled[:77]}..."
-        size = symbol_sizes.get(mangled)
-        size_str = f"{size:>5,} B" if size is not None else "      ?"
-        return f"{index:>3}  {count:>5}  {size_str}  {demangled}"
-
-    def _add_call_table_header(self, lines: list[str]) -> None:
-        """Add the header row for call frequency tables."""
-        lines.append(f"{'#':>3}  {'Calls':>5}  {'Size':>7}  Function")
-        lines.append(f"{'---':>3}  {'-----':>5}  {'-------':>7}  {'-' * 60}")
-
-    def _add_function_call_analysis(self, lines: list[str]) -> None:
-        """Add function call frequency analysis section.
-
-        Shows the most frequently called functions by call site count.
-        """
-        self._add_section_header(lines, "Top Called Functions")
-
-        symbol_sizes = self._build_symbol_sizes()
-
-        # Sort by call count descending
-        sorted_calls = sorted(
-            self._function_call_counts.items(), key=lambda x: x[1], reverse=True
-        )
-
-        self._add_call_table_header(lines)
-
-        for i, (mangled, count) in enumerate(sorted_calls[: self.TOP_CALLS_LIMIT]):
-            lines.append(self._format_call_row(i + 1, mangled, count, symbol_sizes))
-
-        total_calls = sum(self._function_call_counts.values())
-        lines.append("")
-        lines.append(
-            f"Total: {len(self._function_call_counts)} unique targets, "
-            f"{total_calls:,} call sites"
-        )
-        lines.append("")
-
-    def _add_inline_candidates(self, lines: list[str]) -> None:
-        """Add inlining candidates section.
-
-        Shows frequently called functions that are small enough to benefit
-        from inlining (< 16 bytes). These are the best candidates for
-        reducing call overhead.
-        """
-        self._add_section_header(
-            lines,
-            f"Inlining Candidates (<{self.INLINE_SIZE_THRESHOLD} B, by call count)",
-        )
-
-        symbol_sizes = self._build_symbol_sizes()
-
-        # Filter to small functions with known size, sort by call count
-        candidates = sorted(
-            (
-                (mangled, count)
-                for mangled, count in self._function_call_counts.items()
-                if mangled in symbol_sizes
-                and symbol_sizes[mangled] < self.INLINE_SIZE_THRESHOLD
-            ),
-            key=lambda x: x[1],
-            reverse=True,
-        )
-
-        if not candidates:
-            lines.append("No candidates found.")
-            lines.append("")
-            return
-
-        self._add_call_table_header(lines)
-
-        for i, (mangled, count) in enumerate(
-            candidates[: self.INLINE_CANDIDATES_LIMIT]
-        ):
-            lines.append(self._format_call_row(i + 1, mangled, count, symbol_sizes))
-
-        lines.append("")
-        lines.append(
-            f"Showing top {min(len(candidates), self.INLINE_CANDIDATES_LIMIT)} "
-            f"of {len(candidates)} functions under "
-            f"{self.INLINE_SIZE_THRESHOLD} B"
-        )
-        lines.append("")
-
    def generate_report(self, detailed: bool = False) -> str:
        """Generate a formatted memory report."""
        components = sorted(
@@ -510,7 +388,7 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            lines.append(
                f"{_COMPONENT_CORE} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B ({len(large_core_symbols)} symbols):"
            )
-            for i, (_symbol, demangled, size) in enumerate(large_core_symbols):
+            for i, (symbol, demangled, size) in enumerate(large_core_symbols):
                # Core symbols only track (symbol, demangled, size) without section info,
                # so we don't show section labels here
                lines.append(
@@ -591,18 +469,17 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
                lines.append(f"Total size: {comp_mem.flash_total:,} B")
                lines.append("")

-                # Show symbols above threshold, always include storage symbols
+                # Show all symbols above threshold for better visibility
                large_symbols = [
                    (sym, dem, size, sec)
                    for sym, dem, size, sec in sorted_symbols
                    if size > self.SYMBOL_SIZE_THRESHOLD
-                    or dem.endswith(_PSTORAGE_SUFFIX)
                ]

                lines.append(
-                    f"{comp_name} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B & storage ({len(large_symbols)} symbols):"
+                    f"{comp_name} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B ({len(large_symbols)} symbols):"
                )
-                for i, (_symbol, demangled, size, section) in enumerate(large_symbols):
+                for i, (symbol, demangled, size, section) in enumerate(large_symbols):
                    lines.append(
                        f"{i + 1}. {self._format_symbol_with_section(demangled, size, section)}"
                    )
@@ -623,10 +500,7 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            # Sort by size descending
            sorted_ram_syms = sorted(ram_syms, key=lambda x: x[2], reverse=True)
            large_ram_syms = [
-                s
-                for s in sorted_ram_syms
-                if s[2] > self.RAM_SYMBOL_SIZE_THRESHOLD
-                or s[1].endswith(_PSTORAGE_SUFFIX)
+                s for s in sorted_ram_syms if s[2] > self.RAM_SYMBOL_SIZE_THRESHOLD
            ]

            lines.append(f"{name} ({mem.ram_total:,} B total RAM):")
@@ -641,17 +515,16 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
                lines.append(
                    f"  Symbols > {self.RAM_SYMBOL_SIZE_THRESHOLD} B ({len(large_ram_syms)}):"
                )
-                for _symbol, demangled, size, section in large_ram_syms[:10]:
+                for symbol, demangled, size, section in large_ram_syms[:10]:
                    # Format section label consistently by stripping leading dot
                    section_label = section.lstrip(".") if section else ""
-                    display_name = _format_pstorage_name(demangled)
                    # Add ellipsis if name is truncated
-                    display_name = (
-                        f"{display_name[:70]}..."
-                        if len(display_name) > 70
-                        else display_name
+                    demangled_display = (
+                        f"{demangled[:70]}..." if len(demangled) > 70 else demangled
+                    )
+                    lines.append(
+                        f"    {size:>6,} B [{section_label}] {demangled_display}"
                    )
-                    lines.append(f"    {size:>6,} B [{section_label}] {display_name}")
                if len(large_ram_syms) > 10:
                    lines.append(f"    ... and {len(large_ram_syms) - 10} more")
            lines.append("")
@@ -660,11 +533,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
        if self._cswtch_symbols:
            self._add_cswtch_analysis(lines)

-        # Function call frequency analysis
-        if self._function_call_counts:
-            self._add_function_call_analysis(lines)
-            self._add_inline_candidates(lines)
-
        lines.append(
            "Note: This analysis covers symbols in the ELF file. Some runtime allocations may not be included."
        )
@@ -700,7 +568,7 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
        content = "\n".join(lines)

        if output_file:
-            with Path(output_file).open("w", encoding="utf-8") as f:
+            with open(output_file, "w", encoding="utf-8") as f:
                f.write(content)
        else:
            print(content)
@@ -738,8 +606,9 @@ def main():

    # Load build directory
    import json
+    from pathlib import Path

-    from esphome.platformio.toolchain import IDEData
+    from esphome.platformio_api import IDEData

    build_path = Path(build_dir)

