ha-mcp-dev 7.4.1.dev438__tar.gz → 7.4.1.dev440__tar.gz

{ha_mcp_dev-7.4.1.dev438/src/ha_mcp_dev.egg-info → ha_mcp_dev-7.4.1.dev440}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ha-mcp-dev
-Version: 7.4.1.dev438
+Version: 7.4.1.dev440
 Summary: Home Assistant MCP Server - Complete control of Home Assistant through MCP
 Author-email: Julien <github@qc-h.net>
 License: MIT

{ha_mcp_dev-7.4.1.dev438 → ha_mcp_dev-7.4.1.dev440}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ha-mcp-dev"
-version = "7.4.1.dev438"
+version = "7.4.1.dev440"
 description = "Home Assistant MCP Server - Complete control of Home Assistant through MCP"
 readme = "README.md"
 requires-python = ">=3.13,<3.14"

{ha_mcp_dev-7.4.1.dev438 → ha_mcp_dev-7.4.1.dev440}/src/ha_mcp/client/rest_client.py

@@ -5,11 +5,13 @@ Home Assistant HTTP client with authentication and error handling.
 import asyncio
 import json
 import logging
+import os
 import ssl
 from typing import Any
 
 import httpx
 
+from .._version import is_running_in_addon
 from ..config import get_global_settings
 
 
@@ -26,6 +28,7 @@ def _is_ssl_error(exc: BaseException) -> bool:
         cur = cur.__cause__ or cur.__context__
     return False
 
+
 logger = logging.getLogger(__name__)
 
 
@@ -33,17 +36,14 @@ class HomeAssistantError(Exception):
     """Base exception for Home Assistant API errors."""
 
 
-
 class HomeAssistantConnectionError(HomeAssistantError):
     """Connection error to Home Assistant."""
 
 
-
 class HomeAssistantAuthError(HomeAssistantError):
     """Authentication error with Home Assistant."""
 
 
-
 class HomeAssistantAPIError(HomeAssistantError):
     """API error from Home Assistant."""
 
@@ -125,7 +125,7 @@ class HomeAssistantClient:
 
         logger.info(f"Initialized Home Assistant client for {self.base_url}")
 
-    async def __aenter__(self) -> 'HomeAssistantClient':
+    async def __aenter__(self) -> "HomeAssistantClient":
         """Async context manager entry."""
         return self
 
@@ -192,7 +192,9 @@ class HomeAssistantClient:
         except httpx.HTTPError as e:
             raise HomeAssistantConnectionError(f"HTTP error: {e}") from e
 
-    async def _request(self, method: str, endpoint: str, **kwargs: Any) -> dict[str, Any]:
+    async def _request(
+        self, method: str, endpoint: str, **kwargs: Any
+    ) -> dict[str, Any]:
         """
         Make authenticated request to Home Assistant API and parse JSON body.
 
@@ -267,8 +269,11 @@ class HomeAssistantClient:
         return await self._request("POST", f"/states/{entity_id}", json=payload)
 
     async def call_service(
-        self, domain: str, service: str, data: dict[str, Any] | None = None,
-        return_response: bool = False
+        self,
+        domain: str,
+        service: str,
+        data: dict[str, Any] | None = None,
+        return_response: bool = False,
     ) -> list[dict[str, Any]] | dict[str, Any]:
         """
         Call Home Assistant service.
@@ -284,7 +289,9 @@ class HomeAssistantClient:
             Service response data - list of affected states normally, or dict with
             service response if return_response=True
         """
-        logger.debug(f"Calling service {domain}.{service} (return_response={return_response})")
+        logger.debug(
+            f"Calling service {domain}.{service} (return_response={return_response})"
+        )
 
         payload = data or {}
 
@@ -294,7 +301,10 @@ class HomeAssistantClient:
             params["return_response"] = "true"
 
         result = await self._request(
-            "POST", f"/services/{domain}/{service}", json=payload, params=params if params else None
+            "POST",
+            f"/services/{domain}/{service}",
+            json=payload,
+            params=params if params else None,
         )
 
