pipsolar_teleinfo

2026-06-25 03:59:04 +00:00 · 2026-01-17 14:35:33 -10:00
4249 changed files with 65605 additions and 189423 deletions
--- a/.ai/instructions.md
+++ b/.ai/instructions.md
@@ -59,19 +59,6 @@ This document provides essential context for AI models interacting with this pro
        - Protected/private fields: `lower_snake_case_with_trailing_underscore_`
        - Favor descriptive names over abbreviations

-*   **Python Idioms:**
-    *   **Assignment expressions (PEP 572):** Prefer the walrus operator (`:=`) wherever it removes a redundant lookup or a throwaway temporary. The most common case in component code is presence-checking a config key and then indexing it separately — fetch once with `.get()` and bind in the condition instead:
-        ```python
-        # Bad - looks up CONF_BLAH twice
-        if CONF_BLAH in config:
-            cg.add(var.set_blah(config[CONF_BLAH]))
-
-        # Good - single lookup, value bound inline
-        if (blah := config.get(CONF_BLAH)) is not None:
-            cg.add(var.set_blah(blah))
-        ```
-        The same applies to `while` loops and comprehensions where it avoids recomputing a value. Don't contort code to use it — reach for `:=` only when it genuinely cuts repetition or an extra assignment line.
-
 *   **C++ Field Visibility:**
    *   **Prefer `protected`:** Use `protected` for most class fields to enable extensibility and testing. Fields should be `lower_snake_case_with_trailing_underscore_`.
    *   **Use `private` for safety-critical cases:** Use `private` visibility when direct field access could introduce bugs or violate invariants:
@@ -137,28 +124,6 @@ This document provides essential context for AI models interacting with this pro
    *   **Indentation:** Use spaces (two per indentation level), not tabs
    *   **Type aliases:** Prefer `using type_t = int;` over `typedef int type_t;`
    *   **Line length:** Wrap lines at no more than 120 characters
-    *   **Constructor parameters vs setters:** Component properties that are both **required** and **invariant**
-        (never change after construction) should be constructor parameters rather than set via setter methods.
-        This makes the dependency explicit and prevents use of the object in an incompletely-initialized state.
-        In code generation, when calling `cg.new_Pvariable()` or the relevant helper function to create the component, pass these as arguments.
-        ```cpp
-        // Good - required invariant dependency as constructor parameter
-        class SourceTextSensor : public text_sensor::TextSensor, public Component {
-         public:
-          explicit SourceTextSensor(text::Text *source) : source_(source) {}
-         protected:
-          text::Text *source_;
-        };
-        ```
-        ```cpp
-        // Bad - required invariant dependency as setter
-        class SourceTextSensor : public text_sensor::TextSensor, public Component {
-         public:
-          void set_source(text::Text *source) { this->source_ = source; }
-         protected:
-          text::Text *source_{nullptr};
-        };
-        ```

 *   **Component Structure:**
    *   **Standard Files:**
@@ -252,123 +217,6 @@ This document provides essential context for AI models interacting with this pro
              var = await switch.new_switch(config)
          ```

-*   **Automations (Triggers, Actions, Conditions):**
-
-    Automations have three building blocks: **Triggers** (fire when something happens), **Actions** (do something), and **Conditions** (check if something is true).
-
-    *   **Triggers -- Callback method (preferred):**
-
-        Use `build_callback_automation()` for simple triggers. This eliminates the need for a C++ Trigger class by using a lightweight pointer-sized forwarder struct registered directly as a callback. No `CONF_TRIGGER_ID` in the schema.
-
-        **Python:**
-        ```python
-        from esphome import automation
-
-        CONFIG_SCHEMA = cv.Schema({
-            cv.GenerateID(): cv.declare_id(MyComponent),
-            cv.Optional(CONF_ON_STATE): automation.validate_automation({}),
-        }).extend(cv.COMPONENT_SCHEMA)
-
-        async def to_code(config):
-            var = cg.new_Pvariable(config[CONF_ID])
-            await cg.register_component(var, config)
-            for conf in config.get(CONF_ON_STATE, []):
-                await automation.build_callback_automation(
-                    var, "add_on_state_callback", [(bool, "x")], conf
-                )
-        ```
-
-        `build_callback_automation` arguments: `parent`, `callback_method` (C++ method name), `args` (template args as `[(type, name)]` tuples), `config`, and optional `forwarder` (defaults to `TriggerForwarder<Ts...>`).
-
-        For boolean filtering (e.g. `on_press`/`on_release`), use built-in forwarders with `args=[]`:
-        ```python
-        for conf_key, forwarder in (
-            (CONF_ON_PRESS, automation.TriggerOnTrueForwarder),
-            (CONF_ON_RELEASE, automation.TriggerOnFalseForwarder),
-        ):
-            for conf in config.get(conf_key, []):
-                await automation.build_callback_automation(
-                    var, "add_on_state_callback", [], conf, forwarder=forwarder
-                )
-        ```
-
-        **C++ -- no trigger class needed.** The callback registration method must be templatized to accept both `std::function` and lightweight forwarder structs (which avoid heap allocation):
-        ```cpp
-        class MyComponent : public Component {
-         public:
-          // Must be a template -- accepts both std::function and pointer-sized forwarder structs
-          template<typename F> void add_on_state_callback(F &&callback) {
-            this->state_callback_.add(std::forward<F>(callback));
-          }
-         protected:
-          // Use CallbackManager when callbacks are always registered (e.g. core components)
-          CallbackManager<void(bool)> state_callback_;
-          // Use LazyCallbackManager when callbacks are often not registered -- saves 8 bytes
-          // (nullptr vs empty std::vector) per instance when no callbacks are added
-          // LazyCallbackManager<void(bool)> state_callback_;
-        };
-        ```
-
-    *   **Triggers -- Trigger class method:**
-
-        Use `build_automation()` with a `Trigger<Ts...>` subclass only when the forwarder needs **mutable state beyond a single `Automation*` pointer** (e.g. edge detection tracking previous state, timing logic).
-
-        **Python:**
-        ```python
-        TurnOnTrigger = my_ns.class_("TurnOnTrigger", automation.Trigger.template())
-
-        CONFIG_SCHEMA = cv.Schema({
-            cv.Optional(CONF_ON_TURN_ON): automation.validate_automation(
-                {cv.GenerateID(CONF_TRIGGER_ID): cv.declare_id(TurnOnTrigger)}
-            ),
-        })
-
-        async def to_code(config):
-            for conf in config.get(CONF_ON_TURN_ON, []):
-                trigger = cg.new_Pvariable(conf[CONF_TRIGGER_ID], var)
-                await automation.build_automation(trigger, [], conf)
-        ```
-
-        **C++:**
-        ```cpp
-        class TurnOnTrigger : public Trigger<> {
-         public:
-          explicit TurnOnTrigger(MyComponent *parent) : last_on_{false} {
-            parent->add_on_state_callback([this](bool state) {
-              if (state && !this->last_on_)
-                this->trigger();
-              this->last_on_ = state;
-            });
-          }
-         protected:
-          bool last_on_;
-        };
-        ```
-
-    *   **Actions:**
-        ```cpp
-        template<typename... Ts> class MyAction : public Action<Ts...> {
-         public:
-          explicit MyAction(MyComponent *parent) : parent_(parent) {}
-          void play(const Ts &...) override { this->parent_->do_something(); }
-         protected:
-          MyComponent *parent_;
-        };
-        ```
-        Register with `@automation.register_action("my_component.do_something", MyAction, schema, synchronous=True)`. Use `synchronous=True` for actions that run to completion inside `play()` without deferring. Use `synchronous=False` if the action may suspend/defer execution (e.g. `delay`, `wait_until`, `script.wait`) or store trigger arguments for later use.
-
-    *   **Conditions:**
-        ```cpp
-        template<typename... Ts> class MyCondition : public Condition<Ts...> {
-         public:
-          explicit MyCondition(MyComponent *parent) : parent_(parent) {}
-          bool check(const Ts &...) override { return this->parent_->is_active(); }
-         protected:
-          MyComponent *parent_;
-        };
-        ```
-        Register with `@automation.register_condition("my_component.is_active", MyCondition, schema)`.
-
 *   **Configuration Validation:**
    *   **Common Validators:** `cv.int_`, `cv.float_`, `cv.string`, `cv.boolean`, `cv.int_range(min=0, max=100)`, `cv.positive_int`, `cv.percentage`.
    *   **Complex Validation:** `cv.All(cv.string, cv.Length(min=1, max=50))`, `cv.Any(cv.int_, cv.string)`.
@@ -404,49 +252,10 @@ This document provides essential context for AI models interacting with this pro
    *   **Component Tests:** YAML-based compilation tests are located in `tests/`. The structure is as follows:
        ```
        tests/
-        ├── test_build_components/
-        │   └── common/          # Shared bus packages (uart, i2c, spi, etc.)
-        │       ├── uart/        # UART at default baud rate
-        │       ├── uart_115200/ # UART at 115200 baud
-        │       ├── i2c/         # I2C bus
-        │       └── spi/         # SPI bus
-        └── components/[component]/
-            ├── common.yaml          # Component-only config (no bus definitions)
-            ├── test.esp32-idf.yaml      # config + compile
-            ├── test.esp8266-ard.yaml    # config + compile
-            ├── test-variant.esp32-idf.yaml  # variant test, config + compile
-            ├── validate.esp32-idf.yaml      # config-only (never compiled)
-            └── validate-legacy.esp32-idf.yaml  # config-only variant
+        ├── test_build_components/ # Base test configurations
+        └── components/[component]/ # Component-specific tests
        ```
        Run them using `script/test_build_components`. Use `-c <component>` to test specific components and `-t <target>` for specific platforms.
-
-    *   **Config-only test files (`validate.*.yaml`):** Use this prefix when a YAML file only needs to exercise schema/validation paths and does not need to be compiled. CI runs `validate.*.yaml` files with `esphome config` only and skips them during compile. The grammar mirrors `test.*.yaml`:
-        - `validate.<platform>.yaml` — base config-only test
-        - `validate-<variant>.<platform>.yaml` — config-only variant
-
-        Use this for things like deprecated-syntax migration tests, schema edge cases, or platform-specific validation branches where building firmware adds no signal. A component may have any mix of `test.*.yaml` and `validate.*.yaml` files. Validate files never participate in bus-grouping; each one runs as its own `esphome config` invocation.
-
-        When a PR's only edits to a component are `validate.*.yaml` files (no source changes, no `test.*.yaml` changes, and the component isn't pulled in as a dependency of another changed component), CI skips the compile stage for that component entirely and only runs config validation. This is decided in `script/determine-jobs.py` via `_component_change_is_validate_only` and surfaced as the `validate_only_components` output that the `test-build-components-split` job consumes.
-
-    *   **Test Grouping with Packages:** Components that use shared bus packages can be grouped together in CI to reduce build count. **Never define buses (uart, i2c, spi, modbus) directly in test YAML files** — always use packages from `test_build_components/common/`:
-        ```yaml
-        # test.esp32-idf.yaml — use packages for buses
-        packages:
-          uart: !include ../../test_build_components/common/uart_115200/esp32-idf.yaml
-
-        <<: !include common.yaml
-        ```
-        ```yaml
-        # common.yaml — component config only, NO bus definitions
-        my_component:
-          id: my_instance
-
-        sensor:
-          - platform: my_component
-            name: My Sensor
-        ```
-        Components that define buses directly are flagged as "NEEDS MIGRATION" and cannot be grouped, increasing CI build time.
-
    *   **Testing All Components Together:** To verify that all components can be tested together without ID conflicts or configuration issues, use:
        ```bash
        ./script/test_component_grouping.py -e config --all
@@ -475,9 +284,8 @@ This document provides essential context for AI models interacting with this pro
    6.  **Pull Request:** Submit a PR against the `dev` branch. The Pull Request title should have a prefix of the component being worked on (e.g., `[display] Fix bug`, `[abc123] Add new component`). Update documentation, examples, and add `CODEOWNERS` entries as needed. Pull requests should always be made using the `.github/PULL_REQUEST_TEMPLATE.md` template - fill out all sections completely without removing any parts of the template.

 *   **Documentation Contributions:**
-    *   Documentation is hosted in the separate `esphome/esphome.io` repository.
+    *   Documentation is hosted in the separate `esphome/esphome-docs` repository.
    *   The contribution workflow is the same as for the codebase.
-    *   When editing a component's documentation page, also update the corresponding component index page to ensure both pages remain in sync.

 *   **Best Practices:**
    *   **Component Development:** Keep dependencies minimal, provide clear error messages, and write comprehensive docstrings and tests.
@@ -586,30 +394,6 @@ This document provides essential context for AI models interacting with this pro

        Note: Avoiding heap allocation after `setup()` is always required regardless of component type. The prioritization above is about the effort spent on container optimization (e.g., migrating from `std::vector` to `StaticVector`).

-        **Callback Managers:**
-
-        ESPHome provides two callback manager types in `esphome/core/helpers.h` for the observer pattern. Both support `std::function`, lambdas, and lightweight forwarder structs via their templatized `add()` method.
-
-        | Type | Idle overhead (32-bit) | When to use |
-        |------|----------------------|-------------|
-        | `CallbackManager<void(Ts...)>` | 12 bytes (empty `std::vector`) | Callbacks are always or almost always registered |
-        | `LazyCallbackManager<void(Ts...)>` | 4 bytes (`nullptr`) | Callbacks are often not registered (common case) |
-
-        `LazyCallbackManager` is a drop-in replacement for `CallbackManager` that defers allocation until the first callback is added. Prefer it for entity-level callbacks where most instances have no subscribers.
-
-        **Important:** Registration methods that add to a callback manager **must always be templatized** to accept both `std::function` and pointer-sized forwarder structs (used by `build_callback_automation`). Never use `std::function` in the method signature:
-        ```cpp
-        // Bad -- forces heap allocation for forwarder structs
-        void add_on_state_callback(std::function<void(bool)> &&callback) {
-          this->state_callback_.add(std::move(callback));
-        }
-
-        // Good -- accepts any callable without forcing std::function wrapping
-        template<typename F> void add_on_state_callback(F &&callback) {
-          this->state_callback_.add(std::forward<F>(callback));
-        }
-        ```
-
    *   **State Management:** Use `CORE.data` for component state that needs to persist during configuration generation. Avoid module-level mutable globals.

        **Bad Pattern (Module-Level Globals):**
@@ -694,7 +478,7 @@ This document provides essential context for AI models interacting with this pro
    - [ ] Explored non-breaking alternatives
    - [ ] Added deprecation warnings if possible (use `ESPDEPRECATED` macro for C++)
    - [ ] Documented migration path in PR description with before/after examples
-    - [ ] Updated all internal usage and esphome.io
+    - [ ] Updated all internal usage and esphome-docs
    - [ ] Tested backward compatibility during deprecation period

 *   **Deprecation Pattern (C++):**
--- a/.clang-tidy
+++ b/.clang-tidy
@@ -5,30 +5,24 @@ Checks: >-
  -altera-*,
  -android-*,
  -boost-*,
-  -bugprone-derived-method-shadowing-base-method,
  -bugprone-easily-swappable-parameters,
  -bugprone-implicit-widening-of-multiplication-result,
-  -bugprone-invalid-enum-default-initialization,
  -bugprone-multi-level-implicit-pointer-conversion,
  -bugprone-narrowing-conversions,
-  -bugprone-tagged-union-member-count,
  -bugprone-signed-char-misuse,
  -bugprone-switch-missing-default-case,
  -cert-dcl50-cpp,
  -cert-err33-c,
  -cert-err58-cpp,
-  -cert-int09-c,
  -cert-oop57-cpp,
  -cert-str34-c,
  -clang-analyzer-optin.core.EnumCastOutOfRange,
  -clang-analyzer-optin.cplusplus.UninitializedObject,
  -clang-analyzer-osx.*,
-  -clang-analyzer-security.ArrayBound,
  -clang-diagnostic-delete-abstract-non-virtual-dtor,
  -clang-diagnostic-delete-non-abstract-non-virtual-dtor,
  -clang-diagnostic-deprecated-declarations,
  -clang-diagnostic-ignored-optimization-argument,
-  -clang-diagnostic-missing-designated-field-initializers,
  -clang-diagnostic-missing-field-initializers,
  -clang-diagnostic-shadow-field,
  -clang-diagnostic-unused-const-variable,
@@ -48,7 +42,6 @@ Checks: >-
  -cppcoreguidelines-owning-memory,
  -cppcoreguidelines-prefer-member-initializer,
  -cppcoreguidelines-pro-bounds-array-to-pointer-decay,
-  -cppcoreguidelines-pro-bounds-avoid-unchecked-container-access,
  -cppcoreguidelines-pro-bounds-constant-array-index,
  -cppcoreguidelines-pro-bounds-pointer-arithmetic,
  -cppcoreguidelines-pro-type-const-cast,
@@ -61,13 +54,12 @@ Checks: >-
  -cppcoreguidelines-rvalue-reference-param-not-moved,
  -cppcoreguidelines-special-member-functions,
  -cppcoreguidelines-use-default-member-init,
-  -cppcoreguidelines-use-enum-class,
  -cppcoreguidelines-virtual-class-destructor,
-  -fuchsia-default-arguments-calls,
-  -fuchsia-default-arguments-declarations,
  -fuchsia-multiple-inheritance,
  -fuchsia-overloaded-operator,
  -fuchsia-statically-constructed-objects,
+  -fuchsia-default-arguments-declarations,
+  -fuchsia-default-arguments-calls,
  -google-build-using-namespace,
  -google-explicit-constructor,
  -google-readability-braces-around-statements,
@@ -79,63 +71,49 @@ Checks: >-
  -llvm-else-after-return,
  -llvm-header-guard,
  -llvm-include-order,
-  -llvm-prefer-static-over-anonymous-namespace,
  -llvm-qualified-auto,
-  -llvm-use-ranges,
  -llvmlibc-*,
  -misc-const-correctness,
  -misc-include-cleaner,
-  -misc-multiple-inheritance,
  -misc-no-recursion,
  -misc-non-private-member-variables-in-classes,
-  -misc-override-with-different-visibility,
  -misc-unused-parameters,
  -misc-use-anonymous-namespace,
-  -misc-use-internal-linkage,
  -modernize-avoid-bind,
-  -modernize-avoid-variadic-functions,
  -modernize-avoid-c-arrays,
-  -modernize-avoid-c-style-cast,
+  -modernize-concat-nested-namespaces,
  -modernize-macro-to-enum,
  -modernize-return-braced-init-list,
  -modernize-type-traits,
  -modernize-use-auto,
  -modernize-use-constraints,
  -modernize-use-default-member-init,
-  -modernize-use-designated-initializers,
  -modernize-use-equals-default,
-  -modernize-use-integer-sign-comparison,
  -modernize-use-nodiscard,
  -modernize-use-nullptr,
-  -modernize-use-ranges,
+  -modernize-use-nodiscard,
+  -modernize-use-nullptr,
  -modernize-use-trailing-return-type,
  -mpi-*,
  -objc-*,
  -performance-enum-size,
-  -portability-avoid-pragma-once,
-  -portability-template-virtual-member-function,
-  -readability-ambiguous-smartptr-reset-call,
  -readability-avoid-nested-conditional-operator,
+  -readability-container-contains,
  -readability-container-data-pointer,
  -readability-convert-member-functions-to-static,
  -readability-else-after-return,
-  -readability-enum-initial-value,
  -readability-function-cognitive-complexity,
  -readability-implicit-bool-conversion,
  -readability-isolate-declaration,
  -readability-magic-numbers,
  -readability-make-member-function-const,
-  -readability-math-missing-parentheses,
  -readability-named-parameter,
  -readability-redundant-casting,
  -readability-redundant-inline-specifier,
  -readability-redundant-member-init,
-  -readability-redundant-parentheses,
-  -readability-redundant-typename,
+  -readability-redundant-string-init,
  -readability-uppercase-literal-suffix,
  -readability-use-anyofallof,
-  -readability-use-std-min-max,
-  -readability-use-concise-preprocessor-directives,
 WarningsAsErrors: '*'
 FormatStyle:     google
 CheckOptions:
--- a/.clang-tidy.hash
+++ b/.clang-tidy.hash
@@ -0,0 +1 @@
+d272a88e8ca28ae9340a9a03295a566432a52cb696501908f57764475bf7ca65
--- a/.claude/skills/pr-workflow/SKILL.md
+++ b/.claude/skills/pr-workflow/SKILL.md
@@ -29,7 +29,7 @@ Required fields:
 - **What does this implement/fix?**: Brief description of changes
 - **Types of changes**: Check ONE appropriate box (Bugfix, New feature, Breaking change, etc.)
 - **Related issue**: Use `fixes <link>` syntax if applicable
- **Pull request in esphome.io**: Link if docs are needed
+- **Pull request in esphome-docs**: Link if docs are needed
 - **Test Environment**: Check platforms you tested on
 - **Example config.yaml**: Include working example YAML
 - **Checklist**: Verify code is tested and tests added
@@ -54,9 +54,9 @@ Required fields:

 - fixes https://github.com/esphome/esphome/issues/XXX

-**Pull request in [esphome.io](https://github.com/esphome/esphome.io) with documentation (if applicable):**
+**Pull request in [esphome-docs](https://github.com/esphome/esphome-docs) with documentation (if applicable):**

- esphome/esphome.io#XXX
+- esphome/esphome-docs#XXX

 ## Test Environment

@@ -83,7 +83,7 @@ component_name:
  - [x] Tests have been added to verify that the new code works (under `tests/` folder).