@@ -785,7 +654,7 @@ def main():
        if not idedata_path.exists():
            continue
        try:
-            with idedata_path.open(encoding="utf-8") as f:
+            with open(idedata_path, encoding="utf-8") as f:
                raw_data = json.load(f)
            idedata = IDEData(raw_data)
            print(f"Loaded idedata from: {idedata_path}", file=sys.stderr)
--- a/esphome/analyze_memory/const.py
+++ b/esphome/analyze_memory/const.py
@@ -408,6 +408,7 @@ SYMBOL_PATTERNS = {
    ],
    "arduino_core": [
        "pinMode",
+        "resetPins",
        "millis",
        "micros",
        "delay(",  # More specific - Arduino delay function with parenthesis
--- a/esphome/analyze_memory/demangle.py
+++ b/esphome/analyze_memory/demangle.py
@@ -154,7 +154,7 @@ def batch_demangle(
    failed_count = 0

    for original, stripped, prefix, demangled in zip(
-        symbols, symbols_stripped, symbols_prefixes, demangled_lines, strict=True
+        symbols, symbols_stripped, symbols_prefixes, demangled_lines
    ):
        # Add back any prefix that was removed
        demangled = _restore_symbol_prefix(prefix, stripped, demangled)
--- a/esphome/analyze_memory/toolchain.py
+++ b/esphome/analyze_memory/toolchain.py
@@ -3,6 +3,7 @@
 from __future__ import annotations

 import logging
+import os
 from pathlib import Path
 import subprocess
 from typing import TYPE_CHECKING
@@ -36,7 +37,7 @@ def _find_in_platformio_packages(tool_name: str) -> str | None:
        Full path to the tool or None if not found
    """
    # Get PlatformIO packages directory
-    platformio_home = Path("~/.platformio/packages").expanduser()
+    platformio_home = Path(os.path.expanduser("~/.platformio/packages"))
    if not platformio_home.exists():
        return None

--- a/esphome/async_thread.py
+++ b/esphome/async_thread.py
@@ -1,56 +0,0 @@
-"""Helpers for running an async coroutine from sync code via a daemon thread.
-
-``asyncio.run(coro())`` in the main thread blocks until the loop's cleanup
-cycle finishes, which can add hundreds of milliseconds before the caller
-receives the result. Running the loop in a daemon thread lets the caller
-observe the result as soon as the coroutine completes while cleanup finishes
-in the background.
-"""
-
-from __future__ import annotations
-
-import asyncio
-from collections.abc import Awaitable, Callable
-import threading
-from typing import Generic, TypeVar
-
-_T = TypeVar("_T")
-
-
-class AsyncThreadRunner(threading.Thread, Generic[_T]):
-    """Run an async coroutine in a daemon thread and expose its result.
-
-    The runner catches all exceptions from the coroutine and stores them in
-    ``exception`` so ``event`` is always set — this prevents callers waiting
-    on ``event`` from hanging forever when the coroutine crashes.
-
-    Typical usage::
-
-        runner = AsyncThreadRunner(lambda: my_coro(arg))
-        runner.start()
-        if not runner.event.wait(timeout=5.0):
-            ...  # timed out
-        if runner.exception is not None:
-            raise runner.exception
-        result = runner.result
-    """
-
-    def __init__(self, coro_factory: Callable[[], Awaitable[_T]]) -> None:
-        super().__init__(daemon=True)
-        self._coro_factory = coro_factory
-        self.result: _T | None = None
-        self.exception: BaseException | None = None
-        self.event = threading.Event()
-
-    async def _runner(self) -> None:
-        try:
-            self.result = await self._coro_factory()
-        except Exception as exc:  # noqa: BLE001  # pylint: disable=broad-except
-            # Capture all exceptions so ``event`` is always set — otherwise a
-            # crash would hang the waiter forever.
-            self.exception = exc
-        finally:
-            self.event.set()
-
-    def run(self) -> None:
-        asyncio.run(self._runner())
--- a/esphome/automation.py
+++ b/esphome/automation.py
@@ -1,6 +1,3 @@
-from dataclasses import dataclass, field
-import logging
-
 import esphome.codegen as cg
 import esphome.config_validation as cv
 from esphome.const import (
@@ -60,42 +57,8 @@ def maybe_conf(conf, *validators):
    return validate


-_LOGGER = logging.getLogger(__name__)
-
-
-def register_action(
-    name: str,
-    action_type: MockObjClass,
-    schema: cv.Schema,
-    *,
-    synchronous: bool | None = None,
-):
-    """Register an action type.
-
-    All callers must pass ``synchronous`` explicitly.
-
-    ``synchronous=True`` — the action never defers ``play_next_()`` to a
-    later point (callback, timer, or ``loop()``).  Trigger arguments are
-    only used during the initial call, so string args can use non-owning
-    StringRef for zero-copy access.
-
-    ``synchronous=False`` — the action defers ``play_next_()`` via a
-    callback, timer, or ``Component::loop()``.  Trigger arguments must
-    outlive the initial call, so string args use owning std::string to
-    prevent dangling references.
-    """
-    if synchronous is None:
-        _LOGGER.warning(
-            "register_action('%s', ...) is missing the synchronous= parameter. "
-            "Defaulting to synchronous=False (safe but prevents StringRef "
-            "optimization). Check the C++ class: use synchronous=False if "
-            "play_next_() is deferred to a callback, timer, or loop(); "
-            "use synchronous=True if play_next_() always runs before the "
-            "initial play/play_complex call returns",
-            name,
-        )
-        synchronous = False
-    return ACTION_REGISTRY.register(name, action_type, schema, synchronous=synchronous)
+def register_action(name: str, action_type: MockObjClass, schema: cv.Schema):
+    return ACTION_REGISTRY.register(name, action_type, schema)


 def register_condition(name: str, condition_type: MockObjClass, schema: cv.Schema):
@@ -127,7 +90,7 @@ def validate_potentially_or_condition(value):
    return validate_condition(value)


-DelayAction = cg.esphome_ns.class_("DelayAction", Action)
+DelayAction = cg.esphome_ns.class_("DelayAction", Action, cg.Component)
 LambdaAction = cg.esphome_ns.class_("LambdaAction", Action)
 StatelessLambdaAction = cg.esphome_ns.class_("StatelessLambdaAction", Action)
 IfAction = cg.esphome_ns.class_("IfAction", Action)
@@ -138,9 +101,6 @@ UpdateComponentAction = cg.esphome_ns.class_("UpdateComponentAction", Action)
 SuspendComponentAction = cg.esphome_ns.class_("SuspendComponentAction", Action)
 ResumeComponentAction = cg.esphome_ns.class_("ResumeComponentAction", Action)
 Automation = cg.esphome_ns.class_("Automation")
-TriggerForwarder = cg.esphome_ns.class_("TriggerForwarder")
-TriggerOnTrueForwarder = cg.esphome_ns.class_("TriggerOnTrueForwarder")
-TriggerOnFalseForwarder = cg.esphome_ns.class_("TriggerOnFalseForwarder")

 LambdaCondition = cg.esphome_ns.class_("LambdaCondition", Condition)
 StatelessLambdaCondition = cg.esphome_ns.class_("StatelessLambdaCondition", Condition)
@@ -199,10 +159,11 @@ def validate_automation(extra_schema=None, extra_validators=None, single=False):
                    return cv.Schema([schema])(value)
                except cv.Invalid as err2:
                    if "extra keys not allowed" in str(err2) and len(err2.path) == 2:
-                        raise err from None
+                        # pylint: disable=raise-missing-from
+                        raise err
                    if "Unable to find action" in str(err):
-                        raise err2 from None
-                    raise cv.MultipleInvalid([err, err2]) from None
+                        raise err2
+                    raise cv.MultipleInvalid([err, err2])
        elif isinstance(value, dict):
            if CONF_THEN in value:
                return [schema(value)]
@@ -250,9 +211,7 @@ async def and_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("or", OrCondition, validate_condition_list)
@@ -263,9 +222,7 @@ async def or_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("all", AndCondition, validate_condition_list)
@@ -276,9 +233,7 @@ async def all_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("any", OrCondition, validate_condition_list)
@@ -289,9 +244,7 @@ async def any_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("not", NotCondition, validate_potentially_and_condition)
@@ -313,9 +266,7 @@ async def xor_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("lambda", LambdaCondition, cv.returning_lambda)
@@ -384,10 +335,7 @@ async def component_is_idle_condition_to_code(


