hass-mcp-server
Provides a Model Context Protocol (MCP) server for Home Assistant using HTTP transport. It exposes MCP tools/resources/prompts/completions that let an AI assistant query Home Assistant state and call services, and it supports OAuth 2.0 authentication via an external OIDC server (hass-oidc-server), including dynamic client registration for remote use (e.g., Claude in a browser).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security depends heavily on correct deployment of the external OIDC/OAuth server (hass-oidc-server) and secure exposure of Home Assistant over HTTPS. The README confirms OAuth 2.0 authentication and dynamic client registration, but does not describe scope granularity, token lifetimes, refresh behavior, or any additional hardening. Dependency hygiene cannot be verified from provided content (pyproject lists python>=3.13.2 and mcp), so scores are conservative.
⚡ Reliability
Best When
You need agent-driven Home Assistant interaction over HTTP from outside the local network, and you can deploy/configure hass-oidc-server with appropriate OAuth/OIDC settings.
Avoid When
You cannot properly secure OAuth/OIDC endpoints, don’t want to rely on experimental internal dashboard APIs, or you require strong documentation/contract guarantees beyond what’s described in the README.
Use Cases
- • Remote AI assistant control and monitoring of Home Assistant (read entity state, call services).
- • AI-assisted automation/scene/script management (create/update/delete).
- • Lovelace dashboard introspection and editing (config get/save/delete; experimental dashboard create/update/delete).
- • Template evaluation and entity history retrieval for richer AI reasoning.
Not For
- • High-trust internal automation where direct HA API access is preferred over an agent-mediated MCP layer.
- • Environments that cannot securely expose Home Assistant endpoints over the internet.
- • Use cases requiring strict guarantees about HA internal API stability for experimental dashboard operations.
Interface
Authentication
Uses OAuth 2.0 with Dynamic Client Registration through an external hass-oidc-server. The README does not enumerate specific scopes/claims, but indicates the assistant registers itself and is authorized via a user consent flow in Home Assistant.
Pricing
No pricing information is provided in the README/manifest content.
Agent Metadata
Known Gotchas
- ⚠ Dashboard create/update/delete tools are marked experimental and rely on internal Home Assistant APIs (DashboardsCollection), which may break with HA updates.
- ⚠ Many operations are side-effectful (create/update/delete automations/scenes/scripts/services). Without explicit idempotency/retry guidance, agents should be careful with duplicate requests.
- ⚠ OAuth/DCR flows add operational complexity; misconfiguration of hass-oidc-server can prevent the assistant from registering/authenticating successfully.
- ⚠ The README lists capabilities and example tool calls, but does not show exact MCP error formats/codes, so agent handling may require defensive fallbacks.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for hass-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.