         # When return_response is True, HA returns a dict with service_response key
@@ -366,7 +376,9 @@ class HomeAssistantClient:
         Returns:
             Logbook entries
         """
-        logger.debug(f"Fetching logbook entries for entity: {entity_id}, start: {start_time}, end: {end_time}")
+        logger.debug(
+            f"Fetching logbook entries for entity: {entity_id}, start: {start_time}, end: {end_time}"
+        )
 
         # Build endpoint - start_time goes in URL path if provided
         if start_time:
@@ -428,27 +440,66 @@ class HomeAssistantClient:
         return await self._request("POST", "/config/core/check_config")
 
     async def get_error_log(self) -> str:
-        """Get Home Assistant error log."""
-        logger.debug("Fetching error log")
+        """Get Home Assistant error log.
+
+        Branch on ``is_running_in_addon()``: inside the add-on container,
+        HA Core's ``bootstrap.py`` sets ``err_log_path = None`` when the
+        ``SUPERVISOR`` env var is present, so ``hass.data[DATA_LOGGING]``
+        is never populated and the ``APIErrorLog`` view is not registered
+        — ``/api/error_log`` returns 404 by-design on HA OS / Supervised.
+        Route to ``_supervisor_logs_get("core")`` on this branch: same
+        content (HA Core's container log) via a different transport
+        (Supervisor REST). On non-addon installs keep the
+        ``/api/error_log`` proxy path.
+
+        Same root cause and fix shape as ``get_addon_logs`` — see #1116.
+
+        Raises:
+            HomeAssistantAuthError: 401, or empty ``SUPERVISOR_TOKEN`` on
+                the addon branch.
+            HomeAssistantAPIError: 403 (role too low — addon needs
+                ``hassio_role: manager``), 404, other non-2xx.
+            HomeAssistantConnectionError: Network, timeout, or transport
+                error.
+        """
+        if is_running_in_addon():
+            logger.debug("Fetching error log via Supervisor direct (core service)")
+            return await self._supervisor_logs_get("core")
+
+        logger.debug("Fetching error log via HA Core proxy")
         response = await self._request("GET", "/error_log")
         return response if isinstance(response, str) else str(response)
 
     async def get_addon_logs(self, slug: str) -> str:
-        """Fetch an add-on's container logs via HA Core's Supervisor REST proxy.
+        """Fetch an add-on's container logs.
+
+        Branch on ``is_running_in_addon()`` (which keys off ``SUPERVISOR_TOKEN``
+        in env): inside the add-on container goes directly to the Supervisor
+        REST API at ``http://supervisor/addons/{slug}/logs`` with the
+        Supervisor token. The HA Core proxy at
+        ``/api/hassio/addons/{slug}/logs`` rejects this token+path combination
+        on current HA Core releases (see #1116) — the direct path bypasses
+        HA Core entirely and is the documented Supervisor contract.
 
-        Uses `/api/hassio/addons/{slug}/logs`, which HA Core proxies to
-        Supervisor and returns as `text/plain`. This avoids the
-        `supervisor/api` websocket path that tries to JSON-decode the text
-        body and always fails (see #950).
+        On non-addon installs (Docker, pyinstaller, pip pointing at a normal
+        HA URL), falls back to the HA Core proxy path. That path requires an
+        admin LLA but works fine when not invoked from the add-on container.
+
+        Both branches return ``text/plain`` log content.
 
         Raises:
-            HomeAssistantAuthError: 401 from HA Core.
-            HomeAssistantAPIError: Non-2xx response (e.g. 404 unknown slug,
-                400 addon not installed). `status_code` is set so callers
-                can map to specific suggestions.
+            HomeAssistantAuthError: 401 response, or ``SUPERVISOR_TOKEN`` empty
+                at call time on the addon branch.
+            HomeAssistantAPIError: 403 (role too low — addon needs hassio_role
+                ``manager``), 404 (unknown slug), or other non-2xx. The
+                ``status_code`` attribute lets callers map to specific
+                suggestions.
             HomeAssistantConnectionError: Network, timeout, or transport error.
         """
-        logger.debug(f"Fetching addon logs for slug={slug}")
+        if is_running_in_addon():
+            return await self._get_addon_logs_via_supervisor(slug)
+
+        logger.debug(f"Fetching addon logs for slug={slug} via HA Core proxy")
         response = await self._raw_request(
             "GET",
             f"/hassio/addons/{slug}/logs",
@@ -456,6 +507,146 @@ class HomeAssistantClient:
         )
         return response.text
 