@register_action(
-    "delay",
-    DelayAction,
-    cv.templatable(cv.positive_time_period_milliseconds),
-    synchronous=False,
+    "delay", DelayAction, cv.templatable(cv.positive_time_period_milliseconds)
 )
 async def delay_action_to_code(
    config: ConfigType,
@@ -396,6 +344,7 @@ async def delay_action_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    var = cg.new_Pvariable(action_id, template_arg)
+    await cg.register_component(var, {})
    template_ = await cg.templatable(config, args, cg.uint32)
    cg.add(var.set_delay(template_))
    return var
@@ -417,7 +366,6 @@ async def delay_action_to_code(
        cv.has_at_least_one_key(CONF_THEN, CONF_ELSE),
        cv.has_at_least_one_key(CONF_CONDITION, CONF_ANY, CONF_ALL),
    ),
-    synchronous=True,
 )
 async def if_action_to_code(
    config: ConfigType,
@@ -425,16 +373,13 @@ async def if_action_to_code(
    template_arg: cg.TemplateArguments,
    args: TemplateArgsType,
 ) -> MockObj:
-    has_else = CONF_ELSE in config
-    # Prepend HasElse bool to template arguments: IfAction<HasElse, Ts...>
-    if_template_arg = cg.TemplateArguments(has_else, *template_arg)
    cond_conf = next(el for el in config if el in (CONF_ANY, CONF_ALL, CONF_CONDITION))
    condition = await build_condition(config[cond_conf], template_arg, args)
-    var = cg.new_Pvariable(action_id, if_template_arg, condition)
+    var = cg.new_Pvariable(action_id, template_arg, condition)
    if CONF_THEN in config:
        actions = await build_action_list(config[CONF_THEN], template_arg, args)
        cg.add(var.add_then(actions))
-    if has_else:
+    if CONF_ELSE in config:
        actions = await build_action_list(config[CONF_ELSE], template_arg, args)
        cg.add(var.add_else(actions))
    return var
@@ -449,7 +394,6 @@ async def if_action_to_code(
            cv.Required(CONF_THEN): validate_action_list,
        }
    ),
-    synchronous=True,
 )
 async def while_action_to_code(
    config: ConfigType,
@@ -473,7 +417,6 @@ async def while_action_to_code(
            cv.Required(CONF_THEN): validate_action_list,
        }
    ),
-    synchronous=True,
 )
 async def repeat_action_to_code(
    config: ConfigType,
@@ -502,7 +445,7 @@ _validate_wait_until = cv.maybe_simple_value(
 )


-@register_action("wait_until", WaitUntilAction, _validate_wait_until, synchronous=False)
+@register_action("wait_until", WaitUntilAction, _validate_wait_until)
 async def wait_until_action_to_code(
    config: ConfigType,
    action_id: ID,
@@ -518,12 +461,7 @@ async def wait_until_action_to_code(
    return var


-# Lambda executes user C++ inline and returns — synchronous by execution model.
-# User code could theoretically store the StringRef for deferred use, but StringRef
-# is a view type and storing views beyond their scope is always unsafe regardless
-# of this optimization.  Marking non-synchronous would disable StringRef for nearly
-# all user services since most use lambda.
-@register_action("lambda", LambdaAction, cv.lambda_, synchronous=True)
+@register_action("lambda", LambdaAction, cv.lambda_)
 async def lambda_action_to_code(
    config: ConfigType,
    action_id: ID,
@@ -542,7 +480,6 @@ async def lambda_action_to_code(
            cv.Required(CONF_ID): cv.use_id(cg.PollingComponent),
        }
    ),
-    synchronous=True,
 )
 async def component_update_action_to_code(
    config: ConfigType,
@@ -562,7 +499,6 @@ async def component_update_action_to_code(
            cv.Required(CONF_ID): cv.use_id(cg.PollingComponent),
        }
    ),
-    synchronous=True,
 )
 async def component_suspend_action_to_code(
    config: ConfigType,
@@ -585,7 +521,6 @@ async def component_suspend_action_to_code(
            ),
        }
    ),
-    synchronous=True,
 )
 async def component_resume_action_to_code(
    config: ConfigType,
@@ -596,7 +531,7 @@ async def component_resume_action_to_code(
    comp = await cg.get_variable(config[CONF_ID])
    var = cg.new_Pvariable(action_id, template_arg, comp)
    if CONF_UPDATE_INTERVAL in config:
-        template_ = await cg.templatable(config[CONF_UPDATE_INTERVAL], args, cg.uint32)
+        template_ = await cg.templatable(config[CONF_UPDATE_INTERVAL], args, int)
        cg.add(var.set_update_interval(template_))
    return var

@@ -643,27 +578,6 @@ async def build_condition_list(
    return conditions


-def has_non_synchronous_actions(actions: ConfigType) -> bool:
-    """Check if a validated action list contains any non-synchronous actions.
-
-    Non-synchronous actions (delay, wait_until, script.wait, etc.) store
-    trigger args for later execution, making non-owning types like StringRef
-    unsafe.
-    """
-    if isinstance(actions, list):
-        return any(has_non_synchronous_actions(item) for item in actions)
-    if isinstance(actions, dict):
-        for key in actions:
-            if key in ACTION_REGISTRY and not ACTION_REGISTRY[key].synchronous:
-                return True
-        return any(
-            has_non_synchronous_actions(v)
-            for v in actions.values()
-            if isinstance(v, (list, dict))
-        )
-    return False
-
-
 async def build_automation(
    trigger: MockObj, args: TemplateArgsType, config: ConfigType
 ) -> MockObj:
@@ -673,76 +587,3 @@ async def build_automation(
    actions = await build_action_list(config[CONF_THEN], templ, args)
    cg.add(obj.add_actions(actions))
    return obj
-
-
-async def build_callback_automation(
-    parent: MockObj,
-    callback_method: str,
-    args: TemplateArgsType,
-    config: ConfigType,
-    forwarder: MockObj | MockObjClass | None = None,
-) -> None:
-    """Build an Automation and register it as a callback on the parent.
-
-    Eliminates the need for a Trigger wrapper object by registering the
-    automation's trigger() directly as a callback on the parent component.
-
-    Uses template forwarder structs so the compiler deduplicates the operator()
-    body across all call sites with the same signature. The forwarder must be
-    pointer-sized (single Automation* field) to fit inline in Callback::ctx_
-    and avoid heap allocation.
-
-    :param parent: The component object (e.g., button, sensor).
-    :param callback_method: Name of the callback method (e.g., "add_on_press_callback").
-    :param args: Automation template args as list of (type, name) tuples.
-    :param config: The automation config dict.
-    :param forwarder: Optional forwarder type to use instead of the default
-        TriggerForwarder<Ts...>. Pass any struct type whose aggregate init takes
-        a single Automation pointer (e.g., TriggerOnTrueForwarder).
-    """
-    arg_types = [arg[0] for arg in args]
-    templ = cg.TemplateArguments(*arg_types)
-    obj = cg.new_Pvariable(config[CONF_AUTOMATION_ID], templ)
-    actions = await build_action_list(config[CONF_THEN], templ, args)
-    cg.add(obj.add_actions(actions))
-    # Use template forwarder structs for deduplication. The compiler generates
-    # one operator() per forwarder type; different automation pointers are just
-    # data in the struct.
-    if forwarder is None:
-        forwarder = TriggerForwarder.template(templ)
-    # RawExpression for aggregate init — both forwarder and obj are codegen
-    # MockObjs (not user input), and there's no Expression type for positional
-    # aggregate initialization (StructInitializer uses named fields).
-    cg.add(getattr(parent, callback_method)(cg.RawExpression(f"{forwarder}{{{obj}}}")))
-
-
-@dataclass(frozen=True, slots=True)
-class CallbackAutomation:
-    """A single callback automation entry for build_callback_automations."""
-
-    conf_key: str
-    callback_method: str
-    args: TemplateArgsType = field(default_factory=list)
-    forwarder: MockObj | MockObjClass | None = None
-
-
-async def build_callback_automations(
-    parent: MockObj,
-    config: ConfigType,
-    entries: tuple[CallbackAutomation, ...],
-) -> None:
-    """Build multiple callback automations from a tuple of entries.
-
-    :param parent: The component object (e.g., button, sensor).
-    :param config: The full component config dict.
-    :param entries: Tuple of CallbackAutomation entries to process.
-    """
-    for entry in entries:
-        for conf in config.get(entry.conf_key, []):
-            await build_callback_automation(
-                parent,
-                entry.callback_method,
-                entry.args,
-                conf,
-                forwarder=entry.forwarder,
-            )
--- a/esphome/build_gen/espidf.py
+++ b/esphome/build_gen/espidf.py
@@ -3,39 +3,23 @@
 import json
 from pathlib import Path