 If user exposed functionality or configuration variables are added/changed:
-  - [ ] Documentation added/updated in [esphome.io](https://github.com/esphome/esphome.io).
+  - [ ] Documentation added/updated in [esphome-docs](https://github.com/esphome/esphome-docs).
 ```

 ## 5. Push and Create PR
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -12,7 +12,7 @@
    "--privileged",
    "-e",
    "GIT_EDITOR=code --wait"
-    // uncomment and edit the path in order to pass through local USB serial to the container
+    // uncomment and edit the path in order to pass though local USB serial to the conatiner
    // , "--device=/dev/ttyACM0"
  ],
  "appPort": 6052,
--- a/.dockerignore
+++ b/.dockerignore
@@ -115,4 +115,4 @@ examples/
 Dockerfile
 .git/
 tests/
-.?*
+.*
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -2,7 +2,7 @@
 blank_issues_enabled: false
 contact_links:
  - name: Report an issue with the ESPHome documentation
-    url: https://github.com/esphome/esphome.io/issues/new/choose
+    url: https://github.com/esphome/esphome-docs/issues/new/choose
    about: Report an issue with the ESPHome documentation.
  - name: Report an issue with the ESPHome web server
    url: https://github.com/esphome/esphome-webserver/issues/new/choose
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -6,9 +6,8 @@

 - [ ] Bugfix (non-breaking change which fixes an issue)
 - [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) — [policy](https://developers.esphome.io/contributing/code/#what-constitutes-a-c-breaking-change)
- [ ] Developer breaking change (an API change that could break external components) — [policy](https://developers.esphome.io/contributing/code/#what-is-considered-public-c-api)
- [ ] Undocumented C++ API change (removal or change of undocumented public methods that lambda users may depend on) — [policy](https://developers.esphome.io/contributing/code/#c-user-expectations)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
+- [ ] Developer breaking change (an API change that could break external components)
 - [ ] Code quality improvements to existing code or addition of tests
 - [ ] Other

@@ -16,16 +15,16 @@

 - fixes <link to issue>

-**Pull request in [esphome.io](https://github.com/esphome/esphome.io) with documentation (if applicable):**
+**Pull request in [esphome-docs](https://github.com/esphome/esphome-docs) with documentation (if applicable):**

- esphome/esphome.io#<esphome.io PR number goes here>
+- esphome/esphome-docs#<esphome-docs PR number goes here>

 ## Test Environment

 - [ ] ESP32
 - [ ] ESP32 IDF
 - [ ] ESP8266
- [ ] RP2040/RP2350
+- [ ] RP2040
 - [ ] BK72xx
 - [ ] RTL87xx
 - [ ] LN882x
@@ -43,4 +42,4 @@
  - [ ] Tests have been added to verify that the new code works (under `tests/` folder).

 If user exposed functionality or configuration variables are added/changed:
-  - [ ] Documentation added/updated in [esphome.io](https://github.com/esphome/esphome.io).
+  - [ ] Documentation added/updated in [esphome-docs](https://github.com/esphome/esphome-docs).
--- a/.github/actions/build-image/action.yaml
+++ b/.github/actions/build-image/action.yaml
@@ -15,6 +15,11 @@ inputs:
    description: "Version to build"
    required: true
    example: "2023.12.0"
+  base_os:
+    description: "Base OS to use"
+    required: false
+    default: "debian"
+    example: "debian"
 runs:
  using: "composite"
  steps:
@@ -42,7 +47,7 @@ runs:

    - name: Build and push to ghcr by digest
      id: build-ghcr
-      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
      env:
        DOCKER_BUILD_SUMMARY: false
        DOCKER_BUILD_RECORD_UPLOAD: false
@@ -55,6 +60,7 @@ runs:
        build-args: |
          BUILD_TYPE=${{ inputs.build_type }}
          BUILD_VERSION=${{ inputs.version }}
+          BUILD_OS=${{ inputs.base_os }}
        outputs: |
          type=image,name=ghcr.io/${{ steps.tags.outputs.image_name }},push-by-digest=true,name-canonical=true,push=true

@@ -67,7 +73,7 @@ runs:

    - name: Build and push to dockerhub by digest
      id: build-dockerhub
-      uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
+      uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
      env:
        DOCKER_BUILD_SUMMARY: false
        DOCKER_BUILD_RECORD_UPLOAD: false
@@ -80,6 +86,7 @@ runs:
        build-args: |
          BUILD_TYPE=${{ inputs.build_type }}
          BUILD_VERSION=${{ inputs.version }}
+          BUILD_OS=${{ inputs.base_os }}
        outputs: |
          type=image,name=docker.io/${{ steps.tags.outputs.image_name }},push-by-digest=true,name-canonical=true,push=true

--- a/.github/actions/cache-esp-idf/action.yml
+++ b/.github/actions/cache-esp-idf/action.yml
@@ -1,52 +0,0 @@
-name: Cache ESP-IDF
-description: >
-  Resolve the pinned ESP-IDF version and cache the native ESP-IDF install
-  (toolchains + source) at ~/.esphome-idf. Every job that installs ESP-IDF
-  natively (clang-tidy for IDF/Arduino and the component test batches) shares
-  one cache, since the install is identical (ESPHOME_IDF_DEFAULT_TARGETS
-  defaults to "all", so all toolchains are present regardless of the chip).
-  Callers must set env ESPHOME_ESP_IDF_PREFIX: ~/.esphome-idf and have the
-  Python venv already restored.
-inputs:
-  framework:
-    description: 'Which pinned IDF version to key on: "espidf" (recommended) or "arduino".'
-    default: espidf
-  restore-only:
-    description: >
-      When "true", only restore -- never save the cache, even on dev. Use from
-      jobs that may not produce an ESP-IDF install (e.g. a component batch with
-      no esp32 target), so a partial/empty install is never written to the key.
-    default: "false"
-runs:
-  using: composite
-  steps:
-    - name: Resolve ESP-IDF version for cache key
-      # The native-IDF version is pinned in code, not in any file that feeds the
-      # other cache keys, so resolve it explicitly. Keying on it means the cache
-      # invalidates on a version bump (actions/cache never overwrites a key).
-      id: version
-      shell: bash
-      run: |
-        . venv/bin/activate
-        if [ "${{ inputs.framework }}" = "arduino" ]; then
-          version=$(python -c 'from esphome.components.esp32 import ARDUINO_FRAMEWORK_VERSION_LOOKUP as A, ARDUINO_IDF_VERSION_LOOKUP as L; print(L[A["recommended"]])')
-        else
-          version=$(python -c 'from esphome.components.esp32 import ESP_IDF_FRAMEWORK_VERSION_LOOKUP as L; print(L["recommended"])')
-        fi
-        echo "version=$version" >> "$GITHUB_OUTPUT"
-    # Mirror the adjacent PlatformIO cache: only dev-branch runs write the
-    # shared cache (so it lives in the default-branch scope readable by all
-    # PRs), and PRs are restore-only -- they never push multi-GB artifacts into
-    # their own scope / the repo quota (e.g. on a version-bump PR).
-    - name: Cache ESP-IDF install (write on dev)
-      if: github.ref == 'refs/heads/dev' && inputs.restore-only != 'true'
-      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-      with:
-        path: ~/.esphome-idf
-        key: ${{ runner.os }}-esphome-idf-${{ steps.version.outputs.version }}
-    - name: Cache ESP-IDF install (restore-only off dev)
-      if: github.ref != 'refs/heads/dev' || inputs.restore-only == 'true'
-      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
-      with:
-        path: ~/.esphome-idf
-        key: ${{ runner.os }}-esphome-idf-${{ steps.version.outputs.version }}
--- a/.github/actions/restore-python/action.yml
+++ b/.github/actions/restore-python/action.yml
@@ -17,28 +17,16 @@ runs:
  steps:
    - name: Set up Python ${{ inputs.python-version }}
      id: python
-      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
      with:
        python-version: ${{ inputs.python-version }}
    - name: Restore Python virtual environment
      id: cache-venv
-      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+      uses: actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
      with:
        path: venv
        # yamllint disable-line rule:line-length
        key: ${{ runner.os }}-${{ steps.python.outputs.python-version }}-venv-${{ inputs.cache-key }}
-    - name: Set up uv
-      # Only needed on cache miss to populate the venv. ``uv pip install``
-      # detects the activated venv via ``VIRTUAL_ENV`` so the venv layout
-      # downstream jobs rely on is preserved.
-      if: steps.cache-venv.outputs.cache-hit != 'true'
-      uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-      with:
-        enable-cache: true
-        # Pin uv version so the action does not have to fetch the
-        # manifest from raw.githubusercontent.com on every cache
-        # miss; that fetch flakes on Windows runners.
-        version: "0.11.15"
    - name: Create Python virtual environment
      if: steps.cache-venv.outputs.cache-hit != 'true' && runner.os != 'Windows'
      shell: bash
@@ -46,8 +34,8 @@ runs:
        python -m venv venv
        source venv/bin/activate
        python --version
-        uv pip install -r requirements.txt -r requirements_test.txt
-        uv pip install -e .
+        pip install -r requirements.txt -r requirements_test.txt
+        pip install -e .
    - name: Create Python virtual environment
      if: steps.cache-venv.outputs.cache-hit != 'true' && runner.os == 'Windows'
      shell: bash
@@ -55,5 +43,5 @@ runs:
        python -m venv venv
        source ./venv/Scripts/activate
        python --version
-        uv pip install -r requirements.txt -r requirements_test.txt
-        uv pip install -e .
+        pip install -r requirements.txt -r requirements_test.txt
+        pip install -e .
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -1 +1 @@
-../AGENTS.md
+../.ai/instructions.md
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,7 +5,6 @@ updates:
    directory: "/"
    schedule:
      interval: daily
-    open-pull-requests-limit: 10
    ignore:
      # Hypotehsis is only used for testing and is updated quite often
      - dependency-name: hypothesis
--- a/.github/scripts/auto-label-pr/constants.js
+++ b/.github/scripts/auto-label-pr/constants.js
@@ -1,44 +0,0 @@
-// Constants and markers for PR auto-labeling
-module.exports = {
-  BOT_COMMENT_MARKER: '<!-- auto-label-pr-bot -->',
-  CODEOWNERS_MARKER: '<!-- codeowners-request -->',
-  TOO_BIG_MARKER: '<!-- too-big-request -->',
-  DEPRECATED_COMPONENT_MARKER: '<!-- deprecated-component-request -->',
-  ORG_FORK_MARKER: '<!-- maintainer-access-warning -->',
-
-  MANAGED_LABELS: [
-    'new-component',
-    'new-platform',
-    'new-target-platform',
-    'merging-to-release',
-    'merging-to-beta',
-    'chained-pr',
-    'core',
-    'small-pr',
-    'medium-pr',
-    'dashboard',
-    'github-actions',
-    'by-code-owner',
-    'has-tests',
-    'needs-tests',
-    'needs-docs',
-    'needs-codeowners',
-    'too-big',
-    'labeller-recheck',
-    'bugfix',
-    'new-feature',
-    'breaking-change',
-    'developer-breaking-change',
-    'undocumented-api-change',
-    'code-quality',
-    'deprecated-component'
-  ],
-
-  DOCS_PR_PATTERNS: [
-    /https:\/\/github\.com\/esphome\/esphome\.io\/pull\/\d+/,
-    /esphome\/esphome\.io#\d+/,
-    // Keep matching the old esphome-docs name during the transition period
-    /https:\/\/github\.com\/esphome\/esphome-docs\/pull\/\d+/,
-    /esphome\/esphome-docs#\d+/
-  ]
-};
--- a/.github/scripts/auto-label-pr/detectors.js
+++ b/.github/scripts/auto-label-pr/detectors.js
@@ -1,403 +0,0 @@
-const { DOCS_PR_PATTERNS } = require('./constants');
-const {
-  COMPONENT_REGEX,
-  detectComponents,
-  hasCoreChanges,
-  hasDashboardChanges,
-  hasGitHubActionsChanges,
-} = require('../detect-tags');
-const { loadCodeowners, getEffectiveOwners } = require('../codeowners');
-
-// Top-level `CONFIG_SCHEMA = ...` (assignment) or `CONFIG_SCHEMA: ConfigType = ...` (annotation).
-// Ruff/Black enforce exactly one space around `=` and no space before `:`,
-// so we can match strictly: `CONFIG_SCHEMA ` or `CONFIG_SCHEMA:`.
-const CONFIG_SCHEMA_REGEX = /^CONFIG_SCHEMA[ :]/m;
-
-// Fetch a file's contents from the PR head SHA via the GitHub API.
-// The auto-label workflow runs on `pull_request_target`, which checks out the
-// base branch — files added by the PR don't exist in the workspace, so we have
-// to fetch them from the head SHA. Returns null if the file can't be fetched.
-async function fetchPrFileContent(github, context, path) {
-  try {
-    const { owner, repo } = context.repo;
-    const { data } = await github.rest.repos.getContent({
-      owner,
-      repo,
-      path,
-      ref: context.payload.pull_request.head.sha,
-    });
-    return Buffer.from(data.content, 'base64').toString('utf8');
-  } catch (error) {
-    console.log(`Failed to fetch ${path} from PR head:`, error.message);
-    return null;
-  }
-}
-
-// Strategy: Merge branch detection
-async function detectMergeBranch(context) {
-  const labels = new Set();
-  const baseRef = context.payload.pull_request.base.ref;
-
-  if (baseRef === 'release') {
-    labels.add('merging-to-release');
-  } else if (baseRef === 'beta') {
-    labels.add('merging-to-beta');
-  } else if (baseRef !== 'dev') {
-    labels.add('chained-pr');
-  }
-
-  return labels;
-}
-
-// Strategy: Component and platform labeling
-async function detectComponentPlatforms(changedFiles, apiData) {
-  const labels = new Set();
-  const targetPlatformRegex = new RegExp(`^esphome\/components\/(${apiData.targetPlatforms.join('|')})/`);
-
-  for (const comp of detectComponents(changedFiles)) {
-    labels.add(`component: ${comp}`);
-  }
-
-  for (const file of changedFiles) {
-    const platformMatch = file.match(targetPlatformRegex);
-    if (platformMatch) {
-      labels.add(`platform: ${platformMatch[1]}`);
-    }
-  }
-
-  return labels;
-}
-
-// Strategy: New component detection
-async function detectNewComponents(github, context, prFiles) {
-  const labels = new Set();
-  let hasYamlLoadable = false;
-  const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
-
-  for (const file of addedFiles) {
-    const componentMatch = file.match(/^esphome\/components\/([^\/]+)\/__init__\.py$/);
-    if (!componentMatch) continue;
-
-    labels.add('new-component');
-    const content = await fetchPrFileContent(github, context, file);
-    if (content === null) {
-      // Safe default: assume YAML-loadable so needs-docs behaviour is unchanged on fetch failure
-      hasYamlLoadable = true;
-      continue;
-    }
-    if (content.includes('IS_TARGET_PLATFORM = True')) {
-      labels.add('new-target-platform');
-    }
-    if (CONFIG_SCHEMA_REGEX.test(content)) {
-      hasYamlLoadable = true;
-    }
-  }
-
-  return { labels, hasYamlLoadable };
-}
-
-// Strategy: New platform detection
-async function detectNewPlatforms(github, context, prFiles, apiData) {
-  const labels = new Set();
-  let hasYamlLoadable = false;
-  const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
-
-  const platformPathPatterns = [
-    /^esphome\/components\/([^\/]+)\/([^\/]+)\.py$/,
-    /^esphome\/components\/([^\/]+)\/([^\/]+)\/__init__\.py$/,
-  ];
-
-  const removedFiles = new Set(prFiles.filter(file => file.status === 'removed').map(file => file.filename));
-
-  for (const file of addedFiles) {
-    for (const re of platformPathPatterns) {
-      const match = file.match(re);
-      if (!match) continue;
-      const platform = match[2];
-      if (!apiData.platformComponents.includes(platform)) break;
-
-      // Skip if this is a restructure between flat and subdirectory forms (either direction):
-      //   <component>/<platform>.py  <->  <component>/<platform>/__init__.py
-      const flatEquivalent = `esphome/components/${match[1]}/${platform}.py`;
-      const subdirEquivalent = `esphome/components/${match[1]}/${platform}/__init__.py`;
-      if (removedFiles.has(flatEquivalent) || removedFiles.has(subdirEquivalent)) break;
-
-      labels.add('new-platform');
-      const content = await fetchPrFileContent(github, context, file);
-      if (content === null) {
-        // Safe default: assume YAML-loadable so needs-docs behaviour is unchanged on fetch failure
-        hasYamlLoadable = true;
-      } else if (CONFIG_SCHEMA_REGEX.test(content)) {
-        hasYamlLoadable = true;
-      }
-      break;
-    }
-  }
-
-  return { labels, hasYamlLoadable };
-}
-
-// Strategy: Core files detection
-async function detectCoreChanges(changedFiles) {
-  const labels = new Set();
-  if (hasCoreChanges(changedFiles)) {
-    labels.add('core');
-  }
-  return labels;
-}
-
-// Strategy: PR size detection
-async function detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, MEDIUM_PR_THRESHOLD, TOO_BIG_THRESHOLD) {
-  const labels = new Set();
-
-  if (totalChanges <= SMALL_PR_THRESHOLD) {
-    labels.add('small-pr');
-    return labels;
-  }
-
-  if (totalChanges <= MEDIUM_PR_THRESHOLD) {
-    labels.add('medium-pr');
-    return labels;
-  }
-
-  const testAdditions = prFiles
-    .filter(file => file.filename.startsWith('tests/'))
-    .reduce((sum, file) => sum + (file.additions || 0), 0);
-  const testDeletions = prFiles
-    .filter(file => file.filename.startsWith('tests/'))
-    .reduce((sum, file) => sum + (file.deletions || 0), 0);
-
-  const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
-
-  // Don't add too-big if mega-pr label is already present
-  if (nonTestChanges > TOO_BIG_THRESHOLD && !isMegaPR) {
-    labels.add('too-big');
-  }
-
-  return labels;
-}
-
-// Strategy: Dashboard changes
-async function detectDashboardChanges(changedFiles) {
-  const labels = new Set();
-  if (hasDashboardChanges(changedFiles)) {
-    labels.add('dashboard');
-  }
-  return labels;
-}
-
-// Strategy: GitHub Actions changes
-async function detectGitHubActionsChanges(changedFiles) {
-  const labels = new Set();
-  if (hasGitHubActionsChanges(changedFiles)) {
-    labels.add('github-actions');
-  }
-  return labels;
-}
-
-// Strategy: Code owner detection
-async function detectCodeOwner(github, context, changedFiles) {
-  const labels = new Set();
-
-  try {
-    const codeownersPatterns = loadCodeowners();
-    const prAuthor = context.payload.pull_request.user.login;
-
-    // Check if PR author is a codeowner of any changed file
-    const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-    if (effective.users.has(prAuthor)) {
-      labels.add('by-code-owner');
-    }
-  } catch (error) {
-    console.log('Failed to read or parse CODEOWNERS file:', error.message);
-  }
-
-  return labels;
-}
-
-// Strategy: Test detection
-async function detectTests(changedFiles) {
-  const labels = new Set();
-  const testFiles = changedFiles.filter(file => file.startsWith('tests/'));
-
-  if (testFiles.length > 0) {
-    labels.add('has-tests');
-  }
-
-  return labels;
-}
-
-// Strategy: PR Template Checkbox detection
-async function detectPRTemplateCheckboxes(context) {
-  const labels = new Set();
-  const prBody = context.payload.pull_request.body || '';
-
-  console.log('Checking PR template checkboxes...');
-
-  // Check for checked checkboxes in the "Types of changes" section
-  const checkboxPatterns = [
-    { pattern: /- \[x\] Bugfix \(non-breaking change which fixes an issue\)/i, label: 'bugfix' },
-    { pattern: /- \[x\] New feature \(non-breaking change which adds functionality\)/i, label: 'new-feature' },
-    { pattern: /- \[x\] Breaking change \(fix or feature that would cause existing functionality to not work as expected\)/i, label: 'breaking-change' },
-    { pattern: /- \[x\] Developer breaking change \(an API change that could break external components\)/i, label: 'developer-breaking-change' },
-    { pattern: /- \[x\] Undocumented C\+\+ API change \(removal or change of undocumented public methods that lambda users may depend on\)/i, label: 'undocumented-api-change' },
-    { pattern: /- \[x\] Code quality improvements to existing code or addition of tests/i, label: 'code-quality' }
-  ];
-
-  for (const { pattern, label } of checkboxPatterns) {
-    if (pattern.test(prBody)) {
-      console.log(`Found checked checkbox for: ${label}`);
-      labels.add(label);
-    }
-  }
-
-  return labels;
-}
-
-// Strategy: Deprecated component detection
-async function detectDeprecatedComponents(github, context, changedFiles) {
-  const labels = new Set();
-  const deprecatedInfo = [];
-  const { owner, repo } = context.repo;
-
-  // Compile regex once for better performance
-  const componentFileRegex = COMPONENT_REGEX;
-
-  // Get files that are modified or added in components directory
-  const componentFiles = changedFiles.filter(file => componentFileRegex.test(file));
-
-  if (componentFiles.length === 0) {
-    return { labels, deprecatedInfo };
-  }
-
-  // Extract unique component names using the same regex
-  const components = new Set();
-  for (const file of componentFiles) {
-    const match = file.match(componentFileRegex);
-    if (match) {
-      components.add(match[1]);
-    }
-  }
-
-  // Get base branch ref to check if deprecation already exists for the component
-  // This prevents flagging a PR that simply adds deprecation
-  const baseRef = context.payload.pull_request.base.ref;
-
-  // Check each component's __init__.py for DEPRECATED_COMPONENT constant
-  for (const component of components) {
-    const initFile = `esphome/components/${component}/__init__.py`;
-    try {
-      // Fetch file content from base branch using GitHub API
-      const { data: fileData } = await github.rest.repos.getContent({
-        owner,
-        repo,
-        path: initFile,
-        ref: baseRef
-      });
-
-      // Decode base64 content
-      const content = Buffer.from(fileData.content, 'base64').toString('utf8');
-
-      // Look for DEPRECATED_COMPONENT = "message" or DEPRECATED_COMPONENT = 'message'
-      // Support single quotes, double quotes, and triple quotes (for multiline)
-      const doubleQuoteMatch = content.match(/DEPRECATED_COMPONENT\s*=\s*"""([\s\S]*?)"""/s) ||
-                              content.match(/DEPRECATED_COMPONENT\s*=\s*"((?:[^"\\]|\\.)*)"/);
-      const singleQuoteMatch = content.match(/DEPRECATED_COMPONENT\s*=\s*'''([\s\S]*?)'''/s) ||
-                              content.match(/DEPRECATED_COMPONENT\s*=\s*'((?:[^'\\]|\\.)*)'/);
-      const deprecatedMatch = doubleQuoteMatch || singleQuoteMatch;
-
-      if (deprecatedMatch) {
-        labels.add('deprecated-component');
-        deprecatedInfo.push({
-          component: component,
-          message: deprecatedMatch[1].trim()
-        });
-        console.log(`Found deprecated component: ${component}`);
-      }
-    } catch (error) {
-      // Only log if it's not a simple "file not found" error (404)
-      if (error.status !== 404) {
-        console.log(`Error reading ${initFile}:`, error.message);
-      }
-    }
-  }
-
-  return { labels, deprecatedInfo };
-}
-
-// Strategy: Detect when maintainers cannot modify the PR branch
-function detectMaintainerAccess(context) {
-  const pr = context.payload.pull_request;
-
-  // Only relevant for cross-repo PRs (forks)
-  if (!pr.head.repo || pr.head.repo.full_name === pr.base.repo.full_name) {
-    return null;
-  }
-
-  if (pr.maintainer_can_modify) {
-    return null;
-  }
-
-  const isOrgFork = pr.head.repo.owner.type === 'Organization';
-  console.log(`Maintainer cannot modify PR branch (${isOrgFork ? 'org fork: ' + pr.head.repo.owner.login : 'user disabled'})`);
-  return { isOrgFork, orgName: pr.head.repo.owner.login };
-}
-
-// Strategy: Requirements detection
-async function detectRequirements(allLabels, prFiles, context, hasYamlLoadable) {
-  const labels = new Set();
-
-  // Check for missing tests
-  if ((allLabels.has('new-component') || allLabels.has('new-platform') || allLabels.has('new-feature')) && !allLabels.has('has-tests')) {
-    labels.add('needs-tests');
-  }
-
-  // Check for missing docs.
-  // `new-feature` (PR-body checkbox) always counts. `new-component` / `new-platform`
-  // only count when at least one newly added file defines a top-level CONFIG_SCHEMA,
-  // i.e. the new component/platform is actually loadable from YAML.
-  const docsEligible =
-    allLabels.has('new-feature') ||
-    ((allLabels.has('new-component') || allLabels.has('new-platform')) && hasYamlLoadable);
-
-  if (docsEligible) {
-    const prBody = context.payload.pull_request.body || '';
-    const hasDocsLink = DOCS_PR_PATTERNS.some(pattern => pattern.test(prBody));
-
-    if (!hasDocsLink) {
-      labels.add('needs-docs');
-    }
-  }
-
-  // Check for missing CODEOWNERS
-  if (allLabels.has('new-component')) {
-    const codeownersModified = prFiles.some(file =>
-      file.filename === 'CODEOWNERS' &&
-      (file.status === 'modified' || file.status === 'added') &&
-      (file.additions || 0) > 0
-    );
-
-    if (!codeownersModified) {
-      labels.add('needs-codeowners');
-    }
-  }
-
-  return labels;
-}
-
-module.exports = {
-  detectMergeBranch,
-  detectComponentPlatforms,
-  detectNewComponents,
-  detectNewPlatforms,
-  detectCoreChanges,
-  detectPRSize,
-  detectDashboardChanges,
-  detectGitHubActionsChanges,
-  detectCodeOwner,
-  detectTests,
-  detectPRTemplateCheckboxes,
-  detectDeprecatedComponents,
-  detectMaintainerAccess,
-  detectRequirements
-};
--- a/.github/scripts/auto-label-pr/index.js
+++ b/.github/scripts/auto-label-pr/index.js
@@ -1,201 +0,0 @@
-const { MANAGED_LABELS } = require('./constants');
-const {
-  detectMergeBranch,
-  detectComponentPlatforms,
-  detectNewComponents,
-  detectNewPlatforms,
-  detectCoreChanges,
-  detectPRSize,
-  detectDashboardChanges,
-  detectGitHubActionsChanges,
-  detectCodeOwner,
-  detectTests,
-  detectPRTemplateCheckboxes,
-  detectDeprecatedComponents,
-  detectMaintainerAccess,
-  detectRequirements
-} = require('./detectors');
-const { handleReviews, handleMaintainerAccessComment } = require('./reviews');
-const { applyLabels, removeOldLabels } = require('./labels');
-
-// Fetch API data
-async function fetchApiData() {
-  try {
-    const response = await fetch('https://data.esphome.io/components.json');
-    const componentsData = await response.json();
-    return {
-      targetPlatforms: componentsData.target_platforms || [],
-      platformComponents: componentsData.platform_components || []
-    };
-  } catch (error) {
-    console.log('Failed to fetch components data from API:', error.message);
-    return { targetPlatforms: [], platformComponents: [] };
-  }
-}
-
-module.exports = async ({ github, context }) => {
-  // Environment variables
-  const SMALL_PR_THRESHOLD = parseInt(process.env.SMALL_PR_THRESHOLD);
-  const MEDIUM_PR_THRESHOLD = parseInt(process.env.MEDIUM_PR_THRESHOLD);
-  const MAX_LABELS = parseInt(process.env.MAX_LABELS);
-  const TOO_BIG_THRESHOLD = parseInt(process.env.TOO_BIG_THRESHOLD);
-  const COMPONENT_LABEL_THRESHOLD = parseInt(process.env.COMPONENT_LABEL_THRESHOLD);
-
-  // Global state
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-
-  // Get current labels and PR data
-  const { data: currentLabelsData } = await github.rest.issues.listLabelsOnIssue({
-    owner,
-    repo,
-    issue_number: pr_number
-  });
-  const currentLabels = currentLabelsData.map(label => label.name);
-  const managedLabels = currentLabels.filter(label =>
-    label.startsWith('component: ') || MANAGED_LABELS.includes(label)
-  );
-
-  // Check for mega-PR early - if present, skip most automatic labeling
-  const isMegaPR = currentLabels.includes('mega-pr');
-
-  // Get all PR files with automatic pagination
-  const prFiles = await github.paginate(
-    github.rest.pulls.listFiles,
-    {
-      owner,
-      repo,
-      pull_number: pr_number
-    }
-  );
-
-  // Calculate data from PR files
-  const changedFiles = prFiles.map(file => file.filename);
-  const totalAdditions = prFiles.reduce((sum, file) => sum + (file.additions || 0), 0);
-  const totalDeletions = prFiles.reduce((sum, file) => sum + (file.deletions || 0), 0);
-  const totalChanges = totalAdditions + totalDeletions;
-
-  console.log('Current labels:', currentLabels.join(', '));
-  console.log('Changed files:', changedFiles.length);
-  console.log('Total changes:', totalChanges);
-  if (isMegaPR) {
-    console.log('Mega-PR detected - applying limited labeling logic');
-  }
-
-  // Fetch API data
-  const apiData = await fetchApiData();
-  const baseRef = context.payload.pull_request.base.ref;
-
-  // Early exit for release and beta branches only
-  if (baseRef === 'release' || baseRef === 'beta') {
-    const branchLabels = await detectMergeBranch(context);
-    const finalLabels = Array.from(branchLabels);
-
-    console.log('Computed labels (merge branch only):', finalLabels.join(', '));
-
-    // Apply labels
-    await applyLabels(github, context, finalLabels);
-
-    // Remove old managed labels
-    await removeOldLabels(github, context, managedLabels, finalLabels);
-
-    return;
-  }
-
-  // Run all strategies
-  const [
-    branchLabels,
-    componentLabels,
-    newComponentResult,
-    newPlatformResult,
-    coreLabels,
-    sizeLabels,
-    dashboardLabels,
-    actionsLabels,
-    codeOwnerLabels,
-    testLabels,
-    checkboxLabels,
-    deprecatedResult,
-    maintainerAccess
-  ] = await Promise.all([
-    detectMergeBranch(context),
-    detectComponentPlatforms(changedFiles, apiData),
-    detectNewComponents(github, context, prFiles),
-    detectNewPlatforms(github, context, prFiles, apiData),
-    detectCoreChanges(changedFiles),
-    detectPRSize(prFiles, totalAdditions, totalDeletions, totalChanges, isMegaPR, SMALL_PR_THRESHOLD, MEDIUM_PR_THRESHOLD, TOO_BIG_THRESHOLD),
-    detectDashboardChanges(changedFiles),
-    detectGitHubActionsChanges(changedFiles),
-    detectCodeOwner(github, context, changedFiles),
-    detectTests(changedFiles),
-    detectPRTemplateCheckboxes(context),
-    detectDeprecatedComponents(github, context, changedFiles),
-    detectMaintainerAccess(context)
-  ]);
-
-  // Extract new-component / new-platform results
-  const newComponentLabels = newComponentResult.labels;
-  const newPlatformLabels = newPlatformResult.labels;
-  // Eligible for needs-docs only if any newly added component or platform file
-  // defines a top-level CONFIG_SCHEMA (i.e. is actually loadable from YAML).
-  const hasYamlLoadable = newComponentResult.hasYamlLoadable || newPlatformResult.hasYamlLoadable;
-
-  // Extract deprecated component info
-  const deprecatedLabels = deprecatedResult.labels;
-  const deprecatedInfo = deprecatedResult.deprecatedInfo;
-
-  // Combine all labels
-  const allLabels = new Set([
-    ...branchLabels,
-    ...componentLabels,
-    ...newComponentLabels,
-    ...newPlatformLabels,
-    ...coreLabels,
-    ...sizeLabels,
-    ...dashboardLabels,
-    ...actionsLabels,
-    ...codeOwnerLabels,
-    ...testLabels,
-    ...checkboxLabels,
-    ...deprecatedLabels
-  ]);
-
-  // Detect requirements based on all other labels
-  const requirementLabels = await detectRequirements(allLabels, prFiles, context, hasYamlLoadable);
-  for (const label of requirementLabels) {
-    allLabels.add(label);
-  }
-
-  let finalLabels = Array.from(allLabels);
-
-  // For mega-PRs, exclude component labels if there are too many
-  if (isMegaPR) {
-    const componentLabels = finalLabels.filter(label => label.startsWith('component: '));
-    if (componentLabels.length > COMPONENT_LABEL_THRESHOLD) {
-      finalLabels = finalLabels.filter(label => !label.startsWith('component: '));
-      console.log(`Mega-PR detected - excluding ${componentLabels.length} component labels (threshold: ${COMPONENT_LABEL_THRESHOLD})`);
-    }
-  }
-
-  // Handle too many labels (only for non-mega PRs)
-  const tooManyLabels = finalLabels.length > MAX_LABELS;
-  const originalLabelCount = finalLabels.length;
-
-  if (tooManyLabels && !isMegaPR && !finalLabels.includes('too-big')) {
-    finalLabels = ['too-big'];
-  }
-
-  console.log('Computed labels:', finalLabels.join(', '));
-
-  // Handle reviews and org fork comment
-  await Promise.all([
-    handleReviews(github, context, finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, MAX_LABELS, TOO_BIG_THRESHOLD),
-    handleMaintainerAccessComment(github, context, maintainerAccess)
-  ]);
-
-  // Apply labels
-  await applyLabels(github, context, finalLabels);
-
-  // Remove old managed labels
-  await removeOldLabels(github, context, managedLabels, finalLabels);
-};
--- a/.github/scripts/auto-label-pr/labels.js
+++ b/.github/scripts/auto-label-pr/labels.js
@@ -1,41 +0,0 @@
-// Apply labels to PR
-async function applyLabels(github, context, finalLabels) {
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-
-  if (finalLabels.length > 0) {
-    console.log(`Adding labels: ${finalLabels.join(', ')}`);
-    await github.rest.issues.addLabels({
-      owner,
-      repo,
-      issue_number: pr_number,
-      labels: finalLabels
-    });
-  }
-}
-
-// Remove old managed labels
-async function removeOldLabels(github, context, managedLabels, finalLabels) {
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-
-  const labelsToRemove = managedLabels.filter(label => !finalLabels.includes(label));
-  for (const label of labelsToRemove) {
-    console.log(`Removing label: ${label}`);
-    try {
-      await github.rest.issues.removeLabel({
-        owner,
-        repo,
-        issue_number: pr_number,
-        name: label
-      });
-    } catch (error) {
-      console.log(`Failed to remove label ${label}:`, error.message);
-    }
-  }
-}
-
-module.exports = {
-  applyLabels,
-  removeOldLabels
-};
--- a/.github/scripts/auto-label-pr/package.json
+++ b/.github/scripts/auto-label-pr/package.json
@@ -1,7 +0,0 @@
-{
-  "name": "auto-label-pr",
-  "private": true,
-  "scripts": {
-    "test": "node --test tests/*.test.js"
-  }
-}
--- a/.github/scripts/auto-label-pr/reviews.js
+++ b/.github/scripts/auto-label-pr/reviews.js
@@ -1,219 +0,0 @@
-const {
-  BOT_COMMENT_MARKER,
-  CODEOWNERS_MARKER,
-  TOO_BIG_MARKER,
-  DEPRECATED_COMPONENT_MARKER,
-  ORG_FORK_MARKER
-} = require('./constants');
-
-// Generate review messages
-function generateReviewMessages(finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, prAuthor, MAX_LABELS, TOO_BIG_THRESHOLD) {
-  const messages = [];
-
-  // Deprecated component message
-  if (finalLabels.includes('deprecated-component') && deprecatedInfo && deprecatedInfo.length > 0) {
-    let message = `${DEPRECATED_COMPONENT_MARKER}\n### ⚠️ Deprecated Component\n\n`;
-    message += `Hey there @${prAuthor},\n`;
-    message += `This PR modifies one or more deprecated components. Please be aware:\n\n`;
-
-    for (const info of deprecatedInfo) {
-      message += `#### Component: \`${info.component}\`\n`;
-      message += `${info.message}\n\n`;
-    }
-
-    message += `Consider migrating to the recommended alternative if applicable.`;
-
-    messages.push(message);
-  }
-
-  // Too big message
-  if (finalLabels.includes('too-big')) {
-    const testAdditions = prFiles
-      .filter(file => file.filename.startsWith('tests/'))
-      .reduce((sum, file) => sum + (file.additions || 0), 0);
-    const testDeletions = prFiles
-      .filter(file => file.filename.startsWith('tests/'))
-      .reduce((sum, file) => sum + (file.deletions || 0), 0);
-    const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
-
-    const tooManyLabels = originalLabelCount > MAX_LABELS;
-    const tooManyChanges = nonTestChanges > TOO_BIG_THRESHOLD;
-
-    let message = `${TOO_BIG_MARKER}\n### 📦 Pull Request Size\n\n`;
-
-    message +=
-      `Hey @${prAuthor}, thanks for the contribution! Just a heads up, ` +
-      `this PR is on the large side `;
-
-    if (tooManyLabels && tooManyChanges) {
-      message +=
-        `(${nonTestChanges} line changes excluding tests, across ` +
-        `${originalLabelCount} different components/areas)`;
-    } else if (tooManyLabels) {
-      message +=
-        `(it touches ${originalLabelCount} different components/areas)`;
-    } else {
-      message += `(${nonTestChanges} line changes excluding tests)`;
-    }
-
-    message += `, which makes it harder for maintainers to review.\n\n`;
-    message +=
-      `Smaller, focused PRs tend to be reviewed much faster since they ` +
-      `fit into the short gaps between other maintainer work; large ones ` +
-      `often have to wait for a rare long uninterrupted block of time. ` +
-      `If you can break this up into smaller pieces that can be reviewed ` +
-      `independently, it will almost certainly land faster overall.\n\n`;
-    message +=
-      `Before putting more time in, it's also worth popping into ` +
-      `\`#devs\` on [Discord](https://esphome.io/chat) so we can help ` +
-      `you scope things and flag anything already in flight.\n\n`;
-    message +=
-      `For more details (including how to split the work up), see: ` +
-      `https://developers.esphome.io/contributing/submitting-your-work/` +
-      `#how-to-approach-large-submissions`;
-
-    messages.push(message);
-  }
-
-  // CODEOWNERS message
-  if (finalLabels.includes('needs-codeowners')) {
-    const message = `${CODEOWNERS_MARKER}\n### 👥 Code Ownership\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `Thanks for submitting this pull request! Can you add yourself as a codeowner for this integration? ` +
-      `This way we can notify you if a bug report for this integration is reported.\n\n` +
-      `In \`__init__.py\` of the integration, please add:\n\n` +
-      `\`\`\`python\nCODEOWNERS = ["@${prAuthor}"]\n\`\`\`\n\n` +
-      `And run \`script/build_codeowners.py\``;
-
-    messages.push(message);
-  }
-
-  return messages;
-}
-
-// Handle reviews
-async function handleReviews(github, context, finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, MAX_LABELS, TOO_BIG_THRESHOLD) {
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-  const prAuthor = context.payload.pull_request.user.login;
-
-  const reviewMessages = generateReviewMessages(finalLabels, originalLabelCount, deprecatedInfo, prFiles, totalAdditions, totalDeletions, prAuthor, MAX_LABELS, TOO_BIG_THRESHOLD);
-  const hasReviewableLabels = finalLabels.some(label =>
-    ['too-big', 'needs-codeowners', 'deprecated-component'].includes(label)
-  );
-
-  const { data: reviews } = await github.rest.pulls.listReviews({
-    owner,
-    repo,
-    pull_number: pr_number
-  });
-
-  const botReviews = reviews.filter(review =>
-    review.user.type === 'Bot' &&
-    review.state === 'CHANGES_REQUESTED' &&
-    review.body && review.body.includes(BOT_COMMENT_MARKER)
-  );
-
-  if (hasReviewableLabels) {
-    const reviewBody = `${BOT_COMMENT_MARKER}\n\n${reviewMessages.join('\n\n---\n\n')}`;
-
-    if (botReviews.length > 0) {
-      // Update existing review
-      await github.rest.pulls.updateReview({
-        owner,
-        repo,
-        pull_number: pr_number,
-        review_id: botReviews[0].id,
-        body: reviewBody