+    async def _supervisor_logs_get(self, path: str) -> str:
+        """Fetch ``text/plain`` logs from a Supervisor REST endpoint.
+
+        ``path`` is everything between ``http://supervisor/`` and ``/logs``:
+
+        - ``"addons/<slug>"`` for add-on container logs
+        - ``"<service>"`` (where service ∈ {supervisor, host, core, dns, audio,
+          multicast, observer}) for system-service logs
+
+        Bypasses ``HomeAssistantClient.httpx_client`` because the Supervisor
+        endpoint uses a different base URL (``http://supervisor``) and a
+        different token (``SUPERVISOR_TOKEN``) than HA Core REST. Both
+        endpoints require the addon's ``hassio_role`` to be ``manager`` (not
+        ``default``); a ``default`` role gets a 403 here — see #1116.
+
+        Raises:
+            HomeAssistantAuthError: ``SUPERVISOR_TOKEN`` absent at call time,
+                or 401 from Supervisor.
+            HomeAssistantAPIError: 403 (role too low — distinct branch with
+                role hint), 404, other 4xx/5xx. Tries to parse Supervisor's
+                ``{"result":"error","message":"..."}`` JSON envelope before
+                falling back to text body / reason phrase / placeholder.
+            HomeAssistantConnectionError: Timeout or transport error, with
+                distinct messages so callers can tell them apart.
+        """
+        token = os.environ.get("SUPERVISOR_TOKEN", "")
+        if not token:
+            # The is_running_in_addon() gate already keys off SUPERVISOR_TOKEN
+            # being truthy, so a direct caller landing here without one is a
+            # detection/config mismatch — fail-fast with a distinct message
+            # so operators don't read it as "token rejected".
+            raise HomeAssistantAuthError(
+                f"Supervisor token absent at call time for /{path}/logs "
+                "(addon-mode gate fired but SUPERVISOR_TOKEN env var not set)"
+            )
+
+        url = f"http://supervisor/{path}/logs"
+        logger.debug("Fetching %s via Supervisor direct", url)
+
+        try:
+            async with httpx.AsyncClient(
+                timeout=httpx.Timeout(self.timeout),
+                # `verify` is a no-op for plain http://supervisor, but kept
+                # for symmetry with the other two direct-Supervisor httpx
+                # clients (#1128 establishes the 3-site convention).
+                verify=self.verify_ssl,
+            ) as client:
+                response = await client.get(
+                    url,
+                    headers={
+                        "Authorization": f"Bearer {token}",
+                        "Accept": "text/plain",
+                    },
+                )
+        except httpx.TimeoutException as e:
+            raise HomeAssistantConnectionError(
+                f"Timeout fetching /{path}/logs from Supervisor: {e}"
+            ) from e
+        except httpx.HTTPError as e:
+            raise HomeAssistantConnectionError(
+                f"Transport error fetching /{path}/logs from Supervisor: {e}"
+            ) from e
+
+        if response.status_code == 401:
+            raise HomeAssistantAuthError(f"Invalid Supervisor token for /{path}/logs")
+        if response.status_code == 403:
+            # Distinct from 401: token is valid but addon's hassio_role isn't
+            # high enough. Most-likely cause for this exact endpoint at the
+            # time #1116 surfaced (default → manager bump in addon config.yaml
+            # is the same-PR companion fix).
+            logger.warning(
+                "Supervisor returned 403 for /%s/logs — addon hassio_role may "
+                "be too low (need 'manager')",
+                path,
+            )
+            raise HomeAssistantAPIError(
+                f"Supervisor forbids /{path}/logs (403) — addon's hassio_role "
+                "may be 'default'; need 'manager' or higher",
+                status_code=403,
+                response_data={"path": path},
