Bump actions/cache from 4.2.3 to 4.2.4 (#6082 )

Bumps [actions/cache](https://github.com/actions/cache) from 4.2.3 to 4.2.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v4.2.3...v4.2.4) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump ruff from 0.12.7 to 0.12.8 (#6081 )
2025-08-10 17:49:21 +00:00 · 2025-08-08 12:23:07 +02:00 · 2025-08-08 12:22:55 +02:00 · 2025-08-07 11:10:34 +02:00 · 2025-08-07 09:40:19 +02:00 · 2025-08-07 09:40:03 +02:00
3817 changed files with 80776 additions and 22446 deletions
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -1,54 +0,0 @@
 FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.8
 WORKDIR /workspaces
 # Set Docker daemon config
 RUN \
    mkdir -p /etc/docker \
    && echo '{"storage-driver": "vfs"}' > /etc/docker/daemon.json
 # Install Node/Yarn for Frontent
 RUN apt-get update && apt-get install -y --no-install-recommends \
        curl \
        git \
        apt-utils \
        apt-transport-https \
    && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
    && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
    && apt-get update && apt-get install -y --no-install-recommends \
        nodejs \
        yarn \
    && curl -o - https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash \
    && rm -rf /var/lib/apt/lists/*
 ENV NVM_DIR /root/.nvm
 # Install docker
 # https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/
 RUN apt-get update && apt-get install -y --no-install-recommends \
        apt-transport-https \
        ca-certificates \
        curl \
        software-properties-common \
        gpg-agent \
    && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
    && add-apt-repository "deb https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
    && apt-get update && apt-get install -y --no-install-recommends \
        docker-ce \
        docker-ce-cli \
        containerd.io \
    && rm -rf /var/lib/apt/lists/*
 # Install tools
 RUN apt-get update && apt-get install -y --no-install-recommends \
        jq \
        dbus \
        network-manager \
        libpulse0 \
    && rm -rf /var/lib/apt/lists/*
 # Install Python dependencies from requirements.txt if it exists
 COPY requirements.txt requirements_tests.txt ./
 RUN pip3 install -U setuptools pip \
    && pip3 install -r requirements.txt -r requirements_tests.txt \
    && pip3 install tox \
    && rm -f requirements.txt requirements_tests.txt
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,33 +1,51 @@
 {
  "name": "Supervisor dev",
-  "context": "..",
+  "image": "ghcr.io/home-assistant/devcontainer:2-supervisor",
-  "dockerFile": "Dockerfile",
+  "containerEnv": {
-  "appPort": "9123:8123",
+    "WORKSPACE_DIRECTORY": "${containerWorkspaceFolder}"
-  "postCreateCommand": "pre-commit install",
+  },
  "remoteEnv": {
    "PATH": "${containerEnv:VIRTUAL_ENV}/bin:${containerEnv:PATH}"
  },
  "appPort": ["9123:8123", "7357:4357"],
  "postCreateCommand": "bash devcontainer_setup",
  "postStartCommand": "bash devcontainer_bootstrap",
  "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
-  "containerEnv": {"NVM_DIR":"/usr/local/share/nvm"},
+  "customizations": {
-  "extensions": [
+    "vscode": {
-    "ms-python.python",
+      "extensions": [
-    "ms-python.vscode-pylance",
+        "charliermarsh.ruff",
-    "visualstudioexptteam.vscodeintellicode",
+        "ms-python.pylint",
-    "esbenp.prettier-vscode"
+        "ms-python.vscode-pylance",
-  ],
+        "visualstudioexptteam.vscodeintellicode",
-  "settings": {
+        "redhat.vscode-yaml",
-    "terminal.integrated.shell.linux": "/bin/bash",
+        "esbenp.prettier-vscode",
-    "editor.formatOnPaste": false,
+        "GitHub.vscode-pull-request-github"
-    "editor.formatOnSave": true,
+      ],
-    "editor.formatOnType": true,
+      "settings": {
-    "files.trimTrailingWhitespace": true,
+        "python.defaultInterpreterPath": "/home/vscode/.local/ha-venv/bin/python",
-    "python.pythonPath": "/usr/local/bin/python3",
+        "python.pythonPath": "/home/vscode/.local/ha-venv/bin/python",
-    "python.linting.pylintEnabled": true,
+        "python.terminal.activateEnvInCurrentTerminal": true,
-    "python.linting.enabled": true,
+        "python.testing.pytestArgs": ["--no-cov"],
-    "python.formatting.provider": "black",
+        "pylint.importStrategy": "fromEnvironment",
-    "python.formatting.blackArgs": ["--target-version", "py38"],
+        "editor.formatOnPaste": false,
-    "python.formatting.blackPath": "/usr/local/bin/black",
+        "editor.formatOnSave": true,
-    "python.linting.banditPath": "/usr/local/bin/bandit",
+        "editor.formatOnType": true,
-    "python.linting.flake8Path": "/usr/local/bin/flake8",
+        "files.trimTrailingWhitespace": true,
-    "python.linting.mypyPath": "/usr/local/bin/mypy",
+        "terminal.integrated.profiles.linux": {
-    "python.linting.pylintPath": "/usr/local/bin/pylint",
+          "zsh": {
-    "python.linting.pydocstylePath": "/usr/local/bin/pydocstyle"
+            "path": "/usr/bin/zsh"
-  }
+          }
        },
        "terminal.integrated.defaultProfile.linux": "zsh",
        "[python]": {
          "editor.defaultFormatter": "charliermarsh.ruff"
        }
      }
    }
  },
  "mounts": [
    "type=volume,target=/var/lib/docker",
    "type=volume,target=/mnt/supervisor"
  ]
 }
--- a/.github/ISSUE_TEMPLATE/BUG_REPORT.md
+++ b/.github/ISSUE_TEMPLATE/BUG_REPORT.md
@@ -1,69 +0,0 @@
 ---
 name: Report a bug with the Supervisor on a supported System
 about: Report an issue related to the Home Assistant Supervisor.
 labels: bug
 ---
 <!-- READ THIS FIRST:
 - If you need additional help with this template please refer to https://www.home-assistant.io/help/reporting_issues/
 - This is for bugs only. Feature and enhancement requests should go in our community forum: https://community.home-assistant.io/c/feature-requests
 - Provide as many details as possible. Paste logs, configuration sample and code into the backticks. Do not delete any text from this template!
 - If you have a problem with an add-on, make an issue in it's repository.
 -->
 <!--
 Important: You can only fill a bug repport for an supported system! If you run an unsupported installation. This report would be closed without comment.
 -->
 ### Describe the issue
 <!-- Provide as many details as possible. -->
 ### Steps to reproduce
 <!-- What do you do to encounter the issue. -->
 1. ...
 2. ...
 3. ...
 ### Enviroment details
 <!-- You can find these details in the system tab of the supervisor panel, or by using the `ha` CLI. -->
 - **Operating System:**: xxx
 - **Supervisor version:**: xxx
 - **Home Assistant version**: xxx
 ### Supervisor logs
 <details>
 <summary>Supervisor logs</summary>
 <!--
 - Frontend -> Supervisor -> System
 - Or use this command: ha supervisor logs
 - Logs are more than just errors, even if you don't think it's important, it is.
 -->
 ```
 Paste supervisor logs here
 ```
 </details>
 ### System Information
 <details>
 <summary>System Information</summary>
 <!--
 - Use this command: ha info
 -->
 ```
 Paste system info here
 ```
 </details>
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,96 @@
 name: Report an issue with Home Assistant Supervisor
 description: Report an issue related to the Home Assistant Supervisor.
 body:
  - type: markdown
    attributes:
      value: |
        This issue form is for reporting bugs with **supported** setups only!
        If you have a feature or enhancement request, please use the [feature request][fr] section of our [Community Forum][fr].
        [fr]: https://github.com/orgs/home-assistant/discussions
  - type: textarea
    validations:
      required: true
    attributes:
      label: Describe the issue you are experiencing
      description: Provide a clear and concise description of what the bug is.
  - type: markdown
    attributes:
      value: |
        ## Environment
  - type: dropdown
    validations:
      required: true
    attributes:
      label: What type of installation are you running?
      description: >
        If you don't know, can be found in [Settings -> System -> Repairs -> (three dot menu) -> System Information](https://my.home-assistant.io/redirect/system_health/).
        It is listed as the `Installation Type` value.
      options:
        - Home Assistant OS
        - Home Assistant Supervised
  - type: dropdown
    validations:
      required: true
    attributes:
      label: Which operating system are you running on?
      options:
        - Home Assistant Operating System
        - Debian
        - Other (e.g., Raspbian/Raspberry Pi OS/Fedora)
  - type: markdown
    attributes:
      value: |
        # Details
  - type: textarea
    validations:
      required: true
    attributes:
      label: Steps to reproduce the issue
      description: |
        Please tell us exactly how to reproduce your issue.
        Provide clear and concise step by step instructions and add code snippets if needed.
      value: |
        1.
        2.
        3.
        ...
  - type: textarea
    validations:
      required: true
    attributes:
      label: Anything in the Supervisor logs that might be useful for us?
      description: >
        Supervisor Logs can be found in [Settings -> System -> Logs](https://my.home-assistant.io/redirect/logs/)
        then choose `Supervisor` in the top right.
        [![Open your Home Assistant instance and show your Supervisor system logs.](https://my.home-assistant.io/badges/supervisor_logs.svg)](https://my.home-assistant.io/redirect/supervisor_logs/)
      render: txt
  - type: textarea
    validations:
      required: true
    attributes:
      label: System information
      description: >
        The System information can be found in [Settings -> System -> Repairs -> (three dot menu) -> System Information](https://my.home-assistant.io/redirect/system_health/).
        Click the copy button at the bottom of the pop-up and paste it here.
        [![Open your Home Assistant instance and show health information about your system.](https://my.home-assistant.io/badges/system_health.svg)](https://my.home-assistant.io/redirect/system_health/)
  - type: textarea
    attributes:
      label: Supervisor diagnostics
      placeholder: "drag-and-drop the diagnostics data file here (do not copy-and-paste the content)"
      description: >-
        Supervisor diagnostics can be found in [Settings -> Devices & services](https://my.home-assistant.io/redirect/integrations/).
        Find the card that says `Home Assistant Supervisor`, open it, and select the three dot menu of the Supervisor integration entry
        and select 'Download diagnostics'.
        **Please drag-and-drop the downloaded file into the textbox below. Do not copy and paste its contents.**
  - type: textarea
    attributes:
      label: Additional information
      description: >
        If you have any additional information for us, use the field below.
        Please note, you can attach screenshots or screen recordings here, by
        dragging and dropping files in the field below.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -13,7 +13,7 @@ contact_links:
    about: Our documentation has its own issue tracker. Please report issues with the website there.
  - name: Request a feature for the Supervisor
-    url: https://community.home-assistant.io/c/feature-requests
+    url: https://github.com/orgs/home-assistant/discussions
    about: Request an new feature for the Supervisor.
  - name: I have a question or need support
--- a/.github/ISSUE_TEMPLATE/task.yml
+++ b/.github/ISSUE_TEMPLATE/task.yml
@@ -0,0 +1,53 @@
 name: Task
 description: For staff only - Create a task
 type: Task
 body:
  - type: markdown
    attributes:
      value: |
        ## ⚠️ RESTRICTED ACCESS
        **This form is restricted to Open Home Foundation staff and authorized contributors only.**
        If you are a community member wanting to contribute, please:
        - For bug reports: Use the [bug report form](https://github.com/home-assistant/supervisor/issues/new?template=bug_report.yml)
        - For feature requests: Submit to [Feature Requests](https://github.com/orgs/home-assistant/discussions)
        ---
        ### For authorized contributors
        Use this form to create tasks for development work, improvements, or other actionable items that need to be tracked.
  - type: textarea
    id: description
    attributes:
      label: Description
      description: |
        Provide a clear and detailed description of the task that needs to be accomplished.
        Be specific about what needs to be done, why it's important, and any constraints or requirements.
      placeholder: |
        Describe the task, including:
        - What needs to be done
        - Why this task is needed
        - Expected outcome
        - Any constraints or requirements
    validations:
      required: true
  - type: textarea
    id: additional_context
    attributes:
      label: Additional context
      description: |
        Any additional information, links, research, or context that would be helpful.
        Include links to related issues, research, prototypes, roadmap opportunities etc.
      placeholder: |
        - Roadmap opportunity: [link]
        - Epic: [link]
        - Feature request: [link]
        - Technical design documents: [link]
        - Prototype/mockup: [link]
        - Dependencies: [links]
    validations:
      required: false
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -37,6 +37,8 @@
 - This PR fixes or closes issue: fixes #
 - This PR is related to issue:
 - Link to documentation pull request:
 - Link to cli pull request:
 - Link to client library pull request:
 ## Checklist
@@ -51,12 +53,14 @@
 - [ ] Local tests pass. **Your PR cannot be merged unless tests pass**
 - [ ] There is no commented out code in this PR.
 - [ ] I have followed the [development checklist][dev-checklist]
- [ ] The code has been formatted using Black (`black --fast supervisor tests`)
+- [ ] The code has been formatted using Ruff (`ruff format supervisor tests`)
 - [ ] Tests have been added to verify that the new code works.
-If API endpoints of add-on configuration are added/changed:
+If API endpoints or add-on configuration are added/changed:
 - [ ] Documentation added/updated for [developers.home-assistant.io][docs-repository]
 - [ ] [CLI][cli-repository] updated (if necessary)
 - [ ] [Client library][client-library-repository] updated (if necessary)
 <!--
  Thank you for contributing <3
@@ -66,3 +70,5 @@ If API endpoints of add-on configuration are added/changed:
 [dev-checklist]: https://developers.home-assistant.io/docs/en/development_checklist.html
 [docs-repository]: https://github.com/home-assistant/developers.home-assistant
 [cli-repository]: https://github.com/home-assistant/cli
 [client-library-repository]: https://github.com/home-assistant-libs/python-supervisor-client/
--- a/.github/copilot-instructions.md
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,288 @@
 # GitHub Copilot & Claude Code Instructions
 This repository contains the Home Assistant Supervisor, a Python 3 based container
 orchestration and management system for Home Assistant.
 ## Supervisor Capabilities & Features
 ### Architecture Overview
 Home Assistant Supervisor is a Python-based container orchestration system that
 communicates with the Docker daemon to manage containerized components. It is tightly
 integrated with the underlying Operating System and core Operating System components
 through D-Bus.
 **Managed Components:**
 - **Home Assistant Core**: The main home automation application running in its own
  container (also provides the web interface)
 - **Add-ons**: Third-party applications and services (each add-on runs in its own
  container)
 - **Plugins**: Built-in system services like DNS, Audio, CLI, Multicast, and Observer
 - **Host System Integration**: OS-level operations and hardware access via D-Bus
 - **Container Networking**: Internal Docker network management and external
  connectivity
 - **Storage & Backup**: Data persistence and backup management across all containers
 **Key Dependencies:**
 - **Docker Engine**: Required for all container operations
 - **D-Bus**: System-level communication with the host OS
 - **systemd**: Service management for host system operations
 - **NetworkManager**: Network configuration and management
 ### Add-on System
 **Add-on Architecture**: Add-ons are containerized applications available through
 add-on stores. Each store contains multiple add-ons, and each add-on includes metadata
 that tells Supervisor the version, startup configuration (permissions), and available
 user configurable options. Add-on metadata typically references a container image that
 Supervisor fetches during installation. If not, the Supervisor builds the container
 image from a Dockerfile.
 **Built-in Stores**: Supervisor comes with several pre-configured stores:
 - **Core Add-ons**: Official add-ons maintained by the Home Assistant team
 - **Community Add-ons**: Popular third-party add-ons repository
 - **ESPHome**: Add-ons for ESPHome ecosystem integration
 - **Music Assistant**: Audio and music-related add-ons
 - **Local Development**: Local folder for testing custom add-ons during development
 **Store Management**: Stores are Git-based repositories that are periodically updated.
 When updates are available, users receive notifications.
 **Add-on Lifecycle**:
 - **Installation**: Supervisor fetches or builds container images based on add-on
  metadata
 - **Configuration**: Schema-validated options with integrated UI management
 - **Runtime**: Full container lifecycle management, health monitoring
 - **Updates**: Automatic or manual version management
 ### Update System
 **Core Components**: Supervisor, Home Assistant Core, HAOS, and built-in plugins
 receive version information from a central JSON file fetched from
 `https://version.home-assistant.io/{channel}.json`. The `Updater` class handles
 fetching this data, validating signatures, and updating internal version tracking.
 **Update Channels**: Three channels (`stable`/`beta`/`dev`) determine which version
 JSON file is fetched, allowing users to opt into different release streams.
 **Add-on Updates**: Add-on version information comes from store repository updates, not
 the central JSON file. When repositories are refreshed via the store system, add-ons
 compare their local versions against repository versions to determine update
 availability.
 ### Backup & Recovery System
 **Backup Capabilities**:
 - **Full Backups**: Complete system state capture including all add-ons,
  configuration, and data
 - **Partial Backups**: Selective backup of specific components (Home Assistant,
  add-ons, folders)
 - **Encrypted Backups**: Optional backup encryption with user-provided passwords
 - **Multiple Storage Locations**: Local storage and remote backup destinations
 **Recovery Features**:
 - **One-click Restore**: Simple restoration from backup files
 - **Selective Restore**: Choose specific components to restore
 - **Automatic Recovery**: Self-healing for common system issues
 ---
 ## Supervisor Development
 ### Python Requirements
 - **Compatibility**: Python 3.13+
 - **Language Features**: Use modern Python features:
  - Type hints with `typing` module
  - f-strings (preferred over `%` or `.format()`)
  - Dataclasses and enum classes
  - Async/await patterns
  - Pattern matching where appropriate
 ### Code Quality Standards
 - **Formatting**: Ruff
 - **Linting**: PyLint and Ruff  
 - **Type Checking**: MyPy
 - **Testing**: pytest with asyncio support
 - **Language**: American English for all code, comments, and documentation
 ### Code Organization
 **Core Structure**:
 ```
 supervisor/
 ├── __init__.py           # Package initialization
 ├── const.py             # Constants and enums
 ├── coresys.py           # Core system management
 ├── bootstrap.py         # System initialization
 ├── exceptions.py        # Custom exception classes
 ├── api/                 # REST API endpoints
 ├── addons/              # Add-on management
 ├── backups/             # Backup system
 ├── docker/              # Docker integration
 ├── host/                # Host system interface
 ├── homeassistant/       # Home Assistant Core management
 ├── dbus/                # D-Bus system integration
 ├── hardware/            # Hardware detection and management
 ├── plugins/             # Plugin system
 ├── resolution/          # Issue detection and resolution
 ├── security/            # Security management
 ├── services/            # Service discovery and management
 ├── store/               # Add-on store management
 └── utils/               # Utility functions
 ```
 **Shared Constants**: Use constants from `supervisor/const.py` instead of hardcoding
 values. Define new constants following existing patterns and group related constants
 together.
 ### Supervisor Architecture Patterns
 **CoreSysAttributes Inheritance Pattern**: Nearly all major classes in Supervisor
 inherit from `CoreSysAttributes`, providing access to the centralized system state
 via `self.coresys` and convenient `sys_*` properties.
 ```python
 # Standard Supervisor class pattern
 class MyManager(CoreSysAttributes):
    """Manage my functionality."""
    def __init__(self, coresys: CoreSys):
        """Initialize manager."""
        self.coresys: CoreSys = coresys
        self._component: MyComponent = MyComponent(coresys)
    @property
    def component(self) -> MyComponent:
        """Return component handler."""
        return self._component
    # Access system components via inherited properties
    async def do_something(self):
        await self.sys_docker.containers.get("my_container")
        self.sys_bus.fire_event(BusEvent.MY_EVENT, {"data": "value"})
 ```
 **Key Inherited Properties from CoreSysAttributes**:
 - `self.sys_docker` - Docker API access
 - `self.sys_run_in_executor()` - Execute blocking operations
 - `self.sys_create_task()` - Create async tasks
 - `self.sys_bus` - Event bus for system events
 - `self.sys_config` - System configuration
 - `self.sys_homeassistant` - Home Assistant Core management
 - `self.sys_addons` - Add-on management
 - `self.sys_host` - Host system access
 - `self.sys_dbus` - D-Bus system interface
 **Load Pattern**: Many components implement a `load()` method which effectively
 initialize the component from external sources (containers, files, D-Bus services).
 ### API Development
 **REST API Structure**:
 - **Base Path**: `/api/` for all endpoints
 - **Authentication**: Bearer token authentication
 - **Consistent Response Format**: `{"result": "ok", "data": {...}}` or
  `{"result": "error", "message": "..."}`
 - **Validation**: Use voluptuous schemas with `api_validate()`
 **Use `@api_process` Decorator**: This decorator handles all standard error handling
 and response formatting automatically. The decorator catches `APIError`, `HassioError`,
 and other exceptions, returning appropriate HTTP responses.