-      });
-      console.log('Updated existing bot review');
-    } else {
-      // Create new review
-      await github.rest.pulls.createReview({
-        owner,
-        repo,
-        pull_number: pr_number,
-        body: reviewBody,
-        event: 'REQUEST_CHANGES'
-      });
-      console.log('Created new bot review');
-    }
-  } else if (botReviews.length > 0) {
-    // Dismiss existing reviews
-    for (const review of botReviews) {
-      try {
-        await github.rest.pulls.dismissReview({
-          owner,
-          repo,
-          pull_number: pr_number,
-          review_id: review.id,
-          message: 'Review dismissed: All requirements have been met'
-        });
-        console.log(`Dismissed bot review ${review.id}`);
-      } catch (error) {
-        console.log(`Failed to dismiss review ${review.id}:`, error.message);
-      }
-    }
-  }
-}
-
-// Handle maintainer access warning comment
-async function handleMaintainerAccessComment(github, context, maintainerAccess) {
-  if (!maintainerAccess) {
-    return;
-  }
-
-  const { owner, repo } = context.repo;
-  const pr_number = context.issue.number;
-  const prAuthor = context.payload.pull_request.user.login;
-
-  // Check if we already posted the warning (iterate pages to exit early)
-  let existingComment;
-  for await (const { data: comments } of github.paginate.iterator(
-    github.rest.issues.listComments,
-    { owner, repo, issue_number: pr_number }
-  )) {
-    existingComment = comments.find(comment =>
-      comment.user.type === 'Bot' &&
-      comment.body && comment.body.includes(ORG_FORK_MARKER)
-    );
-    if (existingComment) {
-      break;
-    }
-  }
-
-  if (existingComment) {
-    console.log('Maintainer access warning comment already exists, skipping');
-    return;
-  }
-
-  let body;
-  if (maintainerAccess.isOrgFork) {
-    body = `${ORG_FORK_MARKER}\n### ⚠️ Organization Fork Detected\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `It looks like this PR was submitted from a fork owned by the **${maintainerAccess.orgName}** organization. ` +
-      `GitHub does not allow maintainers to push changes to pull request branches when the fork is owned by an organization. ` +
-      `This means we won't be able to make small adjustments or fixups to your PR directly.\n\n` +
-      `To allow maintainer collaboration, please re-submit this PR from a personal fork instead.\n\n` +
-      `See: [Setting up the local repository](https://developers.esphome.io/contributing/development-environment/?h=org#set-up-the-local-repository) for more details.`;
-  } else {
-    body = `${ORG_FORK_MARKER}\n### ⚠️ Maintainer Access Disabled\n\n` +
-      `Hey there @${prAuthor},\n` +
-      `It looks like this PR does not have the "Allow edits from maintainers" option enabled. ` +
-      `This means we won't be able to make small adjustments or fixups to your PR directly.\n\n` +
-      `Please enable this option in the PR sidebar to allow maintainer collaboration.`;
-  }
-
-  await github.rest.issues.createComment({
-    owner,
-    repo,
-    issue_number: pr_number,
-    body
-  });
-  console.log('Created maintainer access warning comment');
-}
-
-module.exports = {
-  handleReviews,
-  handleMaintainerAccessComment
-};
--- a/.github/scripts/auto-label-pr/tests/detectors.test.js
+++ b/.github/scripts/auto-label-pr/tests/detectors.test.js
@@ -1,147 +0,0 @@
-const { describe, it } = require('node:test');
-const assert = require('node:assert/strict');
-const { detectNewPlatforms, detectNewComponents } = require('../detectors');
-
-// Minimal GitHub API mock — only repos.getContent is called by detectNewPlatforms/detectNewComponents
-// to check for CONFIG_SCHEMA in newly added files.
-function makeGithub(content = '') {
-  return {
-    rest: {
-      repos: {
-        getContent: async () => ({
-          data: { content: Buffer.from(content).toString('base64') }
-        })
-      }
-    }
-  };
-}
-
-const CONTEXT = {
-  repo: { owner: 'esphome', repo: 'esphome' },
-  payload: { pull_request: { head: { sha: 'abc123' }, base: { ref: 'dev' } } }
-};
-
-const API_DATA = {
-  targetPlatforms: ['esp32', 'esp8266', 'rp2040'],
-  platformComponents: ['cover', 'sensor', 'binary_sensor', 'switch', 'light', 'fan', 'climate', 'valve']
-};
-
-const WITH_SCHEMA = 'CONFIG_SCHEMA = cv.Schema({})';
-const WITHOUT_SCHEMA = 'CODEOWNERS = ["@esphome/core"]';
-
-// ---------------------------------------------------------------------------
-// detectNewPlatforms
-// ---------------------------------------------------------------------------
-
-describe('detectNewPlatforms', () => {
-  describe('restructure detection (no false positives)', () => {
-    it('flat .py -> subdir __init__.py is not a new platform', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/endstop/cover.py', status: 'removed' },
-        { filename: 'esphome/components/endstop/cover/__init__.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-
-    it('subdir __init__.py -> flat .py is not a new platform', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/endstop/cover/__init__.py', status: 'removed' },
-        { filename: 'esphome/components/endstop/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-  });
-
-  describe('genuine new platforms', () => {
-    it('new subdir platform with CONFIG_SCHEMA sets new-platform and hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover/__init__.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, true);
-    });
-
-    it('new flat platform with CONFIG_SCHEMA sets new-platform and hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, true);
-    });
-
-    it('new platform without CONFIG_SCHEMA sets new-platform but not hasYamlLoadable', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/cover.py', status: 'added' },
-      ];
-      const result = await detectNewPlatforms(makeGithub(WITHOUT_SCHEMA), CONTEXT, prFiles, API_DATA);
-      assert.ok(result.labels.has('new-platform'));
-      assert.equal(result.hasYamlLoadable, false);
-    });
-
-    it('non-platform file addition produces no labels', async () => {
-      const prFiles = [
-        { filename: 'esphome/components/my_sensor/sensor.py', status: 'added' },
-      ];
-      // Override platformComponents so 'sensor' is not a recognized platform -> no label expected.
-      const nonPlatformApiData = { ...API_DATA, platformComponents: ['cover'] };
-      const result = await detectNewPlatforms(makeGithub(WITH_SCHEMA), CONTEXT, prFiles, nonPlatformApiData);
-      assert.equal(result.labels.size, 0);
-      assert.equal(result.hasYamlLoadable, false);
-    });
-  });
-});
-
-// ---------------------------------------------------------------------------
-// detectNewComponents
-// ---------------------------------------------------------------------------
-
-describe('detectNewComponents', () => {
-  it('new top-level __init__.py sets new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/actuator/__init__.py', status: 'added', },
-    ];
-    const result = await detectNewComponents(makeGithub(WITHOUT_SCHEMA), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.equal(result.hasYamlLoadable, false);
-  });
-
-  it('new top-level __init__.py with CONFIG_SCHEMA sets hasYamlLoadable', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/my_component/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.equal(result.hasYamlLoadable, true);
-  });
-
-  it('new top-level __init__.py with IS_TARGET_PLATFORM sets new-target-platform', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/my_platform/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub('IS_TARGET_PLATFORM = True'), CONTEXT, prFiles);
-    assert.ok(result.labels.has('new-component'));
-    assert.ok(result.labels.has('new-target-platform'));
-  });
-
-  it('modified __init__.py does not set new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/existing/__init__.py', status: 'modified' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.equal(result.labels.size, 0);
-  });
-
-  it('nested __init__.py does not set new-component', async () => {
-    const prFiles = [
-      { filename: 'esphome/components/endstop/cover/__init__.py', status: 'added' },
-    ];
-    const result = await detectNewComponents(makeGithub(WITH_SCHEMA), CONTEXT, prFiles);
-    assert.equal(result.labels.size, 0);
-  });
-});
--- a/.github/scripts/codeowners.js
+++ b/.github/scripts/codeowners.js
@@ -1,227 +0,0 @@
-// Shared CODEOWNERS parsing and matching utilities.
-//
-// Used by:
-//   - codeowner-review-request.yml
-//   - codeowner-approved-label-update.yml
-//   - auto-label-pr/detectors.js (detectCodeOwner)
-
-/**
- * Convert a CODEOWNERS glob pattern to a RegExp.
- *
- * Handles **, *, and ? wildcards after escaping regex-special characters.
- */
-function globToRegex(pattern) {
-  let regexStr = pattern
-    .replace(/([.+^=!:${}()|[\]\\])/g, '\\$1')
-    .replace(/\*\*/g, '\x00GLOBSTAR\x00')  // protect ** from next replace
-    .replace(/\*/g, '[^/]*')               // single star
-    .replace(/\x00GLOBSTAR\x00/g, '.*')    // restore globstar
-    .replace(/\?/g, '.');
-  return new RegExp('^' + regexStr + '$');
-}
-
-/**
- * Parse raw CODEOWNERS file content into an array of
- * { pattern, regex, owners } objects.
- *
- * Each `owners` entry is the raw string from the file (e.g. "@user" or
- * "@esphome/core").
- */
-function parseCodeowners(content) {
-  const lines = content
-    .split('\n')
-    .map(line => line.trim())
-    .filter(line => line && !line.startsWith('#'));
-
-  const patterns = [];
-  for (const line of lines) {
-    const parts = line.split(/\s+/);
-    if (parts.length < 2) continue;
-
-    const pattern = parts[0];
-    const owners = parts.slice(1);
-    const regex = globToRegex(pattern);
-    patterns.push({ pattern, regex, owners });
-  }
-  return patterns;
-}
-
-/**
- * Fetch and parse the CODEOWNERS file via the GitHub API.
- *
- * @param {object} github  - octokit instance from actions/github-script
- * @param {string} owner   - repo owner
- * @param {string} repo    - repo name
- * @param {string} [ref]   - git ref (SHA / branch) to read from
- * @returns {Array<{pattern: string, regex: RegExp, owners: string[]}>}
- */
-async function fetchCodeowners(github, owner, repo, ref) {
-  const params = { owner, repo, path: 'CODEOWNERS' };
-  if (ref) params.ref = ref;
-
-  const { data: file } = await github.rest.repos.getContent(params);
-  const content = Buffer.from(file.content, 'base64').toString('utf8');
-  return parseCodeowners(content);
-}
-
-/**
- * Classify raw owner strings into individual users and teams.
- *
- * @param {string[]} rawOwners - e.g. ["@user1", "@esphome/core"]
- * @returns {{ users: string[], teams: string[] }}
- *   users  – login names without "@"
- *   teams  – team slugs without the "org/" prefix
- */
-function classifyOwners(rawOwners) {
-  const users = [];
-  const teams = [];
-  for (const o of rawOwners) {
-    const clean = o.startsWith('@') ? o.slice(1) : o;
-    if (clean.includes('/')) {
-      teams.push(clean.split('/')[1]);
-    } else {
-      users.push(clean);
-    }
-  }
-  return { users, teams };
-}
-
-/**
- * For each file, find its effective codeowners using GitHub's
- * "last match wins" semantics, then union across all files.
- *
- * @param {string[]} files              - list of file paths
- * @param {Array}    codeownersPatterns  - from parseCodeowners / fetchCodeowners
- * @returns {{ users: Set<string>, teams: Set<string>, matchedFileCount: number }}
- */
-function getEffectiveOwners(files, codeownersPatterns) {
-  const users = new Set();
-  const teams = new Set();
-  let matchedFileCount = 0;
-
-  for (const file of files) {
-    // Last matching pattern wins for each file
-    let effectiveOwners = null;
-    for (const { regex, owners } of codeownersPatterns) {
-      if (regex.test(file)) {
-        effectiveOwners = owners;
-      }
-    }
-    if (effectiveOwners) {
-      matchedFileCount++;
-      const classified = classifyOwners(effectiveOwners);
-      for (const u of classified.users) users.add(u);
-      for (const t of classified.teams) teams.add(t);
-    }
-  }
-
-  return { users, teams, matchedFileCount };
-}
-
-/**
- * Read and parse the CODEOWNERS file from disk.
- *
- * Use this when the repo is already checked out (avoids an API call).
- *
- * @param {string} [repoRoot='.'] - path to the repo root
- * @returns {Array<{pattern: string, regex: RegExp, owners: string[]}>}
- */
-function loadCodeowners(repoRoot = '.') {
-  const fs = require('fs');
-  const path = require('path');
-  const content = fs.readFileSync(path.join(repoRoot, 'CODEOWNERS'), 'utf8');
-  return parseCodeowners(content);
-}
-
-/** Possible label actions returned by determineLabelAction. */
-const LabelAction = Object.freeze({
-  ADD: 'add',
-  REMOVE: 'remove',
-  NONE: 'none',
-});
-
-/**
- * Determine what label action is needed for a PR based on codeowner approvals.
- *
- * Checks changed files against CODEOWNERS patterns, reviews, and current labels
- * to decide if the label should be added, removed, or left unchanged.
- *
- * @param {object} github              - octokit instance from actions/github-script
- * @param {string} owner               - repo owner
- * @param {string} repo                - repo name
- * @param {number} pr_number           - pull request number
- * @param {Array}  codeownersPatterns   - from loadCodeowners / fetchCodeowners
- * @param {string} labelName           - label to manage
- * @returns {Promise<LabelAction>}
- */
-async function determineLabelAction(github, owner, repo, pr_number, codeownersPatterns, labelName) {
-  // Get the list of changed files in this PR
-  const prFiles = await github.paginate(
-    github.rest.pulls.listFiles,
-    { owner, repo, pull_number: pr_number }
-  );
-
-  const changedFiles = prFiles.map(file => file.filename);
-  console.log(`Found ${changedFiles.length} changed files`);
-
-  if (changedFiles.length === 0) {
-    console.log('No changed files found');
-    return LabelAction.NONE;
-  }
-
-  // Get effective owners using last-match-wins semantics
-  const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-  const componentCodeowners = effective.users;
-
-  console.log(`Component-specific codeowners: ${Array.from(componentCodeowners).join(', ') || '(none)'}`);
-
-  // Get current labels
-  const { data: currentLabels } = await github.rest.issues.listLabelsOnIssue({
-    owner, repo, issue_number: pr_number
-  });
-  const hasLabel = currentLabels.some(label => label.name === labelName);
-
-  if (componentCodeowners.size === 0) {
-    console.log('No component-specific codeowners found');
-    return hasLabel ? LabelAction.REMOVE : LabelAction.NONE;
-  }
-
-  // Get all reviews and find latest per user
-  const reviews = await github.paginate(
-    github.rest.pulls.listReviews,
-    { owner, repo, pull_number: pr_number }
-  );
-
-  const latestReviewByUser = new Map();
-  for (const review of reviews) {
-    if (!review.user || review.user.type === 'Bot' || review.state === 'COMMENTED') continue;
-    latestReviewByUser.set(review.user.login, review);
-  }
-
-  // Check if any component-specific codeowner has an active approval
-  let hasCodeownerApproval = false;
-  for (const [login, review] of latestReviewByUser) {
-    if (review.state === 'APPROVED' && componentCodeowners.has(login)) {
-      console.log(`Codeowner '${login}' has approved`);
-      hasCodeownerApproval = true;
-      break;
-    }
-  }
-
-  if (hasCodeownerApproval && !hasLabel) return LabelAction.ADD;
-  if (!hasCodeownerApproval && hasLabel) return LabelAction.REMOVE;
-
-  console.log(`Label already ${hasLabel ? 'present' : 'absent'}, no change needed`);
-  return LabelAction.NONE;
-}
-
-module.exports = {
-  globToRegex,
-  parseCodeowners,
-  fetchCodeowners,
-  loadCodeowners,
-  classifyOwners,
-  getEffectiveOwners,
-  LabelAction,
-  determineLabelAction
-};
--- a/.github/scripts/detect-tags.js
+++ b/.github/scripts/detect-tags.js
@@ -1,66 +0,0 @@
-/**
- * Shared tag detection from changed file paths.
- * Used by pr-title-check and auto-label-pr workflows.
- */
-
-const COMPONENT_REGEX = /^esphome\/components\/([^\/]+)\//;
-
-/**
- * Detect component names from changed files.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {Set<string>} Set of component names
- */
-function detectComponents(changedFiles) {
-  const components = new Set();
-  for (const file of changedFiles) {
-    const match = file.match(COMPONENT_REGEX);
-    if (match) {
-      components.add(match[1]);
-    }
-  }
-  return components;
-}
-
-/**
- * Detect if core files were changed.
- * Core files are in esphome/core/ or top-level esphome/ directory.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasCoreChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('esphome/core/') ||
-    (file.startsWith('esphome/') && file.split('/').length === 2)
-  );
-}
-
-/**
- * Detect if dashboard files were changed.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasDashboardChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('esphome/dashboard/') ||
-    file.startsWith('esphome/components/dashboard_import/')
-  );
-}
-
-/**
- * Detect if GitHub Actions files were changed.
- * @param {string[]} changedFiles - List of changed file paths
- * @returns {boolean}
- */
-function hasGitHubActionsChanges(changedFiles) {
-  return changedFiles.some(file =>
-    file.startsWith('.github/workflows/')
-  );
-}
-
-module.exports = {
-  COMPONENT_REGEX,
-  detectComponents,
-  hasCoreChanges,
-  hasDashboardChanges,
-  hasGitHubActionsChanges,
-};
--- a/.github/workflows/auto-label-pr.yml
+++ b/.github/workflows/auto-label-pr.yml
@@ -6,14 +6,12 @@ on:
  pull_request_target:
    types: [labeled, opened, reopened, synchronize, edited]

-# All PR/label/review writes are performed with the App token minted below,
-# so the workflow's GITHUB_TOKEN only needs read access for checkout.
 permissions:
-  contents: read  # actions/checkout reads the workflow source
+  pull-requests: write
+  contents: read

 env:
  SMALL_PR_THRESHOLD: 30
-  MEDIUM_PR_THRESHOLD: 100
  MAX_LABELS: 15
  TOO_BIG_THRESHOLD: 1000
  COMPONENT_LABEL_THRESHOLD: 10
@@ -21,26 +19,650 @@ env:
 jobs:
  label:
    runs-on: ubuntu-latest
-    if: github.event.pull_request.state == 'open' && (github.event.action != 'labeled' || github.event.sender.type != 'Bot')
+    if: github.event.action != 'labeled' || github.event.sender.type != 'Bot'
    steps:
      - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by auto-label-pr/*.js.
-          permission-contents: read       # repos.getContent for CODEOWNERS and file lookups in detectors.js
-          permission-issues: write        # listLabelsOnIssue, addLabels, removeLabel, list/createComment
-          permission-pull-requests: write  # pulls.listFiles, list/create/update/dismissReview

      - name: Auto Label PR
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
-            const script = require('./.github/scripts/auto-label-pr/index.js');
-            await script({ github, context });
+            const fs = require('fs');
+
+            // Constants
+            const SMALL_PR_THRESHOLD = parseInt('${{ env.SMALL_PR_THRESHOLD }}');
+            const MAX_LABELS = parseInt('${{ env.MAX_LABELS }}');
+            const TOO_BIG_THRESHOLD = parseInt('${{ env.TOO_BIG_THRESHOLD }}');
+            const COMPONENT_LABEL_THRESHOLD = parseInt('${{ env.COMPONENT_LABEL_THRESHOLD }}');
+            const BOT_COMMENT_MARKER = '<!-- auto-label-pr-bot -->';
+            const CODEOWNERS_MARKER = '<!-- codeowners-request -->';
+            const TOO_BIG_MARKER = '<!-- too-big-request -->';
+
+            const MANAGED_LABELS = [
+              'new-component',
+              'new-platform',
+              'new-target-platform',
+              'merging-to-release',
+              'merging-to-beta',
+              'chained-pr',
+              'core',
+              'small-pr',
+              'dashboard',
+              'github-actions',
+              'by-code-owner',
+              'has-tests',
+              'needs-tests',
+              'needs-docs',
+              'needs-codeowners',
+              'too-big',
+              'labeller-recheck',
+              'bugfix',
+              'new-feature',
+              'breaking-change',
+              'developer-breaking-change',
+              'code-quality'
+            ];
+
+            const DOCS_PR_PATTERNS = [
+              /https:\/\/github\.com\/esphome\/esphome-docs\/pull\/\d+/,
+              /esphome\/esphome-docs#\d+/
+            ];
+
+            // Global state
+            const { owner, repo } = context.repo;
+            const pr_number = context.issue.number;
+
+            // Get current labels and PR data
+            const { data: currentLabelsData } = await github.rest.issues.listLabelsOnIssue({
+              owner,
+              repo,
+              issue_number: pr_number
+            });
+            const currentLabels = currentLabelsData.map(label => label.name);
+            const managedLabels = currentLabels.filter(label =>
+              label.startsWith('component: ') || MANAGED_LABELS.includes(label)
+            );
+
+            // Check for mega-PR early - if present, skip most automatic labeling
+            const isMegaPR = currentLabels.includes('mega-pr');
+
+            // Get all PR files with automatic pagination
+            const prFiles = await github.paginate(
+              github.rest.pulls.listFiles,
+              {
+                owner,
+                repo,
+                pull_number: pr_number
+              }
+            );
+
+            // Calculate data from PR files
+            const changedFiles = prFiles.map(file => file.filename);
+            const totalAdditions = prFiles.reduce((sum, file) => sum + (file.additions || 0), 0);
+            const totalDeletions = prFiles.reduce((sum, file) => sum + (file.deletions || 0), 0);
+            const totalChanges = totalAdditions + totalDeletions;
+
+            console.log('Current labels:', currentLabels.join(', '));
+            console.log('Changed files:', changedFiles.length);
+            console.log('Total changes:', totalChanges);
+            if (isMegaPR) {
+              console.log('Mega-PR detected - applying limited labeling logic');
+            }
+
+            // Fetch API data
+            async function fetchApiData() {
+              try {
+                const response = await fetch('https://data.esphome.io/components.json');
+                const componentsData = await response.json();
+                return {
+                  targetPlatforms: componentsData.target_platforms || [],
+                  platformComponents: componentsData.platform_components || []
+                };
+              } catch (error) {
+                console.log('Failed to fetch components data from API:', error.message);
+                return { targetPlatforms: [], platformComponents: [] };
+              }
+            }
+
+            // Strategy: Merge branch detection
+            async function detectMergeBranch() {
+              const labels = new Set();
+              const baseRef = context.payload.pull_request.base.ref;
+
+              if (baseRef === 'release') {
+                labels.add('merging-to-release');
+              } else if (baseRef === 'beta') {
+                labels.add('merging-to-beta');
+              } else if (baseRef !== 'dev') {
+                labels.add('chained-pr');
+              }
+
+              return labels;
+            }
+
+            // Strategy: Component and platform labeling
+            async function detectComponentPlatforms(apiData) {
+              const labels = new Set();
+              const componentRegex = /^esphome\/components\/([^\/]+)\//;
+              const targetPlatformRegex = new RegExp(`^esphome\/components\/(${apiData.targetPlatforms.join('|')})/`);
+
+              for (const file of changedFiles) {
+                const componentMatch = file.match(componentRegex);
+                if (componentMatch) {
+                  labels.add(`component: ${componentMatch[1]}`);
+                }
+
+                const platformMatch = file.match(targetPlatformRegex);
+                if (platformMatch) {
+                  labels.add(`platform: ${platformMatch[1]}`);
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: New component detection
+            async function detectNewComponents() {
+              const labels = new Set();
+              const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
+
+              for (const file of addedFiles) {
+                const componentMatch = file.match(/^esphome\/components\/([^\/]+)\/__init__\.py$/);
+                if (componentMatch) {
+                  try {
+                    const content = fs.readFileSync(file, 'utf8');
+                    if (content.includes('IS_TARGET_PLATFORM = True')) {
+                      labels.add('new-target-platform');
+                    }
+                  } catch (error) {
+                    console.log(`Failed to read content of ${file}:`, error.message);
+                  }
+                  labels.add('new-component');
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: New platform detection
+            async function detectNewPlatforms(apiData) {
+              const labels = new Set();
+              const addedFiles = prFiles.filter(file => file.status === 'added').map(file => file.filename);
+
+              for (const file of addedFiles) {
+                const platformFileMatch = file.match(/^esphome\/components\/([^\/]+)\/([^\/]+)\.py$/);
+                if (platformFileMatch) {
+                  const [, component, platform] = platformFileMatch;
+                  if (apiData.platformComponents.includes(platform)) {
+                    labels.add('new-platform');
+                  }
+                }
+
+                const platformDirMatch = file.match(/^esphome\/components\/([^\/]+)\/([^\/]+)\/__init__\.py$/);
+                if (platformDirMatch) {
+                  const [, component, platform] = platformDirMatch;
+                  if (apiData.platformComponents.includes(platform)) {
+                    labels.add('new-platform');
+                  }
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: Core files detection
+            async function detectCoreChanges() {
+              const labels = new Set();
+              const coreFiles = changedFiles.filter(file =>
+                file.startsWith('esphome/core/') ||
+                (file.startsWith('esphome/') && file.split('/').length === 2)
+              );
+
+              if (coreFiles.length > 0) {
+                labels.add('core');
+              }
+
+              return labels;
+            }
+
+            // Strategy: PR size detection
+            async function detectPRSize() {
+              const labels = new Set();
+
+              if (totalChanges <= SMALL_PR_THRESHOLD) {
+                labels.add('small-pr');
+                return labels;
+              }
+
+              const testAdditions = prFiles
+                .filter(file => file.filename.startsWith('tests/'))
+                .reduce((sum, file) => sum + (file.additions || 0), 0);
+              const testDeletions = prFiles
+                .filter(file => file.filename.startsWith('tests/'))
+                .reduce((sum, file) => sum + (file.deletions || 0), 0);
+
+              const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
+
+              // Don't add too-big if mega-pr label is already present
+              if (nonTestChanges > TOO_BIG_THRESHOLD && !isMegaPR) {
+                labels.add('too-big');
+              }
+
+              return labels;
+            }
+
+            // Strategy: Dashboard changes
+            async function detectDashboardChanges() {
+              const labels = new Set();
+              const dashboardFiles = changedFiles.filter(file =>
+                file.startsWith('esphome/dashboard/') ||
+                file.startsWith('esphome/components/dashboard_import/')
+              );
+
+              if (dashboardFiles.length > 0) {
+                labels.add('dashboard');
+              }
+
+              return labels;
+            }
+
+            // Strategy: GitHub Actions changes
+            async function detectGitHubActionsChanges() {
+              const labels = new Set();
+              const githubActionsFiles = changedFiles.filter(file =>
+                file.startsWith('.github/workflows/')
+              );
+
+              if (githubActionsFiles.length > 0) {
+                labels.add('github-actions');
+              }
+
+              return labels;
+            }
+
+            // Strategy: Code owner detection
+            async function detectCodeOwner() {
+              const labels = new Set();
+
+              try {
+                const { data: codeownersFile } = await github.rest.repos.getContent({
+                  owner,
+                  repo,
+                  path: 'CODEOWNERS',
+                });
+
+                const codeownersContent = Buffer.from(codeownersFile.content, 'base64').toString('utf8');
+                const prAuthor = context.payload.pull_request.user.login;
+
+                const codeownersLines = codeownersContent.split('\n')
+                  .map(line => line.trim())
+                  .filter(line => line && !line.startsWith('#'));
+
+                const codeownersRegexes = codeownersLines.map(line => {
+                  const parts = line.split(/\s+/);
+                  const pattern = parts[0];
+                  const owners = parts.slice(1);
+
+                  let regex;
+                  if (pattern.endsWith('*')) {
+                    const dir = pattern.slice(0, -1);
+                    regex = new RegExp(`^${dir.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}`);
+                  } else if (pattern.includes('*')) {
+                    // First escape all regex special chars except *, then replace * with .*
+                    const regexPattern = pattern
+                      .replace(/[.+?^${}()|[\]\\]/g, '\\$&')
+                      .replace(/\*/g, '.*');
+                    regex = new RegExp(`^${regexPattern}$`);
+                  } else {
+                    regex = new RegExp(`^${pattern.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}$`);
+                  }
+
+                  return { regex, owners };
+                });
+
+                for (const file of changedFiles) {
+                  for (const { regex, owners } of codeownersRegexes) {
+                    if (regex.test(file) && owners.some(owner => owner === `@${prAuthor}`)) {
+                      labels.add('by-code-owner');
+                      return labels;
+                    }
+                  }
+                }
+              } catch (error) {
+                console.log('Failed to read or parse CODEOWNERS file:', error.message);
+              }
+
+              return labels;
+            }
+
+            // Strategy: Test detection
+            async function detectTests() {
+              const labels = new Set();
+              const testFiles = changedFiles.filter(file => file.startsWith('tests/'));
+
+              if (testFiles.length > 0) {
+                labels.add('has-tests');
+              }
+
+              return labels;
+            }
+
+            // Strategy: PR Template Checkbox detection
+            async function detectPRTemplateCheckboxes() {
+              const labels = new Set();
+              const prBody = context.payload.pull_request.body || '';
+
+              console.log('Checking PR template checkboxes...');
+
+              // Check for checked checkboxes in the "Types of changes" section
+              const checkboxPatterns = [
+                { pattern: /- \[x\] Bugfix \(non-breaking change which fixes an issue\)/i, label: 'bugfix' },
+                { pattern: /- \[x\] New feature \(non-breaking change which adds functionality\)/i, label: 'new-feature' },
+                { pattern: /- \[x\] Breaking change \(fix or feature that would cause existing functionality to not work as expected\)/i, label: 'breaking-change' },
+                { pattern: /- \[x\] Developer breaking change \(an API change that could break external components\)/i, label: 'developer-breaking-change' },
+                { pattern: /- \[x\] Code quality improvements to existing code or addition of tests/i, label: 'code-quality' }
+              ];
+
+              for (const { pattern, label } of checkboxPatterns) {
+                if (pattern.test(prBody)) {
+                  console.log(`Found checked checkbox for: ${label}`);
+                  labels.add(label);
+                }
+              }
+
+              return labels;
+            }
+
+            // Strategy: Requirements detection
+            async function detectRequirements(allLabels) {
+              const labels = new Set();
+
+              // Check for missing tests
+              if ((allLabels.has('new-component') || allLabels.has('new-platform') || allLabels.has('new-feature')) && !allLabels.has('has-tests')) {
+                labels.add('needs-tests');
+              }
+
+              // Check for missing docs
+              if (allLabels.has('new-component') || allLabels.has('new-platform') || allLabels.has('new-feature')) {
+                const prBody = context.payload.pull_request.body || '';
+                const hasDocsLink = DOCS_PR_PATTERNS.some(pattern => pattern.test(prBody));
+
+                if (!hasDocsLink) {
+                  labels.add('needs-docs');
+                }
+              }
+
+              // Check for missing CODEOWNERS
+              if (allLabels.has('new-component')) {
+                const codeownersModified = prFiles.some(file =>
+                  file.filename === 'CODEOWNERS' &&
+                  (file.status === 'modified' || file.status === 'added') &&
+                  (file.additions || 0) > 0
+                );
+
+                if (!codeownersModified) {
+                  labels.add('needs-codeowners');
+                }
+              }
+
+              return labels;
+            }
+
+            // Generate review messages
+            function generateReviewMessages(finalLabels, originalLabelCount) {
+              const messages = [];
+              const prAuthor = context.payload.pull_request.user.login;
+
+              // Too big message
+              if (finalLabels.includes('too-big')) {
+                const testAdditions = prFiles
+                  .filter(file => file.filename.startsWith('tests/'))
+                  .reduce((sum, file) => sum + (file.additions || 0), 0);
+                const testDeletions = prFiles
+                  .filter(file => file.filename.startsWith('tests/'))
+                  .reduce((sum, file) => sum + (file.deletions || 0), 0);
+                const nonTestChanges = (totalAdditions - testAdditions) - (totalDeletions - testDeletions);
+
+                const tooManyLabels = originalLabelCount > MAX_LABELS;
+                const tooManyChanges = nonTestChanges > TOO_BIG_THRESHOLD;
+
+                let message = `${TOO_BIG_MARKER}\n### 📦 Pull Request Size\n\n`;
+
+                if (tooManyLabels && tooManyChanges) {
+                  message += `This PR is too large with ${nonTestChanges} line changes (excluding tests) and affects ${originalLabelCount} different components/areas.`;
+                } else if (tooManyLabels) {
+                  message += `This PR affects ${originalLabelCount} different components/areas.`;
+                } else {
+                  message += `This PR is too large with ${nonTestChanges} line changes (excluding tests).`;
+                }
+
+                message += ` Please consider breaking it down into smaller, focused PRs to make review easier and reduce the risk of conflicts.\n\n`;
+                message += `For guidance on breaking down large PRs, see: https://developers.esphome.io/contributing/submitting-your-work/#how-to-approach-large-submissions`;
+
+                messages.push(message);
+              }
+
+              // CODEOWNERS message
+              if (finalLabels.includes('needs-codeowners')) {
+                const message = `${CODEOWNERS_MARKER}\n### 👥 Code Ownership\n\n` +
+                  `Hey there @${prAuthor},\n` +
+                  `Thanks for submitting this pull request! Can you add yourself as a codeowner for this integration? ` +
+                  `This way we can notify you if a bug report for this integration is reported.\n\n` +
+                  `In \`__init__.py\` of the integration, please add:\n\n` +
+                  `\`\`\`python\nCODEOWNERS = ["@${prAuthor}"]\n\`\`\`\n\n` +
+                  `And run \`script/build_codeowners.py\``;
+
+                messages.push(message);
+              }
+
+              return messages;
+            }
+
+            // Handle reviews
+            async function handleReviews(finalLabels, originalLabelCount) {
+              const reviewMessages = generateReviewMessages(finalLabels, originalLabelCount);
+              const hasReviewableLabels = finalLabels.some(label =>
+                ['too-big', 'needs-codeowners'].includes(label)
+              );
+
+              const { data: reviews } = await github.rest.pulls.listReviews({
+                owner,
+                repo,
+                pull_number: pr_number
+              });
+
+              const botReviews = reviews.filter(review =>
+                review.user.type === 'Bot' &&
+                review.state === 'CHANGES_REQUESTED' &&
+                review.body && review.body.includes(BOT_COMMENT_MARKER)
+              );
+
+              if (hasReviewableLabels) {
+                const reviewBody = `${BOT_COMMENT_MARKER}\n\n${reviewMessages.join('\n\n---\n\n')}`;
+
+                if (botReviews.length > 0) {
+                  // Update existing review
+                  await github.rest.pulls.updateReview({
+                    owner,
+                    repo,
+                    pull_number: pr_number,
+                    review_id: botReviews[0].id,
+                    body: reviewBody
+                  });
+                  console.log('Updated existing bot review');
+                } else {
+                  // Create new review
+                  await github.rest.pulls.createReview({
+                    owner,
+                    repo,
+                    pull_number: pr_number,
+                    body: reviewBody,
+                    event: 'REQUEST_CHANGES'
+                  });
+                  console.log('Created new bot review');
+                }