+            )
+        if response.status_code >= 400:
+            text_body = response.text
+            # Supervisor returns {"result":"error","message":"..."} JSON on
+            # some 4xx paths. Try parsing that first so the user sees the
+            # human message instead of a JSON blob; then fall back to the
+            # text body, then reason_phrase, then a placeholder.
+            message = ""
+            try:
+                envelope = json.loads(text_body) if text_body else None
+                if isinstance(envelope, dict):
+                    msg = envelope.get("message")
+                    if isinstance(msg, str) and msg:
+                        message = msg
+            except json.JSONDecodeError:
+                pass
+            if not message:
+                message = text_body.strip() or response.reason_phrase or "<empty body>"
+            logger.warning(
+                "Supervisor returned %s for /%s/logs: %s",
+                response.status_code,
+                path,
+                message,
+            )
+            raise HomeAssistantAPIError(
+                f"API error: {response.status_code} - {message}",
+                status_code=response.status_code,
+                response_data={"message": text_body, "path": path},
+            )
+        return response.text
+
+    async def _get_addon_logs_via_supervisor(self, slug: str) -> str:
+        """Fetch add-on container logs directly from Supervisor's REST API.
+
+        Distinct from ``tools_bug_report._fetch_addon_logs``: that helper is
+        hardcoded to ``/addons/self/logs`` and silently swallows failures
+        (it's an aux-data fetch for bug reports, fine to skip on error). This
+        helper takes arbitrary slugs and surfaces failures as exceptions
+        because callers (``ha_get_logs(source="supervisor", slug=...)``) need
+        them. Both endpoints require ``hassio_role: manager``.
+
+        Delegates to ``_supervisor_logs_get`` so error handling stays in
+        lockstep with ``_get_system_service_logs``.
+        """
+        return await self._supervisor_logs_get(f"addons/{slug}")
+
+    async def _get_system_service_logs(self, service: str) -> str:
+        """Fetch HA system-service logs directly from Supervisor's REST API.
+
+        Hits ``http://supervisor/{service}/logs``. ``service`` must be one of
+        the seven Supervisor-managed services: ``supervisor``, ``host``,
+        ``core``, ``dns``, ``audio``, ``multicast``, ``observer``. Caller is
+        responsible for validating ``service`` against the allowed set; this
+        helper does no validation and will raise ``HomeAssistantAPIError`` on
+        any unknown path (404 from Supervisor).
+
+        Requires ``hassio_role: manager`` like the addon-logs path.
+        """
+        return await self._supervisor_logs_get(service)
+
     async def test_connection(self) -> tuple[bool, str | None]:
         """
         Test connection to Home Assistant.
@@ -920,7 +1111,9 @@ class HomeAssistantClient:
                         await asyncio.sleep(retry_delay)
                         continue
                     else:
-                        logger.error(f"WebSocket 403 error after {max_retries} attempts: {error_str}")
+                        logger.error(
+                            f"WebSocket 403 error after {max_retries} attempts: {error_str}"
+                        )
                         return {
                             "success": False,
                             "error": f"WebSocket request blocked (403 Forbidden): {error_str}",
@@ -1018,7 +1211,7 @@ class HomeAssistantClient:
         except Exception:
             logger.debug(
                 f"Entity registry lookup failed for {entity_id}, using bare id: {bare_id}",
-                exc_info=True # Log full traceback for better debugging
+                exc_info=True,  # Log full traceback for better debugging
             )
         return bare_id
 