-from esphome.components.esp32 import get_esp32_variant, idf_version
-import esphome.config_validation as cv
+from esphome.components.esp32 import get_esp32_variant
 from esphome.core import CORE
-from esphome.framework_helpers import get_project_compile_flags, get_project_link_flags
 from esphome.helpers import mkdir_p, write_file_if_changed

-# Replaces the IDF default C++ standard (-std=gnu++2b appended to
-# CXX_COMPILE_OPTIONS by project.cmake's __build_init) with the one set via
-# cg.set_cpp_standard(). Emitted between include(project.cmake) and project(),
-# i.e. after IDF appends its default and before the options are consumed, and
-# applies project-wide like PlatformIO build_unflags.
-CPP_STANDARD_TEMPLATE = """\
-idf_build_get_property(esphome_cxx_compile_options CXX_COMPILE_OPTIONS)
-list(FILTER esphome_cxx_compile_options EXCLUDE REGEX "^-std=")
-list(APPEND esphome_cxx_compile_options "-std={standard}")
-idf_build_set_property(CXX_COMPILE_OPTIONS "${{esphome_cxx_compile_options}}")"""
-

 def get_available_components() -> list[str] | None:
-    """Get list of built-in ESP-IDF components from project_description.json.
+    """Get list of available ESP-IDF components from project_description.json.

-    Excludes ``src``, IDF-managed components (``managed_components/``), and
-    converted PIO libs (``pio_components/``). Returns ``None`` if the build
-    dir or ``project_description.json`` isn't ready yet.
+    Returns only internal ESP-IDF components, excluding external/managed
+    components (from idf_component.yml).
    """
-    if CORE.build_path is None:
-        return None
    project_desc = Path(CORE.build_path) / "build" / "project_description.json"
    if not project_desc.exists():
        return None

    try:
-        with project_desc.open(encoding="utf-8") as f:
+        with open(project_desc, encoding="utf-8") as f:
            data = json.load(f)

        component_info = data.get("build_component_info", {})
@@ -46,9 +30,9 @@ def get_available_components() -> list[str] | None:
            if name == "src":
                continue

-            # Exclude IDF-managed and converted-PIO components (external).
+            # Exclude managed/external components
            comp_dir = info.get("dir", "")
-            if "managed_components" in comp_dir or "pio_components" in comp_dir:
+            if "managed_components" in comp_dir:
                continue

            result.append(name)
@@ -63,156 +47,71 @@ def has_discovered_components() -> bool:
    return get_available_components() is not None


-def get_project_cmakelists(minimal: bool = False) -> str:
-    """Generate the top-level CMakeLists.txt for ESP-IDF project.
-
-    When ``minimal`` is true, omit ``ESPHOME_PROJECT_BUILTIN_COMPONENTS``
-    since ``project_description.json`` may be stale on the first write.
-    """
+def get_project_cmakelists() -> str:
+    """Generate the top-level CMakeLists.txt for ESP-IDF project."""
    # Get IDF target from ESP32 variant (e.g., ESP32S3 -> esp32s3)
    variant = get_esp32_variant()
    idf_target = variant.lower().replace("-", "")

-    # esp_idf_size 2.x (bundled with IDF >=6.0) made NG the default and
-    # removed the --ng flag; on 1.x (IDF 5.5) --ng is required to get
-    # --format=raw because the legacy mode doesn't support it.
-    size_ng_flag = "--ng" if idf_version() < cv.Version(6, 0, 0) else ""
-
-    # Project-wide compile options: -D defines and -W warning flags (skip
-    # -Wl, linker flags — those go on the src component via
-    # target_link_options below). Emitted via idf_build_set_property so the
-    # flags propagate to every IDF component (including managed ones like
-    # esphome__micro-mp3) rather than just src/. Required so suppressions
-    # like ``-Wno-error=maybe-uninitialized`` actually silence warnings in
-    # third-party components we don't author.
-    project_compile_opts = get_project_compile_flags()
-    extra_compile_options = "\n".join(
-        f'idf_build_set_property(COMPILE_OPTIONS "{flag}" APPEND)'
-        for flag in project_compile_opts
-    )
-
-    cpp_standard_options = (
-        CPP_STANDARD_TEMPLATE.format(standard=CORE.cpp_standard)
-        if CORE.cpp_standard
-        else ""
-    )
-
-    # Per-project list exposed as a CMake variable so converted PIO libs
-    # can reference ${ESPHOME_PROJECT_MANAGED_COMPONENTS} without baking
-    # project-specific names into their cached CMakeLists.
-    #
-    # Emit via idf_build_set_property (not plain set()) so the value is
-    # serialised into build_properties.temp.cmake and visible to IDF's
-    # early requirements-expansion pass (component_get_requirements.cmake
-    # runs as a separate CMake script invocation that doesn't load the
-    # project's top-level CMakeLists; without this, ${ESPHOME_PROJECT_
-    # MANAGED_COMPONENTS} in a converted-lib REQUIRES expands to empty).
-    from esphome.components.esp32 import get_managed_component_require_names
-
-    managed_components_property = "\n".join(
-        f"idf_build_set_property(ESPHOME_PROJECT_MANAGED_COMPONENTS {name} APPEND)"
-        for name in get_managed_component_require_names()
-    )
-
-    # Built-in IDF components exposed via our own property (not IDF's
-    # __COMPONENT_REQUIRES_COMMON, which would append them to every
-    # component's REQUIRES including real IDF components). Referenced by
-    # src/CMakeLists and by each converted PIO lib's CMakeLists. Skipped
-    # on minimal writes because project_description.json may be stale.
-    builtin_components_property = (
-        ""
-        if minimal
-        else "\n".join(
-            f"idf_build_set_property(ESPHOME_PROJECT_BUILTIN_COMPONENTS {name} APPEND)"
-            for name in sorted(get_available_components() or [])
-        )
-    )
-
    return f"""\
 # Auto-generated by ESPHome
 cmake_minimum_required(VERSION 3.16)

-# On Windows, Ninja can fail with:
-#   "CreateProcess: The parameter is incorrect (is the command line too long?)"
-# when compiler/linker command lines exceed the OS length limit.
-#
-# The following settings force CMake/Ninja to use *response files* (@file.rsp)
-# to pass long lists of includes, objects, and other arguments indirectly,
-# avoiding command-line length limits and fixing the build failure.
-#
-# This is especially useful for large ESP-IDF / ESPHome projects with many
-# source files or include directories.
-set(CMAKE_C_USE_RESPONSE_FILE_FOR_INCLUDES 1)
-set(CMAKE_CXX_USE_RESPONSE_FILE_FOR_INCLUDES 1)
-set(CMAKE_C_USE_RESPONSE_FILE_FOR_OBJECTS 1)
-set(CMAKE_CXX_USE_RESPONSE_FILE_FOR_OBJECTS 1)
-set(CMAKE_NINJA_FORCE_RESPONSE_FILE 1)
-
 set(IDF_TARGET {idf_target})
 set(EXTRA_COMPONENT_DIRS ${{CMAKE_SOURCE_DIR}}/src)

 include($ENV{{IDF_PATH}}/tools/cmake/project.cmake)
-
-{cpp_standard_options}
-
-{extra_compile_options}
-
-{managed_components_property}
-
-{builtin_components_property}
-
 project({CORE.name})
-
-# Emit raw JSON size data for ESPHome to read post-build.
-add_custom_command(
-    TARGET ${{CMAKE_PROJECT_NAME}}.elf POST_BUILD
-    COMMAND ${{PYTHON}} -m esp_idf_size {size_ng_flag} --format=raw
-            -o ${{CMAKE_BINARY_DIR}}/esp_idf_size.json
-            ${{CMAKE_PROJECT_NAME}}.map
-    WORKING_DIRECTORY ${{CMAKE_BINARY_DIR}}
-    VERBATIM
-)
 """