+              } else if (botReviews.length > 0) {
+                // Dismiss existing reviews
+                for (const review of botReviews) {
+                  try {
+                    await github.rest.pulls.dismissReview({
+                      owner,
+                      repo,
+                      pull_number: pr_number,
+                      review_id: review.id,
+                      message: 'Review dismissed: All requirements have been met'
+                    });
+                    console.log(`Dismissed bot review ${review.id}`);
+                  } catch (error) {
+                    console.log(`Failed to dismiss review ${review.id}:`, error.message);
+                  }
+                }
+              }
+            }
+
+            // Main execution
+            const apiData = await fetchApiData();
+            const baseRef = context.payload.pull_request.base.ref;
+
+            // Early exit for release and beta branches only
+            if (baseRef === 'release' || baseRef === 'beta') {
+              const branchLabels = await detectMergeBranch();
+              const finalLabels = Array.from(branchLabels);
+
+              console.log('Computed labels (merge branch only):', finalLabels.join(', '));
+
+              // Apply labels
+              if (finalLabels.length > 0) {
+                await github.rest.issues.addLabels({
+                  owner,
+                  repo,
+                  issue_number: pr_number,
+                  labels: finalLabels
+                });
+              }
+
+              // Remove old managed labels
+              const labelsToRemove = managedLabels.filter(label => !finalLabels.includes(label));
+              for (const label of labelsToRemove) {
+                try {
+                  await github.rest.issues.removeLabel({
+                    owner,
+                    repo,
+                    issue_number: pr_number,
+                    name: label
+                  });
+                } catch (error) {
+                  console.log(`Failed to remove label ${label}:`, error.message);
+                }
+              }
+
+              return;
+            }
+
+            // Run all strategies
+            const [
+              branchLabels,
+              componentLabels,
+              newComponentLabels,
+              newPlatformLabels,
+              coreLabels,
+              sizeLabels,
+              dashboardLabels,
+              actionsLabels,
+              codeOwnerLabels,
+              testLabels,
+              checkboxLabels
+            ] = await Promise.all([
+              detectMergeBranch(),
+              detectComponentPlatforms(apiData),
+              detectNewComponents(),
+              detectNewPlatforms(apiData),
+              detectCoreChanges(),
+              detectPRSize(),
+              detectDashboardChanges(),
+              detectGitHubActionsChanges(),
+              detectCodeOwner(),
+              detectTests(),
+              detectPRTemplateCheckboxes()
+            ]);
+
+            // Combine all labels
+            const allLabels = new Set([
+              ...branchLabels,
+              ...componentLabels,
+              ...newComponentLabels,
+              ...newPlatformLabels,
+              ...coreLabels,
+              ...sizeLabels,
+              ...dashboardLabels,
+              ...actionsLabels,
+              ...codeOwnerLabels,
+              ...testLabels,
+              ...checkboxLabels
+            ]);
+
+            // Detect requirements based on all other labels
+            const requirementLabels = await detectRequirements(allLabels);
+            for (const label of requirementLabels) {
+              allLabels.add(label);
+            }
+
+            let finalLabels = Array.from(allLabels);
+
+            // For mega-PRs, exclude component labels if there are too many
+            if (isMegaPR) {
+              const componentLabels = finalLabels.filter(label => label.startsWith('component: '));
+              if (componentLabels.length > COMPONENT_LABEL_THRESHOLD) {
+                finalLabels = finalLabels.filter(label => !label.startsWith('component: '));
+                console.log(`Mega-PR detected - excluding ${componentLabels.length} component labels (threshold: ${COMPONENT_LABEL_THRESHOLD})`);
+              }
+            }
+
+            // Handle too many labels (only for non-mega PRs)
+            const tooManyLabels = finalLabels.length > MAX_LABELS;
+            const originalLabelCount = finalLabels.length;
+
+            if (tooManyLabels && !isMegaPR && !finalLabels.includes('too-big')) {
+              finalLabels = ['too-big'];
+            }
+
+            console.log('Computed labels:', finalLabels.join(', '));
+
+            // Handle reviews
+            await handleReviews(finalLabels, originalLabelCount);
+
+            // Apply labels
+            if (finalLabels.length > 0) {
+              console.log(`Adding labels: ${finalLabels.join(', ')}`);
+              await github.rest.issues.addLabels({
+                owner,
+                repo,
+                issue_number: pr_number,
+                labels: finalLabels
+              });
+            }
+
+            // Remove old managed labels
+            const labelsToRemove = managedLabels.filter(label => !finalLabels.includes(label));
+            for (const label of labelsToRemove) {
+              console.log(`Removing label: ${label}`);
+              try {
+                await github.rest.issues.removeLabel({
+                  owner,
+                  repo,
+                  issue_number: pr_number,
+                  name: label
+                });
+              } catch (error) {
+                console.log(`Failed to remove label ${label}:`, error.message);
+              }
+            }
--- a/.github/workflows/ci-api-proto.yml
+++ b/.github/workflows/ci-api-proto.yml
@@ -12,8 +12,8 @@ on:
      - ".github/workflows/ci-api-proto.yml"

 permissions:
-  contents: read        # actions/checkout for the PR head
-  pull-requests: write  # pulls.createReview / listReviews / dismissReview when generated proto files are stale
+  contents: read
+  pull-requests: write

 jobs:
  check:
@@ -21,21 +21,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
        with:
          python-version: "3.11"
-      - name: Set up uv
-        # ``--system`` (below) installs into the setup-python interpreter;
-        # no venv is created or restored by this workflow.
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-        with:
-          enable-cache: true
-          # Pin uv version so the action does not have to fetch the
-          # manifest from raw.githubusercontent.com on every cache
-          # miss; that fetch flakes on Windows runners.
-          version: "0.11.15"

      - name: Install apt dependencies
        run: |
@@ -44,7 +34,7 @@ jobs:
          sudo apt install -y protobuf-compiler
          protoc --version
      - name: Install python dependencies
-        run: uv pip install --system aioesphomeapi -c requirements.txt -r requirements_dev.txt
+        run: pip install aioesphomeapi -c requirements.txt -r requirements_dev.txt
      - name: Generate files
        run: script/api_protobuf/api_protobuf.py
      - name: Check for changes
@@ -57,7 +47,7 @@ jobs:
          fi
      - if: failure()
        name: Review PR
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
            await github.rest.pulls.createReview({
@@ -72,7 +62,7 @@ jobs:
        run: git diff
      - if: failure()
        name: Archive artifacts
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: generated-proto-files
          path: |
@@ -80,7 +70,7 @@ jobs:
            esphome/components/api/api_pb2_service.*
      - if: success()
        name: Dismiss review
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
            let reviews = await github.rest.pulls.listReviews({
--- a/.github/workflows/ci-clang-tidy-hash.yml
+++ b/.github/workflows/ci-clang-tidy-hash.yml
@@ -0,0 +1,76 @@
+name: Clang-tidy Hash CI
+
+on:
+  pull_request:
+    paths:
+      - ".clang-tidy"
+      - "platformio.ini"
+      - "requirements_dev.txt"
+      - "sdkconfig.defaults"
+      - ".clang-tidy.hash"
+      - "script/clang_tidy_hash.py"
+      - ".github/workflows/ci-clang-tidy-hash.yml"
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  verify-hash:
+    name: Verify clang-tidy hash
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+
+      - name: Set up Python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.11"
+
+      - name: Verify hash
+        run: |
+          python script/clang_tidy_hash.py --verify
+
+      - if: failure()
+        name: Show hash details
+        run: |
+          python script/clang_tidy_hash.py
+          echo "## Job Failed" | tee -a $GITHUB_STEP_SUMMARY
+          echo "You have modified clang-tidy configuration but have not updated the hash." | tee -a $GITHUB_STEP_SUMMARY
+          echo "Please run 'script/clang_tidy_hash.py --update' and commit the changes." | tee -a $GITHUB_STEP_SUMMARY
+
+      - if: failure()
+        name: Request changes
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            await github.rest.pulls.createReview({
+              pull_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              event: 'REQUEST_CHANGES',
+              body: 'You have modified clang-tidy configuration but have not updated the hash.\nPlease run `script/clang_tidy_hash.py --update` and commit the changes.'
+            })
+
+      - if: success()
+        name: Dismiss review
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          script: |
+            let reviews = await github.rest.pulls.listReviews({
+              pull_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo
+            });
+            for (let review of reviews.data) {
+              if (review.user.login === 'github-actions[bot]' && review.state === 'CHANGES_REQUESTED') {
+                await github.rest.pulls.dismissReview({
+                  pull_number: context.issue.number,
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  review_id: review.id,
+                  message: 'Clang-tidy hash now matches configuration.'
+                });
+              }
+            }
--- a/.github/workflows/ci-docker.yml
+++ b/.github/workflows/ci-docker.yml
@@ -1,41 +1,29 @@
 ---
 name: CI for docker images

-# Only run on PRs that touch the docker image, its build inputs, or any code
-# whose toolchain the compile smoke test exercises (core + target platforms).
+# Only run when docker paths change

 on:
-  pull_request:
+  push:
+    branches: [dev, beta, release]
+    paths:
+      - "docker/**"
+      - ".github/workflows/ci-docker.yml"
+      - "requirements*.txt"
+      - "platformio.ini"
+      - "script/platformio_install_deps.py"
+
+  pull_request:
    paths:
-      # Docker image and its build inputs.
      - "docker/**"
      - ".github/workflows/ci-docker.yml"
      - "requirements*.txt"
-      - "pyproject.toml"
      - "platformio.ini"
-      - "esphome/idf_component.yml"
      - "script/platformio_install_deps.py"
-      # Core, build pipeline, toolchain, and target-platform changes can change
-      # how a toolchain is set up or built, so re-run the per-toolchain compile
-      # smoke test when they change.
-      - "esphome/core/**"
-      - "esphome/writer.py"
-      - "esphome/build_gen/**"
-      - "esphome/espidf/**"
-      - "esphome/platformio/**"
-      - "esphome/components/bk72xx/**"
-      - "esphome/components/esp32/**"
-      - "esphome/components/esp8266/**"
-      - "esphome/components/host/**"
-      - "esphome/components/libretiny/**"
-      - "esphome/components/ln882x/**"
-      - "esphome/components/nrf52/**"
-      - "esphome/components/rp2040/**"
-      - "esphome/components/rtl87xx/**"
-      - "esphome/components/zephyr/**"

 permissions:
-  contents: read  # actions/checkout only
+  contents: read
+  packages: read

 concurrency:
  # yamllint disable-line rule:line-length
@@ -46,9 +34,6 @@ jobs:
  check-docker:
    name: Build docker containers
    runs-on: ${{ matrix.os }}
-    permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # push branch-tagged images to ghcr.io for local testing
    strategy:
      fail-fast: false
      matrix:
@@ -57,161 +42,23 @@ jobs:
          - "ha-addon"
          - "docker"
          # - "lint"
-    outputs:
-      tag: ${{ steps.tag.outputs.tag }}
-      push: ${{ steps.tag.outputs.push }}
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
        with:
          python-version: "3.11"
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

-      - name: Determine tag and whether to push
-        id: tag
+      - name: Set TAG
        run: |
-          # Sanitize the branch name into a valid docker tag: replace invalid
-          # characters, ensure the first character is valid (tags must start
-          # with [A-Za-z0-9_]), and cap the length at 128 characters.
-          branch="${{ github.head_ref || github.ref_name }}"
-          tag="${branch//[^a-zA-Z0-9_.-]/-}"
-          case "$tag" in
-            [a-zA-Z0-9_]*) ;;
-            *) tag="pr-${tag}" ;;
-          esac
-          tag="${tag:0:128}"
-          echo "tag=${tag}" >> "$GITHUB_OUTPUT"
-          # Only push branch images for same-repo pull requests. Push events
-          # only fire for dev/beta/release, whose images are owned by the
-          # release pipeline -- never overwrite those from here.
-          if [ "${{ github.event_name }}" = "pull_request" ] \
-            && [ "${{ github.repository }}" = "esphome/esphome" ] \
-            && [ "${{ github.event.pull_request.head.repo.full_name }}" = "esphome/esphome" ]; then
-            echo "push=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "push=false" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Log in to the GitHub container registry
-        if: steps.tag.outputs.push == 'true'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          echo "TAG=check" >> $GITHUB_ENV

      - name: Run build
        run: |
          docker/build.py \
-            --tag "${{ steps.tag.outputs.tag }}" \
+            --tag "${TAG}" \
            --arch "${{ matrix.os == 'ubuntu-24.04-arm' && 'aarch64' || 'amd64' }}" \
            --build-type "${{ matrix.build_type }}" \
-            --registry ghcr \
-            build ${{ steps.tag.outputs.push == 'true' && '--push --no-cache-to' || '' }} ${{ (matrix.os == 'ubuntu-24.04' && matrix.build_type == 'docker') && '--load' || '' }}
-
-      # The amd64 "docker" image is also loaded locally (above) and handed to
-      # compile-test as an artifact, so the smoke test reuses this build instead
-      # of building the image a second time. Using an artifact (rather than the
-      # pushed image) keeps it working for fork PRs, which never push to ghcr.io.
-      - name: Export image for compile-test
-        if: matrix.os == 'ubuntu-24.04' && matrix.build_type == 'docker'
-        run: docker save "ghcr.io/esphome/esphome-amd64:${{ steps.tag.outputs.tag }}" | gzip > compile-test-image.tar.gz
-
-      - name: Upload compile-test image artifact
-        if: matrix.os == 'ubuntu-24.04' && matrix.build_type == 'docker'
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
-        with:
-          # The tar is already gzipped, so upload it as-is. archive: false skips
-          # the redundant zip and makes the file name the artifact name (the
-          # `name` input is ignored in that mode).
-          path: compile-test-image.tar.gz
-          retention-days: 1
-          archive: false
-
-  manifest:
-    name: Push ${{ matrix.build_type }} manifest to ghcr.io
-    needs: [check-docker]
-    if: needs.check-docker.outputs.push == 'true'
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read   # actions/checkout to run docker/build.py
-      packages: write  # buildx imagetools writes the multi-arch tag to ghcr.io
-    strategy:
-      fail-fast: false
-      matrix:
-        build_type:
-          - "ha-addon"
-          - "docker"
-    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
-        with:
-          python-version: "3.11"
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
-
-      - name: Log in to the GitHub container registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Create and push manifest
-        run: |
-          docker/build.py \
-            --tag "${{ needs.check-docker.outputs.tag }}" \
-            --build-type "${{ matrix.build_type }}" \
-            --registry ghcr \
-            manifest
-
-  # Smoke-test the built image by compiling one minimal config per target
-  # platform / toolchain. This catches missing system dependencies in the image
-  # that only surface when a given toolchain is downloaded and run. The image is
-  # the amd64 "docker" build produced by check-docker (shared as an artifact).
-  compile-test:
-    name: Compile ${{ matrix.id }}
-    needs: check-docker
-    runs-on: ubuntu-24.04
-    permissions:
-      contents: read  # actions/checkout to load the test configs
-    strategy:
-      fail-fast: false
-      # Cap concurrency so this smoke test doesn't hog all the shared runners.
-      max-parallel: 2
-      matrix:
-        # One entry per distinct toolchain. ESP32 variants (c3/c6/s2/s3/p4)
-        # share a toolchain bundle, so esp32 is exercised on the base variant
-        # across the full framework x toolchain cross-product (arduino/esp-idf
-        # framework, each built with the platformio and native esp-idf
-        # toolchains) so both toolchains stay covered regardless of which one is
-        # the default.
-        id:
-          - esp8266-arduino
-          - esp32-arduino-platformio
-          - esp32-arduino-esp-idf
-          - esp32-idf-platformio
-          - esp32-idf-esp-idf
-          - rp2040-arduino
-          - bk72xx-arduino
-          - rtl87xx-arduino
-          - ln882x-arduino
-          - nrf52
-          - host
-    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-      - name: Download image artifact
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
-        with:
-          name: compile-test-image.tar.gz
-      - name: Load image
-        run: docker load --input compile-test-image.tar.gz
-      - name: Compile ${{ matrix.id }}
-        run: |
-          docker run --rm \
-            -v "${{ github.workspace }}/docker/test_configs:/config" \
-            "ghcr.io/esphome/esphome-amd64:${{ needs.check-docker.outputs.tag }}" \
-            compile "${{ matrix.id }}.yaml"
+            build
--- a/.github/workflows/ci-github-scripts.yml
+++ b/.github/workflows/ci-github-scripts.yml
@@ -1,27 +0,0 @@
-name: CI - GitHub Scripts
-
-on:
-  push:
-    branches: [dev, beta, release]
-    paths:
-      - ".github/scripts/**"
-      - ".github/workflows/ci-github-scripts.yml"
-  pull_request:
-    paths:
-      - ".github/scripts/**"
-      - ".github/workflows/ci-github-scripts.yml"
-
-permissions:
-  contents: read
-
-jobs:
-  test-auto-label-pr:
-    name: Test auto-label-pr scripts
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-
-      - name: Run tests
-        working-directory: .github/scripts/auto-label-pr
-        run: npm test
--- a/.github/workflows/ci-memory-impact-comment.yml
+++ b/.github/workflows/ci-memory-impact-comment.yml
@@ -7,9 +7,9 @@ on:
    types: [completed]

 permissions:
-  contents: read        # actions/checkout of the base repo at the PR's target branch
-  pull-requests: write  # gh api to look up the PR by head SHA and post/update the memory-impact comment
-  actions: read         # gh run download for the memory-analysis artifacts produced by the CI workflow run
+  contents: read
+  pull-requests: write
+  actions: read

 jobs:
  memory-impact-comment:
@@ -49,7 +49,7 @@ jobs:

      - name: Check out code from base repository
        if: steps.pr.outputs.skip != 'true'
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          # Always check out from the base repository (esphome/esphome), never from forks
          # Use the PR's target branch to ensure we run trusted code from the main repo
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
--- a/.github/workflows/close-pr-from-fork-default-branch.yml
+++ b/.github/workflows/close-pr-from-fork-default-branch.yml
@@ -1,72 +0,0 @@
-name: Close PR From Fork Default Branch
-
-on:
-  # pull_request_target is required so we have permission to comment and close PRs from forks.
-  pull_request_target:
-    types: [opened, reopened]
-
-permissions:
-  pull-requests: write  # pulls.update to close the PR opened from a fork's default branch
-  issues: write         # issues.createComment to explain to the contributor why the PR was closed
-
-jobs:
-  close:
-    name: Close PR opened from fork's default branch
-    runs-on: ubuntu-latest
-    if: >-
-      github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
-      && github.event.pull_request.head.ref == github.event.repository.default_branch
-    steps:
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const { owner, repo } = context.repo;
-            const prNumber = context.payload.pull_request.number;
-            const author = context.payload.pull_request.user.login;
-            const defaultBranch = context.payload.repository.default_branch;
-            const headRepo = context.payload.pull_request.head.repo.full_name;
-
-            const body = [
-              `Hi @${author}, thanks for opening a pull request! :tada:`,
-              ``,
-              `It looks like this PR was opened from the \`${defaultBranch}\` branch of your fork (\`${headRepo}\`), which is the same name as this repository's default branch. Working directly on \`${defaultBranch}\` in your fork causes a few problems:`,
-              ``,
-              `- Your fork's \`${defaultBranch}\` branch will permanently diverge from \`esphome/esphome:${defaultBranch}\`, making it hard to keep your fork up to date.`,
-              `- Any additional commits you push to \`${defaultBranch}\` will be added to this PR, so you can't easily work on multiple changes at once.`,
-              `- Pushing maintainer fixes to your branch is awkward, since it means committing directly to your fork's default branch.`,
-              `- It makes local collaboration painful — \`${defaultBranch}\` in a checkout becomes ambiguous between upstream and your fork, and maintainers end up with naming collisions when fetching your branch.`,
-              ``,
-              `Please re-open this as a new PR from a dedicated feature branch. The usual flow looks like:`,
-              ``,
-              `\`\`\`bash`,
-              `# Make sure your fork's ${defaultBranch} is up to date with upstream`,
-              `git remote add upstream https://github.com/${owner}/${repo}.git  # if you haven't already`,
-              `git fetch upstream`,
-              `git checkout ${defaultBranch}`,
-              `git reset --hard upstream/${defaultBranch}`,
-              `git push --force-with-lease origin ${defaultBranch}`,
-              ``,
-              `# Create a new branch for your change and cherry-pick / re-apply your commits there`,
-              `git checkout -b my-feature-branch upstream/${defaultBranch}`,
-              `# ...re-apply your changes, then:`,
-              `git push origin my-feature-branch`,
-              `\`\`\``,
-              ``,
-              `Then open a new pull request from \`my-feature-branch\` into \`${owner}/${repo}:${defaultBranch}\`.`,
-              ``,
-              `Closing this PR for now — sorry for the friction, and thanks again for contributing! :heart:`,
-            ].join('\n');
-
-            await github.rest.issues.createComment({
-              owner,
-              repo,
-              issue_number: prNumber,
-              body,
-            });
-
-            await github.rest.pulls.update({
-              owner,
-              repo,
-              pull_number: prNumber,
-              state: 'closed',
-            });
--- a/.github/workflows/codeowner-approved-label-update.yml
+++ b/.github/workflows/codeowner-approved-label-update.yml
@@ -1,81 +0,0 @@
-# Adds/removes a 'code-owner-approved' label when a component-specific
-# codeowner approves (or dismisses) a PR.
-#
-# Uses pull_request_target so that fork PRs do not require workflow approval.
-# The label is reconciled on every PR update; for review events specifically,
-# this means the label is applied on the next push after a codeowner review.
-
-name: Codeowner Approved Label
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened, ready_for_review]
-    branches-ignore:
-      - release
-      - beta
-
-permissions:
-  issues: write       # issues.addLabels / removeLabel to manage the 'code-owner-approved' label on the PR
-  pull-requests: read  # listReviews to determine whether a codeowner has approved
-  contents: read       # actions/checkout to read CODEOWNERS and the shared codeowners.js helper
-
-jobs:
-  codeowner-approved:
-    name: Run
-    if: ${{ github.repository == 'esphome/esphome' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout base branch
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-          sparse-checkout: |
-            .github/scripts/codeowners.js
-            CODEOWNERS
-
-      - name: Check codeowner approval and update label
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-        with:
-          script: |
-            const { loadCodeowners, determineLabelAction, LabelAction } = require('./.github/scripts/codeowners.js');
-
-            const owner = context.repo.owner;
-            const repo = context.repo.repo;
-            const pr_number = parseInt(process.env.PR_NUMBER, 10);
-            const LABEL_NAME = 'code-owner-approved';
-
-            console.log(`Processing PR #${pr_number} for codeowner approval label`);
-
-            const codeownersPatterns = loadCodeowners();
-            const action = await determineLabelAction(
-              github, owner, repo, pr_number, codeownersPatterns, LABEL_NAME
-            );
-
-            if (action === LabelAction.NONE) {
-              console.log('No label change needed');
-              return;
-            }
-
-            try {
-              if (action === LabelAction.ADD) {
-                await github.rest.issues.addLabels({
-                  owner, repo, issue_number: pr_number, labels: [LABEL_NAME]
-                });
-                console.log(`Added '${LABEL_NAME}' label`);
-              } else if (action === LabelAction.REMOVE) {
-                await github.rest.issues.removeLabel({
-                  owner, repo, issue_number: pr_number, name: LABEL_NAME
-                });
-                console.log(`Removed '${LABEL_NAME}' label`);
-              }
-            } catch (error) {
-              if (error.status === 403) {
-                console.log(`Warning: insufficient permissions to update label (expected for fork PRs)`);
-              } else if (error.status === 404) {
-                console.log(`Label '${LABEL_NAME}' not present, nothing to remove`);
-              } else {
-                throw error;
-              }
-            }
--- a/.github/workflows/codeowner-review-request.yml
+++ b/.github/workflows/codeowner-review-request.yml
@@ -13,14 +13,10 @@ on:
  # Needs to be pull_request_target to get write permissions
  pull_request_target:
    types: [opened, reopened, synchronize, ready_for_review]
-    branches-ignore:
-      - release
-      - beta

-# PR/review writes (requestReviewers, issues.createComment) are performed with the App token minted below,
-# so the workflow's GITHUB_TOKEN only needs read access for checkout.
 permissions:
-  contents: read  # actions/checkout to read CODEOWNERS and the shared codeowners.js helper
+  pull-requests: write
+  contents: read

 jobs:
  request-codeowner-reviews:
@@ -28,28 +24,10 @@ jobs:
    if: ${{ github.repository == 'esphome/esphome' && !github.event.pull_request.draft }}
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout base branch
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-        with:
-          ref: ${{ github.event.pull_request.base.sha }}
-
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by the github-script step below.
-          permission-pull-requests: write  # pulls.listFiles, pulls.get, pulls.listReviews, pulls.requestReviewers
-          permission-issues: write         # issues.listComments and issues.createComment (PR comments use the issues API)
-
      - name: Request reviews from component codeowners
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
-            const { loadCodeowners, getEffectiveOwners } = require('./.github/scripts/codeowners.js');
-
            const owner = context.repo.owner;
            const repo = context.repo.repo;
            const pr_number = context.payload.pull_request.number;
@@ -60,15 +38,12 @@ jobs:
            const BOT_COMMENT_MARKER = '<!-- codeowner-review-request-bot -->';

            try {
-              // Get the list of changed files in this PR (with pagination)
-              const files = await github.paginate(
-                github.rest.pulls.listFiles,
-                {
-                  owner,
-                  repo,
-                  pull_number: pr_number
-                }
-              );
+              // Get the list of changed files in this PR
+              const { data: files } = await github.rest.pulls.listFiles({
+                owner,
+                repo,
+                pull_number: pr_number
+              });

              const changedFiles = files.map(file => file.filename);
              console.log(`Found ${changedFiles.length} changed files`);
@@ -78,10 +53,32 @@ jobs:
                return;
              }

-              // Parse CODEOWNERS from the checked-out base branch
-              const codeownersPatterns = loadCodeowners();
+              // Fetch CODEOWNERS file from root
+              const { data: codeownersFile } = await github.rest.repos.getContent({
+                owner,
+                repo,
+                path: 'CODEOWNERS',
+                ref: context.payload.pull_request.base.sha
+              });
+              const codeownersContent = Buffer.from(codeownersFile.content, 'base64').toString('utf8');

-              console.log(`Parsed ${codeownersPatterns.length} codeowner patterns`);
+              // Parse CODEOWNERS file to extract all patterns and their owners
+              const codeownersLines = codeownersContent.split('\n')
+                .map(line => line.trim())
+                .filter(line => line && !line.startsWith('#'));
+
+              const codeownersPatterns = [];
+
+              // Convert CODEOWNERS pattern to regex (robust glob handling)
+              function globToRegex(pattern) {
+                // Escape regex special characters except for glob wildcards
+                let regexStr = pattern
+                  .replace(/([.+^=!:${}()|[\]\\])/g, '\\$1') // escape regex chars
+                  .replace(/\*\*/g, '.*') // globstar
+                  .replace(/\*/g, '[^/]*') // single star
+                  .replace(/\?/g, '.'); // question mark
+                return new RegExp('^' + regexStr + '$');
+              }

              // Helper function to create comment body
              function createCommentBody(reviewersList, teamsList, matchedFileCount, isSuccessful = true) {
@@ -96,11 +93,50 @@ jobs:
                }
              }

-              // Match changed files against CODEOWNERS patterns using last-match-wins semantics
-              const effective = getEffectiveOwners(changedFiles, codeownersPatterns);
-              const matchedOwners = effective.users;
-              const matchedTeams = effective.teams;
-              const matchedFileCount = effective.matchedFileCount;
+              for (const line of codeownersLines) {
+                const parts = line.split(/\s+/);
+                if (parts.length < 2) continue;
+
+                const pattern = parts[0];
+                const owners = parts.slice(1);
+
+                // Use robust glob-to-regex conversion
+                const regex = globToRegex(pattern);
+                codeownersPatterns.push({ pattern, regex, owners });
+              }
+
+              console.log(`Parsed ${codeownersPatterns.length} codeowner patterns`);
+
+              // Match changed files against CODEOWNERS patterns
+              const matchedOwners = new Set();
+              const matchedTeams = new Set();
+              const fileMatches = new Map(); // Track which files matched which patterns
+
+              for (const file of changedFiles) {
+                for (const { pattern, regex, owners } of codeownersPatterns) {
+                  if (regex.test(file)) {
+                    console.log(`File '${file}' matches pattern '${pattern}' with owners: ${owners.join(', ')}`);
+
+                    if (!fileMatches.has(file)) {
+                      fileMatches.set(file, []);
+                    }
+                    fileMatches.get(file).push({ pattern, owners });
+
+                    // Add owners to the appropriate set (remove @ prefix)
+                    for (const owner of owners) {
+                      const cleanOwner = owner.startsWith('@') ? owner.slice(1) : owner;
+                      if (cleanOwner.includes('/')) {
+                        // Team mention (org/team-name)
+                        const teamName = cleanOwner.split('/')[1];
+                        matchedTeams.add(teamName);
+                      } else {
+                        // Individual user
+                        matchedOwners.add(cleanOwner);
+                      }
+                    }
+                  }
+                }
+              }

              if (matchedOwners.size === 0 && matchedTeams.size === 0) {
                console.log('No codeowners found for any changed files');
@@ -134,14 +170,11 @@ jobs:
              }

              // Check for completed reviews to avoid re-requesting users who have already reviewed
-              const reviews = await github.paginate(
-                github.rest.pulls.listReviews,
-                {
-                  owner,
-                  repo,
-                  pull_number: pr_number
-                }
-              );
+              const { data: reviews } = await github.rest.pulls.listReviews({
+                owner,
+                repo,
+                pull_number: pr_number
+              });

              const reviewedUsers = new Set();
              reviews.forEach(review => {
@@ -214,7 +247,7 @@ jobs:
              }

              const totalReviewers = reviewersList.length + teamsList.length;
-              console.log(`Requesting reviews from ${reviewersList.length} users and ${teamsList.length} teams for ${matchedFileCount} matched files`);
+              console.log(`Requesting reviews from ${reviewersList.length} users and ${teamsList.length} teams for ${fileMatches.size} matched files`);

              // Request reviews
              try {
@@ -246,7 +279,7 @@ jobs:

                // Only add a comment if there are new codeowners to mention (not previously pinged)
                if (reviewersList.length > 0 || teamsList.length > 0) {
-                  const commentBody = createCommentBody(reviewersList, teamsList, matchedFileCount, true);
+                  const commentBody = createCommentBody(reviewersList, teamsList, fileMatches.size, true);

                  await github.rest.issues.createComment({
                    owner,
@@ -264,7 +297,7 @@ jobs:

                  // Only try to add a comment if there are new codeowners to mention
                  if (reviewersList.length > 0 || teamsList.length > 0) {
-                    const commentBody = createCommentBody(reviewersList, teamsList, matchedFileCount, false);
+                    const commentBody = createCommentBody(reviewersList, teamsList, fileMatches.size, false);

                    try {
                      await github.rest.issues.createComment({
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -16,9 +16,6 @@ on:
  schedule:
    - cron: "30 18 * * 4"

-# Deny by default; the analyze job opts in to exactly what it needs.
-permissions: {}
-
 jobs:
  analyze:
    name: Analyze (${{ matrix.language }})
@@ -29,10 +26,15 @@ jobs:
    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
    permissions:
-      security-events: write  # upload CodeQL SARIF results to the Code Scanning API
-      packages: read          # fetch internal or private CodeQL query packs
-      actions: read           # required by codeql-action when run from a private repo
-      contents: read          # actions/checkout to scan the repository
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read

    strategy:
      fail-fast: false
@@ -52,11 +54,11 @@ jobs:
            # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
    steps:
      - name: Checkout repository
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
        with:
          languages: ${{ matrix.language }}
          build-mode: ${{ matrix.build-mode }}
@@ -84,6 +86,6 @@ jobs:
          exit 1

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
        with:
          category: "/language:${{matrix.language}}"
--- a/.github/workflows/dashboard-deprecation-comment.yml
+++ b/.github/workflows/dashboard-deprecation-comment.yml
@@ -1,119 +0,0 @@
-name: Add Dashboard Deprecation Comment
-
-on:
-  pull_request_target:
-    types: [opened, synchronize]
-
-# All API calls (pulls.listFiles + issues.{list,create,update}Comment) are performed with
-# the App token minted below, so the workflow's GITHUB_TOKEN does not need any scopes.
-permissions: {}
-
-jobs:
-  dashboard-deprecation-comment:
-    name: Dashboard deprecation comment
-    runs-on: ubuntu-latest
-    # Release-bump PRs (bump-X.Y.Z -> beta, beta -> release) inevitably
-    # roll up everything merged into dev since the last cut, which can
-    # include dashboard changes that have already been reviewed once.
-    # The bot's purpose is to warn new contributors before they invest
-    # time -- that only applies to PRs entering dev.
-    if: github.event.pull_request.base.ref == 'dev'
-    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # pulls.listFiles + issues.{list,create,update}Comment on PRs. For PR resources
-          # the issues.*Comment APIs require the pull-requests scope, not issues.
-          permission-pull-requests: write
-
-      - name: Add dashboard deprecation comment
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
-          script: |
-            const commentMarker = "<!-- This comment was generated automatically by the dashboard-deprecation-comment workflow. -->";