 ```python
 from ..api.utils import api_process, api_validate
@api_process
 async def backup_full(self, request: web.Request) -> dict[str, Any]:
    """Create full backup."""
    body = await api_validate(SCHEMA_BACKUP_FULL, request)
    job = await self.sys_backups.do_backup_full(**body)
    return {ATTR_JOB_ID: job.uuid}
 ```
 ### Docker Integration
 - **Container Management**: Use Supervisor's Docker manager instead of direct
  Docker API
 - **Networking**: Supervisor manages internal Docker networks with predefined IP
  ranges
 - **Security**: AppArmor profiles, capability restrictions, and user namespace
  isolation
 - **Health Checks**: Implement health monitoring for all managed containers
 ### D-Bus Integration
 - **Use dbus-fast**: Async D-Bus library for system integration
 - **Service Management**: systemd, NetworkManager, hostname management
 - **Error Handling**: Wrap D-Bus exceptions in Supervisor-specific exceptions
 ### Async Programming
 - **All I/O operations must be async**: File operations, network calls, subprocess
  execution
 - **Use asyncio patterns**: Prefer `asyncio.gather()` over sequential awaits
 - **Executor jobs**: Use `self.sys_run_in_executor()` for blocking operations
 - **Two-phase initialization**: `__init__` for sync setup, `post_init()` for async
  initialization
 ### Testing
 - **Location**: `tests/` directory with module mirroring
 - **Fixtures**: Extensive use of pytest fixtures for CoreSys setup
 - **Mocking**: Mock external dependencies (Docker, D-Bus, network calls)
 - **Coverage**: Minimum 90% test coverage, 100% for security-sensitive code
 ### Error Handling
 - **Custom Exceptions**: Defined in `exceptions.py` with clear inheritance hierarchy
 - **Error Propagation**: Use `from` clause for exception chaining
 - **API Errors**: Use `APIError` with appropriate HTTP status codes
 ### Security Considerations
 - **Container Security**: AppArmor profiles mandatory for add-ons, minimal
  capabilities
 - **Authentication**: Token-based API authentication with role-based access
 - **Data Protection**: Backup encryption, secure secret management, comprehensive
  input validation
 ### Development Commands
 ```bash
 # Run tests, adjust paths as necessary
 pytest -qsx tests/
 # Linting and formatting
 ruff check supervisor/
 ruff format supervisor/
 # Type checking
 mypy --ignore-missing-imports supervisor/
 # Pre-commit hooks
 pre-commit run --all-files
 ```
 Always run the pre-commit hooks at the end of code editing.
 ### Common Patterns to Follow
 **✅ Use These Patterns**:
 - Inherit from `CoreSysAttributes` for system access
 - Use `@api_process` decorator for API endpoints
 - Use `self.sys_run_in_executor()` for blocking operations
 - Access Docker via `self.sys_docker` not direct Docker API
 - Use constants from `const.py` instead of hardcoding
 - Store types in (per-module) `const.py` (e.g. supervisor/store/const.py)
 **❌ Avoid These Patterns**:
 - Direct Docker API usage - use Supervisor's Docker manager
 - Blocking operations in async context (use asyncio alternatives)
 - Hardcoded values - use constants from `const.py`
 - Manual error handling in API endpoints - let `@api_process` handle it
 This guide provides the foundation for contributing to Home Assistant Supervisor.
 Follow these patterns and guidelines to ensure code quality, security, and
 maintainability.
--- a/.github/release-drafter.yml
+++ b/.github/release-drafter.yml
@@ -31,6 +31,7 @@ categories:
  - title: ":arrow_up: Dependency Updates"
    label: "dependencies"
    collapse-after: 1
 include-labels:
  - "breaking-change"
--- a/.github/workflows/builder.yml
+++ b/.github/workflows/builder.yml
@@ -27,15 +27,19 @@ on:
    paths:
      - "rootfs/**"
      - "supervisor/**"
-      - build.json
+      - build.yaml
      - Dockerfile
      - requirements.txt
      - setup.py
 env:
  DEFAULT_PYTHON: "3.13"
  BUILD_NAME: supervisor
  BUILD_TYPE: supervisor
-  WHEELS_TAG: 3.8-alpine3.12
+
 concurrency:
  group: "${{ github.workflow }}-${{ github.ref }}"
  cancel-in-progress: true
 jobs:
  init:
@@ -49,7 +53,7 @@ jobs:
      requirements: ${{ steps.requirements.outputs.changed }}
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0
@@ -66,39 +70,51 @@ jobs:
      - name: Get changed files
        id: changed_files
        if: steps.version.outputs.publish == 'false'
-        uses: jitterbit/get-changed-files@v1
+        uses: masesgroup/retrieve-changed-files@v3.0.0
      - name: Check if requirements files changed
        id: requirements
        run: |
-          if [[ "${{ steps.changed_files.outputs.all }}" =~ requirements.txt ]]; then
+          if [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements.txt|build.yaml) ]]; then
-            echo "::set-output name=changed::true"
+            echo "changed=true" >> "$GITHUB_OUTPUT"
          fi
  build:
    name: Build ${{ matrix.arch }} supervisor
    needs: init
    runs-on: ubuntu-latest
    permissions:
      contents: read
      id-token: write
      packages: write
    strategy:
      matrix:
        arch: ${{ fromJson(needs.init.outputs.architectures) }}
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0
      - name: Write env-file
        if: needs.init.outputs.requirements == 'true'
        run: |
          (
            # Fix out of memory issues with rust
            echo "CARGO_NET_GIT_FETCH_WITH_CLI=true"
          ) > .env_file
      - name: Build wheels
        if: needs.init.outputs.requirements == 'true'
-        uses: home-assistant/wheels@master
+        uses: home-assistant/wheels@2025.07.0
        with:
-          tag: ${{ env.WHEELS_TAG }}
+          abi: cp313
          tag: musllinux_1_2
          arch: ${{ matrix.arch }}
          wheels-host: ${{ secrets.WHEELS_HOST }}
          wheels-key: ${{ secrets.WHEELS_KEY }}
-          wheels-user: wheels
+          apk: "libffi-dev;openssl-dev;yaml-dev"
          apk: "build-base;libffi-dev;openssl-dev"
          skip-binary: aiohttp
          env-file: true
          requirements: "requirements.txt"
      - name: Set version
@@ -107,25 +123,53 @@ jobs:
        with:
          type: ${{ env.BUILD_TYPE }}
-      - name: Login to DockerHub
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
        if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v1
+        uses: actions/setup-python@v5.6.0
        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          python-version: ${{ env.DEFAULT_PYTHON }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
      - name: Install Cosign
        if: needs.init.outputs.publish == 'true'
        uses: sigstore/cosign-installer@v3.9.2
        with:
          cosign-release: "v2.4.3"
      - name: Install dirhash and calc hash
        if: needs.init.outputs.publish == 'true'
        run: |
          pip3 install setuptools dirhash
          dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
          echo "${dir_hash}" > rootfs/supervisor.sha256
      - name: Sign supervisor SHA256
        if: needs.init.outputs.publish == 'true'
        run: |
          cosign sign-blob --yes rootfs/supervisor.sha256 --bundle rootfs/supervisor.sha256.sig
      - name: Login to GitHub Container Registry
        if: needs.init.outputs.publish == 'true'
        uses: docker/login-action@v3.5.0
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set build arguments
        if: needs.init.outputs.publish == 'false'
        run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
      - name: Build supervisor
-        uses: home-assistant/builder@2020.11.0
+        uses: home-assistant/builder@2025.03.0
        with:
          args: |
            $BUILD_ARGS \
            --${{ matrix.arch }} \
            --target /data \
            --cosign \
            --generic ${{ needs.init.outputs.version }}
        env:
          CAS_API_KEY: ${{ secrets.CAS_TOKEN }}
  version:
    name: Update version
@@ -134,7 +178,7 @@ jobs:
    steps:
      - name: Checkout the repository
        if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
      - name: Initialize git
        if: needs.init.outputs.publish == 'true'
@@ -155,13 +199,15 @@ jobs:
  run_supervisor:
    runs-on: ubuntu-latest
    name: Run the Supervisor
-    needs: ["build"]
+    needs: ["build", "init"]
    timeout-minutes: 60
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
      - name: Build the Supervisor
-        uses: home-assistant/builder@2020.11.0
+        if: needs.init.outputs.publish != 'true'
        uses: home-assistant/builder@2025.03.0
        with:
          args: |
            --test \
@@ -169,13 +215,19 @@ jobs:
            --target /data \
            --generic runner
      - name: Pull Supervisor
        if: needs.init.outputs.publish == 'true'
        run: |
          docker pull ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }}
          docker tag ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} ghcr.io/home-assistant/amd64-hassio-supervisor:runner
      - name: Create the Supervisor
        run: |
          mkdir -p /tmp/supervisor/data
          docker create --name hassio_supervisor \
            --privileged \
            --security-opt seccomp=unconfined \
-            --security-opt apparmor:unconfined \
+            --security-opt apparmor=unconfined \
            -v /run/docker.sock:/run/docker.sock \
            -v /run/dbus:/run/dbus \
            -v /tmp/supervisor/data:/data \
@@ -184,7 +236,7 @@ jobs:
            -e SUPERVISOR_NAME=hassio_supervisor \
            -e SUPERVISOR_DEV=1 \
            -e SUPERVISOR_MACHINE="qemux86-64" \
-          homeassistant/amd64-hassio-supervisor:runner
+          ghcr.io/home-assistant/amd64-hassio-supervisor:runner
      - name: Start the Supervisor
        run: docker start hassio_supervisor
@@ -194,22 +246,135 @@ jobs:
          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
          ping="error"
          while [ "$ping" != "ok" ]; do
-            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r .result)
+            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
            sleep 5
          done
      - name: Check the Supervisor
        run: |
          echo "Checking supervisor info"
-          test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r .result)
+          test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
            docker logs hassio_supervisor
            exit 1
          fi
          echo "Checking supervisor network info"
-          test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r .result)
+          test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
            docker logs hassio_supervisor
            exit 1
          fi
      - name: Check the Store / Addon
        run: |
          echo "Install Core SSH Add-on"
          test=$(docker exec hassio_cli ha addons install core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          # Make sure it actually installed
          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
          if [[ "$test" == "null" ]]; then
            exit 1
          fi
          echo "Start Core SSH Add-on"
          test=$(docker exec hassio_cli ha addons start core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          # Make sure its state is started
          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
          if [ "$test" != "started" ]; then
            exit 1
          fi
      - name: Check the Supervisor code sign
        if: needs.init.outputs.publish == 'true'
        run: |
          echo "Enable Content-Trust"
          test=$(docker exec hassio_cli ha security options --content-trust=true --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          echo "Run supervisor health check"
          test=$(docker exec hassio_cli ha resolution healthcheck --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          echo "Check supervisor unhealthy"
          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unhealthy[]')
          if [ "$test" != "" ]; then
            exit 1
          fi
          echo "Check supervisor supported"
          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unsupported[]')
          if [[ "$test" =~ source_mods ]]; then
            exit 1
          fi
      - name: Create full backup
        id: backup
        run: |
          test=$(docker exec hassio_cli ha backups new --no-progress --raw-json)
          if [ "$(echo $test | jq -r '.result')" != "ok" ]; then
            exit 1
          fi
          echo "slug=$(echo $test | jq -r '.data.slug')" >> "$GITHUB_OUTPUT"
      - name: Uninstall SSH add-on
        run: |
          test=$(docker exec hassio_cli ha addons uninstall core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
      - name: Restart supervisor
        run: |
          test=$(docker exec hassio_cli ha supervisor restart --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
      - name: Wait for Supervisor to come up
        run: |
          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
          ping="error"
          while [ "$ping" != "ok" ]; do
            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
            sleep 5
          done
      - name: Restore SSH add-on from backup
        run: |
          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --addons core_ssh --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
          # Make sure it actually installed
          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
          if [[ "$test" == "null" ]]; then
            exit 1
          fi
          # Make sure its state is started
          test="$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.state')"
          if [ "$test" != "started" ]; then
            exit 1
          fi
      - name: Restore SSL directory from backup
        run: |
          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --folders ssl --no-progress --raw-json | jq -r '.result')
          if [ "$test" != "ok" ]; then
            exit 1
          fi
      - name: Get supervisor logs on failiure
        if: ${{ cancelled() || failure() }}
        run: docker logs hassio_supervisor
--- a/.github/workflows/check_pr_labels.yml
+++ b/.github/workflows/check_pr_labels.yml
@@ -0,0 +1,19 @@
 name: Check PR
 on:
  pull_request:
    branches: ["main"]
    types: [labeled, unlabeled, synchronize]
 jobs:
  init:
    name: Check labels
    runs-on: ubuntu-latest
    steps:
      - name: Check labels
        run: |
          labels=$(jq -r '.pull_request.labels[] | .name' ${{github.event_path }})
          echo "$labels"
          if [ "$labels" == "cla-signed" ]; then
            exit 1
          fi
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -8,36 +8,37 @@ on:
  pull_request: ~
 env:
-  DEFAULT_PYTHON: 3.8
+  DEFAULT_PYTHON: "3.13"
-  PRE_COMMIT_HOME: ~/.cache/pre-commit
+  PRE_COMMIT_CACHE: ~/.cache/pre-commit
  MYPY_CACHE_VERSION: 1
 concurrency:
  group: "${{ github.workflow }}-${{ github.ref }}"
  cancel-in-progress: true
 jobs:
  # Separate job to pre-populate the base dependency cache
  # This prevent upcoming jobs to do the same individually
  prepare:
    runs-on: ubuntu-latest
-    strategy:
+    outputs:
-      matrix:
+      python-version: ${{ steps.python.outputs.python-version }}
-        python-version: [3.8]
+    name: Prepare Python dependencies
    name: Prepare Python ${{ matrix.python-version }} dependencies
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python
        id: python
-        uses: actions/setup-python@v2.2.1
+        uses: actions/setup-python@v5.6.0
        with:
-          python-version: ${{ matrix.python-version }}
+          python-version: ${{ env.DEFAULT_PYTHON }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
          restore-keys: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-
      - name: Create Python virtual environment
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -47,9 +48,10 @@ jobs:
          pip install -r requirements.txt -r requirements_tests.txt
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
-          path: ${{ env.PRE_COMMIT_HOME }}
+          path: ${{ env.PRE_COMMIT_CACHE }}
          lookup-only: true
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
          restore-keys: |
@@ -60,34 +62,91 @@ jobs:
          . venv/bin/activate
          pre-commit install-hooks
-  lint-black:
+  lint-ruff-format:
-    name: Check black
+    name: Check ruff-format
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v2.2.1
+        uses: actions/setup-python@v5.6.0
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
-      - name: Run black
+      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v4.2.4
        with:
          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Run ruff-format
        run: |
          . venv/bin/activate
-          black --target-version py38 --check supervisor tests setup.py
+          pre-commit run --hook-stage manual ruff-format --all-files --show-diff-on-failure
        env:
          RUFF_OUTPUT_FORMAT: github
  lint-ruff:
    name: Check ruff
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.2.2
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.6.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v4.2.4
        with:
          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Run ruff
        run: |
          . venv/bin/activate
          pre-commit run --hook-stage manual ruff --all-files --show-diff-on-failure
        env:
          RUFF_OUTPUT_FORMAT: github
  lint-dockerfile:
    name: Check Dockerfile
@@ -95,7 +154,7 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
      - name: Register hadolint problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/hadolint.json"
@@ -110,19 +169,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v2.2.1
+        uses: actions/setup-python@v5.6.0
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -130,9 +189,9 @@ jobs:
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
-          path: ${{ env.PRE_COMMIT_HOME }}
+          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
@@ -148,98 +207,25 @@ jobs:
          . venv/bin/activate
          pre-commit run --hook-stage manual check-executables-have-shebangs --all-files
  lint-flake8:
    name: Check flake8
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v2
      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
        uses: actions/setup-python@v2.2.1
        id: python
        with:
          python-version: ${{ env.DEFAULT_PYTHON }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v2
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Register flake8 problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/flake8.json"
      - name: Run flake8
        run: |
          . venv/bin/activate
          flake8 supervisor tests
  lint-isort:
    name: Check isort
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v2
      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
        uses: actions/setup-python@v2.2.1
        id: python
        with:
          python-version: ${{ env.DEFAULT_PYTHON }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v2
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v2
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Run isort
        run: |
          . venv/bin/activate
          pre-commit run --hook-stage manual isort --all-files --show-diff-on-failure
  lint-json:
    name: Check JSON
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v2.2.1
+        uses: actions/setup-python@v5.6.0
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -247,9 +233,9 @@ jobs:
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
-          path: ${{ env.PRE_COMMIT_HOME }}
+          path: ${{ env.PRE_COMMIT_CACHE }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
@@ -271,95 +257,19 @@ jobs:
    needs: prepare
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v2.2.1
+        uses: actions/setup-python@v5.6.0
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Register pylint problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/pylint.json"
      - name: Run pylint
        run: |
          . venv/bin/activate
          pylint supervisor tests
  lint-pyupgrade:
    name: Check pyupgrade
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v2
      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
        uses: actions/setup-python@v2.2.1
        id: python
        with:
          python-version: ${{ env.DEFAULT_PYTHON }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v2
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore pre-commit environment from cache
        id: cache-precommit
        uses: actions/cache@v2
        with:
          path: ${{ env.PRE_COMMIT_HOME }}
          key: |
            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
      - name: Fail job if cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Run pyupgrade
        run: |
          . venv/bin/activate
          pre-commit run --hook-stage manual pyupgrade --all-files --show-diff-on-failure
  pytest:
    runs-on: ubuntu-latest
    needs: prepare
    strategy:
      matrix:
        python-version: [3.8]
    name: Run tests Python ${{ matrix.python-version }}
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v2
      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v2.2.1
        id: python
        with:
          python-version: ${{ matrix.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v2
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
@@ -368,7 +278,93 @@ jobs:
      - name: Install additional system dependencies
        run: |
          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libpulse0 libudev1
+          sudo apt-get install -y --no-install-recommends libpulse0
      - name: Register pylint problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/pylint.json"