-def get_component_cmakelists() -> str:
-    """Generate the main component CMakeLists.txt.
+def get_component_cmakelists(minimal: bool = False) -> str:
+    """Generate the main component CMakeLists.txt."""
+    idf_requires = [] if minimal else (get_available_components() or [])
+    requires_str = " ".join(idf_requires)

-    REQUIRES pulls in the discovered built-in IDF components via the
-    project-level variables set in the top-level CMakeLists.
-    """
-    # Extract linker options (-Wl, flags). Compile flags (-D, -W) are
-    # emitted project-wide via idf_build_set_property in
-    # get_project_cmakelists so they reach every component, not just src/.
-    link_opts = get_project_link_flags()
+    # Extract compile definitions from build flags (-DXXX -> XXX)
+    compile_defs = [flag[2:] for flag in CORE.build_flags if flag.startswith("-D")]
+    compile_defs_str = "\n    ".join(compile_defs) if compile_defs else ""
+
+    # Extract compile options (-W flags, excluding linker flags)
+    compile_opts = [
+        flag
+        for flag in CORE.build_flags
+        if flag.startswith("-W") and not flag.startswith("-Wl,")
+    ]
+    compile_opts_str = "\n    ".join(compile_opts) if compile_opts else ""
+
+    # Extract linker options (-Wl, flags)
+    link_opts = [flag for flag in CORE.build_flags if flag.startswith("-Wl,")]
    link_opts_str = "\n    ".join(link_opts) if link_opts else ""

    return f"""\
 # Auto-generated by ESPHome
-# CONFIGURE_DEPENDS asks CMake to re-check the glob each build so test
-# runs that reuse the build dir don't compile stale source paths. It's
-# invalid in script mode (cmake -P), which is how IDF's
-# component_get_requirements.cmake includes us, so skip it there.
-if(CMAKE_SCRIPT_MODE_FILE)
-    file(GLOB_RECURSE app_sources
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.c"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.c"
-    )
-else()
-    file(GLOB_RECURSE app_sources CONFIGURE_DEPENDS
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.c"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.c"
-    )
-endif()
+file(GLOB_RECURSE app_sources
+    "${{CMAKE_CURRENT_SOURCE_DIR}}/*.cpp"
+    "${{CMAKE_CURRENT_SOURCE_DIR}}/*.c"
+    "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.cpp"
+    "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.c"
+)

 idf_component_register(
    SRCS ${{app_sources}}
    INCLUDE_DIRS "." "esphome"
-    REQUIRES ${{ESPHOME_PROJECT_BUILTIN_COMPONENTS}}
+    REQUIRES {requires_str}
+)
+
+# Apply C++ standard
+target_compile_features(${{COMPONENT_LIB}} PUBLIC cxx_std_20)
+
+# ESPHome compile definitions
+target_compile_definitions(${{COMPONENT_LIB}} PUBLIC
+    {compile_defs_str}
+)
+
+# ESPHome compile options
+target_compile_options(${{COMPONENT_LIB}} PUBLIC
+    {compile_opts_str}
 )

 # ESPHome linker options
@@ -230,11 +129,11 @@ def write_project(minimal: bool = False) -> None:
    # Write top-level CMakeLists.txt
    write_file_if_changed(
        CORE.relative_build_path("CMakeLists.txt"),
-        get_project_cmakelists(minimal=minimal),
+        get_project_cmakelists(),
    )

    # Write component CMakeLists.txt in src/
    write_file_if_changed(
        CORE.relative_src_path("CMakeLists.txt"),
-        get_component_cmakelists(),
+        get_component_cmakelists(minimal=minimal),
    )
--- a/esphome/build_gen/platformio.py
+++ b/esphome/build_gen/platformio.py
@@ -1,7 +1,7 @@
 from esphome.const import __version__
 from esphome.core import CORE
 from esphome.helpers import mkdir_p, read_file, write_file_if_changed
-from esphome.writer import find_begin_end
+from esphome.writer import find_begin_end, update_storage_json

 INI_AUTO_GENERATE_BEGIN = "; ========== AUTO GENERATED CODE BEGIN ==========="
 INI_AUTO_GENERATE_END = "; =========== AUTO GENERATED CODE END ============"
@@ -33,27 +33,12 @@ def format_ini(data: dict[str, str | list[str]]) -> str:
    return content


-# All -std= variants a platform/framework may set by default, in both the GNU
-# and strict dialects; unflagged so the cg.set_cpp_standard() value is the
-# only standard left in the build.
-CPP_STD_VARIANTS = [
-    f"{prefix}{year}"
-    for year in ("11", "14", "17", "20", "23", "26", "2a", "2b", "2c")
-    for prefix in ("gnu++", "c++")
-]
-
-
 def get_ini_content():
    CORE.add_platformio_option(
        "lib_deps",
        [x.as_lib_dep for x in CORE.platformio_libraries.values()]
        + ["${common.lib_deps}"],
    )
-    if CORE.cpp_standard:
-        for variant in CPP_STD_VARIANTS:
-            if variant != CORE.cpp_standard:
-                CORE.add_build_unflag(f"-std={variant}")
-        CORE.add_build_flag(f"-std={CORE.cpp_standard}")
    # Sort to avoid changing build flags order
    CORE.add_platformio_option("build_flags", sorted(CORE.build_flags))

@@ -73,6 +58,7 @@ def get_ini_content():


 def write_ini(content):
+    update_storage_json()
    path = CORE.relative_build_path("platformio.ini")