-
-            const commentBody = `Thanks for opening this PR!
-
-            Heads up: the legacy ESPHome dashboard (\`esphome/dashboard/\` and \`tests/dashboard/\`) is **deprecated** and is being replaced by [ESPHome Device Builder](https://github.com/esphome/device-builder). We are not adding new features to the legacy dashboard and it will eventually be removed from this repository.
-
-            What this means for your PR:
-
-            - **New features / enhancements**: please port the change to [esphome/device-builder](https://github.com/esphome/device-builder) instead. We are unlikely to review or merge new dashboard features here.
-            - **Bug fixes**: small fixes may still be considered, but please check first whether the same issue exists in Device Builder, where the fix will have a longer life.
-            - **Security issues**: please do not file a public PR. Report privately via [GitHub security advisories](https://github.com/esphome/esphome/security/advisories/new) so we can coordinate a fix.
-
-            We appreciate the contribution and apologize for the friction; flagging this early so your time isn't spent on a change that may not land.
-
-            ---
-            (Added by the PR bot)
-
-            ${commentMarker}`;
-
-            async function getDashboardChanges(github, owner, repo, prNumber) {
-                const changedFiles = await github.paginate(
-                    github.rest.pulls.listFiles,
-                    {
-                        owner: owner,
-                        repo: repo,
-                        pull_number: prNumber,
-                        per_page: 100,
-                    }
-                );
-
-                return changedFiles.filter(file =>
-                    file.filename.startsWith('esphome/dashboard/') ||
-                    file.filename.startsWith('tests/dashboard/')
-                );
-            }
-
-            async function findBotComment(github, owner, repo, prNumber) {
-                const comments = await github.paginate(
-                    github.rest.issues.listComments,
-                    {
-                        owner: owner,
-                        repo: repo,
-                        issue_number: prNumber,
-                        per_page: 100,
-                    }
-                );
-
-                return comments.find(comment =>
-                    comment.body.includes(commentMarker) && comment.user.type === "Bot"
-                );
-            }
-
-            const prNumber = context.payload.pull_request.number;
-            const { owner, repo } = context.repo;
-
-            const dashboardChanges = await getDashboardChanges(github, owner, repo, prNumber);
-            const existingComment = await findBotComment(github, owner, repo, prNumber);
-
-            if (dashboardChanges.length === 0) {
-                // PR doesn't (or no longer) touches the legacy dashboard. If we previously
-                // commented (e.g. files were removed in a later push), leave the comment in
-                // place for history rather than thrash on edit/delete.
-                return;
-            }
-
-            if (existingComment) {
-                if (existingComment.body === commentBody) {
-                    return;
-                }
-                await github.rest.issues.updateComment({
-                    owner: owner,
-                    repo: repo,
-                    comment_id: existingComment.id,
-                    body: commentBody,
-                });
-            } else {
-                await github.rest.issues.createComment({
-                    owner: owner,
-                    repo: repo,
-                    issue_number: prNumber,
-                    body: commentBody,
-                });
-            }
--- a/.github/workflows/external-component-bot.yml
+++ b/.github/workflows/external-component-bot.yml
@@ -4,29 +4,20 @@ on:
  pull_request_target:
    types: [opened, synchronize]

-# All API calls (pulls.listFiles + issues.{list,create,update}Comment) are performed with
-# the App token minted below, so the workflow's GITHUB_TOKEN does not need any scopes.
-permissions: {}
+permissions:
+  contents: read       #  Needed to fetch PR details
+  issues: write        #  Needed to create and update comments (PR comments are managed via the issues REST API)
+  pull-requests: write  # also needed?

 jobs:
  external-comment:
    name: External component comment
    runs-on: ubuntu-latest
    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # pulls.listFiles + issues.{list,create,update}Comment on PRs. For PR resources
-          # the issues.*Comment APIs require the pull-requests scope, not issues.
-          permission-pull-requests: write
-
      - name: Add external component comment
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
-          github-token: ${{ steps.generate-token.outputs.token }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            // Generate external component usage instructions
            function generateExternalComponentInstructions(prNumber, componentNames, owner, repo) {
--- a/.github/workflows/issue-codeowner-notify.yml
+++ b/.github/workflows/issue-codeowner-notify.yml
@@ -9,8 +9,8 @@ on:
    types: [labeled]

 permissions:
-  issues: write   # issues.createComment to mention component codeowners on the newly labelled issue
-  contents: read  # repos.getContent to fetch CODEOWNERS from the default branch
+  issues: write
+  contents: read

 jobs:
  notify-codeowners:
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Notify codeowners for component issues
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
            const owner = context.repo.owner;
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -6,12 +6,6 @@ on:
    - cron: "30 0 * * *"  # Run daily at 00:30 UTC
  workflow_dispatch:

-# Deny by default; the lock job opts in to exactly what the reusable workflow needs.
-permissions: {}
-
 jobs:
  lock:
-    permissions:
-      issues: write         # issues.lock on closed issues
-      pull-requests: write  # issues.lock on closed pull requests
-    uses: esphome/workflows/.github/workflows/lock.yml@025a1e6255610c498ed590403b7e510b69e474df  # 2026.4.1
+    uses: esphome/workflows/.github/workflows/lock.yml@main
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -1,98 +0,0 @@
-name: PR Title Check
-
-on:
-  pull_request:
-    types: [opened, edited, synchronize, reopened]
-    branches-ignore:
-      - release
-      - beta
-
-permissions:
-  contents: read       # actions/checkout to load detect-tags.js
-  pull-requests: read  # pulls.listFiles to map changed files to component/core/dashboard/ci tags
-
-jobs:
-  check:
-    name: Validate PR title
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
-
-      - uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
-        with:
-          script: |
-            const {
-              detectComponents,
-              hasCoreChanges,
-              hasDashboardChanges,
-              hasGitHubActionsChanges,
-            } = require('./.github/scripts/detect-tags.js');
-
-            const title = context.payload.pull_request.title;
-            const user = context.payload.pull_request.user;
-
-            // Skip bot PRs (e.g. dependabot, esphome[bot] device-class sync) -
-            // they have their own title formats.
-            if (user.type === 'Bot') {
-              return;
-            }
-
-            // Block titles starting with "word:" or "word(scope):" patterns
-            const commitStylePattern = /^\w+(\(.*?\))?[!]?\s*:/;
-            if (commitStylePattern.test(title)) {
-              core.setFailed(
-                `PR title should not start with a "prefix:" style format.\n` +
-                `Please use the format: [component] Brief description\n`
-              );
-              return;
-            }
-
-            // Get changed files to detect tags
-            const files = await github.paginate(github.rest.pulls.listFiles, {
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              pull_number: context.issue.number,
-            });
-            const filenames = files.map(f => f.filename);
-
-            // Detect tags from changed files using shared logic
-            const tags = new Set();
-
-            for (const comp of detectComponents(filenames)) {
-              tags.add(comp);
-            }
-            if (hasCoreChanges(filenames)) tags.add('core');
-            if (hasDashboardChanges(filenames)) tags.add('dashboard');
-            if (hasGitHubActionsChanges(filenames)) tags.add('ci');
-
-            if (tags.size === 0) {
-              return;
-            }
-
-            // Check for MDX syntax characters not wrapped in backticks.
-            // Astro docs MDX treats bare `<` as JSX component opening tags and
-            // bare `{` as JS expressions, so both must be escaped in changelog entries.
-            const stripped = title.replace(/`[^`]*`/g, '');
-            if (/[<>{}]/.test(stripped)) {
-              core.setFailed(
-                'PR title contains `<`, `>`, `{`, or `}` not wrapped in backticks.\n' +
-                'Astro docs MDX interprets bare `<` as JSX components and bare `{` as JS expressions.\n' +
-                'Please wrap these characters with backticks, e.g.: [component] Add `<feature>` support'
-              );
-              return;
-            }
-
-            // Check title starts with [tag] prefix
-            const bracketPattern = /^\[\w+\]/;
-            if (!bracketPattern.test(title)) {
-              const suggestion = [...tags].map(c => `[${c}]`).join('');
-              // Skip if the suggested prefix would be too long for a readable title
-              if (suggestion.length > 40) {
-                return;
-              }
-              core.setFailed(
-                `PR modifies: ${[...tags].join(', ')}\n` +
-                `Title must start with a [tag] prefix.\n` +
-                `Suggested: ${suggestion} <description>`
-              );
-            }
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -9,7 +9,7 @@ on:
    - cron: "0 2 * * *"

 permissions:
-  contents: read  # actions/checkout for all jobs; deploy jobs add their own scopes when they need to write
+  contents: read

 jobs:
  init:
@@ -20,7 +20,7 @@ jobs:
      branch_build: ${{ steps.tag.outputs.branch_build }}
      deploy_env: ${{ steps.tag.outputs.deploy_env }}
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Get tag
        id: tag
        # yamllint disable rule:line-length
@@ -57,12 +57,12 @@ jobs:
    if: github.repository == 'esphome/esphome' && github.event_name == 'release'
    runs-on: ubuntu-latest
    permissions:
-      contents: read   # actions/checkout to build the sdist/wheel
-      id-token: write  # OIDC token for PyPI Trusted Publishing (pypa/gh-action-pypi-publish)
+      contents: read
+      id-token: write
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
        with:
          python-version: "3.x"
      - name: Build
@@ -70,7 +70,7 @@ jobs:
          pip3 install build
          python3 -m build
      - name: Publish
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
        with:
          skip-existing: true

@@ -78,8 +78,8 @@ jobs:
    name: Build ESPHome ${{ matrix.platform.arch }}
    if: github.repository == 'esphome/esphome'
    permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # docker/login-action + build-push-action push image digests to ghcr.io
+      contents: read
+      packages: write
    runs-on: ${{ matrix.platform.os }}
    needs: [init]
    strategy:
@@ -92,22 +92,22 @@ jobs:
            os: "ubuntu-24.04-arm"

    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
        with:
          python-version: "3.11"

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to docker hub
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Log in to the GitHub container registry
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -138,7 +138,7 @@ jobs:
      #     version: ${{ needs.init.outputs.tag }}

      - name: Upload digests
-        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
        with:
          name: digests-${{ matrix.platform.arch }}
          path: /tmp/digests
@@ -152,8 +152,8 @@ jobs:
      - deploy-docker
    if: github.repository == 'esphome/esphome'
    permissions:
-      contents: read   # actions/checkout to load Dockerfile and build context
-      packages: write  # docker/login-action + build-push-action push image digests to ghcr.io
+      contents: read
+      packages: write
    strategy:
      fail-fast: false
      matrix:
@@ -168,27 +168,27 @@ jobs:
          - ghcr
          - dockerhub
    steps:
-      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

      - name: Download digests
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
        with:
          pattern: digests-*
          path: /tmp/digests
          merge-multiple: true

      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0

      - name: Log in to docker hub
        if: matrix.registry == 'dockerhub'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          username: ${{ secrets.DOCKER_USER }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Log in to the GitHub container registry
        if: matrix.registry == 'ghcr'
-        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
@@ -212,6 +212,72 @@ jobs:
          docker buildx imagetools create $(jq -Rcnr 'inputs | . / "," | map("-t " + .) | join(" ")' <<< "${{ steps.tags.outputs.tags}}") \
            $(printf '${{ steps.tags.outputs.image }}@sha256:%s ' *)

+  deploy-ha-addon-repo:
+    if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
+    runs-on: ubuntu-latest
+    needs:
+      - init
+      - deploy-manifest
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
+          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
+          owner: esphome
+          repositories: home-assistant-addon
+
+      - name: Trigger Workflow
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            let description = "ESPHome";
+            if (context.eventName == "release") {
+              description = ${{ toJSON(github.event.release.body) }};
+            }
+            github.rest.actions.createWorkflowDispatch({
+              owner: "esphome",
+              repo: "home-assistant-addon",
+              workflow_id: "bump-version.yml",
+              ref: "main",
+              inputs: {
+                version: "${{ needs.init.outputs.tag }}",
+                content: description
+              }
+            })
+
+  deploy-esphome-schema:
+    if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
+    runs-on: ubuntu-latest
+    needs: [init]
+    environment: ${{ needs.init.outputs.deploy_env }}
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        with:
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
+          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
+          owner: esphome
+          repositories: esphome-schema
+
+      - name: Trigger Workflow
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        with:
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            github.rest.actions.createWorkflowDispatch({
+              owner: "esphome",
+              repo: "esphome-schema",
+              workflow_id: "generate-schemas.yml",
+              ref: "main",
+              inputs: {
+                version: "${{ needs.init.outputs.tag }}",
+              }
+            })
+
  version-notifier:
    if: github.repository == 'esphome/esphome' && needs.init.outputs.branch_build == 'false'
    runs-on: ubuntu-latest
@@ -221,20 +287,19 @@ jobs:
    steps:
      - name: Generate a token
        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
+          app-id: ${{ secrets.ESPHOME_GITHUB_APP_ID }}
          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
          owner: esphome
          repositories: version-notifier
-          permission-actions: write  # actions.createWorkflowDispatch on the target repo (only API call made with this token)

      - name: Trigger Workflow
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ steps.generate-token.outputs.token }}
          script: |
-            await github.rest.actions.createWorkflowDispatch({
+            github.rest.actions.createWorkflowDispatch({
              owner: "esphome",
              repo: "version-notifier",
              workflow_id: "notify.yml",
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -7,8 +7,8 @@ on:
  workflow_dispatch:

 permissions:
-  issues: write         # actions/stale labels, comments on, and closes stale issues
-  pull-requests: write  # actions/stale labels, comments on, and closes stale pull requests
+  issues: write
+  pull-requests: write

 concurrency:
  group: lock
@@ -19,7 +19,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Stale
-        uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
+        uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
        with:
          debug-only: ${{ github.ref != 'refs/heads/dev' }} # Dry-run when not run on dev branch
          remove-stale-when-updated: true
--- a/.github/workflows/status-check-labels.yml
+++ b/.github/workflows/status-check-labels.yml
@@ -2,32 +2,30 @@ name: Status check labels

 on:
  pull_request:
-    types: [opened, reopened, labeled, unlabeled, synchronize]
-
-permissions:
-  pull-requests: read  # issues.listLabelsOnIssue to detect blocking labels (needs-docs, merge-after-release, chained-pr)
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
-  cancel-in-progress: true
+    types: [labeled, unlabeled]

 jobs:
  check:
-    name: Check blocking labels
+    name: Check ${{ matrix.label }}
    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        label:
+          - needs-docs
+          - merge-after-release
+          - chained-pr
    steps:
-      - name: Check for blocking labels
-        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
+      - name: Check for ${{ matrix.label }} label
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          script: |
-            const blockingLabels = ['needs-docs', 'merge-after-release', 'chained-pr'];
            const { data: labels } = await github.rest.issues.listLabelsOnIssue({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number
            });
-            const labelNames = labels.map(l => l.name);
-            const found = blockingLabels.filter(bl => labelNames.includes(bl));
-            if (found.length > 0) {
-              core.setFailed(`Pull request cannot be merged, it has blocking label(s): ${found.join(', ')}`);
+            const hasLabel = labels.find(label => label.name === '${{ matrix.label }}');
+            if (hasLabel) {
+              core.setFailed('Pull request cannot be merged, it is labeled as ${{ matrix.label }}');
            }
--- a/.github/workflows/sync-device-classes.yml
+++ b/.github/workflows/sync-device-classes.yml
@@ -6,94 +6,42 @@ on:
  schedule:
    - cron: "45 6 * * *"

-# Repo writes (branch push, PR open) happen via the App token minted below,
-# so the workflow's GITHUB_TOKEN does not need any write scopes.
-permissions:
-  contents: read  # actions/checkout for this repo and home-assistant/core
-
 jobs:
  sync:
    name: Sync Device Classes
    runs-on: ubuntu-latest
    if: github.repository == 'esphome/esphome'
    steps:
-      - name: Generate a token
-        id: generate-token
-        uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
-        with:
-          client-id: ${{ vars.ESPHOME_GITHUB_APP_CLIENT_ID }}
-          private-key: ${{ secrets.ESPHOME_GITHUB_APP_PRIVATE_KEY }}
-          # Scope the minted App token to the minimum needed by peter-evans/create-pull-request.
-          permission-contents: write       # git.createCommit + refs.create/update to push the sync/device-classes branch
-          permission-pull-requests: write  # pulls.create / pulls.update to open or refresh the sync PR
-
      - name: Checkout
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

      - name: Checkout Home Assistant
-        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
        with:
          repository: home-assistant/core
          path: lib/home-assistant

      - name: Setup Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
        with:
-          python-version: "3.14"
-
-      - name: Set up uv
-        # An order of magnitude faster than pip on cold boots, with its
-        # own wheel cache. ``--system`` (below) installs into the
-        # setup-python interpreter so subsequent ``pre-commit`` /
-        # ``script/run-in-env.py`` steps find the deps without a
-        # ``uv run`` prefix.
-        uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
-        with:
-          enable-cache: true
-          # Pin uv version so the action does not have to fetch the
-          # manifest from raw.githubusercontent.com on every cache
-          # miss; that fetch flakes on Windows runners.
-          version: "0.11.15"
+          python-version: 3.13

      - name: Install Home Assistant
        run: |
-          uv pip install --system -e lib/home-assistant
-          uv pip install --system -r requirements.txt -r requirements_test.txt pre-commit
+          python -m pip install --upgrade pip
+          pip install -e lib/home-assistant
+          pip install -r requirements_test.txt pre-commit

      - name: Sync
        run: |
          python ./script/sync-device_class.py

-      - name: Apply pre-commit auto-fixes
-        # First pass: let formatters (ruff, end-of-file-fixer, etc.) modify
-        # files. pre-commit exits non-zero whenever a hook touches anything,
-        # which would otherwise abort the workflow before the auto-fixes
-        # can flow into the sync PR.
-        #
-        # SKIP:
-        #   - no-commit-to-branch is a local guard against committing on
-        #     dev/release/beta; CI runs on dev by definition, and
-        #     peter-evans/create-pull-request creates the branch itself.
-        #   - pylint surfaces import-error / relative-beyond-top-level
-        #     noise here because this workflow installs only a subset of
-        #     the runtime deps (HA + requirements*.txt); main CI already
-        #     gates pylint on real PRs.
-        env:
-          SKIP: pylint,no-commit-to-branch
-        run: python script/run-in-env.py pre-commit run --all-files || true
-
-      - name: Verify pre-commit clean
-        # Second pass: re-run all hooks against the now-fixed tree.
-        # Auto-fixers exit 0 (nothing to change); any remaining failure
-        # from a check-only hook (flake8 / yamllint / ci-custom) is a
-        # real issue and fails the workflow loudly. Same SKIP list as
-        # above for the same reasons.
-        env:
-          SKIP: pylint,no-commit-to-branch
-        run: python script/run-in-env.py pre-commit run --all-files
+      - name: Run pre-commit hooks
+        run: |
+          python script/run-in-env.py pre-commit run --all-files

      - name: Commit changes
-        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
        with:
          commit-message: "Synchronise Device Classes from Home Assistant"
          committer: esphomebot <esphome@openhomefoundation.org>
@@ -102,4 +50,4 @@ jobs:
          delete-branch: true
          title: "Synchronise Device Classes from Home Assistant"
          body-path: .github/PULL_REQUEST_TEMPLATE.md
-          token: ${{ steps.generate-token.outputs.token }}
+          token: ${{ secrets.DEVICE_CLASS_SYNC_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -141,12 +141,10 @@ tests/.esphome/

 sdkconfig.*
 !sdkconfig.defaults
-!sdkconfig.defaults.*

 .tests/

 /components
 /managed_components
-/dependencies.lock

 api-docs/
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -6,12 +6,12 @@ ci:
  autoupdate_commit_msg: 'pre-commit: autoupdate'
  autoupdate_schedule: off  # Disabled until ruff versions are synced between deps and pre-commit
  # Skip hooks that have issues in pre-commit CI environment
-  skip: [pylint]
+  skip: [pylint, clang-tidy-hash]

 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    # Ruff version.
-    rev: v0.15.15
+    rev: v0.14.13
    hooks:
      # Run the linter.
      - id: ruff
@@ -37,7 +37,7 @@ repos:
      - id: end-of-file-fixer
      - id: trailing-whitespace
  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.21.2
+    rev: v3.20.0
    hooks:
      - id: pyupgrade
        args: [--py311-plus]
@@ -55,11 +55,13 @@ repos:
    hooks:
      - id: pylint
        name: pylint
-        entry: python script/run-in-env.py pylint
+        entry: python3 script/run-in-env.py pylint
        language: system
        types: [python]
-        files: ^esphome/.+\.py$
-      - id: ci-custom
-        name: ci-custom
-        entry: python script/run-in-env.py script/ci-custom.py
-        language: system
+      - id: clang-tidy-hash
+        name: Update clang-tidy hash
+        entry: python script/clang_tidy_hash.py --update-if-changed
+        language: python
+        files: ^(\.clang-tidy|platformio\.ini|requirements_dev\.txt)$
+        pass_filenames: false
+        additional_dependencies: []
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -1 +1 @@
-AGENTS.md
+.ai/instructions.md
--- a/52
+++ b/52
@@ -19,6 +19,7 @@ esphome/components/ac_dimmer/* @glmnet
 esphome/components/adc/* @esphome/core
 esphome/components/adc128s102/* @DeerMaximum
 esphome/components/addressable_light/* @justfalter
+esphome/components/ade7880/* @kpfleming
 esphome/components/ade7953/* @angelnu
 esphome/components/ade7953_base/* @angelnu
 esphome/components/ade7953_i2c/* @angelnu
@@ -27,7 +28,7 @@ esphome/components/ads1118/* @solomondg1
 esphome/components/ags10/* @mak-42
 esphome/components/aic3204/* @kbx81
 esphome/components/airthings_ble/* @jeromelaban
-esphome/components/airthings_wave_base/* @jeromelaban @ncareau
+esphome/components/airthings_wave_base/* @jeromelaban @kpfleming @ncareau
 esphome/components/airthings_wave_mini/* @ncareau
 esphome/components/airthings_wave_plus/* @jeromelaban @precurse
 esphome/components/alarm_control_panel/* @grahambrown11 @hwstar
@@ -53,9 +54,6 @@ esphome/components/atm90e32/* @circuitsetup @descipher
 esphome/components/audio/* @kahrendt
 esphome/components/audio_adc/* @kbx81
 esphome/components/audio_dac/* @kbx81
-esphome/components/audio_file/* @kahrendt
-esphome/components/audio_file/media_source/* @kahrendt
-esphome/components/audio_http/* @kahrendt
 esphome/components/axs15231/* @clydebarrow
 esphome/components/b_parasite/* @rbaron
 esphome/components/ballu/* @bazuchan
@@ -83,7 +81,6 @@ esphome/components/bme680_bsec/* @trvrnrth
 esphome/components/bme68x_bsec2/* @kbx81 @neffs
 esphome/components/bme68x_bsec2_i2c/* @kbx81 @neffs
 esphome/components/bmi160/* @flaviut
-esphome/components/bmi270/* @clydebarrow
 esphome/components/bmp280_base/* @ademuri
 esphome/components/bmp280_i2c/* @ademuri
 esphome/components/bmp280_spi/* @ademuri
@@ -91,9 +88,7 @@ esphome/components/bmp3xx/* @latonita
 esphome/components/bmp3xx_base/* @latonita @martgras
 esphome/components/bmp3xx_i2c/* @latonita
 esphome/components/bmp3xx_spi/* @latonita
-esphome/components/bmp581_base/* @danielkent-net @kahrendt
-esphome/components/bmp581_i2c/* @danielkent-net @kahrendt
-esphome/components/bmp581_spi/* @danielkent-net @kahrendt
+esphome/components/bmp581/* @kahrendt
 esphome/components/bp1658cj/* @Cossid
 esphome/components/bp5758d/* @Cossid
 esphome/components/bthome_mithermometer/* @nagyrobi
@@ -108,7 +103,6 @@ esphome/components/cc1101/* @gabest11 @lygris
 esphome/components/ccs811/* @habbie
 esphome/components/cd74hc4067/* @asoehlke
 esphome/components/ch422g/* @clydebarrow @jesterret
-esphome/components/ch423/* @dwmw2
 esphome/components/chsc6x/* @kkosik20
 esphome/components/climate/* @esphome/core
 esphome/components/climate_ir/* @glmnet
@@ -134,22 +128,19 @@ esphome/components/dashboard_import/* @esphome/core
 esphome/components/datetime/* @jesserockz @rfdarter
 esphome/components/debug/* @esphome/core
 esphome/components/delonghi/* @grob6000
-esphome/components/dew_point/* @CFlix
 esphome/components/dfplayer/* @glmnet
 esphome/components/dfrobot_sen0395/* @niklasweber
 esphome/components/dht/* @OttoWinter
 esphome/components/display_menu_base/* @numo68
-esphome/components/dlms_meter/* @latonita @PolarGoose @SimonFischer04 @Tomer27cz
 esphome/components/dps310/* @kbx81
 esphome/components/ds1307/* @badbadc0ffee
 esphome/components/ds2484/* @mrk-its
-esphome/components/dsmr/* @glmnet @PolarGoose
+esphome/components/dsmr/* @glmnet @PolarGoose @zuidwijk
 esphome/components/duty_time/* @dudanov
 esphome/components/ee895/* @Stock-M
 esphome/components/ektf2232/touchscreen/* @jesserockz
 esphome/components/emc2101/* @ellull
 esphome/components/emmeti/* @E440QF
-esphome/components/emontx/* @FredM67 @glynhudson @TrystanLea
 esphome/components/ens160/* @latonita
 esphome/components/ens160_base/* @latonita @vincentscode
 esphome/components/ens160_i2c/* @latonita
@@ -219,8 +210,6 @@ esphome/components/hbridge/light/* @DotNetDann
 esphome/components/hbridge/switch/* @dwmw2
 esphome/components/hc8/* @omartijn
 esphome/components/hdc2010/* @optimusprimespace @ssieb
-esphome/components/hdc2080/* @G-Pereira @jesserockz
-esphome/components/hdc302x/* @joshuasing
 esphome/components/he60r/* @clydebarrow
 esphome/components/heatpumpir/* @rob-deutsch
 esphome/components/hitachi_ac424/* @sourabhjaiswal
@@ -248,6 +237,7 @@ esphome/components/hyt271/* @Philippe12
 esphome/components/i2c/* @esphome/core
 esphome/components/i2c_device/* @gabest11
 esphome/components/i2s_audio/* @jesserockz
+esphome/components/i2s_audio/media_player/* @jesserockz
 esphome/components/i2s_audio/microphone/* @jesserockz
 esphome/components/i2s_audio/speaker/* @jesserockz @kahrendt
 esphome/components/iaqcore/* @yozik04
@@ -291,7 +281,6 @@ esphome/components/lock/* @esphome/core
 esphome/components/logger/* @esphome/core
 esphome/components/logger/select/* @clydebarrow
 esphome/components/lps22/* @nagisa
-esphome/components/lsm6ds/* @clydebarrow
 esphome/components/ltr390/* @latonita @sjtrny
 esphome/components/ltr501/* @latonita
 esphome/components/ltr_als_ps/* @latonita
@@ -323,7 +312,6 @@ esphome/components/mcp9808/* @k7hpn
 esphome/components/md5/* @esphome/core
 esphome/components/mdns/* @esphome/core
 esphome/components/media_player/* @jesserockz
-esphome/components/media_source/* @kahrendt
 esphome/components/micro_wake_word/* @jesserockz @kahrendt
 esphome/components/micronova/* @edenhaus @jorre05
 esphome/components/microphone/* @jesserockz @kahrendt
@@ -334,7 +322,6 @@ esphome/components/mipi_dsi/* @clydebarrow
 esphome/components/mipi_rgb/* @clydebarrow
 esphome/components/mipi_spi/* @clydebarrow
 esphome/components/mitsubishi/* @RubyBailey
-esphome/components/mitsubishi_cn105/* @crnjan
 esphome/components/mixer/speaker/* @kahrendt
 esphome/components/mlx90393/* @functionpointer
 esphome/components/mlx90614/* @jesserockz
@@ -348,11 +335,9 @@ esphome/components/modbus_controller/select/* @martgras @stegm
 esphome/components/modbus_controller/sensor/* @martgras
 esphome/components/modbus_controller/switch/* @martgras
 esphome/components/modbus_controller/text_sensor/* @martgras
-esphome/components/modbus_server/* @exciton
 esphome/components/mopeka_ble/* @Fabian-Schmidt @spbrogan
 esphome/components/mopeka_pro_check/* @spbrogan
 esphome/components/mopeka_std_check/* @Fabian-Schmidt
-esphome/components/motion/* @esphome/core
 esphome/components/mpl3115a2/* @kbickar
 esphome/components/mpu6886/* @fabaff
 esphome/components/ms8607/* @e28eta
@@ -381,7 +366,6 @@ esphome/components/pca6416a/* @Mat931
 esphome/components/pca9554/* @bdraco @clydebarrow @hwstar
 esphome/components/pcf85063/* @brogon
 esphome/components/pcf8563/* @KoenBreeman
-esphome/components/pcm5122/* @remcom
 esphome/components/pi4ioe5v6408/* @jesserockz
 esphome/components/pid/* @OttoWinter
 esphome/components/pipsolar/* @andreashergert1984
@@ -408,7 +392,6 @@ esphome/components/qmp6988/* @andrewpc
 esphome/components/qr_code/* @wjtje
 esphome/components/qspi_dbi/* @clydebarrow
 esphome/components/qwiic_pir/* @kahrendt
-esphome/components/radio_frequency/* @kbx81
 esphome/components/radon_eye_ble/* @jeffeb3
 esphome/components/radon_eye_rd200/* @jeffeb3
 esphome/components/rc522/* @glmnet
@@ -419,16 +402,12 @@ esphome/components/resampler/speaker/* @kahrendt
 esphome/components/restart/* @esphome/core
 esphome/components/rf_bridge/* @jesserockz
 esphome/components/rgbct/* @jesserockz
-esphome/components/ring_buffer/* @kahrendt
-esphome/components/router/speaker/* @kahrendt
 esphome/components/rp2040/* @jesserockz
-esphome/components/rp2040_ble/* @bdraco
 esphome/components/rp2040_pio_led_strip/* @Papa-DMan
 esphome/components/rp2040_pwm/* @jesserockz
 esphome/components/rpi_dpi_rgb/* @clydebarrow
 esphome/components/rtl87xx/* @kuba2k2
-esphome/components/rtttl/* @glmnet @ximex
-esphome/components/runtime_image/* @clydebarrow @guillempages @kahrendt
+esphome/components/rtttl/* @glmnet
 esphome/components/runtime_stats/* @bdraco
 esphome/components/rx8130/* @beormund
 esphome/components/safe_mode/* @jsuanet @kbx81 @paulmonigatti
@@ -445,15 +424,8 @@ esphome/components/select/* @esphome/core
 esphome/components/sen0321/* @notjj
 esphome/components/sen21231/* @shreyaskarnik
 esphome/components/sen5x/* @martgras
-esphome/components/sen6x/* @martgras @mebner86 @tuct
-esphome/components/sendspin/* @kahrendt
-esphome/components/sendspin/media_player/* @kahrendt
-esphome/components/sendspin/media_source/* @kahrendt
-esphome/components/sendspin/sensor/* @kahrendt
-esphome/components/sendspin/text_sensor/* @kahrendt
 esphome/components/sensirion_common/* @martgras
 esphome/components/sensor/* @esphome/core
-esphome/components/serial_proxy/* @kbx81
 esphome/components/sfa30/* @ghsensdev
 esphome/components/sgp40/* @SenexCrenshaw
 esphome/components/sgp4x/* @martgras @SenexCrenshaw
@@ -474,12 +446,8 @@ esphome/components/sn74hc165/* @jesserockz
 esphome/components/socket/* @esphome/core
 esphome/components/sonoff_d1/* @anatoly-savchenkov
 esphome/components/sound_level/* @kahrendt
-esphome/components/spa06_base/* @danielkent-net
-esphome/components/spa06_i2c/* @danielkent-net
-esphome/components/spa06_spi/* @danielkent-net
 esphome/components/speaker/* @jesserockz @kahrendt
 esphome/components/speaker/media_player/* @kahrendt @synesthesiam
-esphome/components/speaker_source/* @kahrendt
 esphome/components/spi/* @clydebarrow @esphome/core
 esphome/components/spi_device/* @clydebarrow
 esphome/components/spi_led_strip/* @clydebarrow
@@ -513,7 +481,6 @@ esphome/components/switch/* @esphome/core
 esphome/components/switch/binary_sensor/* @ssieb
 esphome/components/sx126x/* @swoboda1337
 esphome/components/sx127x/* @swoboda1337
-esphome/components/sy6970/* @linkedupbits
 esphome/components/syslog/* @clydebarrow
 esphome/components/t6615/* @tylermenezes
 esphome/components/tc74/* @sethgirvan
@@ -561,8 +528,7 @@ esphome/components/uart/packet_transport/* @clydebarrow
 esphome/components/udp/* @clydebarrow
 esphome/components/ufire_ec/* @pvizeli
 esphome/components/ufire_ise/* @pvizeli
-esphome/components/ufm01/* @ljungqvist
-esphome/components/ultrasonic/* @ssieb @swoboda1337
+esphome/components/ultrasonic/* @OttoWinter
 esphome/components/update/* @jesserockz
 esphome/components/uponor_smatrix/* @kroimon
 esphome/components/usb_cdc_acm/* @kbx81
@@ -599,7 +565,6 @@ esphome/components/wk2212_spi/* @DrCoolZic
 esphome/components/wl_134/* @hobbypunk90
 esphome/components/wts01/* @alepee
 esphome/components/x9c/* @EtienneMD
-esphome/components/xdb401/* @RT530
 esphome/components/xgzp68xx/* @gcormier
 esphome/components/xiaomi_hhccjcy10/* @fariouche
 esphome/components/xiaomi_lywsd02mmc/* @juanluss31
@@ -612,8 +577,7 @@ esphome/components/xl9535/* @mreditor97
 esphome/components/xpt2046/touchscreen/* @nielsnl68 @numo68
 esphome/components/xxtea/* @clydebarrow
 esphome/components/zephyr/* @tomaszduda23
-esphome/components/zephyr_mcumgr/ota/* @tomaszduda23
 esphome/components/zhlt01/* @cfeenstra1024
-esphome/components/zigbee/* @luar123 @tomaszduda23
+esphome/components/zigbee/* @tomaszduda23
 esphome/components/zio_ultrasonic/* @kahrendt
 esphome/components/zwave_proxy/* @kbx81
--- a/2
+++ b/2
@@ -48,7 +48,7 @@ PROJECT_NAME           = ESPHome
 # could be handy for archiving the generated documentation or if some version
 # control system is used.

-PROJECT_NUMBER         = 2026.7.0-dev
+PROJECT_NUMBER         = 2026.2.0-dev

 # Using the PROJECT_BRIEF tag one can provide an optional one line description
 # for a project that appears at the top of each page and should give viewer a
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -1 +1 @@
-AGENTS.md
+.ai/instructions.md
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -4,5 +4,4 @@ include requirements.txt
 recursive-include esphome *.yaml
 recursive-include esphome *.cpp *.h *.tcc *.c
 recursive-include esphome *.py.script
-recursive-include esphome *.jinja
 recursive-include esphome LICENSE.txt
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# ESPHome [![Discord Chat](https://img.shields.io/discord/429907082951524364.svg)](https://discord.gg/KhAMKrd) [![GitHub release](https://img.shields.io/github/release/esphome/esphome.svg)](https://GitHub.com/esphome/esphome/releases/) [![CodSpeed](https://img.shields.io/endpoint?url=https://codspeed.io/badge.json)](https://codspeed.io/esphome/esphome)
+# ESPHome [![Discord Chat](https://img.shields.io/discord/429907082951524364.svg)](https://discord.gg/KhAMKrd) [![GitHub release](https://img.shields.io/github/release/esphome/esphome.svg)](https://GitHub.com/esphome/esphome/releases/)

 <a href="https://esphome.io/">
  <picture>
--- a/THREAT_MODEL.md
+++ b/THREAT_MODEL.md
@@ -1,104 +0,0 @@
-# ESPHome Threat Model
-
-This document defines the trust boundary for the **ESPHome** repository — the
-Python compiler/CLI and the device firmware it generates — so that real security
-bugs can be told apart from defense-in-depth improvements. It gives contributors,
-reviewers, and security researchers a clear answer to one question:
-**does this issue let an _unauthenticated_ attacker do something they shouldn't?**
-
-Related documents:
-
- Deployment guidance for operators:
-  https://esphome.io/guides/security_best_practices/
- The **Device Builder dashboard** (the web UI, its authentication, ingress,
-  Origin/Host gates, and peer-link pairing) lives in a separate repository and
-  has its own threat model. If your report concerns any of that, please read and
-  report there instead:
-  https://github.com/esphome/device-builder/blob/main/docs/THREAT_MODEL.md
-
-## The trust boundary
-