      - name: Run pylint
        run: |
          . venv/bin/activate
          pylint supervisor tests
  mypy:
    name: Check mypy
    runs-on: ubuntu-latest
    needs: prepare
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.2.2
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.6.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Generate partial mypy restore key
        id: generate-mypy-key
        run: |
          mypy_version=$(cat requirements_test.txt | grep mypy | cut -d '=' -f 3)
          echo "version=$mypy_version" >> $GITHUB_OUTPUT
          echo "key=mypy-${{ env.MYPY_CACHE_VERSION }}-$mypy_version-$(date -u '+%Y-%m-%dT%H:%M:%s')" >> $GITHUB_OUTPUT
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: >-
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Restore mypy cache
        uses: actions/cache@v4.2.4
        with:
          path: .mypy_cache
          key: >-
            ${{ runner.os }}-mypy-${{ needs.prepare.outputs.python-version }}-${{ steps.generate-mypy-key.outputs.key }}
          restore-keys: >-
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-mypy-${{ env.MYPY_CACHE_VERSION }}-${{ steps.generate-mypy-key.outputs.version }}
      - name: Register mypy problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/mypy.json"
      - name: Run mypy
        run: |
          . venv/bin/activate
          mypy --ignore-missing-imports supervisor
  pytest:
    runs-on: ubuntu-latest
    needs: prepare
    name: Run tests Python ${{ needs.prepare.outputs.python-version }}
    steps:
      - name: Check out code from GitHub
        uses: actions/checkout@v4.2.2
      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
        uses: actions/setup-python@v5.6.0
        id: python
        with:
          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.9.2
        with:
          cosign-release: "v2.4.3"
      - name: Restore Python virtual environment
        id: cache-venv
        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Install additional system dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus-daemon
      - name: Register Python problem matcher
        run: |
          echo "::add-matcher::.github/workflows/matchers/python.json"
@@ -390,37 +386,41 @@ jobs:
            -o console_output_style=count \
            tests
      - name: Upload coverage artifact
-        uses: actions/upload-artifact@v2.2.2
+        uses: actions/upload-artifact@v4.6.2
        with:
-          name: coverage-${{ matrix.python-version }}
+          name: coverage
          path: .coverage
          include-hidden-files: true
  coverage:
    name: Process test coverage
    runs-on: ubuntu-latest
-    needs: pytest
+    needs: ["pytest", "prepare"]
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v2.2.1
+        uses: actions/setup-python@v5.6.0
        id: python
        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
+          python-version: ${{ needs.prepare.outputs.python-version }}
      - name: Restore Python virtual environment
        id: cache-venv
-        uses: actions/cache@v2
+        uses: actions/cache@v4.2.4
        with:
          path: venv
          key: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
      - name: Fail job if Python cache restore failed
        if: steps.cache-venv.outputs.cache-hit != 'true'
        run: |
          echo "Failed to restore Python virtual environment from cache"
          exit 1
      - name: Download all coverage artifacts
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v5.0.0
        with:
          name: coverage
          path: coverage/
      - name: Combine coverage results
        run: |
          . venv/bin/activate
@@ -428,4 +428,4 @@ jobs:
          coverage report
          coverage xml
      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v1.2.1
+        uses: codecov/codecov-action@v5.4.3
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -9,12 +9,12 @@ jobs:
  lock:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v2.0.3
+      - uses: dessant/lock-threads@v5.0.1
        with:
          github-token: ${{ github.token }}
-          issue-lock-inactive-days: "30"
+          issue-inactive-days: "30"
-          issue-exclude-created-before: "2020-10-01T00:00:00Z"
+          exclude-issue-created-before: "2020-10-01T00:00:00Z"
          issue-lock-reason: ""
-          pr-lock-inactive-days: "1"
+          pr-inactive-days: "1"
-          pr-exclude-created-before: "2020-11-01T00:00:00Z"
+          exclude-pr-created-before: "2020-11-01T00:00:00Z"
          pr-lock-reason: ""
--- a/.github/workflows/matchers/flake8.json
+++ b/.github/workflows/matchers/flake8.json
@@ -1,30 +0,0 @@
 {
  "problemMatcher": [
    {
      "owner": "flake8-error",
      "severity": "error",
      "pattern": [
        {
          "regexp": "^(.*):(\\d+):(\\d+):\\s(E\\d{3}\\s.*)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4
        }
      ]
    },
    {
      "owner": "flake8-warning",
      "severity": "warning",
      "pattern": [
        {
          "regexp": "^(.*):(\\d+):(\\d+):\\s([CDFNW]\\d{3}\\s.*)$",
          "file": 1,
          "line": 2,
          "column": 3,
          "message": 4
        }
      ]
    }
  ]
 }
--- a/.github/workflows/matchers/mypy.json
+++ b/.github/workflows/matchers/mypy.json
@@ -0,0 +1,16 @@
 {
    "problemMatcher": [
        {
            "owner": "mypy",
            "pattern": [
                {
                    "regexp": "^(.+):(\\d+):\\s(error|warning):\\s(.+)$",
                    "file": 1,
                    "line": 2,
                    "severity": 3,
                    "message": 4
                }
            ]
        }
    ]
 }
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -11,7 +11,7 @@ jobs:
    name: Release Drafter
    steps:
      - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
        with:
          fetch-depth: 0
@@ -33,10 +33,10 @@ jobs:
          echo Current version:    $latest
          echo New target version: $datepre.$newpost
-          echo "::set-output name=version::$datepre.$newpost"
+          echo "version=$datepre.$newpost" >> "$GITHUB_OUTPUT"
      - name: Run Release Drafter
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@v6.1.0
        with:
          tag: ${{ steps.version.outputs.version }}
          name: ${{ steps.version.outputs.version }}
--- a/.github/workflows/restrict-task-creation.yml
+++ b/.github/workflows/restrict-task-creation.yml
@@ -0,0 +1,58 @@
 name: Restrict task creation
 # yamllint disable-line rule:truthy
 on:
  issues:
    types: [opened]
 jobs:
  check-authorization:
    runs-on: ubuntu-latest
    # Only run if this is a Task issue type (from the issue form)
    if: github.event.issue.issue_type == 'Task'
    steps:
      - name: Check if user is authorized
        uses: actions/github-script@v7
        with:
          script: |
            const issueAuthor = context.payload.issue.user.login;
            // Check if user is an organization member
            try {
              await github.rest.orgs.checkMembershipForUser({
                org: 'home-assistant',
                username: issueAuthor
              });
              console.log(`✅ ${issueAuthor} is an organization member`);
              return; // Authorized
            } catch (error) {
              console.log(`❌ ${issueAuthor} is not authorized to create Task issues`);
            }
            // Close the issue with a comment
            await github.rest.issues.createComment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              body: `Hi @${issueAuthor}, thank you for your contribution!\n\n` +
                    `Task issues are restricted to Open Home Foundation staff and authorized contributors.\n\n` +
                    `If you would like to:\n` +
                    `- Report a bug: Please use the [bug report form](https://github.com/home-assistant/supervisor/issues/new?template=bug_report.yml)\n` +
                    `- Request a feature: Please submit to [Feature Requests](https://github.com/orgs/home-assistant/discussions)\n\n` +
                    `If you believe you should have access to create Task issues, please contact the maintainers.`
            });
            await github.rest.issues.update({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              state: 'closed'
            });
            // Add a label to indicate this was auto-closed
            await github.rest.issues.addLabels({
              owner: context.repo.owner,
              repo: context.repo.repo,
              issue_number: context.issue.number,
              labels: ['auto-closed']
            });
--- a/.github/workflows/sentry.yaml
+++ b/.github/workflows/sentry.yaml
@@ -10,9 +10,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out code from GitHub
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4.2.2
      - name: Sentry Release
-        uses: getsentry/action-release@v1.1
+        uses: getsentry/action-release@v3.2.0
        env:
          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -9,10 +9,10 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v3.0.14
+      - uses: actions/stale@v9.1.0
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          days-before-stale: 60
+          days-before-stale: 30
          days-before-close: 7
          stale-issue-label: "stale"
          exempt-issue-labels: "no-stale,Help%20wanted,help-wanted,pinned,rfc,security"
--- a/.github/workflows/update_frontend.yml
+++ b/.github/workflows/update_frontend.yml
@@ -0,0 +1,82 @@
 name: Update frontend
 on:
  schedule: # once a day
    - cron: "0 0 * * *"
  workflow_dispatch:
 jobs:
  check-version:
    runs-on: ubuntu-latest
    outputs:
      skip: ${{ steps.check_version.outputs.skip || steps.check_existing_pr.outputs.skip }}
      current_version: ${{ steps.check_version.outputs.current_version }}
      latest_version: ${{ steps.latest_frontend_version.outputs.latest_tag }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Get latest frontend release
        id: latest_frontend_version
        uses: abatilo/release-info-action@v1.3.3
        with:
          owner: home-assistant
          repo: frontend
      - name: Check if version is up to date
        id: check_version
        run: |
          current_version="$(cat .ha-frontend-version)"
          latest_version="${{ steps.latest_frontend_version.outputs.latest_tag }}"
          echo "current_version=${current_version}" >> $GITHUB_OUTPUT
          echo "LATEST_VERSION=${latest_version}" >> $GITHUB_ENV
          if [[ ! "$current_version" < "$latest_version" ]]; then
            echo "Frontend version is up to date"
            echo "skip=true" >> $GITHUB_OUTPUT
          fi
      - name: Check if there is no open PR with this version
        if: steps.check_version.outputs.skip != 'true'
        id: check_existing_pr
        env:
          GH_TOKEN: ${{ github.token }}
        run: |
          PR=$(gh pr list --state open --base main --json title --search "Update frontend to version $LATEST_VERSION")
          if [[ "$PR" != "[]" ]]; then
            echo "Skipping - There is already a PR open for version $LATEST_VERSION"
            echo "skip=true" >> $GITHUB_OUTPUT
          fi
  create-pr:
    runs-on: ubuntu-latest
    needs: check-version
    if: needs.check-version.outputs.skip != 'true'
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
      - name: Clear www folder
        run: |
          rm -rf supervisor/api/panel/*
      - name: Update version file
        run: |
          echo "${{ needs.check-version.outputs.latest_version }}" > .ha-frontend-version
      - name: Download release assets
        uses: robinraju/release-downloader@v1
        with:
          repository: 'home-assistant/frontend'
          tag: ${{ needs.check-version.outputs.latest_version }}
          fileName: home_assistant_frontend_supervisor-${{ needs.check-version.outputs.latest_version }}.tar.gz
          extract: true
          out-file-path: supervisor/api/panel/
      - name: Remove release assets archive
        run: |
          rm -f supervisor/api/panel/home_assistant_frontend_supervisor-*.tar.gz
      - name: Create PR
        uses: peter-evans/create-pull-request@v7
        with:
          commit-message: "Update frontend to version ${{ needs.check-version.outputs.latest_version }}"
          branch: autoupdate-frontend
          base: main
          draft: true
          sign-commits: true
          title: "Update frontend to version ${{ needs.check-version.outputs.latest_version }}"
          body: >
            Update frontend from ${{ needs.check-version.outputs.current_version }} to
            [${{ needs.check-version.outputs.latest_version }}](https://github.com/home-assistant/frontend/releases/tag/${{ needs.check-version.outputs.latest_version }})
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,4 +0,0 @@
 [submodule "home-assistant-polymer"]
 	path = home-assistant-polymer
 	url = https://github.com/home-assistant/home-assistant-polymer
 	branch = dev
--- a/.ha-frontend-version
+++ b/.ha-frontend-version
@@ -0,0 +1 @@
 20250806.0
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@@ -1,5 +1,7 @@
 ignored:
-  - DL3018
+  - DL3003
  - DL3006
  - DL3013
  - DL3018
  - DL3042
  - SC2155
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,34 +1,27 @@
 repos:
-  - repo: https://github.com/psf/black
+  - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 20.8b1
+    rev: v0.11.10
    hooks:
-      - id: black
+      - id: ruff
        args:
-          - --safe
+          - --fix
-          - --quiet
+      - id: ruff-format
          - --target-version
          - py38
        files: ^((supervisor|tests)/.+)?[^/]+\.py$
  - repo: https://gitlab.com/pycqa/flake8
    rev: 3.8.3
    hooks:
      - id: flake8
        additional_dependencies:
          - flake8-docstrings==1.5.0
          - pydocstyle==5.0.2
        files: ^(supervisor|script|tests)/.+\.py$
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.1.0
+    rev: v5.0.0
    hooks:
      - id: check-executables-have-shebangs
        stages: [manual]
      - id: check-json
-  - repo: https://github.com/pre-commit/mirrors-isort
+  - repo: local
    rev: v4.3.21
    hooks:
-      - id: isort
+      # Run mypy through our wrapper script in order to get the possible
-  - repo: https://github.com/asottile/pyupgrade
+      # pyenv and/or virtualenv activated; it may not have been e.g. if
-    rev: v2.6.2
+      # committing from a GUI tool that was not launched from an activated
-    hooks:
+      # shell.
-      - id: pyupgrade
+      - id: mypy
-        args: [--py37-plus]
+        name: mypy
        entry: script/run-in-env.sh mypy --ignore-missing-imports
        language: script
        types_or: [python, pyi]
        files: ^supervisor/.+\.(py|pyi)$
--- a/.vcnignore
+++ b/.vcnignore
@@ -0,0 +1,21 @@
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
 *$py.class
 # Distribution / packaging
 *.egg-info/
 # General files
 .git
 .github
 .devcontainer
 .vscode
 .tox
 # Data
 home-assistant-polymer/
 script/
 tests/
 data/
 venv/
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -13,6 +13,13 @@
          "remoteRoot": "/usr/src/supervisor"
        }
      ]
    },
    {
      "name": "Debug Tests",
      "type": "python",
      "request": "test",
      "console": "internalConsole",
      "justMyCode": false
    }
  ]
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -4,7 +4,7 @@
    {
      "label": "Run Supervisor",
      "type": "shell",
-      "command": "./scripts/run-supervisor.sh",
+      "command": "supervisor_run",
      "group": {
        "kind": "test",
        "isDefault": true
@@ -15,20 +15,6 @@
      },
      "problemMatcher": []
    },
    {
      "label": "Build Supervisor",
      "type": "shell",
      "command": "./scripts/build-supervisor.sh",
      "group": {
        "kind": "build",
        "isDefault": true
      },
      "presentation": {
        "reveal": "always",
        "panel": "new"
      },
      "problemMatcher": []
    },
    {
      "label": "Run Supervisor CLI",
      "type": "shell",
@@ -46,7 +32,7 @@
    {
      "label": "Update Supervisor Panel",
      "type": "shell",
-      "command": "./scripts/update-frontend.sh",
+      "command": "LOKALISE_TOKEN='${input:localiseToken}' ./scripts/update-frontend.sh",
      "group": {
        "kind": "build",
        "isDefault": true
@@ -72,9 +58,23 @@
      "problemMatcher": []
    },
    {
-      "label": "Flake8",
+      "label": "Ruff Check",
      "type": "shell",
-      "command": "flake8 supervisor tests",
+      "command": "ruff check --fix supervisor tests",
      "group": {
        "kind": "test",
        "isDefault": true
      },
      "presentation": {
        "reveal": "always",
        "panel": "new"
      },
      "problemMatcher": []
    },
    {
      "label": "Ruff Format",
      "type": "shell",
      "command": "ruff format supervisor tests",
      "group": {
        "kind": "test",
        "isDefault": true
@@ -100,5 +100,12 @@
      },
      "problemMatcher": []
    }
  ],
  "inputs": [
    {
      "id": "localiseToken",
      "type": "promptString",
      "description": "Paste your lokalise token to download frontend translations"
    }
  ]
 }
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1 @@
 .github/copilot-instructions.md
--- a/39
+++ b/39
@@ -1,38 +1,51 @@
 ARG BUILD_FROM
-FROM $BUILD_FROM
+FROM ${BUILD_FROM}
 ENV \
    S6_SERVICES_GRACETIME=10000 \
-    SUPERVISOR_API=http://localhost
+    SUPERVISOR_API=http://localhost \
    CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 \
    UV_SYSTEM_PYTHON=true
 ARG \
    COSIGN_VERSION \
    BUILD_ARCH \
    QEMU_CPU
 # Install base
 WORKDIR /usr/src
 RUN \
-    apk add --no-cache \
+    set -x \
    && apk add --no-cache \
        findutils \
        eudev \
        eudev-libs \
        git \
        glib \
        libffi \
        libpulse \
        musl \
-        openssl
+        openssl \
-
+        yaml \
-ARG BUILD_ARCH
+    \
-WORKDIR /usr/src
+    && curl -Lso /usr/bin/cosign "https://github.com/home-assistant/cosign/releases/download/${COSIGN_VERSION}/cosign_${BUILD_ARCH}" \
    && chmod a+x /usr/bin/cosign \
    && pip3 install uv==0.6.17
 # Install requirements
 COPY requirements.txt .
 RUN \
-    export MAKEFLAGS="-j$(nproc)" \
+    if [ "${BUILD_ARCH}" = "i386" ]; then \
-    && pip3 install --no-cache-dir --no-index --only-binary=:all: --find-links \
+        setarch="linux32"; \
-        "https://wheels.home-assistant.io/alpine-$(cut -d '.' -f 1-2 < /etc/alpine-release)/${BUILD_ARCH}/" \
+    else \
-        -r ./requirements.txt \
+        setarch=""; \
    fi \
    && ${setarch} uv pip install --compile-bytecode --no-cache --no-build -r requirements.txt \
    && rm -f requirements.txt
 # Install Home Assistant Supervisor
 COPY . supervisor
 RUN \
-    pip3 install --no-cache-dir -e ./supervisor \
+    uv pip install --no-cache -e ./supervisor \
    && python3 -m compileall ./supervisor/supervisor
--- a/README.md
+++ b/README.md
@@ -21,12 +21,14 @@ Development instructions can be found [here][development].
 Releases are done in 3 stages (channels) with this structure:
-1. Pull requests are merged to the `main` branch
+1. Pull requests are merged to the `main` branch.
 2. A new build is pushed to the `dev` stage.
-3. Releases are published
+3. Releases are published.
 4. A new build is pushed to the `beta` stage.
-5. The [`stable.json][stable] file is updated
+5. The [`stable.json`][stable] file is updated.
-6. The build that was pushed to `beta` will now be pushed to `stable`
+6. The build that was pushed to `beta` will now be pushed to `stable`.
 [development]: https://developers.home-assistant.io/docs/supervisor/development
 [stable]: https://github.com/home-assistant/version/blob/master/stable.json
 [![Home Assistant - A project from the Open Home Foundation](https://www.openhomefoundation.org/badges/home-assistant.png)](https://www.openhomefoundation.org/)
--- a/build.json
+++ b/build.json
@@ -1,13 +0,0 @@
 {
  "image": "homeassistant/{arch}-hassio-supervisor",
  "build_from": {
    "aarch64": "homeassistant/aarch64-base-python:3.8-alpine3.12",
    "armhf": "homeassistant/armhf-base-python:3.8-alpine3.12",
    "armv7": "homeassistant/armv7-base-python:3.8-alpine3.12",
    "amd64": "homeassistant/amd64-base-python:3.8-alpine3.12",
    "i386": "homeassistant/i386-base-python:3.8-alpine3.12"
  },
  "labels": {
    "io.hass.type": "supervisor"
  }
 }
--- a/build.yaml
+++ b/build.yaml
@@ -0,0 +1,24 @@
 image: ghcr.io/home-assistant/{arch}-hassio-supervisor
 build_from:
  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.13-alpine3.22
  armhf: ghcr.io/home-assistant/armhf-base-python:3.13-alpine3.22
  armv7: ghcr.io/home-assistant/armv7-base-python:3.13-alpine3.22
  amd64: ghcr.io/home-assistant/amd64-base-python:3.13-alpine3.22
  i386: ghcr.io/home-assistant/i386-base-python:3.13-alpine3.22
 codenotary:
  signer: notary@home-assistant.io
  base_image: notary@home-assistant.io
 cosign:
  base_identity: https://github.com/home-assistant/docker-base/.*
  identity: https://github.com/home-assistant/supervisor/.*
 args:
  COSIGN_VERSION: 2.4.3
 labels:
  io.hass.type: supervisor
  org.opencontainers.image.title: Home Assistant Supervisor
  org.opencontainers.image.description: Container-based system for managing Home Assistant Core installation
  org.opencontainers.image.source: https://github.com/home-assistant/supervisor
  org.opencontainers.image.authors: The Home Assistant Authors
  org.opencontainers.image.url: https://www.home-assistant.io/
  org.opencontainers.image.documentation: https://www.home-assistant.io/docs/
  org.opencontainers.image.licenses: Apache License 2.0
--- a/1
+++ b/1
--- a/46
+++ b/46
@@ -1,46 +0,0 @@
 [MASTER]