    if path.is_file():
--- a/esphome/bundle.py
+++ b/esphome/bundle.py
@@ -1,694 +0,0 @@
-"""Config bundle creator and extractor for ESPHome.
-
-A bundle is a self-contained .tar.gz archive containing a YAML config
-and every local file it depends on. Bundles can be created from a config
-and compiled directly: ``esphome compile my_device.esphomebundle.tar.gz``
-"""
-
-from __future__ import annotations
-
-from dataclasses import dataclass
-from enum import StrEnum
-import io
-import json
-import logging
-from pathlib import Path
-import re
-import shutil
-import tarfile
-from typing import Any
-
-from esphome import const, yaml_util
-from esphome.const import (
-    CONF_ESPHOME,
-    CONF_EXTERNAL_COMPONENTS,
-    CONF_INCLUDES,
-    CONF_INCLUDES_C,
-    CONF_PATH,
-    CONF_SOURCE,
-    CONF_TYPE,
-)
-from esphome.core import CORE, EsphomeError
-
-_LOGGER = logging.getLogger(__name__)
-
-BUNDLE_EXTENSION = ".esphomebundle.tar.gz"
-MANIFEST_FILENAME = "manifest.json"
-CURRENT_MANIFEST_VERSION = 1
-MAX_DECOMPRESSED_SIZE = 500 * 1024 * 1024  # 500 MB
-MAX_MANIFEST_SIZE = 1024 * 1024  # 1 MB
-
-# Directories preserved across bundle extractions (build caches)
-_PRESERVE_DIRS = (".esphome", ".pioenvs", ".pio")
-_BUNDLE_STAGING_DIR = ".bundle_staging"
-
-
-class ManifestKey(StrEnum):
-    """Keys used in bundle manifest.json."""
-
-    MANIFEST_VERSION = "manifest_version"
-    ESPHOME_VERSION = "esphome_version"
-    CONFIG_FILENAME = "config_filename"
-    FILES = "files"
-    HAS_SECRETS = "has_secrets"
-
-
-# String prefixes that are never local file paths
-_NON_PATH_PREFIXES = ("http://", "https://", "ftp://", "mdi:", "<")
-
-# File extensions recognized when resolving relative path strings.
-# A relative string with one of these extensions is resolved against the
-# config directory and included if the file exists.
-_KNOWN_FILE_EXTENSIONS = frozenset(
-    {
-        # Fonts
-        ".ttf",
-        ".otf",
-        ".woff",
-        ".woff2",
-        ".pcf",
-        ".bdf",
-        # Images
-        ".png",
-        ".jpg",
-        ".jpeg",
-        ".bmp",
-        ".gif",
-        ".svg",
-        ".ico",
-        ".webp",
-        # Certificates
-        ".pem",
-        ".crt",
-        ".key",
-        ".der",
-        ".p12",
-        ".pfx",
-        # C/C++ includes
-        ".h",
-        ".hpp",
-        ".c",
-        ".cpp",
-        ".ino",
-        # Web assets
-        ".css",
-        ".js",
-        ".html",
-    }
-)
-
-
-# Matches !secret references in YAML text.  An optional surrounding
-# quote pair around the key is allowed and ignored: YAML treats
-# ``!secret 'foo'`` and ``!secret foo`` as the same key.  This is
-# intentionally a simple regex scan rather than a YAML parse — it may
-# match inside comments or multi-line strings, which is the conservative
-# direction (include more secrets rather than fewer).
-_SECRET_RE = re.compile(r"""!secret\s+['"]?([^\s'"]+)""")
-
-
-def _find_used_secret_keys(yaml_files: list[Path]) -> set[str]:
-    """Scan YAML files for ``!secret <key>`` references."""
-    keys: set[str] = set()
-    for fpath in yaml_files:
-        try:
-            text = fpath.read_text(encoding="utf-8")
-        except (OSError, UnicodeDecodeError):
-            continue
-        for match in _SECRET_RE.finditer(text):
-            keys.add(match.group(1))
-    return keys
-
-
-@dataclass
-class BundleFile:
-    """A file to include in the bundle."""
-
-    path: str  # Relative path inside the archive
-    source: Path  # Absolute path on disk
-
-
-@dataclass
-class BundleResult:
-    """Result of creating a bundle."""
-
-    data: bytes
-    manifest: dict[str, Any]
-    files: list[BundleFile]
-
-
-@dataclass
-class BundleManifest:
-    """Parsed and validated bundle manifest."""
-
-    manifest_version: int
-    esphome_version: str
-    config_filename: str
-    files: list[str]
-    has_secrets: bool
-
-
-class ConfigBundleCreator:
-    """Creates a self-contained bundle from an ESPHome config."""
-
-    def __init__(self, config: dict[str, Any]) -> None:
-        self._config = config
-        self._config_dir = Path(CORE.config_dir).resolve()
-        self._config_path = Path(CORE.config_path).resolve()
-        self._files: list[BundleFile] = []
-        self._seen_paths: set[Path] = set()
-        self._secrets_paths: set[Path] = set()
-
-    def discover_files(self) -> list[BundleFile]:
-        """Discover all files needed for the bundle."""
-        self._files = []
-        self._seen_paths = set()
-        self._secrets_paths = set()
-
-        # The main config file
-        self._add_file(self._config_path)
-
-        # Phase 1: YAML includes (tracked during config loading)
-        self._discover_yaml_includes()
-
-        # Phase 2: Component-referenced files from validated config
-        self._discover_component_files()
-
-        return list(self._files)
-
-    def create_bundle(self) -> BundleResult:
-        """Create the bundle archive."""
-        files = self.discover_files()
-
-        # Determine which secret keys are actually referenced by the
-        # bundled YAML files so we only ship those, not the entire
-        # secrets.yaml which may contain secrets for other devices.
-        yaml_sources = [
-            bf.source for bf in files if bf.source.suffix in (".yaml", ".yml")
-        ]
-        used_secret_keys = _find_used_secret_keys(yaml_sources)
-        filtered_secrets = self._build_filtered_secrets(used_secret_keys)
-
-        has_secrets = bool(filtered_secrets)
-        if has_secrets:
-            _LOGGER.warning(
-                "Bundle contains secrets (e.g. Wi-Fi passwords). "
-                "Do not share it with untrusted parties."
-            )
-
-        manifest = self._build_manifest(files, has_secrets=has_secrets)
-
-        buf = io.BytesIO()
-        with tarfile.open(fileobj=buf, mode="w:gz") as tar:
-            # Add manifest first
-            manifest_data = json.dumps(manifest, indent=2).encode("utf-8")
-            _add_bytes_to_tar(tar, MANIFEST_FILENAME, manifest_data)
-
-            # Add filtered secrets files
-            for rel_path, data in sorted(filtered_secrets.items()):
-                _add_bytes_to_tar(tar, rel_path, data)
-
-            # Add files in sorted order for determinism, skipping secrets
-            # files which were already added above with filtered content
-            for bf in sorted(files, key=lambda f: f.path):
-                if bf.source in self._secrets_paths:
-                    continue
-                self._add_to_tar(tar, bf)
-
-        return BundleResult(data=buf.getvalue(), manifest=manifest, files=files)
-
-    def _add_file(self, abs_path: Path) -> bool:
-        """Add a file to the bundle. Returns False if already added."""
-        abs_path = abs_path.resolve()
-        if abs_path in self._seen_paths:
-            return False
-        if not abs_path.is_file():
-            _LOGGER.warning("Bundle: skipping missing file %s", abs_path)
-            return False
-
-        rel_path = self._relative_to_config_dir(abs_path)
-        if rel_path is None:
-            _LOGGER.warning(
-                "Bundle: skipping file outside config directory: %s", abs_path
-            )
-            return False
-
-        self._seen_paths.add(abs_path)
-        self._files.append(BundleFile(path=rel_path, source=abs_path))
-        return True
-
-    def _add_directory(self, abs_path: Path) -> None:
-        """Recursively add all files in a directory."""
-        abs_path = abs_path.resolve()
-        if not abs_path.is_dir():
-            _LOGGER.warning("Bundle: skipping missing directory %s", abs_path)
-            return
-        for child in sorted(abs_path.rglob("*")):
-            if child.is_file() and "__pycache__" not in child.parts:
-                self._add_file(child)
-
-    def _relative_to_config_dir(self, abs_path: Path) -> str | None:
-        """Get a path relative to the config directory. Returns None if outside.
-
-        Always uses forward slashes for consistency in tar archives.
-        """
-        try:
-            return abs_path.relative_to(self._config_dir).as_posix()
-        except ValueError:
-            return None
-
-    def _discover_yaml_includes(self) -> None:
-        """Discover YAML files loaded during config parsing.
-
-        Delegates to :func:`yaml_util.discover_user_yaml_files`, which does a
