rusty4444/gatekeeper-ha

Gatekeeper HA is an add-on for Home Assistant, an open-source platform that people use to control smart-home devices such as locks, lights, and switches. It solves a common problem: how to let a temporary visitor, such as a plumber, a babysitter, or an Airbnb guest, control a few specific devices without giving them your full house login or asking them to install an app. The owner generates a short-lived link, the guest scans a QR code with their phone, and a simple web page opens with only the controls the owner allowed. The project has two parts. The first is an integration that runs inside Home Assistant and handles the guest tokens, the expiry timer, and a small built-in web server that serves the guest page. The second is a Lovelace card, which is a panel that lives on the Home Assistant dashboard and ships from its own repository. From this card the owner can create tokens with a label like 'Plumber Wednesday', choose which devices the token covers, set a duration, see remaining time, show the QR code, and revoke tokens. Every token is scoped, meaning the guest can only touch the entities and services the owner picked. Tokens expire after a set duration, and the owner can also cap them to a fixed number of uses. There is a separate 'guest mode' switch that turns off selected automations while a visitor is in the house and revokes all tokens when the owner ends the mode. Three ready-made automation blueprints are included: one that creates a four-hour token when the doorbell rings, one that warns the owner when a token is close to expiring, and one that activates guest mode when a specific lock code is entered. Setup is done through the normal Home Assistant settings screen, with no YAML editing. The README explains how to install the integration through HACS, how to add the Lovelace card from its own repo, how to pick the port for the guest page, and how to put the guest page behind a reverse proxy such as Nginx or Caddy. The security section notes that token secrets are stored hashed, scope checks happen on the server, and token IDs are generated from Python's secrets module.