 reports=no
 jobs=2
 good-names=id,i,j,k,ex,Run,_,fp,T
 # Reasons disabled:
 # format - handled by black
 # locally-disabled - it spams too much
 # duplicate-code - unavoidable
 # cyclic-import - doesn't test if both import on load
 # abstract-class-little-used - prevents from setting right foundation
 # abstract-class-not-used - is flaky, should not show up but does
 # unused-argument - generic callbacks and setup methods create a lot of warnings
 # redefined-variable-type - this is Python, we're duck typing!
 # too-many-* - are not enforced for the sake of readability
 # too-few-* - same as too-many-*
 # abstract-method - with intro of async there are always methods missing
 disable=
  format,
  abstract-class-little-used,
  abstract-method,
  cyclic-import,
  duplicate-code,
  locally-disabled,
  no-else-return,
  no-self-use,
  not-context-manager,
  redefined-variable-type,
  too-few-public-methods,
  too-many-arguments,
  too-many-branches,
  too-many-instance-attributes,
  too-many-lines,
  too-many-locals,
  too-many-public-methods,
  too-many-return-statements,
  too-many-statements,
  unused-argument,
 [EXCEPTIONS]
 overgeneral-exceptions=Exception
 [TYPECHECK]
 ignored-modules = distutils
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -0,0 +1,376 @@
 [build-system]
 requires = ["setuptools~=80.9.0", "wheel~=0.46.1"]
 build-backend = "setuptools.build_meta"
 [project]
 name = "Supervisor"
 dynamic = ["version", "dependencies"]
 license = { text = "Apache-2.0" }
 description = "Open-source private cloud os for Home-Assistant based on HassOS"
 readme = "README.md"
 authors = [
    { name = "The Home Assistant Authors", email = "hello@home-assistant.io" },
 ]
 keywords = ["docker", "home-assistant", "api"]
 requires-python = ">=3.13.0"
 [project.urls]
 "Homepage" = "https://www.home-assistant.io/"
 "Source Code" = "https://github.com/home-assistant/supervisor"
 "Bug Reports" = "https://github.com/home-assistant/supervisor/issues"
 "Docs: Dev" = "https://developers.home-assistant.io/"
 "Discord" = "https://www.home-assistant.io/join-chat/"
 "Forum" = "https://community.home-assistant.io/"
 [tool.setuptools]
 platforms = ["any"]
 zip-safe = false
 include-package-data = true
 [tool.setuptools.packages.find]
 include = ["supervisor*"]
 [tool.pylint.MAIN]
 py-version = "3.13"
 # Use a conservative default here; 2 should speed up most setups and not hurt
 # any too bad. Override on command line as appropriate.
 jobs = 2
 persistent = false
 extension-pkg-allow-list = ["ciso8601"]
 [tool.pylint.BASIC]
 class-const-naming-style = "any"
 good-names = ["id", "i", "j", "k", "ex", "Run", "_", "fp", "T", "os"]
 [tool.pylint."MESSAGES CONTROL"]
 # Reasons disabled:
 # format - handled by ruff
 # abstract-method - with intro of async there are always methods missing
 # cyclic-import - doesn't test if both import on load
 # duplicate-code - unavoidable
 # locally-disabled - it spams too much
 # too-many-* - are not enforced for the sake of readability
 # too-few-* - same as too-many-*
 # unused-argument - generic callbacks and setup methods create a lot of warnings
 disable = [
    "format",
    "abstract-method",
    "cyclic-import",
    "duplicate-code",
    "locally-disabled",
    "no-else-return",
    "not-context-manager",
    "too-few-public-methods",
    "too-many-arguments",
    "too-many-branches",
    "too-many-instance-attributes",
    "too-many-lines",
    "too-many-locals",
    "too-many-public-methods",
    "too-many-return-statements",
    "too-many-statements",
    "unused-argument",
    "consider-using-with",
    # Handled by ruff
    # Ref: <https://github.com/astral-sh/ruff/issues/970>
    "await-outside-async",    # PLE1142
    "bad-str-strip-call",     # PLE1310
    "bad-string-format-type", # PLE1307
    "bidirectional-unicode",  # PLE2502
    "continue-in-finally",    # PLE0116
    "duplicate-bases",        # PLE0241
    "format-needs-mapping",   # F502
    "function-redefined",     # F811
    # Needed because ruff does not understand type of __all__ generated by a function
    # "invalid-all-format", # PLE0605
    "invalid-all-object",                 # PLE0604
    "invalid-character-backspace",        # PLE2510
    "invalid-character-esc",              # PLE2513
    "invalid-character-nul",              # PLE2514
    "invalid-character-sub",              # PLE2512
    "invalid-character-zero-width-space", # PLE2515
    "logging-too-few-args",               # PLE1206
    "logging-too-many-args",              # PLE1205
    "missing-format-string-key",          # F524
    "mixed-format-string",                # F506
    "no-method-argument",                 # N805
    "no-self-argument",                   # N805
    "nonexistent-operator",               # B002
    "nonlocal-without-binding",           # PLE0117
    "not-in-loop",                        # F701, F702
    "notimplemented-raised",              # F901
    "return-in-init",                     # PLE0101
    "return-outside-function",            # F706
    "syntax-error",                       # E999
    "too-few-format-args",                # F524
    "too-many-format-args",               # F522
    "too-many-star-expressions",          # F622
    "truncated-format-string",            # F501
    "undefined-all-variable",             # F822
    "undefined-variable",                 # F821
    "used-prior-global-declaration",      # PLE0118
    "yield-inside-async-function",        # PLE1700
    "yield-outside-function",             # F704
    "anomalous-backslash-in-string",      # W605
    "assert-on-string-literal",           # PLW0129
    "assert-on-tuple",                    # F631
    "bad-format-string",                  # W1302, F
    "bad-format-string-key",              # W1300, F
    "bare-except",                        # E722
    "binary-op-exception",                # PLW0711
    "cell-var-from-loop",                 # B023
    # "dangerous-default-value", # B006, ruff catches new occurrences, needs more work
    "duplicate-except",                     # B014
    "duplicate-key",                        # F601
    "duplicate-string-formatting-argument", # F
    "duplicate-value",                      # F
    "eval-used",                            # PGH001
    "exec-used",                            # S102
    # "expression-not-assigned", # B018, ruff catches new occurrences, needs more work
    "f-string-without-interpolation",      # F541
    "forgotten-debug-statement",           # T100
    "format-string-without-interpolation", # F
    # "global-statement", # PLW0603, ruff catches new occurrences, needs more work
    "global-variable-not-assigned",  # PLW0602
    "implicit-str-concat",           # ISC001
    "import-self",                   # PLW0406
    "inconsistent-quotes",           # Q000
    "invalid-envvar-default",        # PLW1508
    "keyword-arg-before-vararg",     # B026
    "logging-format-interpolation",  # G
    "logging-fstring-interpolation", # G
    "logging-not-lazy",              # G
    "misplaced-future",              # F404
    "named-expr-without-context",    # PLW0131
    "nested-min-max",                # PLW3301
    # "pointless-statement", # B018, ruff catches new occurrences, needs more work
    "raise-missing-from", # TRY200
    # "redefined-builtin", # A001, ruff is way more stricter, needs work
    "try-except-raise",               # TRY203
    "unused-argument",                # ARG001, we don't use it
    "unused-format-string-argument",  #F507
    "unused-format-string-key",       # F504
    "unused-import",                  # F401
    "unused-variable",                # F841
    "useless-else-on-loop",           # PLW0120
    "wildcard-import",                # F403
    "bad-classmethod-argument",       # N804
    "consider-iterating-dictionary",  # SIM118
    "empty-docstring",                # D419
    "invalid-name",                   # N815
    "line-too-long",                  # E501, disabled globally
    "missing-class-docstring",        # D101
    "missing-final-newline",          # W292
    "missing-function-docstring",     # D103
    "missing-module-docstring",       # D100
    "multiple-imports",               #E401
    "singleton-comparison",           # E711, E712
    "subprocess-run-check",           # PLW1510
    "superfluous-parens",             # UP034
    "ungrouped-imports",              # I001
    "unidiomatic-typecheck",          # E721
    "unnecessary-direct-lambda-call", # PLC3002
    "unnecessary-lambda-assignment",  # PLC3001
    "unneeded-not",                   # SIM208
    "useless-import-alias",           # PLC0414
    "wrong-import-order",             # I001
    "wrong-import-position",          # E402
    "comparison-of-constants",        # PLR0133
    "comparison-with-itself",         # PLR0124
    # "consider-alternative-union-syntax", # UP007, typing extension
    "consider-merging-isinstance", # PLR1701
    # "consider-using-alias",              # UP006, typing extension
    "consider-using-dict-comprehension", # C402
    "consider-using-generator",          # C417
    "consider-using-get",                # SIM401
    "consider-using-set-comprehension",  # C401
    "consider-using-sys-exit",           # PLR1722
    "consider-using-ternary",            # SIM108
    "literal-comparison",                # F632
    "property-with-parameters",          # PLR0206
    "super-with-arguments",              # UP008
    "too-many-branches",                 # PLR0912
    "too-many-return-statements",        # PLR0911
    "too-many-statements",               # PLR0915
    "trailing-comma-tuple",              # COM818
    "unnecessary-comprehension",         # C416
    "use-a-generator",                   # C417
    "use-dict-literal",                  # C406
    "use-list-literal",                  # C405
    "useless-object-inheritance",        # UP004
    "useless-return",                    # PLR1711
    # "no-self-use", # PLR6301  # Optional plugin, not enabled
 ]
 [tool.pylint.REPORTS]
 score = false
 [tool.pylint.TYPECHECK]
 ignored-modules = ["distutils"]
 [tool.pylint.FORMAT]
 expected-line-ending-format = "LF"
 [tool.pylint.EXCEPTIONS]
 overgeneral-exceptions = ["builtins.BaseException", "builtins.Exception"]
 [tool.pylint.DESIGN]
 max-positional-arguments = 10
 [tool.pytest.ini_options]
 testpaths = ["tests"]
 norecursedirs = [".git"]
 log_format = "%(asctime)s.%(msecs)03d %(levelname)-8s %(threadName)s %(name)s:%(filename)s:%(lineno)s %(message)s"
 log_date_format = "%Y-%m-%d %H:%M:%S"
 asyncio_default_fixture_loop_scope = "function"
 asyncio_mode = "auto"
 filterwarnings = [
    "error",
    "ignore:pkg_resources is deprecated as an API:DeprecationWarning:dirhash",
    "ignore::pytest.PytestUnraisableExceptionWarning",
 ]
 markers = [
    "no_mock_init_websession: disable the autouse mock of init_websession for this test",
 ]
 [tool.ruff]
 lint.select = [
    "B002",    # Python does not support the unary prefix increment
    "B007",    # Loop control variable {name} not used within loop body
    "B014",    # Exception handler with duplicate exception
    "B023",    # Function definition does not bind loop variable {name}
    "B026",    # Star-arg unpacking after a keyword argument is strongly discouraged
    "B904",    # Use raise from to specify exception cause
    "C",       # complexity
    "COM818",  # Trailing comma on bare tuple prohibited
    "D",       # docstrings
    "DTZ003",  # Use datetime.now(tz=) instead of datetime.utcnow()
    "DTZ004",  # Use datetime.fromtimestamp(ts, tz=) instead of datetime.utcfromtimestamp(ts)
    "E",       # pycodestyle
    "F",       # pyflakes/autoflake
    "G",       # flake8-logging-format
    "I",       # isort
    "ICN001",  # import concentions; {name} should be imported as {asname}
    "N804",    # First argument of a class method should be named cls
    "N805",    # First argument of a method should be named self
    "N815",    # Variable {name} in class scope should not be mixedCase
    "PGH004",  # Use specific rule codes when using noqa
    "PLC0414", # Useless import alias. Import alias does not rename original package.
    "PLC",     # pylint
    "PLE",     # pylint
    "PLR",     # pylint
    "PLW",     # pylint
    "Q000",    # Double quotes found but single quotes preferred
    "RUF006",  # Store a reference to the return value of asyncio.create_task
    "S102",    # Use of exec detected
    "S103",    # bad-file-permissions
    "S108",    # hardcoded-temp-file
    "S306",    # suspicious-mktemp-usage
    "S307",    # suspicious-eval-usage
    "S313",    # suspicious-xmlc-element-tree-usage
    "S314",    # suspicious-xml-element-tree-usage
    "S315",    # suspicious-xml-expat-reader-usage
    "S316",    # suspicious-xml-expat-builder-usage
    "S317",    # suspicious-xml-sax-usage
    "S318",    # suspicious-xml-mini-dom-usage
    "S319",    # suspicious-xml-pull-dom-usage
    "S601",    # paramiko-call
    "S602",    # subprocess-popen-with-shell-equals-true
    "S604",    # call-with-shell-equals-true
    "S608",    # hardcoded-sql-expression
    "S609",    # unix-command-wildcard-injection
    "SIM105",  # Use contextlib.suppress({exception}) instead of try-except-pass
    "SIM117",  # Merge with-statements that use the same scope
    "SIM118",  # Use {key} in {dict} instead of {key} in {dict}.keys()
    "SIM201",  # Use {left} != {right} instead of not {left} == {right}
    "SIM208",  # Use {expr} instead of not (not {expr})
    "SIM212",  # Use {a} if {a} else {b} instead of {b} if not {a} else {a}
    "SIM300",  # Yoda conditions. Use 'age == 42' instead of '42 == age'.
    "SIM401",  # Use get from dict with default instead of an if block
    "T100",    # Trace found: {name} used
    "T20",     # flake8-print
    "TID251",  # Banned imports
    "TRY004",  # Prefer TypeError exception for invalid type
    "TRY203",  # Remove exception handler; error is immediately re-raised
    "UP",      # pyupgrade
    "W",       # pycodestyle
 ]
 lint.ignore = [
    "D202", # No blank lines allowed after function docstring
    "D203", # 1 blank line required before class docstring
    "D213", # Multi-line docstring summary should start at the second line
    "D406", # Section name should end with a newline
    "D407", # Section name underlining
    "E501", # line too long
    "E731", # do not assign a lambda expression, use a def
    # Ignore ignored, as the rule is now back in preview/nursery, which cannot
    # be ignored anymore without warnings.
    # https://github.com/astral-sh/ruff/issues/7491
    # "PLC1901", # Lots of false positives
    # False positives https://github.com/astral-sh/ruff/issues/5386
    "PLC0208", # Use a sequence type instead of a `set` when iterating over values
    "PLR0911", # Too many return statements ({returns} > {max_returns})
    "PLR0912", # Too many branches ({branches} > {max_branches})
    "PLR0913", # Too many arguments to function call ({c_args} > {max_args})
    "PLR0915", # Too many statements ({statements} > {max_statements})
    "PLR2004", # Magic value used in comparison, consider replacing {value} with a constant variable
    "PLW2901", # Outer {outer_kind} variable {name} overwritten by inner {inner_kind} target
    "UP006",   # keep type annotation style as is
    "UP007",   # keep type annotation style as is
    # Ignored due to performance: https://github.com/charliermarsh/ruff/issues/2923
    "UP038", # Use `X | Y` in `isinstance` call instead of `(X, Y)`
    # May conflict with the formatter, https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
    "W191",
    "E111",
    "E114",
    "E117",
    "D206",
    "D300",
    "Q000",
    "Q001",
    "Q002",
    "Q003",
    "COM812",
    "COM819",
    "ISC001",
    "ISC002",
    # Disabled because ruff does not understand type of __all__ generated by a function
    "PLE0605",
 ]
 [tool.ruff.lint.flake8-import-conventions.extend-aliases]
 voluptuous = "vol"
 [tool.ruff.lint.flake8-pytest-style]
 fixture-parentheses = false
 [tool.ruff.lint.flake8-tidy-imports.banned-api]
 "pytz".msg = "use zoneinfo instead"
 [tool.ruff.lint.isort]
 force-sort-within-sections = true
 section-order = [
    "future",
    "standard-library",
    "third-party",
    "first-party",
    "local-folder",
 ]
 forced-separate = ["tests"]
 known-first-party = ["supervisor", "tests"]
 combine-as-imports = true
 split-on-trailing-comma = false
 [tool.ruff.lint.per-file-ignores]
 # DBus Service Mocks must use typing and names understood by dbus-fast
 "tests/dbus_service_mocks/*.py" = ["F722", "F821", "N815"]
 [tool.ruff.lint.mccabe]
 max-complexity = 25
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,21 +1,30 @@
-aiohttp==3.7.3
+aiodns==3.5.0
-async_timeout==3.0.1
+aiohttp==3.12.15
-atomicwrites==1.4.0
+atomicwrites-homeassistant==1.4.1
-attrs==20.3.0
+attrs==25.3.0
-awesomeversion==21.1.3
+awesomeversion==25.8.0
-brotli==1.0.9
+blockbuster==1.5.25
-cchardet==2.1.7
+brotli==1.1.0
-colorlog==4.7.2
+ciso8601==2.3.2
-cpe==1.2.1
+colorlog==6.9.0
-cryptography==3.3.1
+cpe==1.3.1
-debugpy==1.2.1
+cryptography==45.0.6
-docker==4.4.1
+debugpy==1.8.16
-gitpython==3.1.12
+deepmerge==2.0
-jinja2==2.11.2
+dirhash==0.5.0
-packaging==20.4
+docker==7.1.0
-pulsectl==20.5.1
+faust-cchardet==2.1.19
-pytz==2020.5
+gitpython==3.1.45
-pyudev==0.22.0
+jinja2==3.1.6
-ruamel.yaml==0.15.100
+log-rate-limit==1.4.2
-sentry-sdk==0.19.5
+orjson==3.11.1
-voluptuous==0.12.1
+pulsectl==24.12.0
 pyudev==0.24.3
 PyYAML==6.0.2
 requests==2.32.4
 securetar==2025.2.1
 sentry-sdk==2.34.1
 setuptools==80.9.0
 voluptuous==0.15.2
 dbus-fast==2.44.3
 zlib-fast==0.2.1
--- a/requirements_tests.txt
+++ b/requirements_tests.txt
@@ -1,14 +1,16 @@
-black==20.8b1
+astroid==3.3.11
-codecov==2.1.11
+coverage==7.10.2
-coverage==5.3.1
+mypy==1.17.1
-flake8-docstrings==1.5.0
+pre-commit==4.2.0
-flake8==3.8.4
+pylint==3.3.7
-pre-commit==2.9.3
+pytest-aiohttp==1.1.0
-pydocstyle==5.1.1
+pytest-asyncio==0.25.2
-pylint==2.6.0
+pytest-cov==6.2.1
-pytest-aiohttp==0.3.0
+pytest-timeout==2.4.0
-pytest-asyncio==0.12.0 # NB!: Versions over 0.12.0 breaks pytest-aiohttp (https://github.com/aio-libs/pytest-aiohttp/issues/16)
+pytest==8.4.1
-pytest-cov==2.11.1
+ruff==0.12.8
-pytest-timeout==1.4.2
+time-machine==2.17.0
-pytest==6.2.1
+types-docker==7.1.0.20250705
-pyupgrade==2.7.4
+types-pyyaml==6.0.12.20250516
 types-requests==2.32.4.20250611
 urllib3==2.5.0
--- a/rootfs/etc/cont-init.d/udev.sh
+++ b/rootfs/etc/cont-init.d/udev.sh
@@ -2,9 +2,17 @@
 # ==============================================================================
 # Start udev service
 # ==============================================================================
 if bashio::fs.directory_exists /run/udev && ! bashio::fs.file_exists /run/.old_udev; then
    bashio::log.info "Using udev information from host"
    bashio::exit.ok
 fi
 bashio::log.info "Setup udev backend inside container"
 udevd --daemon
 bashio::log.info "Update udev information"
 touch /run/.old_udev
 if udevadm trigger; then
    udevadm settle || true
 else
--- a/rootfs/etc/services.d/supervisor/finish
+++ b/rootfs/etc/services.d/supervisor/finish
@@ -1,8 +1,11 @@
-#!/usr/bin/execlineb -S1
+#!/usr/bin/env bashio
 # ==============================================================================
 # Take down the S6 supervision tree when Supervisor fails
 # ==============================================================================
 if { s6-test ${1} -ne 100 }
 if { s6-test ${1} -ne 256 }
-redirfd -w 2 /dev/null s6-svscanctl -t /var/run/s6/services
+if [[ "$1" -ne 100 ]] && [[ "$1" -ne 256 ]]; then
  bashio::log.warning "Halt Supervisor"
  /run/s6/basedir/bin/halt
 fi
 bashio::log.info "Supervisor restart after closing"
--- a/rootfs/etc/services.d/supervisor/run
+++ b/rootfs/etc/services.d/supervisor/run
@@ -3,5 +3,6 @@
 # Start Supervisor service
 # ==============================================================================
 export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
 export MALLOC_CONF="background_thread:true,metadata_thp:auto"
 exec python3 -m supervisor
--- a/rootfs/etc/services.d/watchdog/finish
+++ b/rootfs/etc/services.d/watchdog/finish
@@ -1,8 +1,11 @@
-#!/usr/bin/execlineb -S1
+#!/usr/bin/env bashio
 # ==============================================================================
 # Take down the S6 supervision tree when Watchdog fails
 # ==============================================================================
 if { s6-test ${1} -ne 0 }
 if { s6-test ${1} -ne 256 }
-s6-svscanctl -t /var/run/s6/services
+if [[ "$1" -ne 0 ]] && [[ "$1" -ne 256 ]]; then
  bashio::log.warning "Halt Supervisor (Wuff)"
  /run/s6/basedir/bin/halt
 fi
 bashio::log.info "Watchdog restart after closing"
--- a/rootfs/etc/services.d/watchdog/run
+++ b/rootfs/etc/services.d/watchdog/run
@@ -15,7 +15,7 @@ do
    if [[ "${supervisor_state}" = "running"  ]]; then
        # Check API
-        if bashio::supervisor.ping; then
+        if bashio::supervisor.ping > /dev/null; then
            failed_count=0
        else
            bashio::log.warning "Maybe found an issue on API healthy"
@@ -31,4 +31,4 @@ do
 done
-basio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"
+bashio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"
--- a/script/run-in-env.sh
+++ b/script/run-in-env.sh
@@ -0,0 +1,30 @@
 #!/usr/bin/env sh
 set -eu
 # Used in venv activate script.
 # Would be an error if undefined.
 OSTYPE="${OSTYPE-}"
 # Activate pyenv and virtualenv if present, then run the specified command
 # pyenv, pyenv-virtualenv
 if [ -s .python-version ]; then
    PYENV_VERSION=$(head -n 1 .python-version)
    export PYENV_VERSION
 fi
 if [ -n "${VIRTUAL_ENV-}" ] && [ -f "${VIRTUAL_ENV}/bin/activate" ]; then
  . "${VIRTUAL_ENV}/bin/activate"
 else
  # other common virtualenvs
  my_path=$(git rev-parse --show-toplevel)
  for venv in venv .venv .; do
    if [ -f "${my_path}/${venv}/bin/activate" ]; then
      . "${my_path}/${venv}/bin/activate"
      break
    fi
  done
 fi
 exec "$@"
--- a/scripts/build-supervisor.sh
+++ b/scripts/build-supervisor.sh
@@ -1,28 +0,0 @@
 #!/bin/bash
 source "${BASH_SOURCE[0]%/*}/common.sh"
 set -eE
 DOCKER_TIMEOUT=30
 DOCKER_PID=0
 function build_supervisor() {
    docker pull homeassistant/amd64-builder:dev
    docker run --rm \
        --privileged \
        -v /run/docker.sock:/run/docker.sock \
        -v "$(pwd):/data" \
        homeassistant/amd64-builder:dev \
            --generic latest \
            --target /data \
            --test \
            --amd64 \
            --no-cache
 }
 echo "Build Supervisor"
 start_docker
 trap "stop_docker" ERR
 build_supervisor
--- a/scripts/common.sh
+++ b/scripts/common.sh
@@ -1,58 +0,0 @@
 #!/bin/bash
 function start_docker() {
    local starttime
    local endtime
    echo "Starting docker."
    dockerd 2> /dev/null &
    DOCKER_PID=$!
    echo "Waiting for docker to initialize..."