-For this repository there are two trusted inputs by design:
-
-1. **The configuration.** Anyone who can supply or edit a YAML config is trusted
-   (see below).
-2. **Authenticated peers of a running device** — clients holding the device's
-   API encryption key / password, OTA password, or web server credentials.
-
-The security boundary is therefore **unauthenticated network traffic vs. those
-trusted inputs.** A bug that lets an unauthenticated attacker cross it is a
-security bug.
-
-## Config authors are host-equivalent by design
-
-Anyone who can supply or edit a configuration is **trusted with full code
-execution on the host that runs `esphome`**, on purpose. This is what the product
-does, not a flaw. A config author can already, through fully supported features:
-
- Run arbitrary **Python** at validation/compile time via `external_components:`
-  (and other component-import mechanisms) — ESPHome imports those packages as
-  ordinary Python.
- Run arbitrary **shell** commands through the compile/validate/flash toolchain
-  that ESPHome invokes as subprocesses.
- Read and write arbitrary files reachable by the process (e.g. via `!include`,
-  `packages:`, `dashboard_import:`, and generated build output).
-
-Because of this, a malicious config author is equivalent to shell access on the
-host running the build.
-
-## What is *not* a security vulnerability
-
-If exploiting an issue requires the ability to supply or edit configuration, it
-is **not** a vulnerability in ESPHome, because that ability already grants host
-code execution. This explicitly includes, among others:
-
- Template / expression injection in substitutions or any YAML string value
-  (e.g. Jinja `${...}` evaluation reaching Python internals). This grants no
-  capability a config author lacks.
- `!include` / `packages:` / `dashboard_import:` reading or fetching content
-  from surprising or remote locations.
- The validator or compiler crashing or behaving unexpectedly on adversarial
-  YAML.
- ESPHome running as root in the official container — that is the documented
-  deployment posture, reachable by the same caller through the features above.
-
-These do not warrant a CVE or coordinated disclosure. Hardening in these areas
-(for example, sandboxing template evaluation as least-surprise defense-in-depth)
-is welcome as a normal enhancement PR, framed as cleanliness rather than a
-security fix — not as a vulnerability remediation.
-
-## What we do defend
-
-These *are* security bugs in this repo, and we want to hear about them privately:
-
- Memory-safety or protocol bugs in the generated **device firmware** that are
-  remotely triggerable over the network (native API, web server, OTA, BLE,
-  captive portal, etc.) **without** valid credentials.
- Authentication or encryption bypass on the device — reaching API calls, OTA
-  updates, or the web server without the configured key/password.
- Flaws that weaken the device's API encryption (Noise), OTA, or web server auth
-  below their documented guarantees.
-
-## Explicitly out of scope
-
- Local attackers who already have shell access on the host that runs `esphome`.
- Supply-chain attacks against ESPHome or its dependencies.
- Operator-supplied hostile YAML (covered above — config authoring is trusted).
- Attacks that require an already-authenticated device peer (someone who already
-  holds the API key / OTA / web credentials).
- Anything in the dashboard / device-builder — report that in its own repository
-  (linked at the top).
- The legacy bundled dashboard in this repo (`esphome/dashboard/`) — it is
-  deprecated and being replaced by Device Builder; report dashboard issues there.
- Deployments where the operator removed protections or exposed credentials. See
-  the security best practices guide:
-  https://esphome.io/guides/security_best_practices/
-
-## Reporting a vulnerability
-
-If you believe you've found an issue that crosses the unauthenticated boundary
-above, please report it privately via GitHub Security Advisories rather than a
-public issue. For issues that require config-write access, please review this
-document first — they are very likely out of scope by design. For dashboard /
-device-builder issues, report against that repository and consult its threat
-model (linked at the top).
--- a/codecov.yml
+++ b/codecov.yml
@@ -1,18 +0,0 @@
-coverage:
-  status:
-    patch:
-      default:
-        target: 100%
-        threshold: 0%
-    project:
-      default:
-        informational: true
-
-ignore:
-  - "esphome/components/**/*"
-  - "esphome/analyze_memory/**/*"
-  - "tests/integration/**/*"
-
-comment:
-  layout: "reach, diff, flags, files"
-  require_changes: true
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,29 +1,29 @@
 ARG BUILD_VERSION=dev
-ARG BUILD_BASE_VERSION=2026.06.0
+ARG BUILD_OS=alpine
+ARG BUILD_BASE_VERSION=2025.04.0
 ARG BUILD_TYPE=docker

-FROM ghcr.io/esphome/docker-base:debian-${BUILD_BASE_VERSION} AS base-source-docker
-FROM ghcr.io/esphome/docker-base:debian-ha-addon-${BUILD_BASE_VERSION} AS base-source-ha-addon
+FROM ghcr.io/esphome/docker-base:${BUILD_OS}-${BUILD_BASE_VERSION} AS base-source-docker
+FROM ghcr.io/esphome/docker-base:${BUILD_OS}-ha-addon-${BUILD_BASE_VERSION} AS base-source-ha-addon

 ARG BUILD_TYPE
 FROM base-source-${BUILD_TYPE} AS base

-RUN git config --system --add safe.directory "*" \
-    && git config --system advice.detachedHead false
+RUN git config --system --add safe.directory "*"

 # Install build tools for Python packages that require compilation
-# (e.g., ruamel.yaml.clib used by ESP-IDF's idf-component-manager).
-# Also install libusb-1.0 at runtime so the ESP-IDF tools installer can
-# validate openocd-esp32 (it dynamically links libusb-1.0.so.0); without
-# it idf_tools.py rejects the openocd install with exit 127 and aborts
-# the whole framework setup.
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends build-essential libusb-1.0-0 \
-    && rm -rf /var/lib/apt/lists/*
+# (e.g., ruamel.yaml.clibz used by ESP-IDF's idf-component-manager)
+RUN if command -v apk > /dev/null; then \
+        apk add --no-cache build-base; \
+    else \
+        apt-get update \
+        && apt-get install -y --no-install-recommends build-essential \
+        && rm -rf /var/lib/apt/lists/*; \
+    fi

 ENV PIP_DISABLE_PIP_VERSION_CHECK=1

-RUN pip install --no-cache-dir -U pip uv==0.10.1
+RUN pip install --no-cache-dir -U pip uv==0.6.14

 COPY requirements.txt /

@@ -31,9 +31,6 @@ RUN \
    uv pip install --no-cache-dir \
    -r /requirements.txt

-# Install the ESPHome Device Builder dashboard.
-RUN uv pip install --no-cache-dir esphome-device-builder==1.0.12
-
 RUN \
    platformio settings set enable_telemetry No \
    && platformio settings set check_platformio_interval 1000000 \
--- a/docker/build.py
+++ b/docker/build.py
@@ -20,10 +20,6 @@ TYPE_HA_ADDON = "ha-addon"
 TYPE_LINT = "lint"
 TYPES = [TYPE_DOCKER, TYPE_HA_ADDON, TYPE_LINT]

-REGISTRY_GHCR = "ghcr"
-REGISTRY_DOCKERHUB = "dockerhub"
-REGISTRIES = [REGISTRY_GHCR, REGISTRY_DOCKERHUB]
-

 parser = argparse.ArgumentParser()
 parser.add_argument(
@@ -38,12 +34,6 @@ parser.add_argument(
 parser.add_argument(
    "--build-type", choices=TYPES, required=True, help="The type of build to run"
 )
-parser.add_argument(
-    "--registry",
-    choices=REGISTRIES,
-    action="append",
-    help="Restrict to specific registries (default: all). May be passed multiple times.",
-)
 parser.add_argument(
    "--dry-run", action="store_true", help="Don't run any commands, just print them"
 )
@@ -55,11 +45,6 @@ build_parser.add_argument("--push", help="Also push the images", action="store_t
 build_parser.add_argument(
    "--load", help="Load the docker image locally", action="store_true"
 )
-build_parser.add_argument(
-    "--no-cache-to",
-    help="Don't write the build cache (avoids polluting the shared cache)",
-    action="store_true",
-)
 manifest_parser = subparsers.add_parser(
    "manifest", help="Create a manifest from already pushed images"
 )
@@ -110,14 +95,11 @@ def main():
                print("Command failed")
                sys.exit(1)

-    registries = args.registry or REGISTRIES
-
    # detect channel from tag
    match = re.match(r"^(\d+\.\d+)(?:\.\d+)?(b\d+)?$", args.tag)
    major_minor_version = None
    if match is None:
-        # Custom tag (e.g. a branch name) -- push only the tag itself
-        channel = None
+        channel = CHANNEL_DEV
    elif match.group(2) is None:
        major_minor_version = match.group(1)
        channel = CHANNEL_RELEASE
@@ -146,18 +128,11 @@ def main():
            CHANNEL_DEV: "cache-dev",
            CHANNEL_BETA: "cache-beta",
            CHANNEL_RELEASE: "cache-latest",
-        }.get(channel, "cache-dev")
-        # Cache images live alongside the pushed images; prefer GHCR when it is
-        # one of the selected registries, otherwise fall back to Docker Hub so a
-        # registry-restricted build doesn't need GHCR auth.
-        cache_prefix = "ghcr.io/" if REGISTRY_GHCR in registries else ""
-        cache_img = f"{cache_prefix}{params.build_to}:{cache_tag}"
+        }[channel]
+        cache_img = f"ghcr.io/{params.build_to}:{cache_tag}"

-        imgs = []
-        if REGISTRY_DOCKERHUB in registries:
-            imgs += [f"{params.build_to}:{tag}" for tag in tags_to_push]
-        if REGISTRY_GHCR in registries:
-            imgs += [f"ghcr.io/{params.build_to}:{tag}" for tag in tags_to_push]
+        imgs = [f"{params.build_to}:{tag}" for tag in tags_to_push]
+        imgs += [f"ghcr.io/{params.build_to}:{tag}" for tag in tags_to_push]

        # 3. build
        cmd = [
@@ -180,9 +155,7 @@ def main():
        for img in imgs:
            cmd += ["--tag", img]
        if args.push:
-            cmd += ["--push"]
-            if not args.no_cache_to:
-                cmd += ["--cache-to", f"type=registry,ref={cache_img},mode=max"]
+            cmd += ["--push", "--cache-to", f"type=registry,ref={cache_img},mode=max"]
        if args.load:
            cmd += ["--load"]

@@ -190,22 +163,20 @@ def main():
    elif args.command == "manifest":
        manifest = DockerParams.for_type_arch(args.build_type, ARCH_AMD64).manifest_to

-        targets = []
-        if REGISTRY_DOCKERHUB in registries:
-            targets += [f"{manifest}:{tag}" for tag in tags_to_push]
-        if REGISTRY_GHCR in registries:
-            targets += [f"ghcr.io/{manifest}:{tag}" for tag in tags_to_push]
-        # Use buildx imagetools (not `docker manifest`) so the per-arch sources,
-        # which buildx pushes as single-platform manifest lists, are combined
-        # and pushed correctly in one step.
+        targets = [f"{manifest}:{tag}" for tag in tags_to_push]
+        targets += [f"ghcr.io/{manifest}:{tag}" for tag in tags_to_push]
+        # 1. Create manifests
        for target in targets:
-            cmd = ["docker", "buildx", "imagetools", "create", "--tag", target]
+            cmd = ["docker", "manifest", "create", target]
            for arch in ARCHS:
                src = f"{DockerParams.for_type_arch(args.build_type, arch).build_to}:{args.tag}"
                if target.startswith("ghcr.io"):
                    src = f"ghcr.io/{src}"
                cmd.append(src)
            run_command(*cmd)
+        # 2. Push manifests
+        for target in targets:
+            run_command("docker", "manifest", "push", target)


 if __name__ == "__main__":
--- a/docker/docker_entrypoint.sh
+++ b/docker/docker_entrypoint.sh
@@ -27,12 +27,4 @@ if [[ -d /build ]]; then
    export ESPHOME_BUILD_PATH=/build
 fi

-# The default CMD is "dashboard /config". Route the dashboard to the new
-# Device Builder, but pass every other subcommand (compile, run, config,
-# logs, ...) straight through to the esphome CLI so direct CLI use keeps working.
-if [[ "$1" == "dashboard" ]]; then
-    shift
-    exec esphome-device-builder "$@"
-fi
-
 exec esphome "$@"
--- a/docker/ha-addon-rootfs/etc/nginx/includes/mime.types
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/mime.types
@@ -0,0 +1,96 @@
+types {
+    text/html                                        html htm shtml;
+    text/css                                         css;
+    text/xml                                         xml;
+    image/gif                                        gif;
+    image/jpeg                                       jpeg jpg;
+    application/javascript                           js;
+    application/atom+xml                             atom;
+    application/rss+xml                              rss;
+
+    text/mathml                                      mml;
+    text/plain                                       txt;
+    text/vnd.sun.j2me.app-descriptor                 jad;
+    text/vnd.wap.wml                                 wml;
+    text/x-component                                 htc;
+
+    image/png                                        png;
+    image/svg+xml                                    svg svgz;
+    image/tiff                                       tif tiff;
+    image/vnd.wap.wbmp                               wbmp;
+    image/webp                                       webp;
+    image/x-icon                                     ico;
+    image/x-jng                                      jng;
+    image/x-ms-bmp                                   bmp;
+
+    font/woff                                        woff;
+    font/woff2                                       woff2;
+
+    application/java-archive                         jar war ear;
+    application/json                                 json;
+    application/mac-binhex40                         hqx;
+    application/msword                               doc;
+    application/pdf                                  pdf;
+    application/postscript                           ps eps ai;
+    application/rtf                                  rtf;
+    application/vnd.apple.mpegurl                    m3u8;
+    application/vnd.google-earth.kml+xml             kml;
+    application/vnd.google-earth.kmz                 kmz;
+    application/vnd.ms-excel                         xls;
+    application/vnd.ms-fontobject                    eot;
+    application/vnd.ms-powerpoint                    ppt;
+    application/vnd.oasis.opendocument.graphics      odg;
+    application/vnd.oasis.opendocument.presentation  odp;
+    application/vnd.oasis.opendocument.spreadsheet   ods;
+    application/vnd.oasis.opendocument.text          odt;
+    application/vnd.openxmlformats-officedocument.presentationml.presentation
+                                                     pptx;
+    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+                                                     xlsx;
+    application/vnd.openxmlformats-officedocument.wordprocessingml.document
+                                                     docx;
+    application/vnd.wap.wmlc                         wmlc;
+    application/x-7z-compressed                      7z;
+    application/x-cocoa                              cco;
+    application/x-java-archive-diff                  jardiff;
+    application/x-java-jnlp-file                     jnlp;
+    application/x-makeself                           run;
+    application/x-perl                               pl pm;
+    application/x-pilot                              prc pdb;
+    application/x-rar-compressed                     rar;
+    application/x-redhat-package-manager             rpm;
+    application/x-sea                                sea;
+    application/x-shockwave-flash                    swf;
+    application/x-stuffit                            sit;
+    application/x-tcl                                tcl tk;
+    application/x-x509-ca-cert                       der pem crt;
+    application/x-xpinstall                          xpi;
+    application/xhtml+xml                            xhtml;
+    application/xspf+xml                             xspf;
+    application/zip                                  zip;
+
+    application/octet-stream                         bin exe dll;
+    application/octet-stream                         deb;
+    application/octet-stream                         dmg;
+    application/octet-stream                         iso img;
+    application/octet-stream                         msi msp msm;
+
+    audio/midi                                       mid midi kar;
+    audio/mpeg                                       mp3;
+    audio/ogg                                        ogg;
+    audio/x-m4a                                      m4a;
+    audio/x-realaudio                                ra;
+
+    video/3gpp                                       3gpp 3gp;
+    video/mp2t                                       ts;
+    video/mp4                                        mp4;
+    video/mpeg                                       mpeg mpg;
+    video/quicktime                                  mov;
+    video/webm                                       webm;
+    video/x-flv                                      flv;
+    video/x-m4v                                      m4v;
+    video/x-mng                                      mng;
+    video/x-ms-asf                                   asx asf;
+    video/x-ms-wmv                                   wmv;
+    video/x-msvideo                                  avi;
+}
--- a/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/proxy_params.conf
@@ -0,0 +1,16 @@
+proxy_http_version          1.1;
+proxy_ignore_client_abort   off;
+proxy_read_timeout          86400s;
+proxy_redirect              off;
+proxy_send_timeout          86400s;
+proxy_max_temp_file_size    0;
+
+proxy_set_header Accept-Encoding "";
+proxy_set_header Connection $connection_upgrade;
+proxy_set_header Host $http_host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-NginX-Proxy true;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Authorization "";
--- a/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/server_params.conf
@@ -0,0 +1,8 @@
+root            /dev/null;
+server_name     $hostname;
+
+client_max_body_size 512m;
+
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header X-Robots-Tag none;
--- a/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/ssl_params.conf
@@ -0,0 +1,8 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_prefer_server_ciphers off;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ssl_session_timeout  10m;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
--- a/docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/includes/upstream.conf
@@ -0,0 +1,3 @@
+upstream esphome {
+    server unix:/var/run/esphome.sock;
+}
--- a/docker/ha-addon-rootfs/etc/nginx/nginx.conf
+++ b/docker/ha-addon-rootfs/etc/nginx/nginx.conf
@@ -0,0 +1,30 @@
+daemon off;
+user root;
+pid /var/run/nginx.pid;
+worker_processes 1;
+error_log /proc/1/fd/1 error;
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/includes/mime.types;
+
+    access_log              off;
+    default_type            application/octet-stream;
+    gzip                    on;
+    keepalive_timeout       65;
+    sendfile                on;
+    server_tokens           off;
+
+    tcp_nodelay             on;
+    tcp_nopush              on;
+
+    map $http_upgrade $connection_upgrade {
+        default upgrade;
+        ''      close;
+    }
+
+    include /etc/nginx/includes/upstream.conf;
+    include /etc/nginx/servers/*.conf;
+}
--- a/docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep
+++ b/docker/ha-addon-rootfs/etc/nginx/servers/.gitkeep
@@ -0,0 +1 @@
+Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)
--- a/docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl
+++ b/docker/ha-addon-rootfs/etc/nginx/templates/direct.gtpl
@@ -0,0 +1,28 @@
+server {
+    {{ if not .ssl }}
+    listen 6052 default_server;
+    {{ else }}
+    listen 6052 default_server ssl http2;
+    {{ end }}
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    {{ if .ssl }}
+    include /etc/nginx/includes/ssl_params.conf;
+
+    ssl_certificate /ssl/{{ .certfile }};
+    ssl_certificate_key /ssl/{{ .keyfile }};
+
+    # Redirect http requests to https on the same port.
+    # https://rageagainstshell.com/2016/11/redirect-http-to-https-on-the-same-port-in-nginx/
+    error_page 497 https://$http_host$request_uri;
+    {{ end }}
+
+    # Clear Home Assistant Ingress header
+    proxy_set_header X-HA-Ingress "";
+
+    location / {
+        proxy_pass http://esphome;
+    }
+}
--- a/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl
+++ b/docker/ha-addon-rootfs/etc/nginx/templates/ingress.gtpl
@@ -0,0 +1,18 @@
+server {
+    listen 127.0.0.1:{{ .port }} default_server;
+    listen {{ .interface }}:{{ .port }} default_server;
+
+    include /etc/nginx/includes/server_params.conf;
+    include /etc/nginx/includes/proxy_params.conf;
+
+    # Set Home Assistant Ingress header
+    proxy_set_header X-HA-Ingress "YES";
+
+    location / {
+        allow   172.30.32.2;
+        allow   127.0.0.1;
+        deny    all;
+
+        proxy_pass http://esphome;
+    }
+}
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/dependencies.d/nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/discovery/run
@@ -16,7 +16,7 @@ fi

 port=$(bashio::addon.ingress_port)

-# Wait for the ESPHome Device Builder to become available
+# Wait for NGINX to become available
 bashio::net.wait_for "${port}" "127.0.0.1" 300

 config=$(\
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/finish
@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 # ==============================================================================
 # Home Assistant Community Add-on: ESPHome
-# Take down the S6 supervision tree when ESPHome Device Builder fails
+# Take down the S6 supervision tree when ESPHome dashboard fails
 # ==============================================================================
 declare exit_code
 readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
@@ -10,7 +10,7 @@ readonly exit_code_service="${1}"
 readonly exit_code_signal="${2}"

 bashio::log.info \
-  "Service ESPHome Device Builder exited with code ${exit_code_service}" \
+  "Service ESPHome dashboard exited with code ${exit_code_service}" \
  "(by signal ${exit_code_signal})"

 if [[ "${exit_code_service}" -eq 256 ]]; then
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/esphome/run
@@ -2,7 +2,7 @@
 # shellcheck shell=bash
 # ==============================================================================
 # Community Hass.io Add-ons: ESPHome
-# Runs the ESPHome Device Builder
+# Runs the ESPHome dashboard
 # ==============================================================================
 readonly pio_cache_base=/data/cache/platformio

@@ -49,21 +49,5 @@ if bashio::fs.directory_exists '/config/esphome/.esphome'; then
    rm -rf /config/esphome/.esphome
 fi

-# Only signal device-builder to expose the public LAN port when the operator
-# mapped port 6052, matching the legacy dashboard where nginx listened on the
-# fixed port 6052 only when it was configured. We use the mapping purely as a
-# presence check and don't forward the published value; device-builder binds
-# its default port 6052 (the fixed container port, as the legacy
-# "listen 6052" did). --ha-addon-allow-public is inert on its own: the no-auth
-# gate is the DISABLE_HA_AUTHENTICATION env var set above, so both opt-ins are
-# required to bind 6052 unauthenticated; either alone stays ingress-only.
-set --
-if bashio::var.has_value "$(bashio::addon.port 6052)"; then
-    set -- --ha-addon-allow-public
-fi
-
-bashio::log.info "Starting ESPHome Device Builder..."
-exec esphome-device-builder /config/esphome \
-    --ha-addon \
-    --ingress-port "$(bashio::addon.ingress_port)" \
-    "$@"
+bashio::log.info "Starting ESPHome dashboard..."
+exec esphome dashboard /config/esphome --socket /var/run/esphome.sock --ha-addon
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/dependencies.d/base
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/run
@@ -0,0 +1,27 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Configures NGINX for use with ESPHome
+# ==============================================================================
+mkdir -p /var/log/nginx
+
+# Generate Ingress configuration
+bashio::var.json \
+    interface "$(bashio::addon.ip_address)" \
+    port "^$(bashio::addon.ingress_port)" \
+    | tempio \
+        -template /etc/nginx/templates/ingress.gtpl \
+        -out /etc/nginx/servers/ingress.conf
+
+# Generate direct access configuration, if enabled.
+if bashio::var.has_value "$(bashio::addon.port 6052)"; then
+    bashio::config.require.ssl
+    bashio::var.json \
+        certfile "$(bashio::config 'certfile')" \
+        keyfile "$(bashio::config 'keyfile')" \
+        ssl "^$(bashio::config 'ssl')" \
+        | tempio \
+            -template /etc/nginx/templates/direct.gtpl \
+            -out /etc/nginx/servers/direct.conf
+fi
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/type
@@ -0,0 +1 @@
+oneshot
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/init-nginx/up
@@ -0,0 +1 @@
+/etc/s6-overlay/s6-rc.d/init-nginx/run
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/esphome
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/esphome
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/dependencies.d/init-nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/finish
@@ -0,0 +1,25 @@
+#!/command/with-contenv bashio
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Take down the S6 supervision tree when NGINX fails
+# ==============================================================================
+declare exit_code
+readonly exit_code_container=$(</run/s6-linux-init-container-results/exitcode)
+readonly exit_code_service="${1}"
+readonly exit_code_signal="${2}"
+
+bashio::log.info \
+  "Service NGINX exited with code ${exit_code_service}" \
+  "(by signal ${exit_code_signal})"
+
+if [[ "${exit_code_service}" -eq 256 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo $((128 + $exit_code_signal)) > /run/s6-linux-init-container-results/exitcode
+  fi
+  [[ "${exit_code_signal}" -eq 15 ]] && exec /run/s6/basedir/bin/halt
+elif [[ "${exit_code_service}" -ne 0 ]]; then
+  if [[ "${exit_code_container}" -eq 0 ]]; then
+    echo "${exit_code_service}" > /run/s6-linux-init-container-results/exitcode
+  fi
+  exec /run/s6/basedir/bin/halt
+fi
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/run
@@ -0,0 +1,15 @@
+#!/command/with-contenv bashio
+# shellcheck shell=bash
+# ==============================================================================
+# Community Hass.io Add-ons: ESPHome
+# Runs the NGINX proxy
+# ==============================================================================
+
+bashio::log.info "Waiting for ESPHome dashboard to come up..."
+
+while [[ ! -S /var/run/esphome.sock ]]; do
+  sleep 0.5
+done
+
+bashio::log.info "Starting NGINX..."
+exec nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/nginx/type
@@ -0,0 +1 @@
+longrun
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/init-nginx
--- a/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
+++ b/docker/ha-addon-rootfs/etc/s6-overlay/s6-rc.d/user/contents.d/nginx
--- a/docker/test_configs/bk72xx-arduino.yaml
+++ b/docker/test_configs/bk72xx-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-bk72xx-arduino
-
-bk72xx:
-  board: generic-bk7231n-qfn32-tuya
-
-logger:
--- a/docker/test_configs/esp32-arduino-esp-idf.yaml
+++ b/docker/test_configs/esp32-arduino-esp-idf.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-ard-idf
-
-esp32:
-  variant: esp32
-  framework:
-    type: arduino
-  toolchain: esp-idf
-
-logger:
--- a/docker/test_configs/esp32-arduino-platformio.yaml
+++ b/docker/test_configs/esp32-arduino-platformio.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-ard-pio
-
-esp32:
-  variant: esp32
-  framework:
-    type: arduino
-  toolchain: platformio
-
-logger:
--- a/docker/test_configs/esp32-idf-esp-idf.yaml
+++ b/docker/test_configs/esp32-idf-esp-idf.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-idf-idf
-
-esp32:
-  variant: esp32
-  framework:
-    type: esp-idf
-  toolchain: esp-idf
-
-logger:
--- a/docker/test_configs/esp32-idf-platformio.yaml
+++ b/docker/test_configs/esp32-idf-platformio.yaml
@@ -1,10 +0,0 @@
-esphome:
-  name: docker-test-esp32-idf-pio
-
-esp32:
-  variant: esp32
-  framework:
-    type: esp-idf
-  toolchain: platformio
-
-logger:
--- a/docker/test_configs/esp8266-arduino.yaml
+++ b/docker/test_configs/esp8266-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-esp8266-arduino
-
-esp8266:
-  board: d1_mini
-
-logger:
--- a/docker/test_configs/host.yaml
+++ b/docker/test_configs/host.yaml
@@ -1,6 +0,0 @@
-esphome:
-  name: docker-test-host
-
-host:
-
-logger:
--- a/docker/test_configs/ln882x-arduino.yaml
+++ b/docker/test_configs/ln882x-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-ln882x-arduino
-
-ln882x:
-  board: generic-ln882hki
-
-logger:
--- a/docker/test_configs/nrf52.yaml
+++ b/docker/test_configs/nrf52.yaml
@@ -1,8 +0,0 @@
-esphome:
-  name: docker-test-nrf52
-
-nrf52:
-  board: adafruit_itsybitsy_nrf52840
-  bootloader: adafruit_nrf52_sd140_v6
-
-logger:
--- a/docker/test_configs/rp2040-arduino.yaml
+++ b/docker/test_configs/rp2040-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-rp2040-arduino
-
-rp2040:
-  variant: rp2040
-
-logger:
--- a/docker/test_configs/rtl87xx-arduino.yaml
+++ b/docker/test_configs/rtl87xx-arduino.yaml
@@ -1,7 +0,0 @@
-esphome:
-  name: docker-test-rtl87xx-arduino
-
-rtl87xx:
-  board: generic-rtl8710bn-2mb-788k
-
-logger:
--- a/esphome/main.py
+++ b/esphome/main.py
--- a/esphome/address_cache.py
+++ b/esphome/address_cache.py
@@ -101,17 +101,6 @@ class AddressCache:
        """Check if any cache entries exist."""
        return bool(self.mdns_cache or self.dns_cache)

-    def add_mdns_addresses(self, hostname: str, addresses: list[str]) -> None:
-        """Store resolved mDNS addresses for ``hostname`` in the cache.
-
-        Callers that discover ``.local`` hosts (e.g. via mDNS browse) can use
-        this to avoid a second resolution round-trip during the upload path.
-        No-op when ``addresses`` is empty.
-        """
-        if not addresses:
-            return
-        self.mdns_cache[normalize_hostname(hostname)] = addresses
-
    @classmethod
    def from_cli_args(
        cls, mdns_args: Iterable[str], dns_args: Iterable[str]
--- a/esphome/analyze_memory/init.py
+++ b/esphome/analyze_memory/init.py
@@ -1,6 +1,6 @@
 """Memory usage analyzer for ESPHome compiled binaries."""

-from collections import Counter, defaultdict
+from collections import defaultdict
 from dataclasses import dataclass, field
 import logging
 from pathlib import Path
@@ -12,6 +12,7 @@ from .const import (
    CORE_SUBCATEGORY_PATTERNS,
    DEMANGLED_PATTERNS,
    ESPHOME_COMPONENT_PATTERN,
+    SECTION_TO_ATTR,
    SYMBOL_PATTERNS,
 )
 from .demangle import batch_demangle
@@ -24,7 +25,7 @@ from .helpers import (
 from .toolchain import find_tool, resolve_tool_path, run_tool

 if TYPE_CHECKING:
-    from esphome.platformio.toolchain import IDEData
+    from esphome.platformio_api import IDEData

 _LOGGER = logging.getLogger(__name__)

@@ -40,26 +41,12 @@ _READELF_SECTION_PATTERN = re.compile(
    r"\s*\[\s*\d+\]\s+([\.\w]+)\s+\w+\s+[\da-fA-F]+\s+[\da-fA-F]+\s+([\da-fA-F]+)"
 )

-# Regex for extracting call targets from objdump disassembly
-# Matches direct call instructions across architectures:
-#   Xtensa: call0/call4/call8/call12/callx0/callx4/callx8/callx12 <addr> <symbol>
-#   ARM:    bl/blx <addr> <symbol>
-# Captures the mangled symbol name inside angle brackets.
-_CALL_TARGET_PATTERN = re.compile(
-    r"\t(?:call(?:0|4|8|12)|callx(?:0|4|8|12)|blx?)\s+[\da-fA-F]+ <([^>]+)>"
-)
-
 # Component category prefixes
 _COMPONENT_PREFIX_ESPHOME = "[esphome]"
 _COMPONENT_PREFIX_EXTERNAL = "[external]"
-_COMPONENT_PREFIX_LIB = "[lib]"
 _COMPONENT_CORE = f"{_COMPONENT_PREFIX_ESPHOME}core"
 _COMPONENT_API = f"{_COMPONENT_PREFIX_ESPHOME}api"

-# Placement new storage suffix (generated by codegen Pvariable)
-_PSTORAGE_SUFFIX = "__pstorage"
-
-
 # C++ namespace prefixes
 _NAMESPACE_ESPHOME = "esphome::"
 _NAMESPACE_STD = "std::"
@@ -70,16 +57,6 @@ SymbolInfoType = tuple[str, int, str]
 # RAM sections - symbols in these sections consume RAM
 RAM_SECTIONS = frozenset([".data", ".bss"])

-# nm symbol types for global/weak defined symbols (used for library symbol mapping)
-# Only global (uppercase) and weak symbols are safe to use - local symbols (lowercase)
-# can have name collisions across compilation units
-_NM_DEFINED_GLOBAL_TYPES = frozenset({"T", "D", "B", "R", "W", "V"})
-
-# Pattern matching compiler-generated local names that can collide across compilation
-# units (e.g., packet$19, buf$20, flag$5261). These are unsafe for name-based lookup.
-# Does NOT match mangled C++ names with optimization suffixes (e.g., func$isra$0).
-_COMPILER_LOCAL_PATTERN = re.compile(r"^[a-zA-Z_]\w*\$\d+$")
-

@dataclass
 class MemorySection:
@@ -114,17 +91,6 @@ class ComponentMemory:
    bss_size: int = 0  # Uninitialized data (ram only)
    symbol_count: int = 0

-    def add_section_size(self, section_name: str, size: int) -> None:
-        """Add size to the appropriate attribute for a section."""
-        if section_name == ".text":
-            self.text_size += size
-        elif section_name == ".rodata":
-            self.rodata_size += size
-        elif section_name == ".data":
-            self.data_size += size
-        elif section_name == ".bss":
-            self.bss_size += size
-
    @property
    def flash_total(self) -> int:
        """Total flash usage (text + rodata + data)."""
@@ -201,31 +167,13 @@ class MemoryAnalyzer:
        self._elf_symbol_names: set[str] = set()
        # SDK symbols not in ELF (static/local symbols from closed-source libs)
        self._sdk_symbols: list[SDKSymbol] = []
-        # CSWTCH symbols: list of (name, size, source_file, component)
-        self._cswtch_symbols: list[tuple[str, int, str, str]] = []
-        # Library symbol mapping: symbol_name -> library_name
-        self._lib_symbol_map: dict[str, str] = {}
-        # Source file symbol mapping: symbol_name -> component_name
-        # Used for extern "C" and other symbols without C++ namespace
-        self._source_symbol_map: dict[str, str] = {}
-        # Library dir to name mapping: "lib641" -> "espsoftwareserial",
-        # "espressif__mdns" -> "mdns"
-        self._lib_hash_to_name: dict[str, str] = {}
-        # Heuristic category to library redirect: "mdns_lib" -> "[lib]mdns"
-        self._heuristic_to_lib: dict[str, str] = {}
-        # Function call counts: mangled_name -> call_count
-        self._function_call_counts: Counter[str] = Counter()

    def analyze(self) -> dict[str, ComponentMemory]:
        """Analyze the ELF file and return component memory usage."""
        self._parse_sections()
        self._parse_symbols()
-        self._scan_libraries()
-        self._scan_source_symbols()
        self._categorize_symbols()
-        self._analyze_cswtch_symbols()
        self._analyze_sdk_libraries()
-        self._analyze_function_calls()
        return dict(self.components)

    def _parse_sections(self) -> None:
@@ -307,7 +255,8 @@ class MemoryAnalyzer:
                comp_mem.symbol_count += 1

                # Update the appropriate size attribute based on section
-                comp_mem.add_section_size(section_name, size)
+                if attr_name := SECTION_TO_ATTR.get(section_name):
+                    setattr(comp_mem, attr_name, getattr(comp_mem, attr_name) + size)

                # Track uncategorized symbols
                if component == "other" and size > 0:
@@ -336,13 +285,6 @@ class MemoryAnalyzer:
        # Demangle C++ names if needed
        demangled = self._demangle_symbol(symbol_name)

-        # Check for placement new storage symbols (generated by codegen)
-        # Format: {component}__{id}__pstorage
-        if demangled.endswith(_PSTORAGE_SUFFIX) and (
-            component := self._match_pstorage_component(demangled)
-        ):
-            return component
-
        # Check for special component classes first (before namespace pattern)
        # This handles cases like esphome::ESPHomeOTAComponent which should map to ota
        if _NAMESPACE_ESPHOME in demangled:
@@ -374,24 +316,15 @@ class MemoryAnalyzer:
            # If no component match found, it's core
            return _COMPONENT_CORE

-        # Check library symbol map (more accurate than heuristic patterns)
-        if lib_name := self._lib_symbol_map.get(symbol_name):
-            return f"{_COMPONENT_PREFIX_LIB}{lib_name}"
-
-        # Check source file mapping (catches extern "C" functions in ESPHome sources)
-        # Must be before heuristic patterns since source attribution is authoritative
-        if component := self._source_symbol_map.get(symbol_name):
-            return component
-
        # Check against symbol patterns
        for component, patterns in SYMBOL_PATTERNS.items():
            if any(pattern in symbol_name for pattern in patterns):
-                return self._heuristic_to_lib.get(component, component)
+                return component

        # Check against demangled patterns
        for component, patterns in DEMANGLED_PATTERNS.items():
            if any(pattern in demangled for pattern in patterns):
-                return self._heuristic_to_lib.get(component, component)
+                return component

        # Special cases that need more complex logic

@@ -410,33 +343,14 @@ class MemoryAnalyzer:
        # Track uncategorized symbols for analysis
        return "other"

-    def _match_pstorage_component(self, symbol_name: str) -> str | None:
-        """Match a __pstorage symbol to its ESPHome component.
-
-        Symbol format: {component}__{id}__pstorage
-        The component namespace is embedded by codegen before the double underscore.
-        """
-        prefix = symbol_name[: -len(_PSTORAGE_SUFFIX)]
-        # Extract component namespace before the first double underscore
-        dunder_pos = prefix.find("__")
-        if dunder_pos == -1:
-            return None
-        component_name = prefix[:dunder_pos]
-        if component_name in get_esphome_components():
-            return f"{_COMPONENT_PREFIX_ESPHOME}{component_name}"
-        if component_name in self.external_components:
-            return f"{_COMPONENT_PREFIX_EXTERNAL}{component_name}"
-        return None
-
    def _batch_demangle_symbols(self, symbols: list[str]) -> None:
        """Batch demangle C++ symbol names for efficiency."""
        if not symbols:
            return

        _LOGGER.info("Demangling %d symbols", len(symbols))
-        demangled = batch_demangle(symbols, objdump_path=self.objdump_path)