{ha_mcp_dev-7.4.1.dev438 → ha_mcp_dev-7.4.1.dev440}/src/ha_mcp/settings_ui.py

@@ -19,8 +19,10 @@ import httpx
 from starlette.requests import Request
 from starlette.responses import HTMLResponse, JSONResponse
 
+from ._version import is_running_in_addon
 from .errors import ErrorCode, create_error_response
 from .transforms import DEFAULT_PINNED_TOOLS
+from .utils.data_paths import get_data_dir
 
 if TYPE_CHECKING:
     from fastmcp import FastMCP
@@ -99,36 +101,38 @@ FEATURE_GATED_TOOLS: dict[str, dict[str, str]] = {
 }
 
 
-def _is_addon() -> bool:
-    """Return True when running inside the Home Assistant add-on container.
+def _get_config_path() -> Path:
+    """Return the path to the tool config JSON file.
 
-    Mirrors the existing convention in this module (and ``__main__.py``)
-    of treating ``SUPERVISOR_TOKEN`` as the add-on detector. Using the env
-    var is more reliable than checking for ``/data`` because some Docker
-    setups (and macOS dev environments) have a ``/data`` directory that
-    isn't the add-on data dir.
+    Delegates directory resolution to :func:`utils.data_paths.get_data_dir`,
+    which handles ``HA_MCP_CONFIG_DIR`` override, add-on ``/data``,
+    home-dir, and tmpdir fallback (memoized).
     """
-    return bool(os.environ.get("SUPERVISOR_TOKEN"))
-
-
-def _get_config_path() -> Path:
-    """Return the path to the tool config JSON file."""
-    if _is_addon():
-        return Path("/data") / "tool_config.json"
-    home_dir = Path.home() / ".ha-mcp"
-    home_dir.mkdir(parents=True, exist_ok=True)
-    return home_dir / "tool_config.json"
+    return get_data_dir() / "tool_config.json"
 
 
 def load_tool_config(settings: Settings | None = None) -> dict[str, Any]:
     """Load persisted tool config, seeding from env vars if no file exists."""
     path = _get_config_path()
-    if path.exists():
+    # ``Path.exists()`` only swallows ``ENOENT/ENOTDIR/EBADF/ELOOP``; an
+    # ``EACCES`` (e.g. ``HA_MCP_CONFIG_DIR`` pointing at a dir that exists
+    # but isn't readable by the runtime UID) propagates. Read directly and
+    # treat ``FileNotFoundError`` as "no config yet"; log other ``OSError``s.
+    try:
+        raw = path.read_text()
+    except FileNotFoundError:
+        raw = None
+    except OSError:
+        logger.warning("Cannot read tool config at %s", path, exc_info=True)
+        raw = None
+
+    if raw is not None:
         try:
-            result: dict[str, Any] = json.loads(path.read_text())
+            result: dict[str, Any] = json.loads(raw)
+        except json.JSONDecodeError:
+            logger.warning("Tool config at %s is not valid JSON; ignoring.", path)
+        else:
             return result
-        except (OSError, json.JSONDecodeError):
-            logger.warning("Failed to read tool config from %s", path)
 
     if settings is None:
         return {}
@@ -156,14 +160,23 @@ def load_tool_config(settings: Settings | None = None) -> dict[str, Any]:
     return {}
 
 
-def save_tool_config(config: dict[str, Any]) -> None:
-    """Persist tool config to disk."""
+def save_tool_config(config: dict[str, Any]) -> bool:
+    """Persist tool config to disk.
+
+    Returns True on success, False on failure (read-only filesystem,
+    permission denied, etc.). Caller is responsible for surfacing the
+    failure to the user — the HTTP route at ``_save_tools`` returns 500
+    so the UI's ``saveConfig`` shows "Save failed!" instead of the
+    misleading "Saved — restart required".
+    """
     path = _get_config_path()
     try:
         path.write_text(json.dumps(config, indent=2))
-        logger.info("Saved tool config to %s", path)
     except OSError:
         logger.exception("Failed to save tool config to %s", path)
+        return False
+    logger.info("Saved tool config to %s", path)
+    return True
 
 
 async def _get_tool_metadata(server: HomeAssistantSmartMCPServer) -> list[dict[str, Any]]:
@@ -760,7 +773,18 @@ def register_settings_routes(
 
         config = load_tool_config()
         config["tools"] = states
-        save_tool_config(config)
+        if not save_tool_config(config):
+            return JSONResponse(
+                create_error_response(
+                    ErrorCode.INTERNAL_ERROR,
+                    "Failed to persist tool config to disk",
+                    suggestions=[
+                        "Set HA_MCP_CONFIG_DIR to a writable path (read-only filesystem?)",
+                        "Check the server logs for the underlying OSError",
+                    ],
+                ),
+                status_code=500,
+            )
 
         disabled_count = sum(1 for s in states.values() if s == "disabled")
         pinned_count = sum(1 for s in states.values() if s == "pinned")
@@ -823,11 +847,11 @@ def register_settings_routes(
 
     async def _settings_info(_: Request) -> JSONResponse:
         return JSONResponse({
-            "is_addon": _is_addon(),
+            "is_addon": is_running_in_addon(),
         })
 
     secret_prefix = secret_path.rstrip("/") if secret_path else ""
-    is_addon = _is_addon()
+    is_addon = is_running_in_addon()
 
     if not is_addon and not secret_prefix:
         logger.warning(