    starttime="$(date +%s)"
    endtime="$(date +%s)"
    until docker info >/dev/null 2>&1; do
        if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
            sleep 1
            endtime=$(date +%s)
        else
            echo "Timeout while waiting for docker to come up"
            exit 1
        fi
    done
    echo "Docker was initialized"
 }
 function stop_docker() {
    local starttime
    local endtime
    echo "Stopping in container docker..."
    if [ "$DOCKER_PID" -gt 0 ] && kill -0 "$DOCKER_PID" 2> /dev/null; then
        starttime="$(date +%s)"
        endtime="$(date +%s)"
        # Now wait for it to die
        kill "$DOCKER_PID"
        while kill -0 "$DOCKER_PID" 2> /dev/null; do
            if [ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]; then
                sleep 1
                endtime=$(date +%s)
            else
                echo "Timeout while waiting for container docker to die"
                exit 1
            fi
        done
    else
        echo "Your host might have been left with unreleased resources"
    fi
 }
 function cleanup_lastboot() {
    if [[ -f /workspaces/test_supervisor/config.json ]]; then
        echo "Cleaning up last boot"
        cp /workspaces/test_supervisor/config.json /tmp/config.json
        jq -rM 'del(.last_boot)' /tmp/config.json > /workspaces/test_supervisor/config.json
        rm /tmp/config.json
    fi
 }
--- a/scripts/run-supervisor.sh
+++ b/scripts/run-supervisor.sh
@@ -1,81 +0,0 @@
 #!/bin/bash
 source "${BASH_SOURCE[0]%/*}/common.sh"
 source "${BASH_SOURCE[0]%/*}/build-supervisor.sh"
 set -eE
 DOCKER_TIMEOUT=30
 DOCKER_PID=0
 function cleanup_docker() {
    echo "Cleaning up stopped containers..."
    docker rm $(docker ps -a -q) || true
 }
 function run_supervisor() {
    mkdir -p /workspaces/test_supervisor
    echo "Start Supervisor"
    docker run --rm --privileged \
        --name hassio_supervisor \
        --privileged \
        --security-opt seccomp=unconfined \
        --security-opt apparmor:unconfined \
        -v /run/docker.sock:/run/docker.sock \
        -v /run/dbus:/run/dbus \
        -v "/workspaces/test_supervisor":/data \
        -v /etc/machine-id:/etc/machine-id:ro \
        -v /workspaces/supervisor:/usr/src/supervisor \
        -e SUPERVISOR_SHARE="/workspaces/test_supervisor" \
        -e SUPERVISOR_NAME=hassio_supervisor \
        -e SUPERVISOR_DEV=1 \
        -e SUPERVISOR_MACHINE="qemux86-64" \
        homeassistant/amd64-hassio-supervisor:latest
 }
 function init_dbus() {
    if pgrep dbus-daemon; then
        echo "Dbus is running"
        return 0
    fi
    echo "Startup dbus"
    mkdir -p /var/lib/dbus
    cp -f /etc/machine-id /var/lib/dbus/machine-id
    # cleanups
    mkdir -p /run/dbus
    rm -f /run/dbus/pid
    # run
    dbus-daemon --system --print-address
 }
 echo "Run Supervisor"
 start_docker
 trap "stop_docker" ERR
 if [ "$( docker container inspect -f '{{.State.Status}}' hassio_supervisor )" == "running" ]; then
    echo "Restarting Supervisor"
    docker rm -f hassio_supervisor
    init_dbus
    cleanup_lastboot
    run_supervisor
    stop_docker
 else
    echo "Starting Supervisor"
    docker system prune -f
    build_supervisor
    cleanup_lastboot
    cleanup_docker
    init_dbus
    run_supervisor
    stop_docker
 fi
--- a/scripts/update-frontend.sh
+++ b/scripts/update-frontend.sh
@@ -1,18 +0,0 @@
 #!/bin/bash
 set -e
 # Update frontend
 git submodule update --init --recursive --remote
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
 cd home-assistant-polymer
 nvm install
 script/bootstrap
 # build frontend
 cd hassio
 ./script/build_hassio
 # Copy frontend
 rm -rf ../../supervisor/api/panel/*
 cp -rf build/* ../../supervisor/api/panel/
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,30 +0,0 @@
 [isort]
 multi_line_output = 3
 include_trailing_comma=True
 force_grid_wrap=0
 line_length=88
 indent = "    "
 not_skip = __init__.py
 force_sort_within_sections = true
 sections = FUTURE,STDLIB,INBETWEENS,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
 default_section = THIRDPARTY
 forced_separate = tests
 combine_as_imports = true
 use_parentheses = true
 known_first_party = supervisor,tests
 [flake8]
 exclude = .venv,.git,.tox,docs,venv,bin,lib,deps,build
 doctests = True
 max-line-length = 88
 # E501: line too long
 # W503: Line break occurred before a binary operator
 # E203: Whitespace before ':'
 # D202 No blank lines allowed after function docstring
 # W504 line break after binary operator
 ignore =
    E501,
    W503,
    E203,
    D202,
    W504
--- a/setup.py
+++ b/setup.py
@@ -1,57 +1,28 @@
 """Home Assistant Supervisor setup."""
 from pathlib import Path
 import re
 from setuptools import setup
-from supervisor.const import SUPERVISOR_VERSION
+RE_SUPERVISOR_VERSION = re.compile(r"^SUPERVISOR_VERSION =\s*(.+)$")
 SUPERVISOR_DIR = Path(__file__).parent
 REQUIREMENTS_FILE = SUPERVISOR_DIR / "requirements.txt"
 CONST_FILE = SUPERVISOR_DIR / "supervisor/const.py"
 REQUIREMENTS = REQUIREMENTS_FILE.read_text(encoding="utf-8")
 CONSTANTS = CONST_FILE.read_text(encoding="utf-8")
 def _get_supervisor_version():
    for line in CONSTANTS.split("/n"):
        if match := RE_SUPERVISOR_VERSION.match(line):
            return match.group(1)
    return "9999.09.9.dev9999"
 setup(
-    name="Supervisor",
+    version=_get_supervisor_version(),
-    version=SUPERVISOR_VERSION,
+    dependencies=REQUIREMENTS.split("/n"),
    license="BSD License",
    author="The Home Assistant Authors",
    author_email="hello@home-assistant.io",
    url="https://home-assistant.io/",
    description=("Open-source private cloud os for Home-Assistant" " based on HassOS"),
    long_description=(
        "A maintainless private cloud operator system that"
        "setup a Home-Assistant instance. Based on HassOS"
    ),
    classifiers=[
        "Intended Audience :: End Users/Desktop",
        "Intended Audience :: Developers",
        "License :: OSI Approved :: Apache Software License",
        "Operating System :: OS Independent",
        "Topic :: Home Automation",
        "Topic :: Software Development :: Libraries :: Python Modules",
        "Topic :: Scientific/Engineering :: Atmospheric Science",
        "Development Status :: 5 - Production/Stable",
        "Intended Audience :: Developers",
        "Programming Language :: Python :: 3.8",
    ],
    keywords=["docker", "home-assistant", "api"],
    zip_safe=False,
    platforms="any",
    packages=[
        "supervisor.addons",
        "supervisor.api",
        "supervisor.dbus.network",
        "supervisor.dbus.payloads",
        "supervisor.dbus",
        "supervisor.discovery.services",
        "supervisor.discovery",
        "supervisor.docker",
        "supervisor.homeassistant",
        "supervisor.host",
        "supervisor.jobs",
        "supervisor.misc",
        "supervisor.plugins",
        "supervisor.resolution.evaluations",
        "supervisor.resolution",
        "supervisor.services.modules",
        "supervisor.services",
        "supervisor.snapshots",
        "supervisor.store",
        "supervisor.utils",
        "supervisor",
    ],
    include_package_data=True,
 )
--- a/supervisor/main.py
+++ b/supervisor/main.py
@@ -1,11 +1,22 @@
 """Main file for Supervisor."""
 import asyncio
 from concurrent.futures import ThreadPoolExecutor
 import logging
 from pathlib import Path
 import sys
-from supervisor import bootstrap
+import zlib_fast
 # Enable fast zlib before importing supervisor
 zlib_fast.enable()
 # pylint: disable=wrong-import-position
 from supervisor import bootstrap  # noqa: E402
 from supervisor.utils.blockbuster import BlockBusterManager  # noqa: E402
 from supervisor.utils.logging import activate_log_queue_handler  # noqa: E402
 # pylint: enable=wrong-import-position
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -28,7 +39,8 @@ if __name__ == "__main__":
    bootstrap.initialize_logging()
    # Init async event loop
-    loop = asyncio.get_event_loop()
+    loop = asyncio.new_event_loop()
    asyncio.set_event_loop(loop)
    # Check if all information are available to setup Supervisor
    bootstrap.check_environment()
@@ -37,12 +49,16 @@ if __name__ == "__main__":
    executor = ThreadPoolExecutor(thread_name_prefix="SyncWorker")
    loop.set_default_executor(executor)
    activate_log_queue_handler()
    _LOGGER.info("Initializing Supervisor setup")
    coresys = loop.run_until_complete(bootstrap.initialize_coresys())
    loop.set_debug(coresys.config.debug)
    if coresys.config.detect_blocking_io:
        BlockBusterManager.activate()
    loop.run_until_complete(coresys.core.connect())
-    bootstrap.supervisor_debugger(coresys)
+    loop.run_until_complete(bootstrap.supervisor_debugger(coresys))
    bootstrap.migrate_system_env(coresys)
    # Signal health startup for container
    run_os_startup_check_cleanup()
@@ -50,8 +66,15 @@ if __name__ == "__main__":
    _LOGGER.info("Setting up Supervisor")
    loop.run_until_complete(coresys.core.setup())
-    loop.call_soon_threadsafe(loop.create_task, coresys.core.start())
+    bootstrap.register_signal_handlers(loop, coresys)
-    loop.call_soon_threadsafe(bootstrap.reg_signal, loop, coresys)
+
    try:
        loop.run_until_complete(coresys.core.start())
    except Exception as err:  # pylint: disable=broad-except
        # Supervisor itself is running at this point, just something didn't
        # start as expected. Log with traceback to get more insights for
        # such cases.
        _LOGGER.critical("Supervisor start failed: %s", err, exc_info=True)
    try:
        _LOGGER.info("Running Supervisor")
--- a/supervisor/addons/init.py
+++ b/supervisor/addons/init.py
@@ -1,429 +1 @@
 """Init file for Supervisor add-ons."""
 import asyncio
 from contextlib import suppress
 import logging
 import tarfile
 from typing import Dict, List, Optional, Union
 from ..const import AddonBoot, AddonStartup, AddonState
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import (
    AddonConfigurationError,
    AddonsError,
    AddonsJobError,
    AddonsNotSupportedError,
    CoreDNSError,
    DockerAPIError,
    DockerError,
    DockerNotFound,
    HomeAssistantAPIError,
    HostAppArmorError,
 )
 from ..jobs.decorator import Job, JobCondition
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..store.addon import AddonStore
 from ..utils import check_exception_chain
 from .addon import Addon
 from .data import AddonsData
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 AnyAddon = Union[Addon, AddonStore]
 class AddonManager(CoreSysAttributes):
    """Manage add-ons inside Supervisor."""
    def __init__(self, coresys: CoreSys):
        """Initialize Docker base wrapper."""
        self.coresys: CoreSys = coresys
        self.data: AddonsData = AddonsData(coresys)
        self.local: Dict[str, Addon] = {}
        self.store: Dict[str, AddonStore] = {}
    @property
    def all(self) -> List[AnyAddon]:
        """Return a list of all add-ons."""
        addons: Dict[str, AnyAddon] = {**self.store, **self.local}
        return list(addons.values())
    @property
    def installed(self) -> List[Addon]:
        """Return a list of all installed add-ons."""
        return list(self.local.values())
    def get(self, addon_slug: str, local_only: bool = False) -> Optional[AnyAddon]:
        """Return an add-on from slug.
        Prio:
          1 - Local
          2 - Store
        """
        if addon_slug in self.local:
            return self.local[addon_slug]
        if not local_only:
            return self.store.get(addon_slug)
        return None
    def from_token(self, token: str) -> Optional[Addon]:
        """Return an add-on from Supervisor token."""
        for addon in self.installed:
            if token == addon.supervisor_token:
                return addon
        return None
    async def load(self) -> None:
        """Start up add-on management."""
        tasks = []
        for slug in self.data.system:
            addon = self.local[slug] = Addon(self.coresys, slug)
            tasks.append(addon.load())
        # Run initial tasks
        _LOGGER.info("Found %d installed add-ons", len(tasks))
        if tasks:
            await asyncio.wait(tasks)
        # Sync DNS
        await self.sync_dns()
    async def boot(self, stage: AddonStartup) -> None:
        """Boot add-ons with mode auto."""
        tasks: List[Addon] = []
        for addon in self.installed:
            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be started
        _LOGGER.info("Phase '%s' starting %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Start Add-ons sequential
        # avoid issue on slow IO
        for addon in tasks:
            try:
                await addon.start()
            except AddonsError as err:
                # Check if there is an system/user issue
                if check_exception_chain(
                    err, (DockerAPIError, DockerNotFound, AddonConfigurationError)
                ):
                    addon.boot = AddonBoot.MANUAL
                    addon.save_persist()
            except Exception as err:  # pylint: disable=broad-except
                self.sys_capture_exception(err)
            else:
                continue
            _LOGGER.warning("Can't start Add-on %s", addon.slug)
        await asyncio.sleep(self.sys_config.wait_boot)
    async def shutdown(self, stage: AddonStartup) -> None:
        """Shutdown addons."""
        tasks: List[Addon] = []
        for addon in self.installed:
            if addon.state != AddonState.STARTED or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be stopped
        _LOGGER.info("Phase '%s' stopping %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Stop Add-ons sequential
        # avoid issue on slow IO
        for addon in tasks:
            try:
                await addon.stop()
            except Exception as err:  # pylint: disable=broad-except
                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
                self.sys_capture_exception(err)
    @Job(
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def install(self, slug: str) -> None:
        """Install an add-on."""
        if slug in self.local:
            _LOGGER.warning("Add-on %s is already installed", slug)
            return
        store = self.store.get(slug)
        if not store:
            _LOGGER.error("Add-on %s not exists", slug)
            raise AddonsError()
        if not store.available:
            _LOGGER.error("Add-on %s not supported on that platform", slug)
            raise AddonsNotSupportedError()
        self.data.install(store)
        addon = Addon(self.coresys, slug)
        if not addon.path_data.is_dir():
            _LOGGER.info(
                "Creating Home Assistant add-on data folder %s", addon.path_data
            )
            addon.path_data.mkdir()
        # Setup/Fix AppArmor profile
        await addon.install_apparmor()
        try:
            await addon.instance.install(store.version, store.image)
        except DockerError as err:
            self.data.uninstall(addon)
            raise AddonsError() from err
        else:
            self.local[slug] = addon
        # Reload ingress tokens
        if addon.with_ingress:
            await self.sys_ingress.reload()
        _LOGGER.info("Add-on '%s' successfully installed", slug)
    async def uninstall(self, slug: str) -> None:
        """Remove an add-on."""
        if slug not in self.local:
            _LOGGER.warning("Add-on %s is not installed", slug)
            return
        addon = self.local[slug]
        try:
            await addon.instance.remove()
        except DockerError as err:
            raise AddonsError() from err
        else:
            addon.state = AddonState.UNKNOWN
        await addon.remove_data()
        # Cleanup audio settings
        if addon.path_pulse.exists():
            with suppress(OSError):
                addon.path_pulse.unlink()
        # Cleanup AppArmor profile
        with suppress(HostAppArmorError):
            await addon.uninstall_apparmor()
        # Cleanup Ingress panel from sidebar
        if addon.ingress_panel:
            addon.ingress_panel = False
            with suppress(HomeAssistantAPIError):
                await self.sys_ingress.update_hass_panel(addon)
        # Cleanup Ingress dynamic port assignment
        if addon.with_ingress:
            self.sys_create_task(self.sys_ingress.reload())
            self.sys_ingress.del_dynamic_port(slug)
        # Cleanup discovery data
        for message in self.sys_discovery.list_messages:
            if message.addon != addon.slug:
                continue
            self.sys_discovery.remove(message)
        # Cleanup services data
        for service in self.sys_services.list_services:
            if addon.slug not in service.active:
                continue
            service.del_service_data(addon)
        self.data.uninstall(addon)
        self.local.pop(slug)
        _LOGGER.info("Add-on '%s' successfully removed", slug)
    @Job(
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def update(self, slug: str) -> None:
        """Update add-on."""
        if slug not in self.local:
            _LOGGER.error("Add-on %s is not installed", slug)
            raise AddonsError()
        addon = self.local[slug]
        if addon.is_detached:
            _LOGGER.error("Add-on %s is not available inside store", slug)
            raise AddonsError()
        store = self.store[slug]
        if addon.version == store.version:
            _LOGGER.warning("No update available for add-on %s", slug)
            return
        # Check if available, Maybe something have changed
        if not store.available:
            _LOGGER.error("Add-on %s not supported on that platform", slug)
            raise AddonsNotSupportedError()
        # Update instance
        last_state: AddonState = addon.state
        try:
            await addon.instance.update(store.version, store.image)
            # Cleanup
            with suppress(DockerError):
                await addon.instance.cleanup()
        except DockerError as err:
            raise AddonsError() from err
        else:
            self.data.update(store)
            _LOGGER.info("Add-on '%s' successfully updated", slug)
        # Setup/Fix AppArmor profile
        await addon.install_apparmor()
        # restore state
        if last_state == AddonState.STARTED:
            await addon.start()
    @Job(
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def rebuild(self, slug: str) -> None:
        """Perform a rebuild of local build add-on."""
        if slug not in self.local:
            _LOGGER.error("Add-on %s is not installed", slug)
            raise AddonsError()
        addon = self.local[slug]
        if addon.is_detached:
            _LOGGER.error("Add-on %s is not available inside store", slug)
            raise AddonsError()
        store = self.store[slug]
        # Check if a rebuild is possible now
        if addon.version != store.version:
            _LOGGER.error("Version changed, use Update instead Rebuild")
            raise AddonsError()
        if not addon.need_build:
            _LOGGER.error("Can't rebuild a image based add-on")
            raise AddonsNotSupportedError()
        # remove docker container but not addon config
        last_state: AddonState = addon.state
        try:
            await addon.instance.remove()
            await addon.instance.install(addon.version)
        except DockerError as err:
            raise AddonsError() from err
        else:
            self.data.update(store)
            _LOGGER.info("Add-on '%s' successfully rebuilt", slug)
        # restore state
        if last_state == AddonState.STARTED:
            await addon.start()
    @Job(
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def restore(self, slug: str, tar_file: tarfile.TarFile) -> None:
        """Restore state of an add-on."""
        if slug not in self.local:
            _LOGGER.debug("Add-on %s is not local available for restore", slug)
            addon = Addon(self.coresys, slug)
        else:
            _LOGGER.debug("Add-on %s is local available for restore", slug)
            addon = self.local[slug]
        await addon.restore(tar_file)
        # Check if new
        if slug not in self.local:
            _LOGGER.info("Detect new Add-on after restore %s", slug)
            self.local[slug] = addon
        # Update ingress
        if addon.with_ingress:
            await self.sys_ingress.reload()
            with suppress(HomeAssistantAPIError):
                await self.sys_ingress.update_hass_panel(addon)
    @Job(conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST])
    async def repair(self) -> None:
        """Repair local add-ons."""
        needs_repair: List[Addon] = []
        # Evaluate Add-ons to repair
        for addon in self.installed:
            if await addon.instance.exists():
                continue
            needs_repair.append(addon)
        _LOGGER.info("Found %d add-ons to repair", len(needs_repair))
        if not needs_repair:
            return
        for addon in needs_repair:
            _LOGGER.info("Repairing for add-on: %s", addon.slug)
            with suppress(DockerError, KeyError):
                # Need pull a image again
                if not addon.need_build:
                    await addon.instance.install(addon.version, addon.image)
                    continue
                # Need local lookup
                if addon.need_build and not addon.is_detached:
                    store = self.store[addon.slug]
                    # If this add-on is available for rebuild
                    if addon.version == store.version:
                        await addon.instance.install(addon.version, addon.image)
                        continue
            _LOGGER.error("Can't repair %s", addon.slug)
            with suppress(AddonsError):
                await self.uninstall(addon.slug)
    async def sync_dns(self) -> None:
        """Sync add-ons DNS names."""