-        fresh re-parse and force-loads every deferred ``IncludeFile`` so that
-        *all* potentially-reachable includes are captured (even branches not
-        selected by local substitutions). Bundles are meant to be compiled on
-        another system where command-line substitution overrides may choose a
-        different branch — e.g. ``!include network/${eth_model}/config.yaml``
-        must ship every candidate so the remote build can pick any one.
-        """
-        discovered = yaml_util.discover_user_yaml_files(self._config_path)
-        self._secrets_paths.update(discovered.secrets)
-        config_resolved = self._config_path.resolve()
-        for fpath in discovered.files:
-            if fpath == config_resolved:
-                continue  # Already added as config
-            self._add_file(fpath)
-
-    def _discover_component_files(self) -> None:
-        """Walk the validated config for file references.
-
-        Uses a generic recursive walk to find file paths instead of
-        hardcoding per-component knowledge about config dict formats.
-        After validation, components typically resolve paths to absolute
-        using CORE.relative_config_path() or cv.file_(). Relative paths
-        with known file extensions are also resolved and checked.
-
-        Core ESPHome concepts that use relative paths or directories
-        are handled explicitly.
-        """
-        config = self._config
-
-        # Generic walk: find all file paths in the validated config
-        self._walk_config_for_files(config)
-
-        # --- Core ESPHome concepts needing explicit handling ---
-
-        # esphome.includes / includes_c - can be relative paths and directories
-        esphome_conf = config.get(CONF_ESPHOME, {})
-        for include_path in esphome_conf.get(CONF_INCLUDES, []):
-            resolved = _resolve_include_path(include_path)
-            if resolved is None:
-                continue
-            if resolved.is_dir():
-                self._add_directory(resolved)
-            else:
-                self._add_file(resolved)
-        for include_path in esphome_conf.get(CONF_INCLUDES_C, []):
-            resolved = _resolve_include_path(include_path)
-            if resolved is not None:
-                self._add_file(resolved)
-
-        # external_components with source: local - directories
-        for ext_conf in config.get(CONF_EXTERNAL_COMPONENTS, []):
-            source = ext_conf.get(CONF_SOURCE, {})
-            if not isinstance(source, dict):
-                continue
-            if source.get(CONF_TYPE) != "local":
-                continue
-            path = source.get(CONF_PATH)
-            if not path:
-                continue
-            p = Path(path)
-            if not p.is_absolute():
-                p = CORE.relative_config_path(p)
-            self._add_directory(p)
-
-    def _walk_config_for_files(self, obj: Any) -> None:
-        """Recursively walk the config dict looking for file path references."""
-        if isinstance(obj, dict):
-            for value in obj.values():
-                self._walk_config_for_files(value)
-        elif isinstance(obj, (list, tuple)):
-            for item in obj:
-                self._walk_config_for_files(item)
-        elif isinstance(obj, Path):
-            if obj.is_absolute() and obj.is_file():
-                self._add_file(obj)
-        elif isinstance(obj, str):
-            self._check_string_path(obj)
-
-    def _check_string_path(self, value: str) -> None:
-        """Check if a string value is a local file reference."""
-        # Fast exits for strings that cannot be file paths
-        if len(value) < 2 or "\n" in value:
-            return
-        if value.startswith(_NON_PATH_PREFIXES):
-            return
-        # File paths must contain a path separator or a dot (for extension)
-        if "/" not in value and "\\" not in value and "." not in value:
-            return
-
-        p = Path(value)
-
-        # Absolute path - check if it points to an existing file
-        if p.is_absolute():
-            if p.is_file():
-                self._add_file(p)
-            return
-
-        # Relative path with a known file extension - likely a component
-        # validator that forgot to resolve to absolute via cv.file_() or
-        # CORE.relative_config_path(). Warn and try to resolve.
-        if p.suffix.lower() in _KNOWN_FILE_EXTENSIONS:
-            _LOGGER.warning(
-                "Bundle: non-absolute path in validated config: %s "
-                "(component validator should return absolute paths)",
-                value,
-            )
-            resolved = CORE.relative_config_path(p)
-            if resolved.is_file():
-                self._add_file(resolved)
-
-    def _build_filtered_secrets(self, used_keys: set[str]) -> dict[str, bytes]:
-        """Build filtered secrets files containing only the referenced keys.
-
-        Returns a dict mapping relative archive path to YAML bytes.
-        """
-        if not used_keys or not self._secrets_paths:
-            return {}
-
-        result: dict[str, bytes] = {}
-        for secrets_path in self._secrets_paths:
-            rel_path = self._relative_to_config_dir(secrets_path)
-            if rel_path is None:
-                continue
-            try:
-                all_secrets = yaml_util.load_yaml(secrets_path, clear_secrets=False)
-            except EsphomeError:
-                _LOGGER.warning("Bundle: failed to load secrets file %s", secrets_path)
-                continue
-            if not isinstance(all_secrets, dict):
-                continue
-            filtered = {k: v for k, v in all_secrets.items() if k in used_keys}
-            if filtered:
-                data = yaml_util.dump(filtered, show_secrets=True).encode("utf-8")
-                result[rel_path] = data
-        return result
-
-    def _build_manifest(
-        self, files: list[BundleFile], *, has_secrets: bool
-    ) -> dict[str, Any]:
-        """Build the manifest.json content."""
-        return {
-            ManifestKey.MANIFEST_VERSION: CURRENT_MANIFEST_VERSION,
-            ManifestKey.ESPHOME_VERSION: const.__version__,
-            ManifestKey.CONFIG_FILENAME: self._config_path.name,
-            ManifestKey.FILES: [f.path for f in files],
-            ManifestKey.HAS_SECRETS: has_secrets,
-        }
-
-    @staticmethod
-    def _add_to_tar(tar: tarfile.TarFile, bf: BundleFile) -> None:
-        """Add a BundleFile to the tar archive with deterministic metadata."""
-        with bf.source.open("rb") as f:
-            _add_bytes_to_tar(tar, bf.path, f.read())
-
-
-def extract_bundle(
-    bundle_path: Path,
-    target_dir: Path | None = None,
-) -> Path:
-    """Extract a bundle archive and return the path to the config YAML.
-
-    Sanity checks reject path traversal, symlinks, absolute paths, and
-    oversized archives to prevent accidental file overwrites or extraction
-    outside the target directory.  These are **not** a security boundary —
-    bundles are assumed to come from the user's own machine or a trusted
-    build pipeline.
-
-    Args:
-        bundle_path: Path to the .tar.gz bundle file.
-        target_dir: Directory to extract into. If None, extracts next to
-                     the bundle file in a directory named after it.
-
-    Returns:
-        Absolute path to the extracted config YAML file.
-
-    Raises:
-        EsphomeError: If the bundle is invalid or extraction fails.
-    """
-
-    bundle_path = bundle_path.resolve()
-    if not bundle_path.is_file():
-        raise EsphomeError(f"Bundle file not found: {bundle_path}")
-
-    if target_dir is None:
-        target_dir = _default_target_dir(bundle_path)
-
-    target_dir = target_dir.resolve()
-    target_dir.mkdir(parents=True, exist_ok=True)
-
-    # Read and validate the archive
-    try:
-        with tarfile.open(bundle_path, "r:gz") as tar:
-            manifest = _read_manifest_from_tar(tar)
-            _validate_tar_members(tar, target_dir)
-            tar.extractall(path=target_dir, filter="data")
-    except tarfile.TarError as err:
-        raise EsphomeError(f"Failed to extract bundle: {err}") from err
-
-    config_filename = manifest[ManifestKey.CONFIG_FILENAME]
-    config_path = target_dir / config_filename
-    if not config_path.is_file():
