{"id":"ganhammar-hass-mcp-server","name":"hass-mcp-server","homepage":null,"repo_url":"https://github.com/ganhammar/hass-mcp-server","category":"infrastructure","subcategories":[],"tags":["home-assistant","mcp","model-context-protocol","oauth2","oidc","python","hacs","automation","lovelace"],"what_it_does":"Provides a Model Context Protocol (MCP) server for Home Assistant using HTTP transport. It exposes MCP tools/resources/prompts/completions that let an AI assistant query Home Assistant state and call services, and it supports OAuth 2.0 authentication via an external OIDC server (hass-oidc-server), including dynamic client registration for remote use (e.g., Claude in a browser).","use_cases":["Remote AI assistant control and monitoring of Home Assistant (read entity state, call services).","AI-assisted automation/scene/script management (create/update/delete).","Lovelace dashboard introspection and editing (config get/save/delete; experimental dashboard create/update/delete).","Template evaluation and entity history retrieval for richer AI reasoning."],"not_for":["High-trust internal automation where direct HA API access is preferred over an agent-mediated MCP layer.","Environments that cannot securely expose Home Assistant endpoints over the internet.","Use cases requiring strict guarantees about HA internal API stability for experimental dashboard operations."],"best_when":"You need agent-driven Home Assistant interaction over HTTP from outside the local network, and you can deploy/configure hass-oidc-server with appropriate OAuth/OIDC settings.","avoid_when":"You cannot properly secure OAuth/OIDC endpoints, don’t want to rely on experimental internal dashboard APIs, or you require strong documentation/contract guarantees beyond what’s described in the README.","alternatives":["Home Assistant MQTT integration + agent-facing tooling (where appropriate).","Home Assistant REST API with a custom service/API wrapper and an agent tool layer.","Other Home Assistant MCP servers that use SSE/local transport (per their documented capabilities).","Direct use of Home Assistant’s WebSocket/REST APIs via an agent framework (with your own auth and tool schema)."],"af_score":44.0,"security_score":49.8,"reliability_score":22.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:32:08.522021+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"https://your-home-assistant.com/api/mcp","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth 2.0 (via OAuth endpoints provided by hass-oidc-server)"],"oauth":true,"scopes":false,"notes":"Uses OAuth 2.0 with Dynamic Client Registration through an external hass-oidc-server. The README does not enumerate specific scopes/claims, but indicates the assistant registers itself and is authorized via a user consent flow in Home Assistant."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information is provided in the README/manifest content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":44.0,"security_score":49.8,"reliability_score":22.5,"mcp_server_quality":70.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":50.0,"rate_limit_clarity":0.0,"tls_enforcement":80.0,"auth_strength":75.0,"scope_granularity":30.0,"dependency_hygiene":20.0,"secret_handling":30.0,"security_notes":"Security depends heavily on correct deployment of the external OIDC/OAuth server (hass-oidc-server) and secure exposure of Home Assistant over HTTPS. The README confirms OAuth 2.0 authentication and dynamic client registration, but does not describe scope granularity, token lifetimes, refresh behavior, or any additional hardening. Dependency hygiene cannot be verified from provided content (pyproject lists python>=3.13.2 and mcp), so scores are conservative.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":30.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Dashboard create/update/delete tools are marked experimental and rely on internal Home Assistant APIs (DashboardsCollection), which may break with HA updates.","Many operations are side-effectful (create/update/delete automations/scenes/scripts/services). Without explicit idempotency/retry guidance, agents should be careful with duplicate requests.","OAuth/DCR flows add operational complexity; misconfiguration of hass-oidc-server can prevent the assistant from registering/authenticating successfully.","The README lists capabilities and example tool calls, but does not show exact MCP error formats/codes, so agent handling may require defensive fallbacks."]}}