        # Update hosts
        for addon in self.installed:
            try:
                if not await addon.instance.is_running():
                    continue
            except DockerError as err:
                _LOGGER.warning("Add-on %s is corrupt: %s", addon.slug, err)
                self.sys_resolution.create_issue(
                    IssueType.CORRUPT_DOCKER,
                    ContextType.ADDON,
                    reference=addon.slug,
                    suggestions=[SuggestionType.EXECUTE_REPAIR],
                )
                self.sys_capture_exception(err)
            else:
                self.sys_plugins.dns.add_host(
                    ipv4=addon.ip_address, names=[addon.hostname], write=False
                )
        # Write hosts files
        with suppress(CoreDNSError):
            self.sys_plugins.dns.write_hosts()
--- a/supervisor/addons/addon.py
+++ b/supervisor/addons/addon.py
--- a/supervisor/addons/build.py
+++ b/supervisor/addons/build.py
@@ -1,21 +1,33 @@
 """Supervisor add-on build environment."""
 from __future__ import annotations
 from functools import cached_property
 from pathlib import Path
-from typing import TYPE_CHECKING, Dict
+from typing import TYPE_CHECKING, Any
 from awesomeversion import AwesomeVersion
-from ..const import ATTR_ARGS, ATTR_BUILD_FROM, ATTR_SQUASH, META_ADDON
+from ..const import (
    ATTR_ARGS,
    ATTR_BUILD_FROM,
    ATTR_LABELS,
    ATTR_SQUASH,
    FILE_SUFFIX_CONFIGURATION,
    META_ADDON,
    SOCKET_DOCKER,
 )
 from ..coresys import CoreSys, CoreSysAttributes
-from ..utils.json import JsonConfig
+from ..docker.interface import MAP_ARCH
 from ..exceptions import ConfigurationFileError, HassioArchNotFound
 from ..utils.common import FileConfiguration, find_one_filetype
 from .validate import SCHEMA_BUILD_CONFIG
 if TYPE_CHECKING:
-    from . import AnyAddon
+    from .manager import AnyAddon
-class AddonBuild(JsonConfig, CoreSysAttributes):
+class AddonBuild(FileConfiguration, CoreSysAttributes):
    """Handle build options for add-ons."""
    def __init__(self, coresys: CoreSys, addon: AnyAddon) -> None:
@@ -23,20 +35,52 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
        self.coresys: CoreSys = coresys
        self.addon = addon
-        super().__init__(
+        # Search for build file later in executor
-            Path(self.addon.path_location, "build.json"), SCHEMA_BUILD_CONFIG
+        super().__init__(None, SCHEMA_BUILD_CONFIG)
        )
-    def save_data(self):
+    def _get_build_file(self) -> Path:
        """Get build file.
        Must be run in executor.
        """
        try:
            return find_one_filetype(
                self.addon.path_location, "build", FILE_SUFFIX_CONFIGURATION
            )
        except ConfigurationFileError:
            return self.addon.path_location / "build.json"
    async def read_data(self) -> None:
        """Load data from file."""
        if not self._file:
            self._file = await self.sys_run_in_executor(self._get_build_file)
        await super().read_data()
    async def save_data(self):
        """Ignore save function."""
        raise RuntimeError()
    @cached_property
    def arch(self) -> str:
        """Return arch of the add-on."""
        return self.sys_arch.match([self.addon.arch])
    @property
    def base_image(self) -> str:
        """Return base image for this add-on."""
-        return self._data[ATTR_BUILD_FROM].get(
+        if not self._data[ATTR_BUILD_FROM]:
-            self.sys_arch.default, f"homeassistant/{self.sys_arch.default}-base:latest"
+            return f"ghcr.io/home-assistant/{self.sys_arch.default}-base:latest"
-        )
+
        if isinstance(self._data[ATTR_BUILD_FROM], str):
            return self._data[ATTR_BUILD_FROM]
        # Evaluate correct base image
        if self.arch not in self._data[ATTR_BUILD_FROM]:
            raise HassioArchNotFound(
                f"Add-on {self.addon.slug} is not supported on {self.arch}"
            )
        return self._data[ATTR_BUILD_FROM][self.arch]
    @property
    def squash(self) -> bool:
@@ -44,37 +88,98 @@ class AddonBuild(JsonConfig, CoreSysAttributes):
        return self._data[ATTR_SQUASH]
    @property
-    def additional_args(self) -> Dict[str, str]:
+    def additional_args(self) -> dict[str, str]:
        """Return additional Docker build arguments."""
        return self._data[ATTR_ARGS]
-    def get_docker_args(self, version: AwesomeVersion):
+    @property
-        """Create a dict with Docker build arguments."""
+    def additional_labels(self) -> dict[str, str]:
-        args = {
+        """Return additional Docker labels."""
-            "path": str(self.addon.path_location),
+        return self._data[ATTR_LABELS]
-            "tag": f"{self.addon.image}:{version!s}",
+
-            "pull": True,
+    def get_dockerfile(self) -> Path:
-            "forcerm": True,
+        """Return Dockerfile path.
-            "squash": self.squash,
+
-            "labels": {
+        Must be run in executor.
-                "io.hass.version": version,
+        """
-                "io.hass.arch": self.sys_arch.default,
+        if self.addon.path_location.joinpath(f"Dockerfile.{self.arch}").exists():
-                "io.hass.type": META_ADDON,
+            return self.addon.path_location.joinpath(f"Dockerfile.{self.arch}")
-                "io.hass.name": self._fix_label("name"),
+        return self.addon.path_location.joinpath("Dockerfile")
-                "io.hass.description": self._fix_label("description"),
+
-            },
+    async def is_valid(self) -> bool:
-            "buildargs": {
+        """Return true if the build env is valid."""
-                "BUILD_FROM": self.base_image,
+
-                "BUILD_VERSION": version,
+        def build_is_valid() -> bool:
-                "BUILD_ARCH": self.sys_arch.default,
+            return all(
-                **self.additional_args,
+                [
-            },
+                    self.addon.path_location.is_dir(),
                    self.get_dockerfile().is_file(),
                ]
            )
        try:
            return await self.sys_run_in_executor(build_is_valid)
        except HassioArchNotFound:
            return False
    def get_docker_args(
        self, version: AwesomeVersion, image_tag: str
    ) -> dict[str, Any]:
        """Create a dict with Docker run args."""
        dockerfile_path = self.get_dockerfile().relative_to(self.addon.path_location)
        build_cmd = [
            "docker",
            "buildx",
            "build",
            ".",
            "--tag",
            image_tag,
            "--file",
            str(dockerfile_path),
            "--platform",
            MAP_ARCH[self.arch],
            "--pull",
        ]
        labels = {
            "io.hass.version": version,
            "io.hass.arch": self.arch,
            "io.hass.type": META_ADDON,
            "io.hass.name": self._fix_label("name"),
            "io.hass.description": self._fix_label("description"),
            **self.additional_labels,
        }
        if self.addon.url:
-            args["labels"]["io.hass.url"] = self.addon.url
+            labels["io.hass.url"] = self.addon.url
-        return args
+        for key, value in labels.items():
            build_cmd.extend(["--label", f"{key}={value}"])
        build_args = {
            "BUILD_FROM": self.base_image,
            "BUILD_VERSION": version,
            "BUILD_ARCH": self.sys_arch.default,
            **self.additional_args,
        }
        for key, value in build_args.items():
            build_cmd.extend(["--build-arg", f"{key}={value}"])
        # The addon path will be mounted from the host system
        addon_extern_path = self.sys_config.local_to_extern_path(
            self.addon.path_location
        )
        return {
            "command": build_cmd,
            "volumes": {
                SOCKET_DOCKER: {"bind": "/var/run/docker.sock", "mode": "rw"},
                addon_extern_path: {"bind": "/addon", "mode": "ro"},
            },
            "working_dir": "/addon",
        }
    def _fix_label(self, label_name: str) -> str:
        """Remove characters they are not supported."""
--- a/supervisor/addons/configuration.py
+++ b/supervisor/addons/configuration.py
@@ -0,0 +1,11 @@
 """Confgiuration Objects for Addon Config."""
 from dataclasses import dataclass
@dataclass(slots=True)
 class FolderMapping:
    """Represent folder mapping configuration."""
    path: str | None
    read_only: bool
--- a/supervisor/addons/const.py
+++ b/supervisor/addons/const.py
@@ -0,0 +1,49 @@
 """Add-on static data."""
 from datetime import timedelta
 from enum import StrEnum
 from ..jobs.const import JobCondition
 class AddonBackupMode(StrEnum):
    """Backup mode of an Add-on."""
    HOT = "hot"
    COLD = "cold"
 class MappingType(StrEnum):
    """Mapping type of an Add-on Folder."""
    DATA = "data"
    CONFIG = "config"
    SSL = "ssl"
    ADDONS = "addons"
    BACKUP = "backup"
    SHARE = "share"
    MEDIA = "media"
    HOMEASSISTANT_CONFIG = "homeassistant_config"
    ALL_ADDON_CONFIGS = "all_addon_configs"
    ADDON_CONFIG = "addon_config"
 ATTR_BACKUP = "backup"
 ATTR_BREAKING_VERSIONS = "breaking_versions"
 ATTR_CODENOTARY = "codenotary"
 ATTR_READ_ONLY = "read_only"
 ATTR_PATH = "path"
 WATCHDOG_RETRY_SECONDS = 10
 WATCHDOG_MAX_ATTEMPTS = 5
 WATCHDOG_THROTTLE_PERIOD = timedelta(minutes=30)
 WATCHDOG_THROTTLE_MAX_CALLS = 10
 ADDON_UPDATE_CONDITIONS = [
    JobCondition.FREE_SPACE,
    JobCondition.HEALTHY,
    JobCondition.INTERNET_HOST,
    JobCondition.PLUGINS_UPDATED,
    JobCondition.SUPERVISOR_UPDATED,
 ]
 RE_SLUG = r"[-_.A-Za-z0-9]+"
--- a/supervisor/addons/data.py
+++ b/supervisor/addons/data.py
@@ -1,7 +1,7 @@
 """Init file for Supervisor add-on data."""
 from copy import deepcopy
-import logging
+from typing import Any
 from typing import Any, Dict
 from ..const import (
    ATTR_IMAGE,
@@ -13,16 +13,14 @@ from ..const import (
 )
 from ..coresys import CoreSys, CoreSysAttributes
 from ..store.addon import AddonStore
-from ..utils.json import JsonConfig
+from ..utils.common import FileConfiguration
 from .addon import Addon
 from .validate import SCHEMA_ADDONS_FILE
-_LOGGER: logging.Logger = logging.getLogger(__name__)
+Config = dict[str, Any]
 Config = Dict[str, Any]
-class AddonsData(JsonConfig, CoreSysAttributes):
+class AddonsData(FileConfiguration, CoreSysAttributes):
    """Hold data for installed Add-ons inside Supervisor."""
    def __init__(self, coresys: CoreSys):
@@ -40,7 +38,7 @@ class AddonsData(JsonConfig, CoreSysAttributes):
        """Return local add-on data."""
        return self._data[ATTR_SYSTEM]
-    def install(self, addon: AddonStore) -> None:
+    async def install(self, addon: AddonStore) -> None:
        """Set addon as installed."""
        self.system[addon.slug] = deepcopy(addon.data)
        self.user[addon.slug] = {
@@ -48,26 +46,28 @@ class AddonsData(JsonConfig, CoreSysAttributes):
            ATTR_VERSION: addon.version,
            ATTR_IMAGE: addon.image,
        }
-        self.save_data()
+        await self.save_data()
-    def uninstall(self, addon: Addon) -> None:
+    async def uninstall(self, addon: Addon) -> None:
        """Set add-on as uninstalled."""
        self.system.pop(addon.slug, None)
        self.user.pop(addon.slug, None)
-        self.save_data()
+        await self.save_data()
-    def update(self, addon: AddonStore) -> None:
+    async def update(self, addon: AddonStore) -> None:
        """Update version of add-on."""
        self.system[addon.slug] = deepcopy(addon.data)
        self.user[addon.slug].update(
            {ATTR_VERSION: addon.version, ATTR_IMAGE: addon.image}
        )
-        self.save_data()
+        await self.save_data()
-    def restore(self, slug: str, user: Config, system: Config, image: str) -> None:
+    async def restore(
        self, slug: str, user: Config, system: Config, image: str
    ) -> None:
        """Restore data to add-on."""
        self.user[slug] = deepcopy(user)
        self.system[slug] = deepcopy(system)
        self.user[slug][ATTR_IMAGE] = image
-        self.save_data()
+        await self.save_data()
--- a/supervisor/addons/manager.py
+++ b/supervisor/addons/manager.py
@@ -0,0 +1,411 @@
 """Supervisor add-on manager."""
 import asyncio
 from collections.abc import Awaitable
 from contextlib import suppress
 import logging
 import tarfile
 from typing import Self, Union
 from attr import evolve
 from supervisor.jobs.const import JobConcurrency
 from ..const import AddonBoot, AddonStartup, AddonState
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import (
    AddonsError,
    AddonsJobError,
    AddonsNotSupportedError,
    CoreDNSError,
    DockerError,
    HassioError,
    HomeAssistantAPIError,
 )
 from ..jobs.decorator import Job, JobCondition
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..store.addon import AddonStore
 from ..utils.sentry import async_capture_exception
 from .addon import Addon
 from .const import ADDON_UPDATE_CONDITIONS
 from .data import AddonsData
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 AnyAddon = Union[Addon, AddonStore]
 class AddonManager(CoreSysAttributes):
    """Manage add-ons inside Supervisor."""
    def __init__(self, coresys: CoreSys):
        """Initialize Docker base wrapper."""
        self.coresys: CoreSys = coresys
        self.data: AddonsData = AddonsData(coresys)
        self.local: dict[str, Addon] = {}
        self.store: dict[str, AddonStore] = {}
    @property
    def all(self) -> list[AnyAddon]:
        """Return a list of all add-ons."""
        addons: dict[str, AnyAddon] = {**self.store, **self.local}
        return list(addons.values())
    @property
    def installed(self) -> list[Addon]:
        """Return a list of all installed add-ons."""
        return list(self.local.values())
    def get(self, addon_slug: str, local_only: bool = False) -> AnyAddon | None:
        """Return an add-on from slug.
        Prio:
          1 - Local
          2 - Store
        """
        if addon_slug in self.local:
            return self.local[addon_slug]
        if not local_only:
            return self.store.get(addon_slug)
        return None
    def get_local_only(self, addon_slug: str) -> Addon | None:
        """Return an installed add-on from slug."""
        return self.local.get(addon_slug)
    def from_token(self, token: str) -> Addon | None:
        """Return an add-on from Supervisor token."""
        for addon in self.installed:
            if token == addon.supervisor_token:
                return addon
        return None
    async def load_config(self) -> Self:
        """Load config in executor."""
        await self.data.read_data()
        return self
    async def load(self) -> None:
        """Start up add-on management."""
        # Refresh cache for all store addons
        tasks: list[Awaitable[None]] = [
            store.refresh_path_cache() for store in self.store.values()
        ]
        # Load all installed addons
        for slug in self.data.system:
            addon = self.local[slug] = Addon(self.coresys, slug)
            tasks.append(addon.load())
        # Run initial tasks
        _LOGGER.info("Found %d installed add-ons", len(self.data.system))
        if tasks:
            await asyncio.gather(*tasks)
        # Sync DNS
        await self.sync_dns()
    async def boot(self, stage: AddonStartup) -> None:
        """Boot add-ons with mode auto."""
        tasks: list[Addon] = []
        for addon in self.installed:
            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be started
        _LOGGER.info("Phase '%s' starting %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Start Add-ons sequential
        # avoid issue on slow IO
        # Config.wait_boot is deprecated. Until addons update with healthchecks,
        # add a sleep task for it to keep the same minimum amount of wait time
        wait_boot: list[Awaitable[None]] = [asyncio.sleep(self.sys_config.wait_boot)]
        for addon in tasks:
            try:
                if start_task := await addon.start():
                    wait_boot.append(start_task)
            except HassioError:
                self.sys_resolution.add_issue(
                    evolve(addon.boot_failed_issue),
                    suggestions=[
                        SuggestionType.EXECUTE_START,
                        SuggestionType.DISABLE_BOOT,
                    ],
                )
            else:
                continue
            _LOGGER.warning("Can't start Add-on %s", addon.slug)
        # Ignore exceptions from waiting for addon startup, addon errors handled elsewhere
        await asyncio.gather(*wait_boot, return_exceptions=True)
        # After waiting for startup, create an issue for boot addons that are error or unknown state
        # Ignore stopped as single shot addons can be run at boot and this is successful exit
        # Timeout waiting for startup is not a failure, addon is probably just slow
        for addon in tasks:
            if addon.state in {AddonState.ERROR, AddonState.UNKNOWN}:
                self.sys_resolution.add_issue(
                    evolve(addon.boot_failed_issue),
                    suggestions=[
                        SuggestionType.EXECUTE_START,
                        SuggestionType.DISABLE_BOOT,
                    ],
                )
    async def shutdown(self, stage: AddonStartup) -> None:
        """Shutdown addons."""
        tasks: list[Addon] = []
        for addon in self.installed:
            if addon.state != AddonState.STARTED or addon.startup != stage:
                continue
            tasks.append(addon)
        # Evaluate add-ons which need to be stopped
        _LOGGER.info("Phase '%s' stopping %d add-ons", stage, len(tasks))
        if not tasks:
            return
        # Stop Add-ons sequential
        # avoid issue on slow IO
        for addon in tasks:
            try:
                await addon.stop()
            except Exception as err:  # pylint: disable=broad-except
                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
                await async_capture_exception(err)
    @Job(
        name="addon_manager_install",
        conditions=ADDON_UPDATE_CONDITIONS,
        on_condition=AddonsJobError,
        concurrency=JobConcurrency.QUEUE,
    )
    async def install(self, slug: str) -> None:
        """Install an add-on."""
        self.sys_jobs.current.reference = slug
        if slug in self.local:
            raise AddonsError(f"Add-on {slug} is already installed", _LOGGER.warning)
        store = self.store.get(slug)
        if not store:
            raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)
        store.validate_availability()
        await Addon(self.coresys, slug).install()
        _LOGGER.info("Add-on '%s' successfully installed", slug)
    @Job(name="addon_manager_uninstall")
    async def uninstall(self, slug: str, *, remove_config: bool = False) -> None:
        """Remove an add-on."""
        if slug not in self.local:
            _LOGGER.warning("Add-on %s is not installed", slug)
            return
        shared_image = any(
            self.local[slug].image == addon.image
            and self.local[slug].version == addon.version
            for addon in self.installed
            if addon.slug != slug
        )
        await self.local[slug].uninstall(
            remove_config=remove_config, remove_image=not shared_image
        )
        _LOGGER.info("Add-on '%s' successfully removed", slug)
    @Job(
        name="addon_manager_update",
        conditions=ADDON_UPDATE_CONDITIONS,
        on_condition=AddonsJobError,
    )
    async def update(
        self, slug: str, backup: bool | None = False
    ) -> asyncio.Task | None:
        """Update add-on.
        Returns a Task that completes when addon has state 'started' (see addon.start)
        if addon is started after update. Else nothing is returned.
        """
        self.sys_jobs.current.reference = slug
        if slug not in self.local:
            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
        addon = self.local[slug]
        if addon.is_detached:
            raise AddonsError(
                f"Add-on {slug} is not available inside store", _LOGGER.error
            )
        store = self.store[slug]
        if addon.version == store.version:
            raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)
        # Check if available, Maybe something have changed
        store.validate_availability()
        if backup:
            await self.sys_backups.do_backup_partial(
                name=f"addon_{addon.slug}_{addon.version}",
                homeassistant=False,
                addons=[addon.slug],
            )
        return await addon.update()
    @Job(
        name="addon_manager_rebuild",
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def rebuild(self, slug: str, *, force: bool = False) -> asyncio.Task | None:
        """Perform a rebuild of local build add-on.
        Returns a Task that completes when addon has state 'started' (see addon.start)
        if addon is started after rebuild. Else nothing is returned.
        """
        self.sys_jobs.current.reference = slug
        if slug not in self.local:
            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
        addon = self.local[slug]
        if addon.is_detached:
            raise AddonsError(
                f"Add-on {slug} is not available inside store", _LOGGER.error
            )
        store = self.store[slug]
        # Check if a rebuild is possible now
        if addon.version != store.version:
            raise AddonsError(
                "Version changed, use Update instead Rebuild", _LOGGER.error
            )
        if not force and not addon.need_build:
            raise AddonsNotSupportedError(
                "Can't rebuild a image based add-on", _LOGGER.error
            )
        return await addon.rebuild()
    @Job(
        name="addon_manager_restore",
        conditions=[
            JobCondition.FREE_SPACE,
            JobCondition.INTERNET_HOST,
            JobCondition.HEALTHY,
        ],
        on_condition=AddonsJobError,
    )
    async def restore(
        self, slug: str, tar_file: tarfile.TarFile
    ) -> asyncio.Task | None:
        """Restore state of an add-on.
        Returns a Task that completes when addon has state 'started' (see addon.start)
        if addon is started after restore. Else nothing is returned.