-        raise EsphomeError(
-            f"Bundle manifest references config '{config_filename}' "
-            f"but it was not found in the archive"
-        )
-
-    return config_path
-
-
-def read_bundle_manifest(bundle_path: Path) -> BundleManifest:
-    """Read and validate the manifest from a bundle without full extraction.
-
-    Args:
-        bundle_path: Path to the .tar.gz bundle file.
-
-    Returns:
-        Parsed BundleManifest.
-
-    Raises:
-        EsphomeError: If the manifest is missing, invalid, or version unsupported.
-    """
-
-    try:
-        with tarfile.open(bundle_path, "r:gz") as tar:
-            manifest = _read_manifest_from_tar(tar)
-    except tarfile.TarError as err:
-        raise EsphomeError(f"Failed to read bundle: {err}") from err
-
-    return BundleManifest(
-        manifest_version=manifest[ManifestKey.MANIFEST_VERSION],
-        esphome_version=manifest.get(ManifestKey.ESPHOME_VERSION, "unknown"),
-        config_filename=manifest[ManifestKey.CONFIG_FILENAME],
-        files=manifest.get(ManifestKey.FILES, []),
-        has_secrets=manifest.get(ManifestKey.HAS_SECRETS, False),
-    )
-
-
-def _read_manifest_from_tar(tar: tarfile.TarFile) -> dict[str, Any]:
-    """Read and validate manifest.json from an open tar archive."""
-
-    try:
-        member = tar.getmember(MANIFEST_FILENAME)
-    except KeyError:
-        raise EsphomeError("Invalid bundle: missing manifest.json") from None
-
-    f = tar.extractfile(member)
-    if f is None:
-        raise EsphomeError("Invalid bundle: manifest.json is not a regular file")
-
-    if member.size > MAX_MANIFEST_SIZE:
-        raise EsphomeError(
-            f"Invalid bundle: manifest.json too large "
-            f"({member.size} bytes, max {MAX_MANIFEST_SIZE})"
-        )
-
-    try:
-        manifest = json.loads(f.read())
-    except (json.JSONDecodeError, UnicodeDecodeError) as err:
-        raise EsphomeError(f"Invalid bundle: malformed manifest.json: {err}") from err
-
-    # Version check
-    version = manifest.get(ManifestKey.MANIFEST_VERSION)
-    if version is None:
-        raise EsphomeError("Invalid bundle: manifest.json missing 'manifest_version'")
-    if not isinstance(version, int) or version < 1:
-        raise EsphomeError(
-            f"Invalid bundle: manifest_version must be a positive integer, got {version!r}"
-        )
-    if version > CURRENT_MANIFEST_VERSION:
-        raise EsphomeError(
-            f"Bundle manifest version {version} is newer than this ESPHome "
-            f"version supports (max {CURRENT_MANIFEST_VERSION}). "
-            f"Please upgrade ESPHome to compile this bundle."
-        )
-
-    # Required fields
-    if ManifestKey.CONFIG_FILENAME not in manifest:
-        raise EsphomeError("Invalid bundle: manifest.json missing 'config_filename'")
-
-    return manifest
-
-
-def _validate_tar_members(tar: tarfile.TarFile, target_dir: Path) -> None:
-    """Sanity-check tar members to prevent mistakes and accidental overwrites.
-
-    This is not a security boundary — bundles are created locally or come
-    from a trusted build pipeline.  The checks catch malformed archives
-    and common mistakes (stray absolute paths, ``..`` components) that
-    could silently overwrite unrelated files.
-    """
-
-    total_size = 0
-    for member in tar.getmembers():
-        # Reject absolute paths (Unix and Windows)
-        if member.name.startswith(("/", "\\")):
-            raise EsphomeError(
-                f"Invalid bundle: absolute path in archive: {member.name}"
-            )
-
-        # Reject path traversal (split on both / and \ for cross-platform)
-        parts = re.split(r"[/\\]", member.name)
-        if ".." in parts:
-            raise EsphomeError(
-                f"Invalid bundle: path traversal in archive: {member.name}"
-            )
-
-        # Reject symlinks
-        if member.issym() or member.islnk():
-            raise EsphomeError(f"Invalid bundle: symlink in archive: {member.name}")
-
-        # Ensure extraction stays within target_dir
-        target_path = (target_dir / member.name).resolve()
-        if not target_path.is_relative_to(target_dir):
-            raise EsphomeError(
-                f"Invalid bundle: file would extract outside target: {member.name}"
-            )
-
-        # Track total decompressed size
-        total_size += member.size
-        if total_size > MAX_DECOMPRESSED_SIZE:
-            raise EsphomeError(
-                f"Invalid bundle: decompressed size exceeds "
-                f"{MAX_DECOMPRESSED_SIZE // (1024 * 1024)}MB limit"
-            )
-
-
-def is_bundle_path(path: Path) -> bool:
-    """Check if a path looks like a bundle file."""
-    return path.name.lower().endswith(BUNDLE_EXTENSION)
-
-
-def _add_bytes_to_tar(tar: tarfile.TarFile, name: str, data: bytes) -> None:
-    """Add in-memory bytes to a tar archive with deterministic metadata."""
-    info = tarfile.TarInfo(name=name)
-    info.size = len(data)
-    info.mtime = 0
-    info.uid = 0
-    info.gid = 0
-    info.mode = 0o644
-    tar.addfile(info, io.BytesIO(data))
-
-
-def _resolve_include_path(include_path: Any) -> Path | None:
-    """Resolve an include path to absolute, skipping system includes."""
-    if isinstance(include_path, str) and include_path.startswith("<"):
-        return None  # System include, not a local file
-    p = Path(include_path)
-    if not p.is_absolute():
-        p = CORE.relative_config_path(p)
-    return p
-
-
-def _default_target_dir(bundle_path: Path) -> Path:
-    """Compute the default extraction directory for a bundle."""
-    name = bundle_path.name
-    if name.lower().endswith(BUNDLE_EXTENSION):
-        name = name[: -len(BUNDLE_EXTENSION)]
-    return bundle_path.parent / name
-
-
-def _restore_preserved_dirs(preserved: dict[str, Path], target_dir: Path) -> None:
-    """Move preserved build cache directories back into target_dir.
-
-    If the bundle contained entries under a preserved directory name,
-    the extracted copy is removed so the original cache always wins.
-    """
-    for dirname, src in preserved.items():
-        dst = target_dir / dirname
-        if dst.exists():
-            shutil.rmtree(dst)
-        shutil.move(str(src), str(dst))
-
-
-def prepare_bundle_for_compile(
-    bundle_path: Path,
-    target_dir: Path | None = None,
-) -> Path:
-    """Extract a bundle for compilation, preserving build caches.
-
-    Unlike extract_bundle(), this preserves .esphome/ and .pioenvs/
-    directories in the target if they already exist (for incremental builds).
-
-    Args:
-        bundle_path: Path to the .tar.gz bundle file.
-        target_dir: Directory to extract into. Must be specified for
-                     build server use.
-
-    Returns:
-        Absolute path to the extracted config YAML file.
-    """
-
-    bundle_path = bundle_path.resolve()
-    if not bundle_path.is_file():
-        raise EsphomeError(f"Bundle file not found: {bundle_path}")
-
-    if target_dir is None:
-        target_dir = _default_target_dir(bundle_path)
-
-    target_dir = target_dir.resolve()
-    target_dir.mkdir(parents=True, exist_ok=True)
-
-    preserved: dict[str, Path] = {}
-
-    # Temporarily move preserved dirs out of the way
-    staging = target_dir / _BUNDLE_STAGING_DIR
-    for dirname in _PRESERVE_DIRS:
-        src = target_dir / dirname
-        if src.is_dir():
-            dst = staging / dirname
-            dst.parent.mkdir(parents=True, exist_ok=True)
-            shutil.move(str(src), str(dst))
-            preserved[dirname] = dst
-
-    try:
-        # Clean non-preserved content and extract fresh
-        for item in target_dir.iterdir():
-            if item.name == _BUNDLE_STAGING_DIR:
-                continue
-            if item.is_dir():
-                shutil.rmtree(item)
-            else:
-                item.unlink()
-
-        config_path = extract_bundle(bundle_path, target_dir)
-    finally:
-        # Restore preserved dirs (idempotent) and clean staging
-        _restore_preserved_dirs(preserved, target_dir)
-        if staging.is_dir():
-            shutil.rmtree(staging)
-
-    return config_path
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`3258307fa645ba77307e502075c02c4d710e92c48250839db3526d36a9655444`
				`@@ -0,0 +1 @@`
				`Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)`