-        self._demangle_cache.update(demangled)
-        _LOGGER.info("Successfully demangled %d symbols", len(demangled))
+        self._demangle_cache = batch_demangle(symbols, objdump_path=self.objdump_path)
+        _LOGGER.info("Successfully demangled %d symbols", len(self._demangle_cache))

    def _demangle_symbol(self, symbol: str) -> str:
        """Get demangled C++ symbol name from cache."""
@@ -458,770 +372,6 @@ class MemoryAnalyzer:

        return "Other Core"

-    def _discover_pio_libraries(
-        self,
-        libraries: dict[str, list[Path]],
-        hash_to_name: dict[str, str],
-    ) -> None:
-        """Discover PlatformIO third-party libraries from the build directory.
-
-        Scans ``lib<hex>/`` directories under ``.pioenvs/<env>/`` to find
-        library names and their ``.a`` archive or ``.o`` file paths.
-
-        Args:
-            libraries: Dict to populate with library name -> file path list mappings.
-                Prefers ``.a`` archives when available, falls back to ``.o`` files
-                (e.g., pioarduino ESP32 Arduino builds only produce ``.o`` files).
-            hash_to_name: Dict to populate with dir name -> library name mappings
-                for CSWTCH attribution (e.g., ``lib641`` -> ``espsoftwareserial``).
-        """
-        build_dir = self.elf_path.parent
-
-        for entry in build_dir.iterdir():
-            if not entry.is_dir() or not entry.name.startswith("lib"):
-                continue
-            # Validate that the suffix after "lib" is a hex hash
-            hex_part = entry.name[3:]
-            if not hex_part:
-                continue
-            try:
-                int(hex_part, 16)
-            except ValueError:
-                continue
-
-            # Each lib<hex>/ directory contains a subdirectory named after the library
-            for lib_subdir in entry.iterdir():
-                if not lib_subdir.is_dir():
-                    continue
-                lib_name = lib_subdir.name.lower()
-
-                # Prefer .a archive (lib<LibraryName>.a), fall back to .o files
-                # e.g., lib72a/ESPAsyncTCP/... has lib72a/libESPAsyncTCP.a
-                archive = entry / f"lib{lib_subdir.name}.a"
-                if archive.exists():
-                    file_paths = [archive]
-                elif archives := list(entry.glob("*.a")):
-                    # Case-insensitive fallback
-                    file_paths = [archives[0]]
-                else:
-                    # No .a archive (e.g., pioarduino CMake builds) - use .o files
-                    file_paths = sorted(lib_subdir.rglob("*.o"))
-
-                if file_paths:
-                    libraries[lib_name] = file_paths
-                    hash_to_name[entry.name] = lib_name
-                    _LOGGER.debug(
-                        "Discovered PlatformIO library: %s -> %s",
-                        lib_subdir.name,
-                        file_paths[0],
-                    )
-
-    def _discover_idf_managed_components(
-        self,
-        libraries: dict[str, list[Path]],
-        hash_to_name: dict[str, str],
-    ) -> None:
-        """Discover ESP-IDF managed component libraries from the build directory.
-
-        ESP-IDF managed components (from the IDF component registry) use a
-        ``<vendor>__<name>`` naming convention. Source files live under
-        ``managed_components/<vendor>__<name>/`` and the compiled archives are at
-        ``esp-idf/<vendor>__<name>/lib<vendor>__<name>.a``.
-
-        Args:
-            libraries: Dict to populate with library name -> file path list mappings.
-            hash_to_name: Dict to populate with dir name -> library name mappings
-                for CSWTCH attribution (e.g., ``espressif__mdns`` -> ``mdns``).
-        """
-        build_dir = self.elf_path.parent
-
-        managed_dir = build_dir / "managed_components"
-        if not managed_dir.is_dir():
-            return
-
-        espidf_dir = build_dir / "esp-idf"
-
-        for entry in managed_dir.iterdir():
-            if not entry.is_dir() or "__" not in entry.name:
-                continue
-
-            # Extract the short name: espressif__mdns -> mdns
-            full_name = entry.name  # e.g., espressif__mdns
-            short_name = full_name.split("__", 1)[1].lower()
-
-            # Find the .a archive under esp-idf/<vendor>__<name>/
-            archive = espidf_dir / full_name / f"lib{full_name}.a"
-            if archive.exists():
-                libraries[short_name] = [archive]
-                hash_to_name[full_name] = short_name
-                _LOGGER.debug(
-                    "Discovered IDF managed component: %s -> %s",
-                    short_name,
-                    archive,
-                )
-
-    def _build_library_symbol_map(
-        self, libraries: dict[str, list[Path]]
-    ) -> dict[str, str]:
-        """Build a symbol-to-library mapping from library archives or object files.
-
-        Runs ``nm --defined-only`` on each ``.a`` or ``.o`` file to collect
-        global and weak defined symbols.
-
-        Args:
-            libraries: Dictionary mapping library name to list of file paths
-                (``.a`` archives or ``.o`` object files).
-
-        Returns:
-            Dictionary mapping symbol name to library name.
-        """
-        symbol_map: dict[str, str] = {}
-
-        if not self.nm_path:
-            return symbol_map
-
-        for lib_name, file_paths in libraries.items():
-            result = run_tool(
-                [self.nm_path, "--defined-only", *(str(p) for p in file_paths)],
-                timeout=10,
-            )
-            if result is None or result.returncode != 0:
-                continue
-
-            for line in result.stdout.splitlines():
-                parts = line.split()
-                if len(parts) < 3:
-                    continue
-
-                sym_type = parts[-2]
-                sym_name = parts[-1]
-
-                # Include global defined symbols (uppercase) and weak symbols (W/V)
-                if sym_type in _NM_DEFINED_GLOBAL_TYPES:
-                    symbol_map[sym_name] = lib_name
-
-        return symbol_map
-
-    @staticmethod
-    def _build_heuristic_to_lib_mapping(
-        library_names: set[str],
-    ) -> dict[str, str]:
-        """Build mapping from heuristic pattern categories to discovered libraries.
-
-        Heuristic categories like ``mdns_lib``, ``web_server_lib``, ``async_tcp``
-        exist as approximations for library attribution.  When we discover the
-        actual library, symbols matching those heuristics should be redirected
-        to the ``[lib]`` category instead.
-
-        The mapping is built by checking if the normalized category name
-        (stripped of ``_lib`` suffix and underscores) appears as a substring
-        of any discovered library name.
-
-        Examples::
-
-            mdns_lib -> mdns -> in "mdns" or "esp8266mdns" -> [lib]mdns
-            web_server_lib -> webserver -> in "espasyncwebserver" -> [lib]espasyncwebserver
-            async_tcp -> asynctcp -> in "espasynctcp" -> [lib]espasynctcp
-
-        Args:
-            library_names: Set of discovered library names (lowercase).
-
-        Returns:
-            Dictionary mapping heuristic category to ``[lib]<name>`` string.
-        """
-        mapping: dict[str, str] = {}
-        all_categories = set(SYMBOL_PATTERNS) | set(DEMANGLED_PATTERNS)
-
-        for category in all_categories:
-            base = category.removesuffix("_lib").replace("_", "")
-            # Collect all libraries whose name contains the base string
-            candidates = [lib_name for lib_name in library_names if base in lib_name]
-            if not candidates:
-                continue
-
-            # Choose a deterministic "best" match:
-            #   1. Prefer exact name matches over substring matches.
-            #   2. Among non-exact matches, prefer the shortest library name.
-            #   3. Break remaining ties lexicographically.
-            best_lib = min(
-                candidates,
-                key=lambda lib_name, _base=base: (
-                    lib_name != _base,
-                    len(lib_name),
-                    lib_name,
-                ),
-            )
-            mapping[category] = f"{_COMPONENT_PREFIX_LIB}{best_lib}"
-
-        if mapping:
-            _LOGGER.debug(
-                "Heuristic-to-library redirects: %s",
-                ", ".join(f"{k} -> {v}" for k, v in sorted(mapping.items())),
-            )
-
-        return mapping
-
-    def _parse_map_file(self) -> dict[str, str] | None:
-        """Parse linker map file to build authoritative symbol-to-library mapping.
-
-        The linker map file contains the definitive source attribution for every
-        symbol, including local/static ones that ``nm`` cannot safely export.
-
-        Map file format (GNU ld)::
-
-            .text._mdns_service_task
-                        0x400e9fdc      0x65c  .pioenvs/env/esp-idf/espressif__mdns/libespressif__mdns.a(mdns.c.o)
-
-        Each section entry has a ``.section.symbol_name`` line followed by an
-        indented line with address, size, and source path.
-
-        Returns:
-            Symbol-to-library dict, or ``None`` if no usable map file exists.
-        """
-        map_path = self.elf_path.with_suffix(".map")
-        if not map_path.exists() or map_path.stat().st_size < 10000:
-            return None
-
-        _LOGGER.info("Parsing linker map file: %s", map_path.name)
-
-        try:
-            map_text = map_path.read_text(encoding="utf-8", errors="replace")
-        except OSError as err:
-            _LOGGER.warning("Failed to read map file: %s", err)
-            return None
-
-        symbol_map: dict[str, str] = {}
-        source_symbol_map: dict[str, str] = {}
-        current_symbol: str | None = None
-        section_prefixes = (".text.", ".rodata.", ".data.", ".bss.", ".literal.")
-
-        for line in map_text.splitlines():
-            # Match section.symbol line: " .text.symbol_name"
-            # Single space indent, starts with dot
-            if len(line) > 2 and line[0] == " " and line[1] == ".":
-                stripped = line.strip()
-                for prefix in section_prefixes:
-                    if stripped.startswith(prefix):
-                        current_symbol = stripped[len(prefix) :]
-                        break
-                else:
-                    current_symbol = None
-                continue
-
-            # Match source attribution line: "        0xADDR  0xSIZE  source_path"
-            if current_symbol is None:
-                continue
-
-            fields = line.split()
-            # Skip compiler-generated local names (e.g., packet$19, buf$20)
-            # that can collide across compilation units
-            if (
-                len(fields) >= 3
-                and fields[0].startswith("0x")
-                and fields[1].startswith("0x")
-                and not _COMPILER_LOCAL_PATTERN.match(current_symbol)
-            ):
-                source_path = fields[2]
-                # Check if source path contains a known library directory
-                for dir_key, lib_name in self._lib_hash_to_name.items():
-                    if dir_key in source_path:
-                        symbol_map[current_symbol] = lib_name
-                        break
-                else:
-                    # Map ESPHome source files to components for extern "C"
-                    # and other symbols without C++ namespace
-                    component = self._source_file_to_component(source_path)
-                    if component.startswith(
-                        (_COMPONENT_PREFIX_ESPHOME, _COMPONENT_PREFIX_EXTERNAL)
-                    ):
-                        source_symbol_map[current_symbol] = component
-
-            current_symbol = None
-
-        self._source_symbol_map = source_symbol_map
-        return symbol_map or None
-
-    def _scan_libraries(self) -> None:
-        """Discover third-party libraries and build symbol mapping.
-
-        Scans both PlatformIO ``lib<hex>/`` directories (Arduino builds) and
-        ESP-IDF ``managed_components/`` (IDF builds) to find library archives.
-
-        Uses the linker map file for authoritative symbol attribution when
-        available, falling back to ``nm`` scanning with heuristic redirects.
-        """
-        libraries: dict[str, list[Path]] = {}
-        self._discover_pio_libraries(libraries, self._lib_hash_to_name)
-        self._discover_idf_managed_components(libraries, self._lib_hash_to_name)
-
-        if not libraries:
-            _LOGGER.debug("No third-party libraries found")
-            return
-
-        _LOGGER.info(
-            "Scanning %d libraries: %s",
-            len(libraries),
-            ", ".join(sorted(libraries)),
-        )
-
-        # Heuristic redirect catches local symbols (e.g., mdns_task_buffer$14)
-        # that can't be safely added to the symbol map due to name collisions
-        self._heuristic_to_lib = self._build_heuristic_to_lib_mapping(
-            set(libraries.keys())
-        )
-
-        # Try linker map file first (authoritative, includes local symbols)
-        map_symbols = self._parse_map_file()
-        if map_symbols is not None:
-            self._lib_symbol_map = map_symbols
-            _LOGGER.info(
-                "Built library symbol map from linker map: %d symbols",
-                len(self._lib_symbol_map),
-            )
-            return
-
-        # Fall back to nm scanning (global symbols only)
-        self._lib_symbol_map = self._build_library_symbol_map(libraries)
-
-        _LOGGER.info(
-            "Built library symbol map from nm: %d symbols from %d libraries",
-            len(self._lib_symbol_map),
-            len(libraries),
-        )
-
-    def _scan_source_symbols(self) -> None:
-        """Scan ESPHome source object files to map extern "C" symbols to components.
-
-        When no linker map file is available, this uses ``nm`` to scan ``.o`` files
-        under ``src/`` (including ``src/main.cpp.o`` and everything beneath
-        ``src/esphome/``) and build a symbol-to-component mapping. This catches
-        ``extern "C"`` functions, the ESPHome-generated ``setup()``/``loop()``
-        entry points in ``main.cpp``, and other symbols that lack C++ namespace
-        prefixes.
-
-        Skips scanning if ``_source_symbol_map`` was already populated by
-        ``_parse_map_file()``.
-        """
-        if self._source_symbol_map or not self.nm_path:
-            return
-
-        obj_dir = self._find_object_files_dir()
-        if obj_dir is None:
-            return
-
-        # Scan all ESPHome-owned source object files: src/main.cpp.o and src/esphome/...
-        src_dir = obj_dir / "src"
-        if not src_dir.is_dir():
-            return
-
-        obj_files = sorted(src_dir.rglob("*.o"))
-        if not obj_files:
-            return
-
-        # Run nm with --print-file-name to get file:symbol mapping
-        result = run_tool(
-            [self.nm_path, "--print-file-name", "-g", "--defined-only"]
-            + [str(f) for f in obj_files],
-        )
-        if result is None or result.returncode != 0:
-            _LOGGER.debug("nm scan of source objects failed")
-            return
-
-        self._source_symbol_map = self._parse_nm_source_output(result.stdout, obj_dir)
-        if self._source_symbol_map:
-            _LOGGER.info(
-                "Built source symbol map from nm: %d symbols",
-                len(self._source_symbol_map),
-            )
-
-    def _parse_nm_source_output(self, output: str, base_dir: Path) -> dict[str, str]:
-        """Parse nm output to map non-namespaced symbols to ESPHome components.
-
-        Extracts global defined symbols from ESPHome source object files that
-        don't use C++ namespacing (e.g. ``extern "C"`` functions).
-
-        Args:
-            output: Raw stdout from ``nm --print-file-name -g --defined-only``
-                or ``nm --print-file-name -S``.
-            base_dir: Build directory for computing relative paths.
-
-        Returns:
-            Dict mapping symbol names to component names.
-        """
-        source_map: dict[str, str] = {}
-        for line in output.splitlines():
-            # Format: /path/to/file.o: addr type name
-            #     or: /path/to/file.o: addr size type name (with -S)
-            colon_idx = line.rfind(".o:")
-            if colon_idx == -1:
-                continue
-
-            file_path = line[: colon_idx + 2]
-            fields = line[colon_idx + 3 :].split()
-            if len(fields) < 3:
-                continue
-
-            # With -S flag, format is: addr size type name
-            # Without -S flag: addr type name
-            # type is a single char; size is hex digits
-            # Detect by checking if fields[1] is a single uppercase letter (type)
-            if len(fields[1]) == 1 and fields[1].isalpha():
-                # addr type name
-                sym_type = fields[1]
-                symbol_name = fields[2]
-            elif len(fields) >= 4:
-                # addr size type name
-                sym_type = fields[2]
-                symbol_name = fields[3]
-            else:
-                continue
-
-            # Only global defined symbols (uppercase type)
-            if not sym_type.isupper() or sym_type == "U":
-                continue
-
-            # Skip symbols already in esphome:: namespace
-            if symbol_name.startswith("_ZN7esphome"):
-                continue
-
-            # Make path relative to base_dir for _source_file_to_component
-            try:
-                rel_path = str(Path(file_path).relative_to(base_dir))
-            except ValueError:
-                continue
-
-            component = self._source_file_to_component(rel_path)
-            if component.startswith(
-                (_COMPONENT_PREFIX_ESPHOME, _COMPONENT_PREFIX_EXTERNAL)
-            ):
-                source_map[symbol_name] = component
-
-        return source_map
-
-    def _find_object_files_dir(self) -> Path | None:
-        """Find the directory containing object files for this build.
-
-        Returns:
-            Path to the directory containing .o files, or None if not found.
-        """
-        # The ELF is typically at .pioenvs/<env>/firmware.elf
-        # Object files are in .pioenvs/<env>/src/ and .pioenvs/<env>/lib*/
-        pioenvs_dir = self.elf_path.parent
-        if pioenvs_dir.exists() and any(pioenvs_dir.glob("src/*.o")):
-            return pioenvs_dir
-        return None
-
-    @staticmethod
-    def _parse_nm_cswtch_output(
-        output: str,
-        base_dir: Path | None,
-        cswtch_map: dict[str, list[tuple[str, int]]],
-    ) -> None:
-        """Parse nm output for CSWTCH symbols and add to cswtch_map.
-
-        Handles both ``.o`` files and ``.a`` archives.
-
-        nm output formats::
-
-            .o files:  /path/file.o:hex_addr hex_size type name
-            .a files:  /path/lib.a:member.o:hex_addr hex_size type name
-
-        For ``.o`` files, paths are made relative to *base_dir* when possible.
-        For ``.a`` archives (detected by ``:`` in the file portion), paths are
-        formatted as ``archive_stem/member.o`` (e.g. ``liblwip2-536-feat/lwip-esp.o``).
-
-        Args:
-            output: Raw stdout from ``nm --print-file-name -S``.
-            base_dir: Base directory for computing relative paths of ``.o`` files.
-                      Pass ``None`` when scanning archives outside the build tree.
-            cswtch_map: Dict to populate, mapping ``"CSWTCH$N:size"`` to source list.
-        """
-        for line in output.splitlines():
-            if "CSWTCH$" not in line:
-                continue
-
-            # Split on last ":" that precedes a hex address.
-            # For .o:  "filepath.o" : "hex_addr hex_size type name"
-            # For .a:  "filepath.a:member.o" : "hex_addr hex_size type name"
-            parts_after_colon = line.rsplit(":", 1)
-            if len(parts_after_colon) != 2:
-                continue
-
-            file_path = parts_after_colon[0]
-            fields = parts_after_colon[1].split()
-            # fields: [address, size, type, name]
-            if len(fields) < 4:
-                continue
-
-            sym_name = fields[3]
-            if not sym_name.startswith("CSWTCH$"):
-                continue
-
-            try:
-                size = int(fields[1], 16)
-            except ValueError:
-                continue
-
-            # Determine readable source path
-            # Use ".a:" to detect archive format (not bare ":" which matches
-            # Windows drive letters like "C:\...\file.o").
-            if ".a:" in file_path:
-                # Archive format: "archive.a:member.o" → "archive_stem/member.o"
-                archive_part, member = file_path.rsplit(":", 1)
-                archive_name = Path(archive_part).stem
-                rel_path = f"{archive_name}/{member}"
-            elif base_dir is not None:
-                try:
-                    rel_path = str(Path(file_path).relative_to(base_dir))
-                except ValueError:
-                    rel_path = file_path
-            else:
-                rel_path = file_path
-
-            key = f"{sym_name}:{size}"
-            cswtch_map[key].append((rel_path, size))
-
-    def _run_nm_cswtch_scan(
-        self,
-        files: list[Path],
-        base_dir: Path | None,
-        cswtch_map: dict[str, list[tuple[str, int]]],
-    ) -> None:
-        """Run nm on *files* and add any CSWTCH symbols to *cswtch_map*.
-
-        Args:
-            files: Object (``.o``) or archive (``.a``) files to scan.
-            base_dir: Base directory for relative path computation (see
-                      :meth:`_parse_nm_cswtch_output`).
-            cswtch_map: Dict to populate with results.
-        """
-        if not self.nm_path or not files:
-            return
-
-        _LOGGER.debug("Scanning %d files for CSWTCH symbols", len(files))
-
-        result = run_tool(
-            [self.nm_path, "--print-file-name", "-S"] + [str(f) for f in files],
-            timeout=30,
-        )
-        if result is None or result.returncode != 0:
-            _LOGGER.debug(
-                "nm failed or timed out scanning %d files for CSWTCH symbols",
-                len(files),
-            )
-            return
-
-        self._parse_nm_cswtch_output(result.stdout, base_dir, cswtch_map)
-
-    def _scan_cswtch_in_sdk_archives(
-        self, cswtch_map: dict[str, list[tuple[str, int]]]
-    ) -> None:
-        """Scan SDK library archives (.a) for CSWTCH symbols.
-
-        Prebuilt SDK libraries (e.g. lwip, bearssl) are not compiled from source,
-        so their CSWTCH symbols only exist inside ``.a`` archives.  Results are
-        merged into *cswtch_map* for keys not already found in ``.o`` files.
-
-        The same source file (e.g. ``lwip-esp.o``) often appears in multiple
-        library variants (``liblwip2-536.a``, ``liblwip2-1460-feat.a``, etc.),
-        so results are deduplicated by member name.
-        """
-        sdk_dirs = self._find_sdk_library_dirs()
-        if not sdk_dirs:
-            return
-
-        sdk_archives = sorted(a for sdk_dir in sdk_dirs for a in sdk_dir.glob("*.a"))
-
-        sdk_map: dict[str, list[tuple[str, int]]] = defaultdict(list)
-        self._run_nm_cswtch_scan(sdk_archives, None, sdk_map)
-
-        # Merge SDK results, deduplicating by member name.
-        for key, sources in sdk_map.items():
-            if key in cswtch_map:
-                continue
-            seen: dict[str, tuple[str, int]] = {}
-            for path, sz in sources:
-                member = Path(path).name
-                if member not in seen:
-                    seen[member] = (path, sz)
-            cswtch_map[key] = list(seen.values())
-
-    def _source_file_to_component(self, source_file: str) -> str:
-        """Map a source object file path to its component name.
-
-        Args:
-            source_file: Relative path like 'src/esphome/components/wifi/wifi_component.cpp.o'
-
-        Returns:
-            Component name like '[esphome]wifi' or the source file if unknown.
-        """
-        parts = Path(source_file).parts
-
-        # ESPHome component: src/esphome/components/<name>/...
-        if "components" in parts:
-            idx = parts.index("components")
-            if idx + 1 < len(parts):
-                component_name = parts[idx + 1]
-                if component_name in get_esphome_components():
-                    return f"{_COMPONENT_PREFIX_ESPHOME}{component_name}"
-                if component_name in self.external_components:
-                    return f"{_COMPONENT_PREFIX_EXTERNAL}{component_name}"
-
-        # ESPHome-generated entry point: src/main.cpp.o (contains setup()/loop())
-        if len(parts) >= 2 and parts[-2:] == ("src", "main.cpp.o"):
-            return _COMPONENT_CORE
-
-        # ESPHome core: src/esphome/core/... or src/esphome/...
-        if "core" in parts and "esphome" in parts:
-            return _COMPONENT_CORE
-        if "esphome" in parts and "components" not in parts:
-            return _COMPONENT_CORE
-
-        # Framework/library files - check for PlatformIO library hash dirs
-        # e.g., lib65b/ESPAsyncTCP/... -> [lib]espasynctcp
-        if parts and parts[0] in self._lib_hash_to_name:
-            return f"{_COMPONENT_PREFIX_LIB}{self._lib_hash_to_name[parts[0]]}"
-
-        # ESP-IDF managed components: managed_components/espressif__mdns/... -> [lib]mdns
-        if (
-            len(parts) >= 2
-            and parts[0] == "managed_components"
-            and parts[1] in self._lib_hash_to_name
-        ):
-            return f"{_COMPONENT_PREFIX_LIB}{self._lib_hash_to_name[parts[1]]}"
-
-        # Other framework/library files - return the first path component
-        # e.g., FrameworkArduino/... -> FrameworkArduino
-        return parts[0] if parts else source_file
-
-    def _analyze_cswtch_symbols(self) -> None:
-        """Analyze CSWTCH (GCC switch table) symbols by tracing to source objects.
-
-        CSWTCH symbols are compiler-generated lookup tables for switch statements.
-        They are local symbols, so the same name can appear in different object files.
-        This method scans .o files and SDK archives to attribute them to their
-        source components.
-        """
-        obj_dir = self._find_object_files_dir()
-        if obj_dir is None:
-            _LOGGER.debug("No object files directory found, skipping CSWTCH analysis")
-            return
-
-        # Scan build-dir object files for CSWTCH symbols
-        cswtch_map: dict[str, list[tuple[str, int]]] = defaultdict(list)
-        self._run_nm_cswtch_scan(sorted(obj_dir.rglob("*.o")), obj_dir, cswtch_map)
-
-        # Also scan SDK library archives (.a) for CSWTCH symbols.
-        # Prebuilt SDK libraries (e.g. lwip, bearssl) are not compiled from source
-        # so their symbols only exist inside .a archives, not as loose .o files.
-        self._scan_cswtch_in_sdk_archives(cswtch_map)
-
-        if not cswtch_map:
-            _LOGGER.debug("No CSWTCH symbols found in object files or SDK archives")
-            return
-
-        # Collect CSWTCH symbols from the ELF (already parsed in sections)
-        # Include section_name for re-attribution of component totals
-        elf_cswtch = [
-            (symbol_name, size, section_name)
-            for section_name, section in self.sections.items()
-            for symbol_name, size, _ in section.symbols
-            if symbol_name.startswith("CSWTCH$")
-        ]
-
-        _LOGGER.debug(
-            "Found %d CSWTCH symbols in ELF, %d unique in object files",
-            len(elf_cswtch),
-            len(cswtch_map),
-        )
-
-        # Match ELF CSWTCH symbols to source files and re-attribute component totals.
-        # _categorize_symbols() already ran and put these into "other" since CSWTCH$
-        # names don't match any component pattern. We move the bytes to the correct
-        # component based on the object file mapping.
-        other_mem = self.components.get("other")
-
-        for sym_name, size, section_name in elf_cswtch:
-            key = f"{sym_name}:{size}"
-            sources = cswtch_map.get(key, [])
-
-            if len(sources) == 1:
-                source_file = sources[0][0]
-                component = self._source_file_to_component(source_file)
-            elif len(sources) > 1:
-                # Ambiguous - multiple object files have same CSWTCH name+size
-                source_file = "ambiguous"
-                component = "ambiguous"
-                _LOGGER.debug(
-                    "Ambiguous CSWTCH %s (%d B) found in %d files: %s",
-                    sym_name,
-                    size,
-                    len(sources),
-                    ", ".join(src for src, _ in sources),
-                )
-            else:
-                source_file = "unknown"
-                component = "unknown"
-
-            self._cswtch_symbols.append((sym_name, size, source_file, component))
-
-            # Re-attribute from "other" to the correct component
-            if (
-                component not in ("other", "unknown", "ambiguous")
-                and other_mem is not None
-            ):
-                other_mem.add_section_size(section_name, -size)
-                if component not in self.components:
-                    self.components[component] = ComponentMemory(component)
-                self.components[component].add_section_size(section_name, size)
-
-        # Sort by size descending
-        self._cswtch_symbols.sort(key=lambda x: x[1], reverse=True)
-
-        total_size = sum(size for _, size, _, _ in self._cswtch_symbols)
-        _LOGGER.debug(
-            "CSWTCH analysis: %d symbols, %d bytes total",
-            len(self._cswtch_symbols),
-            total_size,
-        )
-
-    def _analyze_function_calls(self) -> None:
-        """Count function call sites by parsing disassembly output.
-
-        Parses direct call instructions (call0/call8/bl/blx) from objdump -d
-        to count how many times each function is called. This helps identify
-        inlining candidates — frequently called small functions benefit most
-        from inlining.
-        """
-        result = run_tool(
-            [self.objdump_path, "-d", str(self.elf_path)],
-            timeout=60,
-        )
-        if result is None or result.returncode != 0:
-            _LOGGER.debug("Failed to disassemble ELF for function call analysis")
-            return
-
-        self._function_call_counts = Counter(
-            match.group(1)
-            for line in result.stdout.splitlines()
-            if (match := _CALL_TARGET_PATTERN.search(line))
-        )
-
-        # Demangle any call targets not already in the cache
-        missing = [
-            name
-            for name in self._function_call_counts
-            if name not in self._demangle_cache
-        ]
-        if missing:
-            self._batch_demangle_symbols(missing)
-
-        _LOGGER.debug(
-            "Function call analysis: %d unique targets, %d total calls",
-            len(self._function_call_counts),
-            sum(self._function_call_counts.values()),
-        )
-
    def get_unattributed_ram(self) -> tuple[int, int, int]:
        """Get unattributed RAM sizes (SDK/framework overhead).

--- a/esphome/analyze_memory/cli.py
+++ b/esphome/analyze_memory/cli.py
@@ -4,10 +4,7 @@ from __future__ import annotations

 from collections import defaultdict
 from collections.abc import Callable
-import heapq
 import json
-from operator import itemgetter
-from pathlib import Path
 import sys
 from typing import TYPE_CHECKING

@@ -16,8 +13,6 @@ from . import (
    _COMPONENT_CORE,
    _COMPONENT_PREFIX_ESPHOME,
    _COMPONENT_PREFIX_EXTERNAL,
-    _COMPONENT_PREFIX_LIB,
-    _PSTORAGE_SUFFIX,
    RAM_SECTIONS,
    MemoryAnalyzer,
 )
@@ -26,30 +21,15 @@ if TYPE_CHECKING:
    from . import ComponentMemory


-def _format_pstorage_name(name: str) -> str:
-    """Format a __pstorage symbol as 'storage for {id}'."""
-    if not name.endswith(_PSTORAGE_SUFFIX):
-        return name
-    prefix = name[: -len(_PSTORAGE_SUFFIX)]
-    # Strip component namespace prefix: {component}__{id} -> {id}
-    dunder_pos = prefix.find("__")
-    var_id = prefix[dunder_pos + 2 :] if dunder_pos != -1 else prefix
-    return f"storage for {var_id}"
-
-
 class MemoryAnalyzerCLI(MemoryAnalyzer):
    """Memory analyzer with CLI-specific report generation."""

    # Symbol size threshold for detailed analysis
    SYMBOL_SIZE_THRESHOLD: int = (
-        10  # Show symbols larger than this in detailed analysis
+        100  # Show symbols larger than this in detailed analysis
    )
    # Lower threshold for RAM symbols (RAM is more constrained)
    RAM_SYMBOL_SIZE_THRESHOLD: int = 24
-    # Number of top symbols to show in the largest symbols report
-    TOP_SYMBOLS_LIMIT: int = 30
-    # Width for symbol name display in top symbols report
-    COL_TOP_SYMBOL_NAME: int = 55

    # Column width constants
    COL_COMPONENT: int = 29
@@ -162,197 +142,11 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
        If section is one of the RAM sections (.data or .bss), a label like
        " [data]" or " [bss]" is appended. For non-RAM sections or when
        section is None, no section label is added.
-
-        Placement new storage symbols are formatted as "storage for {id}".
        """
-        display_name = _format_pstorage_name(demangled)
        section_label = ""
        if section in RAM_SECTIONS:
            section_label = f" [{section[1:]}]"  # .data -> [data], .bss -> [bss]
-        return f"{display_name} ({size:,} B){section_label}"
-
-    def _add_top_symbols(self, lines: list[str]) -> None:
-        """Add a section showing the top largest symbols in the binary."""
-        # Collect all symbols from all components: (symbol, demangled, size, section, component)
-        all_symbols = [
-            (symbol, demangled, size, section, component)
-            for component, symbols in self._component_symbols.items()
-            for symbol, demangled, size, section in symbols
-        ]
-
-        # Get top N symbols by size using heapq for efficiency
-        top_symbols = heapq.nlargest(
-            self.TOP_SYMBOLS_LIMIT, all_symbols, key=itemgetter(2)
-        )
-
-        lines.append("")
-        lines.append(f"Top {self.TOP_SYMBOLS_LIMIT} Largest Symbols:")
-        # Calculate truncation limit from column width (leaving room for "...")
-        truncate_limit = self.COL_TOP_SYMBOL_NAME - 3
-        for i, (_, demangled, size, section, component) in enumerate(top_symbols):
-            # Format section label
-            section_label = f"[{section[1:]}]" if section else ""
-            # Format storage symbols readably
-            display_name = _format_pstorage_name(demangled)
-            # Truncate if too long
-            demangled_display = (
-                f"{display_name[:truncate_limit]}..."
-                if len(display_name) > self.COL_TOP_SYMBOL_NAME
-                else display_name
-            )
-            lines.append(
-                f"{i + 1:>2}. {size:>7,} B {section_label:<8} {demangled_display:<{self.COL_TOP_SYMBOL_NAME}} {component}"
-            )
-
-    def _add_cswtch_analysis(self, lines: list[str]) -> None:
-        """Add CSWTCH (GCC switch table lookup) analysis section."""
-        self._add_section_header(lines, "CSWTCH Analysis (GCC Switch Table Lookups)")
-
-        total_size = sum(size for _, size, _, _ in self._cswtch_symbols)
-        lines.append(
-            f"Total: {len(self._cswtch_symbols)} switch table(s), {total_size:,} B"
-        )
-        lines.append("")
-
-        # Group by component
-        by_component: dict[str, list[tuple[str, int, str]]] = defaultdict(list)
-        for sym_name, size, source_file, component in self._cswtch_symbols:
-            by_component[component].append((sym_name, size, source_file))
-
-        # Sort components by total size descending
-        sorted_components = sorted(
-            by_component.items(),
-            key=lambda x: sum(s[1] for s in x[1]),
-            reverse=True,
-        )
-
-        for component, symbols in sorted_components:
-            comp_total = sum(s[1] for s in symbols)
-            lines.append(f"{component} ({comp_total:,} B, {len(symbols)} tables):")
-
-            # Group by source file within component
-            by_file: dict[str, list[tuple[str, int]]] = defaultdict(list)
-            for sym_name, size, source_file in symbols:
-                by_file[source_file].append((sym_name, size))
-
-            for source_file, file_symbols in sorted(
-                by_file.items(),
-                key=lambda x: sum(s[1] for s in x[1]),
-                reverse=True,
-            ):
-                file_total = sum(s[1] for s in file_symbols)
-                lines.append(
-                    f"  {source_file} ({file_total:,} B, {len(file_symbols)} tables)"
-                )
-                for sym_name, size in sorted(
-                    file_symbols, key=lambda x: x[1], reverse=True
-                ):
-                    lines.append(f"    {size:>6,} B  {sym_name}")
-            lines.append("")
-
-    # Number of top called functions to show
-    TOP_CALLS_LIMIT: int = 50
-    # Number of inlining candidates to show
-    INLINE_CANDIDATES_LIMIT: int = 25
-    # Maximum function size in bytes to consider for inlining
-    INLINE_SIZE_THRESHOLD: int = 16
-
-    def _build_symbol_sizes(self) -> dict[str, int]:
-        """Build a size lookup from all component symbols: mangled_name -> size."""
-        return {
-            symbol: size
-            for symbols in self._component_symbols.values()
-            for symbol, _, size, _ in symbols
-        }
-
-    def _format_call_row(
-        self, index: int, mangled: str, count: int, symbol_sizes: dict[str, int]
-    ) -> str:
-        """Format a single row for call frequency tables."""
-        demangled = self._demangle_cache.get(mangled, mangled)
-        if len(demangled) > 80:
-            demangled = f"{demangled[:77]}..."
-        size = symbol_sizes.get(mangled)
-        size_str = f"{size:>5,} B" if size is not None else "      ?"
-        return f"{index:>3}  {count:>5}  {size_str}  {demangled}"
-
-    def _add_call_table_header(self, lines: list[str]) -> None:
-        """Add the header row for call frequency tables."""
-        lines.append(f"{'#':>3}  {'Calls':>5}  {'Size':>7}  Function")