        """
        self.sys_jobs.current.reference = slug
        if slug not in self.local:
            _LOGGER.debug("Add-on %s is not local available for restore", slug)
            addon = Addon(self.coresys, slug)
            had_ingress: bool | None = False
        else:
            _LOGGER.debug("Add-on %s is local available for restore", slug)
            addon = self.local[slug]
            had_ingress = addon.ingress_panel
        wait_for_start = await addon.restore(tar_file)
        # Check if new
        if slug not in self.local:
            _LOGGER.info("Detect new Add-on after restore %s", slug)
            self.local[slug] = addon
        # Update ingress
        if had_ingress != addon.ingress_panel:
            await self.sys_ingress.reload()
            with suppress(HomeAssistantAPIError):
                await self.sys_ingress.update_hass_panel(addon)
        return wait_for_start
    @Job(
        name="addon_manager_repair",
        conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST],
    )
    async def repair(self) -> None:
        """Repair local add-ons."""
        needs_repair: list[Addon] = []
        # Evaluate Add-ons to repair
        for addon in self.installed:
            if await addon.instance.exists():
                continue
            needs_repair.append(addon)
        _LOGGER.info("Found %d add-ons to repair", len(needs_repair))
        if not needs_repair:
            return
        for addon in needs_repair:
            _LOGGER.info("Repairing for add-on: %s", addon.slug)
            with suppress(DockerError, KeyError):
                # Need pull a image again
                if not addon.need_build:
                    await addon.instance.install(addon.version, addon.image)
                    continue
                # Need local lookup
                if addon.need_build and not addon.is_detached:
                    store = self.store[addon.slug]
                    # If this add-on is available for rebuild
                    if addon.version == store.version:
                        await addon.instance.install(addon.version, addon.image)
                        continue
            _LOGGER.error("Can't repair %s", addon.slug)
            with suppress(AddonsError):
                await self.uninstall(addon.slug)
    async def sync_dns(self) -> None:
        """Sync add-ons DNS names."""
        # Update hosts
        add_host_coros: list[Awaitable[None]] = []
        for addon in self.installed:
            try:
                if not await addon.instance.is_running():
                    continue
            except DockerError as err:
                _LOGGER.warning("Add-on %s is corrupt: %s", addon.slug, err)
                self.sys_resolution.create_issue(
                    IssueType.CORRUPT_DOCKER,
                    ContextType.ADDON,
                    reference=addon.slug,
                    suggestions=[SuggestionType.EXECUTE_REPAIR],
                )
                await async_capture_exception(err)
            else:
                add_host_coros.append(
                    self.sys_plugins.dns.add_host(
                        ipv4=addon.ip_address, names=[addon.hostname], write=False
                    )
                )
        await asyncio.gather(*add_host_coros)
        # Write hosts files
        with suppress(CoreDNSError):
            await self.sys_plugins.dns.write_hosts()
--- a/supervisor/addons/model.py
+++ b/supervisor/addons/model.py
@@ -1,10 +1,17 @@
 """Init file for Supervisor add-ons."""
 from abc import ABC, abstractmethod
 from collections import defaultdict
 from collections.abc import Awaitable, Callable
 from contextlib import suppress
 from datetime import datetime
 import logging
 from pathlib import Path
-from typing import Any, Awaitable, Dict, List, Optional
+from typing import Any
 from awesomeversion import AwesomeVersion, AwesomeVersionException
-import voluptuous as vol
+
 from supervisor.utils.dt import utc_from_timestamp
 from ..const import (
    ATTR_ADVANCED,
@@ -12,7 +19,9 @@ from ..const import (
    ATTR_ARCH,
    ATTR_AUDIO,
    ATTR_AUTH_API,
-    ATTR_AUTO_UART,
+    ATTR_BACKUP_EXCLUDE,
    ATTR_BACKUP_POST,
    ATTR_BACKUP_PRE,
    ATTR_BOOT,
    ATTR_DESCRIPTON,
    ATTR_DEVICES,
@@ -30,12 +39,15 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
    ATTR_HOST_UTS,
    ATTR_IMAGE,
    ATTR_INGRESS,
    ATTR_INGRESS_STREAM,
    ATTR_INIT,
    ATTR_JOURNALD,
    ATTR_KERNEL_MODULES,
    ATTR_LEGACY,
-    ATTR_LOCATON,
+    ATTR_LOCATION,
    ATTR_MACHINE,
    ATTR_MAP,
    ATTR_NAME,
@@ -46,20 +58,24 @@ from ..const import (
    ATTR_PORTS,
    ATTR_PORTS_DESCRIPTION,
    ATTR_PRIVILEGED,
    ATTR_REALTIME,
    ATTR_REPOSITORY,
    ATTR_SCHEMA,
    ATTR_SERVICES,
    ATTR_SLUG,
    ATTR_SNAPSHOT_EXCLUDE,
    ATTR_STAGE,
    ATTR_STARTUP,
    ATTR_STDIN,
    ATTR_TIMEOUT,
    ATTR_TMPFS,
    ATTR_TRANSLATIONS,
    ATTR_TYPE,
    ATTR_UART,
    ATTR_UDEV,
    ATTR_URL,
    ATTR_USB,
    ATTR_VERSION,
    ATTR_VERSION_TIMESTAMP,
    ATTR_VIDEO,
    ATTR_WATCHDOG,
    ATTR_WEBUI,
@@ -67,22 +83,47 @@ from ..const import (
    SECURITY_DISABLE,
    SECURITY_PROFILE,
    AddonBoot,
    AddonBootConfig,
    AddonStage,
    AddonStartup,
 )
-from ..coresys import CoreSys, CoreSysAttributes
+from ..coresys import CoreSys
-from .validate import RE_SERVICE, RE_VOLUME, schema_ui_options, validate_options
+from ..docker.const import Capabilities
 from ..exceptions import AddonsNotSupportedError
 from ..jobs.const import JOB_GROUP_ADDON
 from ..jobs.job_group import JobGroup
 from ..utils import version_is_new_enough
 from .configuration import FolderMapping
 from .const import (
    ATTR_BACKUP,
    ATTR_BREAKING_VERSIONS,
    ATTR_CODENOTARY,
    ATTR_PATH,
    ATTR_READ_ONLY,
    AddonBackupMode,
    MappingType,
 )
 from .options import AddonOptions, UiOptions
 from .validate import RE_SERVICE
-Data = Dict[str, Any]
+_LOGGER: logging.Logger = logging.getLogger(__name__)
 Data = dict[str, Any]
-class AddonModel(CoreSysAttributes, ABC):
+class AddonModel(JobGroup, ABC):
    """Add-on Data layout."""
    def __init__(self, coresys: CoreSys, slug: str):
        """Initialize data holder."""
-        self.coresys: CoreSys = coresys
+        super().__init__(
            coresys, JOB_GROUP_ADDON.format_map(defaultdict(str, slug=slug)), slug
        )
        self.slug: str = slug
        self._path_icon_exists: bool = False
        self._path_logo_exists: bool = False
        self._path_changelog_exists: bool = False
        self._path_documentation_exists: bool = False
    @property
    @abstractmethod
@@ -105,17 +146,22 @@ class AddonModel(CoreSysAttributes, ABC):
        return self._available(self.data)
    @property
-    def options(self) -> Dict[str, Any]:
+    def options(self) -> dict[str, Any]:
        """Return options with local changes."""
        return self.data[ATTR_OPTIONS]
    @property
-    def boot(self) -> AddonBoot:
+    def boot_config(self) -> AddonBootConfig:
-        """Return boot config with prio local settings."""
+        """Return boot config."""
        return self.data[ATTR_BOOT]
    @property
-    def auto_update(self) -> Optional[bool]:
+    def boot(self) -> AddonBoot:
        """Return boot config with prio local settings unless config is forced."""
        return AddonBoot(self.data[ATTR_BOOT])
    @property
    def auto_update(self) -> bool | None:
        """Return if auto update is enable."""
        return None
@@ -130,7 +176,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.slug.replace("_", "-")
    @property
-    def dns(self) -> List[str]:
+    def dns(self) -> list[str]:
        """Return list of DNS name for that add-on."""
        return []
@@ -140,22 +186,22 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_TIMEOUT]
    @property
-    def uuid(self) -> Optional[str]:
+    def uuid(self) -> str | None:
        """Return an API token for this add-on."""
        return None
    @property
-    def supervisor_token(self) -> Optional[str]:
+    def supervisor_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return None
    @property
-    def ingress_token(self) -> Optional[str]:
+    def ingress_token(self) -> str | None:
        """Return access token for Supervisor API."""
        return None
    @property
-    def ingress_entry(self) -> Optional[str]:
+    def ingress_entry(self) -> str | None:
        """Return ingress external URL."""
        return None
@@ -164,29 +210,26 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return description of add-on."""
        return self.data[ATTR_DESCRIPTON]
    @property
    def long_description(self) -> Optional[str]:
        """Return README.md as long_description."""
        readme = Path(self.path_location, "README.md")
        # If readme not exists
        if not readme.exists():
            return None
        # Return data
        with readme.open("r") as readme_file:
            return readme_file.read()
    @property
    def repository(self) -> str:
        """Return repository of add-on."""
        return self.data[ATTR_REPOSITORY]
    @property
    def translations(self) -> dict:
        """Return add-on translations."""
        return self.data[ATTR_TRANSLATIONS]
    @property
    def latest_version(self) -> AwesomeVersion:
        """Return latest version of add-on."""
        return self.data[ATTR_VERSION]
    @property
    def latest_version_timestamp(self) -> datetime:
        """Return when latest version was first seen."""
        return utc_from_timestamp(self.data[ATTR_VERSION_TIMESTAMP])
    @property
    def version(self) -> AwesomeVersion:
        """Return version of add-on."""
@@ -213,7 +256,7 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_STAGE]
    @property
-    def services_role(self) -> Dict[str, str]:
+    def services_role(self) -> dict[str, str]:
        """Return dict of services with rights."""
        services_list = self.data.get(ATTR_SERVICES, [])
@@ -226,37 +269,37 @@ class AddonModel(CoreSysAttributes, ABC):
        return services
    @property
-    def discovery(self) -> List[str]:
+    def discovery(self) -> list[str]:
        """Return list of discoverable components/platforms."""
        return self.data.get(ATTR_DISCOVERY, [])
    @property
-    def ports_description(self) -> Optional[Dict[str, str]]:
+    def ports_description(self) -> dict[str, str] | None:
        """Return descriptions of ports."""
        return self.data.get(ATTR_PORTS_DESCRIPTION)
    @property
-    def ports(self) -> Optional[Dict[str, Optional[int]]]:
+    def ports(self) -> dict[str, int | None] | None:
        """Return ports of add-on."""
        return self.data.get(ATTR_PORTS)
    @property
-    def ingress_url(self) -> Optional[str]:
+    def ingress_url(self) -> str | None:
        """Return URL to ingress url."""
        return None
    @property
-    def webui(self) -> Optional[str]:
+    def webui(self) -> str | None:
        """Return URL to webui or None."""
        return self.data.get(ATTR_WEBUI)
    @property
-    def watchdog(self) -> Optional[str]:
+    def watchdog_url(self) -> str | None:
        """Return URL to for watchdog or None."""
        return self.data.get(ATTR_WATCHDOG)
    @property
-    def ingress_port(self) -> Optional[int]:
+    def ingress_port(self) -> int | None:
        """Return Ingress port."""
        return None
@@ -290,28 +333,28 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if add-on run on host IPC namespace."""
        return self.data[ATTR_HOST_IPC]
    @property
    def host_uts(self) -> bool:
        """Return True if add-on run on host UTS namespace."""
        return self.data[ATTR_HOST_UTS]
    @property
    def host_dbus(self) -> bool:
        """Return True if add-on run on host D-BUS."""
        return self.data[ATTR_HOST_DBUS]
    @property
-    def devices(self) -> List[str]:
+    def static_devices(self) -> list[Path]:
-        """Return devices of add-on."""
+        """Return static devices of add-on."""
-        return self.data.get(ATTR_DEVICES, [])
+        return [Path(node) for node in self.data.get(ATTR_DEVICES, [])]
    @property
-    def tmpfs(self) -> Optional[str]:
+    def environment(self) -> dict[str, str] | None:
        """Return tmpfs of add-on."""
        return self.data.get(ATTR_TMPFS)
    @property
    def environment(self) -> Optional[Dict[str, str]]:
        """Return environment of add-on."""
        return self.data.get(ATTR_ENVIRONMENT)
    @property
-    def privileged(self) -> List[str]:
+    def privileged(self) -> list[Capabilities]:
        """Return list of privilege."""
        return self.data.get(ATTR_PRIVILEGED, [])
@@ -350,9 +393,24 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_HASSIO_ROLE]
    @property
-    def snapshot_exclude(self) -> List[str]:
+    def backup_exclude(self) -> list[str]:
-        """Return Exclude list for snapshot."""
+        """Return Exclude list for backup."""
-        return self.data.get(ATTR_SNAPSHOT_EXCLUDE, [])
+        return self.data.get(ATTR_BACKUP_EXCLUDE, [])
    @property
    def backup_pre(self) -> str | None:
        """Return pre-backup command."""
        return self.data.get(ATTR_BACKUP_PRE)
    @property
    def backup_post(self) -> str | None:
        """Return post-backup command."""
        return self.data.get(ATTR_BACKUP_POST)
    @property
    def backup_mode(self) -> AddonBackupMode:
        """Return if backup is hot/cold."""
        return self.data[ATTR_BACKUP]
    @property
    def default_init(self) -> bool:
@@ -370,10 +428,15 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_INGRESS]
    @property
-    def ingress_panel(self) -> Optional[bool]:
+    def ingress_panel(self) -> bool | None:
        """Return True if the add-on access support ingress."""
        return None
    @property
    def ingress_stream(self) -> bool:
        """Return True if post requests to ingress should be streamed."""
        return self.data[ATTR_INGRESS_STREAM]
    @property
    def with_gpio(self) -> bool:
        """Return True if the add-on access to GPIO interface."""
@@ -387,7 +450,7 @@ class AddonModel(CoreSysAttributes, ABC):
    @property
    def with_uart(self) -> bool:
        """Return True if we should map all UART device."""
-        return self.data[ATTR_AUTO_UART]
+        return self.data[ATTR_UART]
    @property
    def with_udev(self) -> bool:
@@ -399,6 +462,11 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if the add-on access to kernel modules."""
        return self.data[ATTR_KERNEL_MODULES]
    @property
    def with_realtime(self) -> bool:
        """Return True if the add-on need realtime schedule functions."""
        return self.data[ATTR_REALTIME]
    @property
    def with_full_access(self) -> bool:
        """Return True if the add-on want full access to hardware."""
@@ -409,6 +477,11 @@ class AddonModel(CoreSysAttributes, ABC):
        """Return True if the add-on read access to devicetree."""
        return self.data[ATTR_DEVICETREE]
    @property
    def with_tmpfs(self) -> str | None:
        """Return if tmp is in memory of add-on."""
        return self.data[ATTR_TMPFS]
    @property
    def access_auth_api(self) -> bool:
        """Return True if the add-on access to login/auth backend."""
@@ -425,47 +498,55 @@ class AddonModel(CoreSysAttributes, ABC):
        return self.data[ATTR_VIDEO]
    @property
-    def homeassistant_version(self) -> Optional[str]:
+    def homeassistant_version(self) -> str | None:
        """Return min Home Assistant version they needed by Add-on."""
        return self.data.get(ATTR_HOMEASSISTANT)
    @property
-    def url(self) -> Optional[str]:
+    def url(self) -> str | None:
        """Return URL of add-on."""
        return self.data.get(ATTR_URL)
    @property
    def with_icon(self) -> bool:
        """Return True if an icon exists."""
-        return self.path_icon.exists()
+        return self._path_icon_exists
    @property
    def with_logo(self) -> bool:
        """Return True if a logo exists."""
-        return self.path_logo.exists()
+        return self._path_logo_exists
    @property
    def with_changelog(self) -> bool:
        """Return True if a changelog exists."""
-        return self.path_changelog.exists()
+        return self._path_changelog_exists
    @property
    def with_documentation(self) -> bool:
        """Return True if a documentation exists."""
-        return self.path_documentation.exists()
+        return self._path_documentation_exists
    @property
-    def supported_arch(self) -> List[str]:
+    def supported_arch(self) -> list[str]:
        """Return list of supported arch."""
        return self.data[ATTR_ARCH]
    @property
-    def supported_machine(self) -> List[str]:
+    def supported_machine(self) -> list[str]:
        """Return list of supported machine."""
        return self.data.get(ATTR_MACHINE, [])
    @property
-    def image(self) -> Optional[str]:
+    def arch(self) -> str:
        """Return architecture to use for the addon's image."""
        if ATTR_IMAGE in self.data:
            return self.sys_arch.match(self.data[ATTR_ARCH])
        return self.sys_arch.default
    @property
    def image(self) -> str | None:
        """Generate image name from data."""
        return self._image(self.data)
@@ -475,21 +556,20 @@ class AddonModel(CoreSysAttributes, ABC):
        return ATTR_IMAGE not in self.data
    @property
-    def map_volumes(self) -> Dict[str, str]:
+    def map_volumes(self) -> dict[MappingType, FolderMapping]:
-        """Return a dict of {volume: policy} from add-on."""
+        """Return a dict of {MappingType: FolderMapping} from add-on."""
        volumes = {}
        for volume in self.data[ATTR_MAP]:
-            result = RE_VOLUME.match(volume)
+            volumes[MappingType(volume[ATTR_TYPE])] = FolderMapping(
-            if not result:
+                volume.get(ATTR_PATH), volume[ATTR_READ_ONLY]
-                continue
+            )
            volumes[result.group(1)] = result.group(2) or "ro"
        return volumes
    @property
    def path_location(self) -> Path:
        """Return path to this add-on."""
-        return Path(self.data[ATTR_LOCATON])
+        return Path(self.data[ATTR_LOCATION])
    @property
    def path_icon(self) -> Path:
@@ -517,48 +597,123 @@ class AddonModel(CoreSysAttributes, ABC):
        return Path(self.path_location, "apparmor.txt")
    @property
-    def schema(self) -> vol.Schema:
+    def schema(self) -> AddonOptions:
-        """Create a schema for add-on options."""
+        """Return Addon options validation object."""
        raw_schema = self.data[ATTR_SCHEMA]
        if isinstance(raw_schema, bool):
-            return vol.Schema(dict)
+            raw_schema = {}
-        return vol.Schema(vol.All(dict, validate_options(self.coresys, raw_schema)))
+
        return AddonOptions(self.coresys, raw_schema, self.name, self.slug)
    @property
-    def schema_ui(self) -> Optional[List[Dict[str, Any]]]:
+    def schema_ui(self) -> list[dict[Any, Any]] | None:
        """Create a UI schema for add-on options."""
        raw_schema = self.data[ATTR_SCHEMA]
        if isinstance(raw_schema, bool):
            return None
-        return schema_ui_options(raw_schema)
+        return UiOptions(self.coresys)(raw_schema)
-    def __eq__(self, other):
+    @property
-        """Compaired add-on objects."""
+    def with_journald(self) -> bool:
        """Return True if the add-on accesses the system journal."""
        return self.data[ATTR_JOURNALD]
    @property
    def signed(self) -> bool:
        """Return True if the image is signed."""
        return ATTR_CODENOTARY in self.data
    @property
    def codenotary(self) -> str | None:
        """Return Signer email address for CAS."""
        return self.data.get(ATTR_CODENOTARY)
    @property
    def breaking_versions(self) -> list[AwesomeVersion]:
        """Return breaking versions of addon."""
        return self.data[ATTR_BREAKING_VERSIONS]
    async def long_description(self) -> str | None:
        """Return README.md as long_description."""
        def read_readme() -> str | None:
            readme = Path(self.path_location, "README.md")
            # If readme not exists
            if not readme.exists():
                return None
            # Return data
            return readme.read_text(encoding="utf-8", errors="replace")
        return await self.sys_run_in_executor(read_readme)
    def refresh_path_cache(self) -> Awaitable[None]:
        """Refresh cache of existing paths."""
        def check_paths():
            self._path_icon_exists = self.path_icon.exists()
            self._path_logo_exists = self.path_logo.exists()
            self._path_changelog_exists = self.path_changelog.exists()
            self._path_documentation_exists = self.path_documentation.exists()
        return self.sys_run_in_executor(check_paths)
    def validate_availability(self) -> None:
        """Validate if addon is available for current system."""
        return self._validate_availability(self.data, logger=_LOGGER.error)
    def __eq__(self, other: Any) -> bool:
        """Compare add-on objects."""
        if not isinstance(other, AddonModel):
            return False
        return self.slug == other.slug
-    def _available(self, config) -> bool:
+    def __hash__(self) -> int:
-        """Return True if this add-on is available on this platform."""
+        """Hash for add-on objects."""
        return hash(self.slug)
    def _validate_availability(
        self, config, *, logger: Callable[..., None] | None = None
    ) -> None:
        """Validate if addon is available for current system."""
