ha-mcp-dev 7.4.1.dev445__tar.gz → 7.4.1.dev446__tar.gz

{ha_mcp_dev-7.4.1.dev445/src/ha_mcp_dev.egg-info → ha_mcp_dev-7.4.1.dev446}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ha-mcp-dev
-Version: 7.4.1.dev445
+Version: 7.4.1.dev446
 Summary: Home Assistant MCP Server - Complete control of Home Assistant through MCP
 Author-email: Julien <github@qc-h.net>
 License: MIT
@@ -25,6 +25,7 @@ Requires-Dist: python-dotenv==1.2.2
 Requires-Dist: truststore==0.10.4
 Requires-Dist: websockets==16.0
 Requires-Dist: cryptography==47.0.0
+Requires-Dist: pydantic-monty==0.0.9
 Dynamic: license-file
 
 > **Breaking change (v7.3.0):** `ha_config_set_yaml` has been moved to [beta](docs/beta.md).

{ha_mcp_dev-7.4.1.dev445 → ha_mcp_dev-7.4.1.dev446}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "ha-mcp-dev"
-version = "7.4.1.dev445"
+version = "7.4.1.dev446"
 description = "Home Assistant MCP Server - Complete control of Home Assistant through MCP"
 readme = "README.md"
 requires-python = ">=3.13,<3.14"
@@ -31,6 +31,7 @@ dependencies = [
     "truststore==0.10.4",
     "websockets==16.0",
     "cryptography==47.0.0",
+    "pydantic-monty==0.0.9",
 ]
 
 [project.urls]
@@ -76,6 +77,8 @@ explicit_package_bases = true
 module = [
     "fastmcp.*",
     "jq",
+    "pydantic_monty",
+    "pydantic_monty.*",
 ]
 ignore_missing_imports = true
 

{ha_mcp_dev-7.4.1.dev445 → ha_mcp_dev-7.4.1.dev446}/src/ha_mcp/config.py

@@ -113,6 +113,37 @@ class Settings(BaseSettings):
     # supervisor UI rejects out-of-range values before they reach env vars.
     tool_search_max_results: int = Field(5, ge=2, le=10, alias="TOOL_SEARCH_MAX_RESULTS")
 
+    # Code Mode — sandboxed Python execution via pydantic-monty.
+    # Provides an "escape hatch" tool (ha_manage_custom_tool) that lets LLMs write
+    # custom one-off Python code when no existing tool covers the request.
+    # Disabled by default due to the inherent risk of LLM-generated code.
+    # Range bounds reject zero/negative values that would silently break the
+    # tool and clamp upper bounds at sane safety margins (5 min wall-clock,
+    # 256 MB memory, 10k recursion, 10k API/tool calls per execution).
+    enable_code_mode: bool = Field(False, alias="ENABLE_CODE_MODE")
+    code_mode_max_duration: float = Field(
+        30.0, ge=1.0, le=300.0, alias="CODE_MODE_MAX_DURATION"
+    )
+    code_mode_max_memory: int = Field(
+        10_485_760, ge=1_048_576, le=268_435_456, alias="CODE_MODE_MAX_MEMORY"
+    )  # 10 MB default; 1 MB floor, 256 MB ceiling
+    code_mode_max_recursion: int = Field(
+        100, ge=1, le=10_000, alias="CODE_MODE_MAX_RECURSION"
+    )
+    code_mode_max_invocations: int = Field(
+        100, ge=1, le=10_000, alias="CODE_MODE_MAX_INVOCATIONS"
+    )
+    # Path to a JSON file for persisting saved custom tools across restarts.
+    # Empty string disables persistence (saved tools live in process memory
+    # and are lost on restart). The addon sets this to /data/saved_tools.json
+    # by default so saved tools survive addon restarts (the /data directory
+    # is mapped per-addon by Supervisor and is preserved across addon
+    # updates).
+    code_mode_saved_tools_path: str = Field(
+        "", alias="CODE_MODE_SAVED_TOOLS_PATH"
+    )
+
+
     @property
     def env_file_name(self) -> str:
         """Get the current environment file name."""

{ha_mcp_dev-7.4.1.dev445 → ha_mcp_dev-7.4.1.dev446}/src/ha_mcp/errors.py

@@ -81,6 +81,14 @@ class ErrorCode(StrEnum):
     # Component errors
     COMPONENT_NOT_INSTALLED = "COMPONENT_NOT_INSTALLED"
 
+    # Code-mode sandbox errors. The sandbox is a separate execution
+    # context; runtime failures inside it map cleanly to one of these
+    # three buckets so the LLM can self-recover instead of seeing every
+    # failure as INTERNAL_ERROR.
+    SANDBOX_LIMIT_EXCEEDED = "SANDBOX_LIMIT_EXCEEDED"
+    SANDBOX_SYNTAX_UNSUPPORTED = "SANDBOX_SYNTAX_UNSUPPORTED"
+    SANDBOX_RUNTIME_ERROR = "SANDBOX_RUNTIME_ERROR"
+
 
 # Default suggestions for common error codes
 DEFAULT_SUGGESTIONS: dict[ErrorCode, list[str]] = {

{ha_mcp_dev-7.4.1.dev445 → ha_mcp_dev-7.4.1.dev446}/src/ha_mcp/server.py

@@ -590,6 +590,11 @@ class HomeAssistantSmartMCPServer(EnhancedToolsMixin):
         )
         pinned.extend(getattr(self, "_skill_tool_names", []))
 
+        # Pin code mode tool so it gets individual permission gating
+        # rather than being hidden behind the BM25 search proxy.
+        if self.settings.enable_code_mode:
+            pinned.append("ha_manage_custom_tool")
+
         # The client may not support resources or server instructions — add
         # skills hint to the search tool description (the one place the LLM
         # is guaranteed to see).
@@ -609,12 +614,19 @@ class HomeAssistantSmartMCPServer(EnhancedToolsMixin):
                     max_results=self.settings.tool_search_max_results,
                     always_visible=pinned,
                     search_tool_description=description,
+                    # Pinned tools must be excluded from the proxy's
+                    # category sets when code mode is on; otherwise sandbox
+                    # code can launder a recursive ``ha_manage_custom_tool``
+                    # invocation through ``ha_call_write_tool``. See the
+                    # docstring on ``_rebuild_category_cache``.
+                    enable_code_mode=self.settings.enable_code_mode,
                 )
             )
             logger.info(
-                "Tool search transform applied (%d pinned tools, max_results=%d)",
+                "Tool search transform applied (%d pinned tools, max_results=%d, code_mode=%s)",
                 len(pinned),
                 self.settings.tool_search_max_results,
+                self.settings.enable_code_mode,
             )
         except Exception:
             logger.exception("Failed to apply tool search transform")