-        lines.append(f"{'---':>3}  {'-----':>5}  {'-------':>7}  {'-' * 60}")
-
-    def _add_function_call_analysis(self, lines: list[str]) -> None:
-        """Add function call frequency analysis section.
-
-        Shows the most frequently called functions by call site count.
-        """
-        self._add_section_header(lines, "Top Called Functions")
-
-        symbol_sizes = self._build_symbol_sizes()
-
-        # Sort by call count descending
-        sorted_calls = sorted(
-            self._function_call_counts.items(), key=lambda x: x[1], reverse=True
-        )
-
-        self._add_call_table_header(lines)
-
-        for i, (mangled, count) in enumerate(sorted_calls[: self.TOP_CALLS_LIMIT]):
-            lines.append(self._format_call_row(i + 1, mangled, count, symbol_sizes))
-
-        total_calls = sum(self._function_call_counts.values())
-        lines.append("")
-        lines.append(
-            f"Total: {len(self._function_call_counts)} unique targets, "
-            f"{total_calls:,} call sites"
-        )
-        lines.append("")
-
-    def _add_inline_candidates(self, lines: list[str]) -> None:
-        """Add inlining candidates section.
-
-        Shows frequently called functions that are small enough to benefit
-        from inlining (< 16 bytes). These are the best candidates for
-        reducing call overhead.
-        """
-        self._add_section_header(
-            lines,
-            f"Inlining Candidates (<{self.INLINE_SIZE_THRESHOLD} B, by call count)",
-        )
-
-        symbol_sizes = self._build_symbol_sizes()
-
-        # Filter to small functions with known size, sort by call count
-        candidates = sorted(
-            (
-                (mangled, count)
-                for mangled, count in self._function_call_counts.items()
-                if mangled in symbol_sizes
-                and symbol_sizes[mangled] < self.INLINE_SIZE_THRESHOLD
-            ),
-            key=lambda x: x[1],
-            reverse=True,
-        )
-
-        if not candidates:
-            lines.append("No candidates found.")
-            lines.append("")
-            return
-
-        self._add_call_table_header(lines)
-
-        for i, (mangled, count) in enumerate(
-            candidates[: self.INLINE_CANDIDATES_LIMIT]
-        ):
-            lines.append(self._format_call_row(i + 1, mangled, count, symbol_sizes))
-
-        lines.append("")
-        lines.append(
-            f"Showing top {min(len(candidates), self.INLINE_CANDIDATES_LIMIT)} "
-            f"of {len(candidates)} functions under "
-            f"{self.INLINE_SIZE_THRESHOLD} B"
-        )
-        lines.append("")
+        return f"{demangled} ({size:,} B){section_label}"

    def generate_report(self, detailed: bool = False) -> str:
        """Generate a formatted memory report."""
@@ -455,9 +249,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            "RAM",
        )

-        # Top largest symbols in the binary
-        self._add_top_symbols(lines)
-
        # Add ESPHome core detailed analysis if there are core symbols
        if self._esphome_core_symbols:
            self._add_section_header(lines, f"{_COMPONENT_CORE} Detailed Analysis")
@@ -511,7 +302,7 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            lines.append(
                f"{_COMPONENT_CORE} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B ({len(large_core_symbols)} symbols):"
            )
-            for i, (_symbol, demangled, size) in enumerate(large_core_symbols):
+            for i, (symbol, demangled, size) in enumerate(large_core_symbols):
                # Core symbols only track (symbol, demangled, size) without section info,
                # so we don't show section labels here
                lines.append(
@@ -531,11 +322,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            for name, mem in components
            if name.startswith(_COMPONENT_PREFIX_EXTERNAL)
        ]
-        library_components = [
-            (name, mem)
-            for name, mem in components
-            if name.startswith(_COMPONENT_PREFIX_LIB)
-        ]

        top_esphome_components = sorted(
            esphome_components, key=lambda x: x[1].flash_total, reverse=True
@@ -546,11 +332,6 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            external_components, key=lambda x: x[1].flash_total, reverse=True
        )

-        # Include all library components
-        top_library_components = sorted(
-            library_components, key=lambda x: x[1].flash_total, reverse=True
-        )
-
        # Check if API component exists and ensure it's included
        api_component = None
        for name, mem in components:
@@ -569,11 +350,10 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            if name in system_components_to_include
        ]

-        # Combine all components to analyze: top ESPHome + all external + libraries + API if not already included + system components
+        # Combine all components to analyze: top ESPHome + all external + API if not already included + system components
        components_to_analyze = (
            list(top_esphome_components)
            + list(top_external_components)
-            + list(top_library_components)
            + system_components
        )
        if api_component and api_component not in components_to_analyze:
@@ -592,18 +372,17 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
                lines.append(f"Total size: {comp_mem.flash_total:,} B")
                lines.append("")

-                # Show symbols above threshold, always include storage symbols
+                # Show all symbols above threshold for better visibility
                large_symbols = [
                    (sym, dem, size, sec)
                    for sym, dem, size, sec in sorted_symbols
                    if size > self.SYMBOL_SIZE_THRESHOLD
-                    or dem.endswith(_PSTORAGE_SUFFIX)
                ]

                lines.append(
-                    f"{comp_name} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B & storage ({len(large_symbols)} symbols):"
+                    f"{comp_name} Symbols > {self.SYMBOL_SIZE_THRESHOLD} B ({len(large_symbols)} symbols):"
                )
-                for i, (_symbol, demangled, size, section) in enumerate(large_symbols):
+                for i, (symbol, demangled, size, section) in enumerate(large_symbols):
                    lines.append(
                        f"{i + 1}. {self._format_symbol_with_section(demangled, size, section)}"
                    )
@@ -624,10 +403,7 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
            # Sort by size descending
            sorted_ram_syms = sorted(ram_syms, key=lambda x: x[2], reverse=True)
            large_ram_syms = [
-                s
-                for s in sorted_ram_syms
-                if s[2] > self.RAM_SYMBOL_SIZE_THRESHOLD
-                or s[1].endswith(_PSTORAGE_SUFFIX)
+                s for s in sorted_ram_syms if s[2] > self.RAM_SYMBOL_SIZE_THRESHOLD
            ]

            lines.append(f"{name} ({mem.ram_total:,} B total RAM):")
@@ -642,30 +418,20 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
                lines.append(
                    f"  Symbols > {self.RAM_SYMBOL_SIZE_THRESHOLD} B ({len(large_ram_syms)}):"
                )
-                for _symbol, demangled, size, section in large_ram_syms[:10]:
+                for symbol, demangled, size, section in large_ram_syms[:10]:
                    # Format section label consistently by stripping leading dot
                    section_label = section.lstrip(".") if section else ""
-                    display_name = _format_pstorage_name(demangled)
                    # Add ellipsis if name is truncated
-                    display_name = (
-                        f"{display_name[:70]}..."
-                        if len(display_name) > 70
-                        else display_name
+                    demangled_display = (
+                        f"{demangled[:70]}..." if len(demangled) > 70 else demangled
+                    )
+                    lines.append(
+                        f"    {size:>6,} B [{section_label}] {demangled_display}"
                    )
-                    lines.append(f"    {size:>6,} B [{section_label}] {display_name}")
                if len(large_ram_syms) > 10:
                    lines.append(f"    ... and {len(large_ram_syms) - 10} more")
            lines.append("")

-        # CSWTCH (GCC switch table) analysis
-        if self._cswtch_symbols:
-            self._add_cswtch_analysis(lines)
-
-        # Function call frequency analysis
-        if self._function_call_counts:
-            self._add_function_call_analysis(lines)
-            self._add_inline_candidates(lines)
-
        lines.append(
            "Note: This analysis covers symbols in the ELF file. Some runtime allocations may not be included."
        )
@@ -673,6 +439,28 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):

        return "\n".join(lines)

+    def to_json(self) -> str:
+        """Export analysis results as JSON."""
+        data = {
+            "components": {
+                name: {
+                    "text": mem.text_size,
+                    "rodata": mem.rodata_size,
+                    "data": mem.data_size,
+                    "bss": mem.bss_size,
+                    "flash_total": mem.flash_total,
+                    "ram_total": mem.ram_total,
+                    "symbol_count": mem.symbol_count,
+                }
+                for name, mem in self.components.items()
+            },
+            "totals": {
+                "flash": sum(c.flash_total for c in self.components.values()),
+                "ram": sum(c.ram_total for c in self.components.values()),
+            },
+        }
+        return json.dumps(data, indent=2)
+
    def dump_uncategorized_symbols(self, output_file: str | None = None) -> None:
        """Dump uncategorized symbols for analysis."""
        # Sort by size descending
@@ -701,7 +489,7 @@ class MemoryAnalyzerCLI(MemoryAnalyzer):
        content = "\n".join(lines)

        if output_file:
-            with Path(output_file).open("w", encoding="utf-8") as f:
+            with open(output_file, "w", encoding="utf-8") as f:
                f.write(content)
        else:
            print(content)
@@ -739,8 +527,9 @@ def main():

    # Load build directory
    import json
+    from pathlib import Path

-    from esphome.platformio.toolchain import IDEData
+    from esphome.platformio_api import IDEData

    build_path = Path(build_dir)

@@ -786,7 +575,7 @@ def main():
        if not idedata_path.exists():
            continue
        try:
-            with idedata_path.open(encoding="utf-8") as f:
+            with open(idedata_path, encoding="utf-8") as f:
                raw_data = json.load(f)
            idedata = IDEData(raw_data)
            print(f"Loaded idedata from: {idedata_path}", file=sys.stderr)
--- a/esphome/analyze_memory/const.py
+++ b/esphome/analyze_memory/const.py
@@ -66,6 +66,15 @@ SECTION_MAPPING = {
    ),
 }

+# Section to ComponentMemory attribute mapping
+# Maps section names to the attribute name in ComponentMemory dataclass
+SECTION_TO_ATTR = {
+    ".text": "text_size",
+    ".rodata": "rodata_size",
+    ".data": "data_size",
+    ".bss": "bss_size",
+}
+
 # Component identification rules
 # Symbol patterns: patterns found in raw symbol names
 SYMBOL_PATTERNS = {
@@ -256,7 +265,7 @@ SYMBOL_PATTERNS = {
    "ipv6_stack": ["nd6_", "ip6_", "mld6_", "icmp6_", "icmp6_input"],
    # Order matters! More specific categories must come before general ones.
    # mdns must come before bluetooth to avoid "_mdns_disable_pcb" matching "ble_" pattern
-    "mdns_lib": ["mdns", "packet$"],
+    "mdns_lib": ["mdns"],
    # memory_mgmt must come before wifi_stack to catch mmu_hal_* symbols
    "memory_mgmt": [
        "mem_",
@@ -408,6 +417,7 @@ SYMBOL_PATTERNS = {
    ],
    "arduino_core": [
        "pinMode",
+        "resetPins",
        "millis",
        "micros",
        "delay(",  # More specific - Arduino delay function with parenthesis
@@ -503,9 +513,7 @@ SYMBOL_PATTERNS = {
        "__FUNCTION__$",
        "DAYS_IN_MONTH",
        "_DAYS_BEFORE_MONTH",
-        # Note: CSWTCH$ symbols are GCC switch table lookup tables.
-        # They are attributed to their source object files via _analyze_cswtch_symbols()
-        # rather than being lumped into libc.
+        "CSWTCH$",
        "dst$",
        "sulp",
        "_strtol_l",  # String to long with locale
@@ -793,6 +801,7 @@ SYMBOL_PATTERNS = {
        "s_dp",
        "s_ni",
        "s_reg_dump",
+        "packet$",
        "d_mult_table",
        "K",
        "fcstab",
--- a/esphome/analyze_memory/demangle.py
+++ b/esphome/analyze_memory/demangle.py
@@ -154,7 +154,7 @@ def batch_demangle(
    failed_count = 0

    for original, stripped, prefix, demangled in zip(
-        symbols, symbols_stripped, symbols_prefixes, demangled_lines, strict=True
+        symbols, symbols_stripped, symbols_prefixes, demangled_lines
    ):
        # Add back any prefix that was removed
        demangled = _restore_symbol_prefix(prefix, stripped, demangled)
--- a/esphome/analyze_memory/toolchain.py
+++ b/esphome/analyze_memory/toolchain.py
@@ -3,6 +3,7 @@
 from __future__ import annotations

 import logging
+import os
 from pathlib import Path
 import subprocess
 from typing import TYPE_CHECKING
@@ -36,7 +37,7 @@ def _find_in_platformio_packages(tool_name: str) -> str | None:
        Full path to the tool or None if not found
    """
    # Get PlatformIO packages directory
-    platformio_home = Path("~/.platformio/packages").expanduser()
+    platformio_home = Path(os.path.expanduser("~/.platformio/packages"))
    if not platformio_home.exists():
        return None

--- a/esphome/async_thread.py
+++ b/esphome/async_thread.py
@@ -1,56 +0,0 @@
-"""Helpers for running an async coroutine from sync code via a daemon thread.
-
-``asyncio.run(coro())`` in the main thread blocks until the loop's cleanup
-cycle finishes, which can add hundreds of milliseconds before the caller
-receives the result. Running the loop in a daemon thread lets the caller
-observe the result as soon as the coroutine completes while cleanup finishes
-in the background.
-"""
-
-from __future__ import annotations
-
-import asyncio
-from collections.abc import Awaitable, Callable
-import threading
-from typing import Generic, TypeVar
-
-_T = TypeVar("_T")
-
-
-class AsyncThreadRunner(threading.Thread, Generic[_T]):
-    """Run an async coroutine in a daemon thread and expose its result.
-
-    The runner catches all exceptions from the coroutine and stores them in
-    ``exception`` so ``event`` is always set — this prevents callers waiting
-    on ``event`` from hanging forever when the coroutine crashes.
-
-    Typical usage::
-
-        runner = AsyncThreadRunner(lambda: my_coro(arg))
-        runner.start()
-        if not runner.event.wait(timeout=5.0):
-            ...  # timed out
-        if runner.exception is not None:
-            raise runner.exception
-        result = runner.result
-    """
-
-    def __init__(self, coro_factory: Callable[[], Awaitable[_T]]) -> None:
-        super().__init__(daemon=True)
-        self._coro_factory = coro_factory
-        self.result: _T | None = None
-        self.exception: BaseException | None = None
-        self.event = threading.Event()
-
-    async def _runner(self) -> None:
-        try:
-            self.result = await self._coro_factory()
-        except Exception as exc:  # noqa: BLE001  # pylint: disable=broad-except
-            # Capture all exceptions so ``event`` is always set — otherwise a
-            # crash would hang the waiter forever.
-            self.exception = exc
-        finally:
-            self.event.set()
-
-    def run(self) -> None:
-        asyncio.run(self._runner())
--- a/esphome/automation.py
+++ b/esphome/automation.py
@@ -1,6 +1,3 @@
-from dataclasses import dataclass, field
-import logging
-
 import esphome.codegen as cg
 import esphome.config_validation as cv
 from esphome.const import (
@@ -60,42 +57,8 @@ def maybe_conf(conf, *validators):
    return validate


-_LOGGER = logging.getLogger(__name__)
-
-
-def register_action(
-    name: str,
-    action_type: MockObjClass,
-    schema: cv.Schema,
-    *,
-    synchronous: bool | None = None,
-):
-    """Register an action type.
-
-    All callers must pass ``synchronous`` explicitly.
-
-    ``synchronous=True`` — the action never defers ``play_next_()`` to a
-    later point (callback, timer, or ``loop()``).  Trigger arguments are
-    only used during the initial call, so string args can use non-owning
-    StringRef for zero-copy access.
-
-    ``synchronous=False`` — the action defers ``play_next_()`` via a
-    callback, timer, or ``Component::loop()``.  Trigger arguments must
-    outlive the initial call, so string args use owning std::string to
-    prevent dangling references.
-    """
-    if synchronous is None:
-        _LOGGER.warning(
-            "register_action('%s', ...) is missing the synchronous= parameter. "
-            "Defaulting to synchronous=False (safe but prevents StringRef "
-            "optimization). Check the C++ class: use synchronous=False if "
-            "play_next_() is deferred to a callback, timer, or loop(); "
-            "use synchronous=True if play_next_() always runs before the "
-            "initial play/play_complex call returns",
-            name,
-        )
-        synchronous = False
-    return ACTION_REGISTRY.register(name, action_type, schema, synchronous=synchronous)
+def register_action(name: str, action_type: MockObjClass, schema: cv.Schema):
+    return ACTION_REGISTRY.register(name, action_type, schema)


 def register_condition(name: str, condition_type: MockObjClass, schema: cv.Schema):
@@ -127,7 +90,7 @@ def validate_potentially_or_condition(value):
    return validate_condition(value)


-DelayAction = cg.esphome_ns.class_("DelayAction", Action)
+DelayAction = cg.esphome_ns.class_("DelayAction", Action, cg.Component)
 LambdaAction = cg.esphome_ns.class_("LambdaAction", Action)
 StatelessLambdaAction = cg.esphome_ns.class_("StatelessLambdaAction", Action)
 IfAction = cg.esphome_ns.class_("IfAction", Action)
@@ -138,9 +101,6 @@ UpdateComponentAction = cg.esphome_ns.class_("UpdateComponentAction", Action)
 SuspendComponentAction = cg.esphome_ns.class_("SuspendComponentAction", Action)
 ResumeComponentAction = cg.esphome_ns.class_("ResumeComponentAction", Action)
 Automation = cg.esphome_ns.class_("Automation")
-TriggerForwarder = cg.esphome_ns.class_("TriggerForwarder")
-TriggerOnTrueForwarder = cg.esphome_ns.class_("TriggerOnTrueForwarder")
-TriggerOnFalseForwarder = cg.esphome_ns.class_("TriggerOnFalseForwarder")

 LambdaCondition = cg.esphome_ns.class_("LambdaCondition", Condition)
 StatelessLambdaCondition = cg.esphome_ns.class_("StatelessLambdaCondition", Condition)
@@ -199,10 +159,11 @@ def validate_automation(extra_schema=None, extra_validators=None, single=False):
                    return cv.Schema([schema])(value)
                except cv.Invalid as err2:
                    if "extra keys not allowed" in str(err2) and len(err2.path) == 2:
-                        raise err from None
+                        # pylint: disable=raise-missing-from
+                        raise err
                    if "Unable to find action" in str(err):
-                        raise err2 from None
-                    raise cv.MultipleInvalid([err, err2]) from None
+                        raise err2
+                    raise cv.MultipleInvalid([err, err2])
        elif isinstance(value, dict):
            if CONF_THEN in value:
                return [schema(value)]
@@ -250,9 +211,7 @@ async def and_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("or", OrCondition, validate_condition_list)
@@ -263,9 +222,7 @@ async def or_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("all", AndCondition, validate_condition_list)
@@ -276,9 +233,7 @@ async def all_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("any", OrCondition, validate_condition_list)
@@ -289,9 +244,7 @@ async def any_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("not", NotCondition, validate_potentially_and_condition)
@@ -313,9 +266,7 @@ async def xor_condition_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    conditions = await build_condition_list(config, template_arg, args)
-    return cg.new_Pvariable(
-        condition_id, cg.TemplateArguments(len(conditions), *template_arg), conditions
-    )
+    return cg.new_Pvariable(condition_id, template_arg, conditions)


@register_condition("lambda", LambdaCondition, cv.returning_lambda)
@@ -384,10 +335,7 @@ async def component_is_idle_condition_to_code(


@register_action(
-    "delay",
-    DelayAction,
-    cv.templatable(cv.positive_time_period_milliseconds),
-    synchronous=False,
+    "delay", DelayAction, cv.templatable(cv.positive_time_period_milliseconds)
 )
 async def delay_action_to_code(
    config: ConfigType,
@@ -396,6 +344,7 @@ async def delay_action_to_code(
    args: TemplateArgsType,
 ) -> MockObj:
    var = cg.new_Pvariable(action_id, template_arg)
+    await cg.register_component(var, {})
    template_ = await cg.templatable(config, args, cg.uint32)
    cg.add(var.set_delay(template_))
    return var
@@ -417,7 +366,6 @@ async def delay_action_to_code(
        cv.has_at_least_one_key(CONF_THEN, CONF_ELSE),
        cv.has_at_least_one_key(CONF_CONDITION, CONF_ANY, CONF_ALL),
    ),
-    synchronous=True,
 )
 async def if_action_to_code(
    config: ConfigType,
@@ -425,16 +373,13 @@ async def if_action_to_code(
    template_arg: cg.TemplateArguments,
    args: TemplateArgsType,
 ) -> MockObj:
-    has_else = CONF_ELSE in config
-    # Prepend HasElse bool to template arguments: IfAction<HasElse, Ts...>
-    if_template_arg = cg.TemplateArguments(has_else, *template_arg)
    cond_conf = next(el for el in config if el in (CONF_ANY, CONF_ALL, CONF_CONDITION))
    condition = await build_condition(config[cond_conf], template_arg, args)
-    var = cg.new_Pvariable(action_id, if_template_arg, condition)
+    var = cg.new_Pvariable(action_id, template_arg, condition)
    if CONF_THEN in config:
        actions = await build_action_list(config[CONF_THEN], template_arg, args)
        cg.add(var.add_then(actions))
-    if has_else:
+    if CONF_ELSE in config:
        actions = await build_action_list(config[CONF_ELSE], template_arg, args)
        cg.add(var.add_else(actions))
    return var
@@ -449,7 +394,6 @@ async def if_action_to_code(
            cv.Required(CONF_THEN): validate_action_list,
        }
    ),
-    synchronous=True,
 )
 async def while_action_to_code(
    config: ConfigType,
@@ -473,7 +417,6 @@ async def while_action_to_code(
            cv.Required(CONF_THEN): validate_action_list,
        }
    ),
-    synchronous=True,
 )
 async def repeat_action_to_code(
    config: ConfigType,
@@ -502,7 +445,7 @@ _validate_wait_until = cv.maybe_simple_value(
 )


-@register_action("wait_until", WaitUntilAction, _validate_wait_until, synchronous=False)
+@register_action("wait_until", WaitUntilAction, _validate_wait_until)
 async def wait_until_action_to_code(
    config: ConfigType,
    action_id: ID,
@@ -518,12 +461,7 @@ async def wait_until_action_to_code(
    return var


-# Lambda executes user C++ inline and returns — synchronous by execution model.
-# User code could theoretically store the StringRef for deferred use, but StringRef
-# is a view type and storing views beyond their scope is always unsafe regardless
-# of this optimization.  Marking non-synchronous would disable StringRef for nearly
-# all user services since most use lambda.
-@register_action("lambda", LambdaAction, cv.lambda_, synchronous=True)
+@register_action("lambda", LambdaAction, cv.lambda_)
 async def lambda_action_to_code(
    config: ConfigType,
    action_id: ID,
@@ -542,7 +480,6 @@ async def lambda_action_to_code(
            cv.Required(CONF_ID): cv.use_id(cg.PollingComponent),
        }
    ),
-    synchronous=True,
 )
 async def component_update_action_to_code(
    config: ConfigType,
@@ -562,7 +499,6 @@ async def component_update_action_to_code(
            cv.Required(CONF_ID): cv.use_id(cg.PollingComponent),
        }
    ),
-    synchronous=True,
 )
 async def component_suspend_action_to_code(
    config: ConfigType,
@@ -585,7 +521,6 @@ async def component_suspend_action_to_code(
            ),
        }
    ),
-    synchronous=True,
 )
 async def component_resume_action_to_code(
    config: ConfigType,
@@ -596,7 +531,7 @@ async def component_resume_action_to_code(
    comp = await cg.get_variable(config[CONF_ID])
    var = cg.new_Pvariable(action_id, template_arg, comp)
    if CONF_UPDATE_INTERVAL in config:
-        template_ = await cg.templatable(config[CONF_UPDATE_INTERVAL], args, cg.uint32)
+        template_ = await cg.templatable(config[CONF_UPDATE_INTERVAL], args, int)
        cg.add(var.set_update_interval(template_))
    return var

@@ -643,27 +578,6 @@ async def build_condition_list(
    return conditions


-def has_non_synchronous_actions(actions: ConfigType) -> bool:
-    """Check if a validated action list contains any non-synchronous actions.
-
-    Non-synchronous actions (delay, wait_until, script.wait, etc.) store
-    trigger args for later execution, making non-owning types like StringRef
-    unsafe.
-    """
-    if isinstance(actions, list):
-        return any(has_non_synchronous_actions(item) for item in actions)
-    if isinstance(actions, dict):
-        for key in actions:
-            if key in ACTION_REGISTRY and not ACTION_REGISTRY[key].synchronous:
-                return True
-        return any(
-            has_non_synchronous_actions(v)
-            for v in actions.values()
-            if isinstance(v, (list, dict))
-        )
-    return False
-
-
 async def build_automation(
    trigger: MockObj, args: TemplateArgsType, config: ConfigType
 ) -> MockObj:
@@ -673,76 +587,3 @@ async def build_automation(
    actions = await build_action_list(config[CONF_THEN], templ, args)
    cg.add(obj.add_actions(actions))
    return obj
-
-
-async def build_callback_automation(
-    parent: MockObj,
-    callback_method: str,
-    args: TemplateArgsType,
-    config: ConfigType,
-    forwarder: MockObj | MockObjClass | None = None,
-) -> None:
-    """Build an Automation and register it as a callback on the parent.
-
-    Eliminates the need for a Trigger wrapper object by registering the
-    automation's trigger() directly as a callback on the parent component.
-
-    Uses template forwarder structs so the compiler deduplicates the operator()
-    body across all call sites with the same signature. The forwarder must be
-    pointer-sized (single Automation* field) to fit inline in Callback::ctx_
-    and avoid heap allocation.
-
-    :param parent: The component object (e.g., button, sensor).
-    :param callback_method: Name of the callback method (e.g., "add_on_press_callback").
-    :param args: Automation template args as list of (type, name) tuples.
-    :param config: The automation config dict.
-    :param forwarder: Optional forwarder type to use instead of the default
-        TriggerForwarder<Ts...>. Pass any struct type whose aggregate init takes
-        a single Automation pointer (e.g., TriggerOnTrueForwarder).
-    """
-    arg_types = [arg[0] for arg in args]
-    templ = cg.TemplateArguments(*arg_types)
-    obj = cg.new_Pvariable(config[CONF_AUTOMATION_ID], templ)
-    actions = await build_action_list(config[CONF_THEN], templ, args)
-    cg.add(obj.add_actions(actions))
-    # Use template forwarder structs for deduplication. The compiler generates
-    # one operator() per forwarder type; different automation pointers are just
-    # data in the struct.
-    if forwarder is None:
-        forwarder = TriggerForwarder.template(templ)
-    # RawExpression for aggregate init — both forwarder and obj are codegen
-    # MockObjs (not user input), and there's no Expression type for positional
-    # aggregate initialization (StructInitializer uses named fields).
-    cg.add(getattr(parent, callback_method)(cg.RawExpression(f"{forwarder}{{{obj}}}")))
-
-
-@dataclass(frozen=True, slots=True)
-class CallbackAutomation:
-    """A single callback automation entry for build_callback_automations."""
-
-    conf_key: str
-    callback_method: str
-    args: TemplateArgsType = field(default_factory=list)
-    forwarder: MockObj | MockObjClass | None = None
-
-
-async def build_callback_automations(
-    parent: MockObj,
-    config: ConfigType,
-    entries: tuple[CallbackAutomation, ...],
-) -> None:
-    """Build multiple callback automations from a tuple of entries.
-
-    :param parent: The component object (e.g., button, sensor).
-    :param config: The full component config dict.
-    :param entries: Tuple of CallbackAutomation entries to process.
-    """
-    for entry in entries:
-        for conf in config.get(entry.conf_key, []):
-            await build_callback_automation(
-                parent,
-                entry.callback_method,
-                entry.args,
-                conf,
-                forwarder=entry.forwarder,
-            )
--- a/esphome/build_gen/espidf.py
+++ b/esphome/build_gen/espidf.py
@@ -1,240 +0,0 @@
-"""ESP-IDF direct build generator for ESPHome."""
-
-import json
-from pathlib import Path
-
-from esphome.components.esp32 import get_esp32_variant, idf_version
-import esphome.config_validation as cv
-from esphome.core import CORE
-from esphome.framework_helpers import get_project_compile_flags, get_project_link_flags
-from esphome.helpers import mkdir_p, write_file_if_changed
-
-# Replaces the IDF default C++ standard (-std=gnu++2b appended to
-# CXX_COMPILE_OPTIONS by project.cmake's __build_init) with the one set via
-# cg.set_cpp_standard(). Emitted between include(project.cmake) and project(),
-# i.e. after IDF appends its default and before the options are consumed, and
-# applies project-wide like PlatformIO build_unflags.
-CPP_STANDARD_TEMPLATE = """\
-idf_build_get_property(esphome_cxx_compile_options CXX_COMPILE_OPTIONS)
-list(FILTER esphome_cxx_compile_options EXCLUDE REGEX "^-std=")
-list(APPEND esphome_cxx_compile_options "-std={standard}")
-idf_build_set_property(CXX_COMPILE_OPTIONS "${{esphome_cxx_compile_options}}")"""
-
-
-def get_available_components() -> list[str] | None:
-    """Get list of built-in ESP-IDF components from project_description.json.
-
-    Excludes ``src``, IDF-managed components (``managed_components/``), and
-    converted PIO libs (``pio_components/``). Returns ``None`` if the build
-    dir or ``project_description.json`` isn't ready yet.
-    """
-    if CORE.build_path is None:
-        return None
-    project_desc = Path(CORE.build_path) / "build" / "project_description.json"
-    if not project_desc.exists():
-        return None
-
-    try:
-        with project_desc.open(encoding="utf-8") as f:
-            data = json.load(f)
-
-        component_info = data.get("build_component_info", {})
-
-        result = []
-        for name, info in component_info.items():
-            # Exclude our own src component
-            if name == "src":
-                continue
-
-            # Exclude IDF-managed and converted-PIO components (external).
-            comp_dir = info.get("dir", "")
-            if "managed_components" in comp_dir or "pio_components" in comp_dir:
-                continue
-
-            result.append(name)
-
-        return result
-    except (json.JSONDecodeError, OSError):
-        return None
-
-
-def has_discovered_components() -> bool:
-    """Check if we have discovered components from a previous configure."""
-    return get_available_components() is not None
-
-
-def get_project_cmakelists(minimal: bool = False) -> str:
-    """Generate the top-level CMakeLists.txt for ESP-IDF project.
-
-    When ``minimal`` is true, omit ``ESPHOME_PROJECT_BUILTIN_COMPONENTS``
-    since ``project_description.json`` may be stale on the first write.
-    """
-    # Get IDF target from ESP32 variant (e.g., ESP32S3 -> esp32s3)
-    variant = get_esp32_variant()
-    idf_target = variant.lower().replace("-", "")
-
-    # esp_idf_size 2.x (bundled with IDF >=6.0) made NG the default and
-    # removed the --ng flag; on 1.x (IDF 5.5) --ng is required to get
-    # --format=raw because the legacy mode doesn't support it.
-    size_ng_flag = "--ng" if idf_version() < cv.Version(6, 0, 0) else ""
-
-    # Project-wide compile options: -D defines and -W warning flags (skip
-    # -Wl, linker flags — those go on the src component via
-    # target_link_options below). Emitted via idf_build_set_property so the
-    # flags propagate to every IDF component (including managed ones like
-    # esphome__micro-mp3) rather than just src/. Required so suppressions
-    # like ``-Wno-error=maybe-uninitialized`` actually silence warnings in
-    # third-party components we don't author.
-    project_compile_opts = get_project_compile_flags()
-    extra_compile_options = "\n".join(
-        f'idf_build_set_property(COMPILE_OPTIONS "{flag}" APPEND)'
-        for flag in project_compile_opts
-    )
-
-    cpp_standard_options = (
-        CPP_STANDARD_TEMPLATE.format(standard=CORE.cpp_standard)
-        if CORE.cpp_standard
-        else ""
-    )
-
-    # Per-project list exposed as a CMake variable so converted PIO libs
-    # can reference ${ESPHOME_PROJECT_MANAGED_COMPONENTS} without baking
-    # project-specific names into their cached CMakeLists.
-    #
-    # Emit via idf_build_set_property (not plain set()) so the value is
-    # serialised into build_properties.temp.cmake and visible to IDF's
-    # early requirements-expansion pass (component_get_requirements.cmake
-    # runs as a separate CMake script invocation that doesn't load the
-    # project's top-level CMakeLists; without this, ${ESPHOME_PROJECT_
-    # MANAGED_COMPONENTS} in a converted-lib REQUIRES expands to empty).
-    from esphome.components.esp32 import get_managed_component_require_names
-
-    managed_components_property = "\n".join(
-        f"idf_build_set_property(ESPHOME_PROJECT_MANAGED_COMPONENTS {name} APPEND)"
-        for name in get_managed_component_require_names()
-    )
-
-    # Built-in IDF components exposed via our own property (not IDF's
-    # __COMPONENT_REQUIRES_COMMON, which would append them to every
-    # component's REQUIRES including real IDF components). Referenced by
-    # src/CMakeLists and by each converted PIO lib's CMakeLists. Skipped
-    # on minimal writes because project_description.json may be stale.
-    builtin_components_property = (
-        ""
-        if minimal
-        else "\n".join(
-            f"idf_build_set_property(ESPHOME_PROJECT_BUILTIN_COMPONENTS {name} APPEND)"
-            for name in sorted(get_available_components() or [])
-        )
-    )
-
-    return f"""\
-# Auto-generated by ESPHome
-cmake_minimum_required(VERSION 3.16)
-
-# On Windows, Ninja can fail with:
-#   "CreateProcess: The parameter is incorrect (is the command line too long?)"
-# when compiler/linker command lines exceed the OS length limit.
-#
-# The following settings force CMake/Ninja to use *response files* (@file.rsp)
-# to pass long lists of includes, objects, and other arguments indirectly,
-# avoiding command-line length limits and fixing the build failure.
-#
-# This is especially useful for large ESP-IDF / ESPHome projects with many
-# source files or include directories.
-set(CMAKE_C_USE_RESPONSE_FILE_FOR_INCLUDES 1)
-set(CMAKE_CXX_USE_RESPONSE_FILE_FOR_INCLUDES 1)
-set(CMAKE_C_USE_RESPONSE_FILE_FOR_OBJECTS 1)
-set(CMAKE_CXX_USE_RESPONSE_FILE_FOR_OBJECTS 1)
-set(CMAKE_NINJA_FORCE_RESPONSE_FILE 1)
-
-set(IDF_TARGET {idf_target})
-set(EXTRA_COMPONENT_DIRS ${{CMAKE_SOURCE_DIR}}/src)
-
-include($ENV{{IDF_PATH}}/tools/cmake/project.cmake)
-
-{cpp_standard_options}
-
-{extra_compile_options}
-
-{managed_components_property}
-
-{builtin_components_property}
-
-project({CORE.name})
-
-# Emit raw JSON size data for ESPHome to read post-build.
-add_custom_command(
-    TARGET ${{CMAKE_PROJECT_NAME}}.elf POST_BUILD
-    COMMAND ${{PYTHON}} -m esp_idf_size {size_ng_flag} --format=raw
-            -o ${{CMAKE_BINARY_DIR}}/esp_idf_size.json
-            ${{CMAKE_PROJECT_NAME}}.map
-    WORKING_DIRECTORY ${{CMAKE_BINARY_DIR}}
-    VERBATIM
-)
-"""
-
-
-def get_component_cmakelists() -> str:
-    """Generate the main component CMakeLists.txt.
-
-    REQUIRES pulls in the discovered built-in IDF components via the
-    project-level variables set in the top-level CMakeLists.
-    """
-    # Extract linker options (-Wl, flags). Compile flags (-D, -W) are
-    # emitted project-wide via idf_build_set_property in
-    # get_project_cmakelists so they reach every component, not just src/.
-    link_opts = get_project_link_flags()
-    link_opts_str = "\n    ".join(link_opts) if link_opts else ""
-
-    return f"""\
-# Auto-generated by ESPHome
-# CONFIGURE_DEPENDS asks CMake to re-check the glob each build so test
-# runs that reuse the build dir don't compile stale source paths. It's
-# invalid in script mode (cmake -P), which is how IDF's
-# component_get_requirements.cmake includes us, so skip it there.
-if(CMAKE_SCRIPT_MODE_FILE)
-    file(GLOB_RECURSE app_sources
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.c"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.c"
-    )
-else()
-    file(GLOB_RECURSE app_sources CONFIGURE_DEPENDS
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/*.c"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.cpp"
-        "${{CMAKE_CURRENT_SOURCE_DIR}}/esphome/*.c"
-    )
-endif()
-
-idf_component_register(
-    SRCS ${{app_sources}}
-    INCLUDE_DIRS "." "esphome"
-    REQUIRES ${{ESPHOME_PROJECT_BUILTIN_COMPONENTS}}
-)
-
-# ESPHome linker options
-target_link_options(${{COMPONENT_LIB}} PUBLIC
-    {link_opts_str}
-)
-"""
-
-
-def write_project(minimal: bool = False) -> None:
-    """Write ESP-IDF project files."""
-    mkdir_p(CORE.build_path)
-    mkdir_p(CORE.relative_src_path())
-
-    # Write top-level CMakeLists.txt
-    write_file_if_changed(
-        CORE.relative_build_path("CMakeLists.txt"),
-        get_project_cmakelists(minimal=minimal),
-    )
-
-    # Write component CMakeLists.txt in src/
-    write_file_if_changed(
-        CORE.relative_src_path("CMakeLists.txt"),
-        get_component_cmakelists(),
-    )
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`d272a88e8ca28ae9340a9a03295a566432a52cb696501908f57764475bf7ca65`
				`@@ -0,0 +1 @@`
				`Without requirements or design, programming is the art of adding bugs to an empty text file. (Louis Srygley)`