        # Architecture
        if not self.sys_arch.is_supported(config[ATTR_ARCH]):
-            return False
+            raise AddonsNotSupportedError(
                f"Add-on {self.slug} not supported on this platform, supported architectures: {', '.join(config[ATTR_ARCH])}",
                logger,
            )
        # Machine / Hardware
        machine = config.get(ATTR_MACHINE)
-        if machine and f"!{self.sys_machine}" in machine:
+        if machine and (
-            return False
+            f"!{self.sys_machine}" in machine or self.sys_machine not in machine
-        elif machine and self.sys_machine not in machine:
+        ):
-            return False
+            raise AddonsNotSupportedError(
                f"Add-on {self.slug} not supported on this machine, supported machine types: {', '.join(machine)}",
                logger,
            )
        # Home Assistant
-        version: Optional[AwesomeVersion] = config.get(ATTR_HOMEASSISTANT)
+        version: AwesomeVersion | None = config.get(ATTR_HOMEASSISTANT)
        with suppress(AwesomeVersionException, TypeError):
            if version and not version_is_new_enough(
                self.sys_homeassistant.version, version
            ):
                raise AddonsNotSupportedError(
                    f"Add-on {self.slug} not supported on this system, requires Home Assistant version {version} or greater",
                    logger,
                )
    def _available(self, config) -> bool:
        """Return True if this add-on is available on this platform."""
        try:
-            return self.sys_homeassistant.version >= version
+            self._validate_availability(config)
-        except (AwesomeVersionException, TypeError):
+        except AddonsNotSupportedError:
-            return True
+            return False
        return True
    def _image(self, config) -> str:
        """Generate image name from data."""
@@ -569,19 +724,3 @@ class AddonModel(CoreSysAttributes, ABC):
        # local build
        return f"{config[ATTR_REPOSITORY]}/{self.sys_arch.default}-addon-{config[ATTR_SLUG]}"
    def install(self) -> Awaitable[None]:
        """Install this add-on."""
        return self.sys_addons.install(self.slug)
    def uninstall(self) -> Awaitable[None]:
        """Uninstall this add-on."""
        return self.sys_addons.uninstall(self.slug)
    def update(self) -> Awaitable[None]:
        """Update this add-on."""
        return self.sys_addons.update(self.slug)
    def rebuild(self) -> Awaitable[None]:
        """Rebuild this add-on."""
        return self.sys_addons.rebuild(self.slug)
--- a/supervisor/addons/options.py
+++ b/supervisor/addons/options.py
@@ -0,0 +1,423 @@
 """Add-on Options / UI rendering."""
 import hashlib
 import logging
 from pathlib import Path
 import re
 from typing import Any
 import voluptuous as vol
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import HardwareNotFound
 from ..hardware.const import UdevSubsystem
 from ..hardware.data import Device
 from ..validate import network_port
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 _STR = "str"
 _INT = "int"
 _FLOAT = "float"
 _BOOL = "bool"
 _PASSWORD = "password"
 _EMAIL = "email"
 _URL = "url"
 _PORT = "port"
 _MATCH = "match"
 _LIST = "list"
 _DEVICE = "device"
 RE_SCHEMA_ELEMENT = re.compile(
    r"^(?:"
    r"|bool"
    r"|email"
    r"|url"
    r"|port"
    r"|device(?:\((?P<filter>subsystem=[a-z]+)\))?"
    r"|str(?:\((?P<s_min>\d+)?,(?P<s_max>\d+)?\))?"
    r"|password(?:\((?P<p_min>\d+)?,(?P<p_max>\d+)?\))?"
    r"|int(?:\((?P<i_min>\d+)?,(?P<i_max>\d+)?\))?"
    r"|float(?:\((?P<f_min>[\d\.]+)?,(?P<f_max>[\d\.]+)?\))?"
    r"|match\((?P<match>.*)\)"
    r"|list\((?P<list>.+)\)"
    r")\??$"
 )
 _SCHEMA_LENGTH_PARTS = (
    "i_min",
    "i_max",
    "f_min",
    "f_max",
    "s_min",
    "s_max",
    "p_min",
    "p_max",
 )
 class AddonOptions(CoreSysAttributes):
    """Validate Add-ons Options."""
    def __init__(
        self, coresys: CoreSys, raw_schema: dict[str, Any], name: str, slug: str
    ):
        """Validate schema."""
        self.coresys: CoreSys = coresys
        self.raw_schema: dict[str, Any] = raw_schema
        self.devices: set[Device] = set()
        self.pwned: set[str] = set()
        self._name = name
        self._slug = slug
    @property
    def validate(self) -> vol.Schema:
        """Create a schema for add-on options."""
        return vol.Schema(vol.All(dict, self))
    def __call__(self, struct):
        """Create schema validator for add-ons options."""
        options = {}
        # read options
        for key, value in struct.items():
            # Ignore unknown options / remove from list
            if key not in self.raw_schema:
                _LOGGER.warning(
                    "Option '%s' does not exist in the schema for %s (%s)",
                    key,
                    self._name,
                    self._slug,
                )
                continue
            typ = self.raw_schema[key]
            try:
                if isinstance(typ, list):
                    # nested value list
                    options[key] = self._nested_validate_list(typ[0], value, key)
                elif isinstance(typ, dict):
                    # nested value dict
                    options[key] = self._nested_validate_dict(typ, value, key)
                else:
                    # normal value
                    options[key] = self._single_validate(typ, value, key)
            except (IndexError, KeyError):
                raise vol.Invalid(
                    f"Type error for option '{key}' in {self._name} ({self._slug})"
                ) from None
        self._check_missing_options(self.raw_schema, options, "root")
        return options
    # pylint: disable=no-value-for-parameter
    def _single_validate(self, typ: str, value: Any, key: str):
        """Validate a single element."""
        # if required argument
        if value is None:
            raise vol.Invalid(
                f"Missing required option '{key}' in {self._name} ({self._slug})"
            ) from None
        # Lookup secret
        if str(value).startswith("!secret "):
            secret: str = value.partition(" ")[2]
            value = self.sys_homeassistant.secrets.get(secret)
            if value is None:
                raise vol.Invalid(
                    f"Unknown secret '{secret}' in {self._name} ({self._slug})"
                ) from None
        # parse extend data from type
        match = RE_SCHEMA_ELEMENT.match(typ)
        if not match:
            raise vol.Invalid(
                f"Unknown type '{typ}' in {self._name} ({self._slug})"
            ) from None
        # prepare range
        range_args: dict[str, Any] = {}
        for group_name in _SCHEMA_LENGTH_PARTS:
            group_value = match.group(group_name)
            if group_value:
                range_args[group_name[2:]] = float(group_value)
        if typ.startswith(_STR) or typ.startswith(_PASSWORD):
            if typ.startswith(_PASSWORD) and value:
                self.pwned.add(hashlib.sha1(str(value).encode()).hexdigest())
            return vol.All(str(value), vol.Range(**range_args))(value)
        elif typ.startswith(_INT):
            return vol.All(vol.Coerce(int), vol.Range(**range_args))(value)
        elif typ.startswith(_FLOAT):
            return vol.All(vol.Coerce(float), vol.Range(**range_args))(value)
        elif typ.startswith(_BOOL):
            return vol.Boolean()(value)
        elif typ.startswith(_EMAIL):
            return vol.Email()(value)
        elif typ.startswith(_URL):
            return vol.Url()(value)
        elif typ.startswith(_PORT):
            return network_port(value)
        elif typ.startswith(_MATCH):
            return vol.Match(match.group("match"))(str(value))
        elif typ.startswith(_LIST):
            return vol.In(match.group("list").split("|"))(str(value))
        elif typ.startswith(_DEVICE):
            try:
                device = self.sys_hardware.get_by_path(Path(value))
            except HardwareNotFound:
                raise vol.Invalid(
                    f"Device '{value}' does not exist in {self._name} ({self._slug})"
                ) from None
            # Have filter
            if match.group("filter"):
                str_filter = match.group("filter")
                device_filter = _create_device_filter(str_filter)
                if device not in self.sys_hardware.filter_devices(**device_filter):
                    raise vol.Invalid(
                        f"Device '{value}' don't match the filter {str_filter}! in {self._name} ({self._slug})"
                    )
            # Device valid
            self.devices.add(device)
            return str(device.path)
        raise vol.Invalid(
            f"Fatal error for option '{key}' with type '{typ}' in {self._name} ({self._slug})"
        ) from None
    def _nested_validate_list(self, typ: Any, data_list: list[Any], key: str):
        """Validate nested items."""
        options = []
        # Make sure it is a list
        if not isinstance(data_list, list):
            raise vol.Invalid(
                f"Invalid list for option '{key}' in {self._name} ({self._slug})"
            ) from None
        # Process list
        for element in data_list:
            # Nested?
            if isinstance(typ, dict):
                c_options = self._nested_validate_dict(typ, element, key)
                options.append(c_options)
            else:
                options.append(self._single_validate(typ, element, key))
        return options
    def _nested_validate_dict(
        self, typ: dict[Any, Any], data_dict: dict[Any, Any], key: str
    ):
        """Validate nested items."""
        options = {}
        # Make sure it is a dict
        if not isinstance(data_dict, dict):
            raise vol.Invalid(
                f"Invalid dict for option '{key}' in {self._name} ({self._slug})"
            ) from None
        # Process dict
        for c_key, c_value in data_dict.items():
            # Ignore unknown options / remove from list
            if c_key not in typ:
                _LOGGER.warning(
                    "Unknown option '%s' for %s (%s)", c_key, self._name, self._slug
                )
                continue
            # Nested?
            if isinstance(typ[c_key], list):
                options[c_key] = self._nested_validate_list(
                    typ[c_key][0], c_value, c_key
                )
            else:
                options[c_key] = self._single_validate(typ[c_key], c_value, c_key)
        self._check_missing_options(typ, options, key)
        return options
    def _check_missing_options(
        self, origin: dict[Any, Any], exists: dict[Any, Any], root: str
    ) -> None:
        """Check if all options are exists."""
        missing = set(origin) - set(exists)
        for miss_opt in missing:
            miss_schema = origin[miss_opt]
            # If its a list then value in list decides if its optional like ["str?"]
            if isinstance(miss_schema, list) and len(miss_schema) > 0:
                miss_schema = miss_schema[0]
            if isinstance(miss_schema, str) and miss_schema.endswith("?"):
                continue
            raise vol.Invalid(
                f"Missing option '{miss_opt}' in {root} in {self._name} ({self._slug})"
            ) from None
 class UiOptions(CoreSysAttributes):
    """Render UI Add-ons Options."""
    def __init__(self, coresys: CoreSys) -> None:
        """Initialize UI option render."""
        self.coresys = coresys
    def __call__(self, raw_schema: dict[str, Any]) -> list[dict[str, Any]]:
        """Generate UI schema."""
        ui_schema: list[dict[str, Any]] = []
        # read options
        for key, value in raw_schema.items():
            if isinstance(value, list):
                # nested value list
                self._nested_ui_list(ui_schema, value, key)
            elif isinstance(value, dict):
                # nested value dict
                self._nested_ui_dict(ui_schema, value, key)
            else:
                # normal value
                self._single_ui_option(ui_schema, value, key)
        return ui_schema
    def _single_ui_option(
        self,
        ui_schema: list[dict[str, Any]],
        value: str,
        key: str,
        multiple: bool = False,
    ) -> None:
        """Validate a single element."""
        ui_node: dict[str, str | bool | float | list[str]] = {"name": key}
        # If multiple
        if multiple:
            ui_node["multiple"] = True
        # Parse extend data from type
        match = RE_SCHEMA_ELEMENT.match(value)
        if not match:
            return
        # Prepare range
        for group_name in _SCHEMA_LENGTH_PARTS:
            group_value = match.group(group_name)
            if not group_value:
                continue
            if group_name[2:] == "min":
                ui_node["lengthMin"] = float(group_value)
            elif group_name[2:] == "max":
                ui_node["lengthMax"] = float(group_value)
        # If required
        if value.endswith("?"):
            ui_node["optional"] = True
        else:
            ui_node["required"] = True
        # Data types
        if value.startswith(_STR):
            ui_node["type"] = "string"
        elif value.startswith(_PASSWORD):
            ui_node["type"] = "string"
            ui_node["format"] = "password"
        elif value.startswith(_INT):
            ui_node["type"] = "integer"
        elif value.startswith(_FLOAT):
            ui_node["type"] = "float"
        elif value.startswith(_BOOL):
            ui_node["type"] = "boolean"
        elif value.startswith(_EMAIL):
            ui_node["type"] = "string"
            ui_node["format"] = "email"
        elif value.startswith(_URL):
            ui_node["type"] = "string"
            ui_node["format"] = "url"
        elif value.startswith(_PORT):
            ui_node["type"] = "integer"
        elif value.startswith(_MATCH):
            ui_node["type"] = "string"
        elif value.startswith(_LIST):
            ui_node["type"] = "select"
            ui_node["options"] = match.group("list").split("|")
        elif value.startswith(_DEVICE):
            ui_node["type"] = "select"
            # Have filter
            if match.group("filter"):
                device_filter = _create_device_filter(match.group("filter"))
                ui_node["options"] = [
                    (device.by_id or device.path).as_posix()
                    for device in self.sys_hardware.filter_devices(**device_filter)
                ]
            else:
                ui_node["options"] = [
                    (device.by_id or device.path).as_posix()
                    for device in self.sys_hardware.devices
                ]
        ui_schema.append(ui_node)
    def _nested_ui_list(
        self,
        ui_schema: list[dict[str, Any]],
        option_list: list[Any],
        key: str,
    ) -> None:
        """UI nested list items."""
        try:
            element = option_list[0]
        except IndexError:
            _LOGGER.error("Invalid schema %s", key)
            return
        if isinstance(element, dict):
            self._nested_ui_dict(ui_schema, element, key, multiple=True)
        else:
            self._single_ui_option(ui_schema, element, key, multiple=True)
    def _nested_ui_dict(
        self,
        ui_schema: list[dict[str, Any]],
        option_dict: dict[str, Any],
        key: str,
        multiple: bool = False,
    ) -> None:
        """UI nested dict items."""
        ui_node: dict[str, Any] = {
            "name": key,
            "type": "schema",
            "optional": True,
            "multiple": multiple,
        }
        nested_schema: list[dict[str, Any]] = []
        for c_key, c_value in option_dict.items():
            # Nested?
            if isinstance(c_value, list):
                self._nested_ui_list(nested_schema, c_value, c_key)
            else:
                self._single_ui_option(nested_schema, c_value, c_key)
        ui_node["schema"] = nested_schema
        ui_schema.append(ui_node)
 def _create_device_filter(str_filter: str) -> dict[str, Any]:
    """Generate device Filter."""
    raw_filter = dict(value.split("=") for value in str_filter.split(";"))
    clean_filter: dict[str, Any] = {}
    for key, value in raw_filter.items():
        if key == "subsystem":
            clean_filter[key] = UdevSubsystem(value)
        else:
            clean_filter[key] = value
    return clean_filter
--- a/supervisor/addons/utils.py
+++ b/supervisor/addons/utils.py
@@ -1,23 +1,14 @@
 """Util add-ons functions."""
 from __future__ import annotations
 import asyncio
 import logging
 from pathlib import Path
 import subprocess
 from typing import TYPE_CHECKING
-from ..const import (
+from ..const import ROLE_ADMIN, ROLE_MANAGER, SECURITY_DISABLE, SECURITY_PROFILE
-    PRIVILEGED_DAC_READ_SEARCH,
+from ..docker.const import Capabilities
    PRIVILEGED_NET_ADMIN,
    PRIVILEGED_SYS_ADMIN,
    PRIVILEGED_SYS_MODULE,
    PRIVILEGED_SYS_PTRACE,
    PRIVILEGED_SYS_RAWIO,
    ROLE_ADMIN,
    ROLE_MANAGER,
    SECURITY_DISABLE,
    SECURITY_PROFILE,
 )
 if TYPE_CHECKING:
    from .model import AddonModel
@@ -26,10 +17,10 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 def rating_security(addon: AddonModel) -> int:
-    """Return 1-6 for security rating.
+    """Return 1-8 for security rating.
    1 = not secure
-    6 = high secure
+    8 = high secure
    """
    rating = 5
@@ -45,17 +36,28 @@ def rating_security(addon: AddonModel) -> int:
    elif addon.access_auth_api:
        rating += 1
    # Signed
    if addon.signed:
        rating += 1
    # Privileged options
-    if any(
+    if (
-        privilege in addon.privileged
+        any(
-        for privilege in (
+            privilege in addon.privileged
-            PRIVILEGED_NET_ADMIN,
+            for privilege in (
-            PRIVILEGED_SYS_ADMIN,
+                Capabilities.BPF,
-            PRIVILEGED_SYS_RAWIO,
+                Capabilities.CHECKPOINT_RESTORE,
-            PRIVILEGED_SYS_PTRACE,
+                Capabilities.DAC_READ_SEARCH,
-            PRIVILEGED_SYS_MODULE,
+                Capabilities.NET_ADMIN,
-            PRIVILEGED_DAC_READ_SEARCH,
+                Capabilities.NET_RAW,
                Capabilities.PERFMON,
                Capabilities.SYS_ADMIN,
                Capabilities.SYS_MODULE,
                Capabilities.SYS_PTRACE,
                Capabilities.SYS_RAWIO,
            )
        )
        or addon.with_kernel_modules
    ):
        rating += -1
@@ -73,29 +75,31 @@ def rating_security(addon: AddonModel) -> int:
    if addon.host_pid:
        rating += -2
-    # Full Access
+    # UTS host namespace allows to set hostname only with SYS_ADMIN
-    if addon.with_full_access:
+    if addon.host_uts and Capabilities.SYS_ADMIN in addon.privileged:
-        rating += -2
+        rating += -1
-    # Docker Access
+    # Docker Access & full Access
-    if addon.access_docker_api:
+    if addon.access_docker_api or addon.with_full_access:
        rating = 1
-    return max(min(6, rating), 1)
+    return max(min(8, rating), 1)
-async def remove_data(folder: Path) -> None:
+def remove_data(folder: Path) -> None:
-    """Remove folder and reset privileged."""
+    """Remove folder and reset privileged.
    Must be run in executor.
    """
    try:
-        proc = await asyncio.create_subprocess_exec(
+        subprocess.run(
-            "rm", "-rf", str(folder), stdout=asyncio.subprocess.DEVNULL
+            ["rm", "-rf", str(folder)], stdout=subprocess.DEVNULL, text=True, check=True
        )
        _, error_msg = await proc.communicate()
    except OSError as err:
        error_msg = str(err)
    except subprocess.CalledProcessError as procerr:
        error_msg = procerr.stderr.strip()
    else:
-        if proc.returncode == 0:
+        return
            return
    _LOGGER.error("Can't remove Add-on Data: %s", error_msg)
--- a/supervisor/addons/validate.py
+++ b/supervisor/addons/validate.py
@@ -1,8 +1,9 @@
 """Validate add-ons options schema."""
 import logging
 import re
 import secrets
-from typing import Any, Dict, List, Union
+from typing import Any
 import uuid
 import voluptuous as vol
@@ -18,10 +19,13 @@ from ..const import (
    ATTR_AUDIO_INPUT,
    ATTR_AUDIO_OUTPUT,
    ATTR_AUTH_API,
    ATTR_AUTO_UART,
    ATTR_AUTO_UPDATE,
    ATTR_BACKUP_EXCLUDE,
    ATTR_BACKUP_POST,
    ATTR_BACKUP_PRE,
    ATTR_BOOT,
    ATTR_BUILD_FROM,
    ATTR_CONFIGURATION,
    ATTR_DESCRIPTON,
    ATTR_DEVICES,
    ATTR_DEVICETREE,
@@ -38,16 +42,20 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
    ATTR_HOST_UTS,
    ATTR_IMAGE,
    ATTR_INGRESS,
    ATTR_INGRESS_ENTRY,
    ATTR_INGRESS_PANEL,
    ATTR_INGRESS_PORT,
    ATTR_INGRESS_STREAM,
    ATTR_INGRESS_TOKEN,
    ATTR_INIT,
    ATTR_JOURNALD,
    ATTR_KERNEL_MODULES,
    ATTR_LABELS,
    ATTR_LEGACY,
-    ATTR_LOCATON,
+    ATTR_LOCATION,
    ATTR_MACHINE,
    ATTR_MAP,
    ATTR_NAME,
@@ -60,19 +68,24 @@ from ..const import (
    ATTR_PORTS_DESCRIPTION,
    ATTR_PRIVILEGED,
    ATTR_PROTECTED,
    ATTR_REALTIME,
    ATTR_REPOSITORY,
    ATTR_SCHEMA,
    ATTR_SERVICES,
    ATTR_SLUG,
    ATTR_SNAPSHOT_EXCLUDE,
    ATTR_SQUASH,
    ATTR_STAGE,
    ATTR_STARTUP,
    ATTR_STATE,
    ATTR_STDIN,
    ATTR_SYSTEM,
    ATTR_SYSTEM_MANAGED,
    ATTR_SYSTEM_MANAGED_CONFIG_ENTRY,
    ATTR_TIMEOUT,
    ATTR_TMPFS,
    ATTR_TRANSLATIONS,
    ATTR_TYPE,
    ATTR_UART,
    ATTR_UDEV,
    ATTR_URL,
    ATTR_USB,
@@ -82,16 +95,15 @@ from ..const import (
    ATTR_VIDEO,
    ATTR_WATCHDOG,
    ATTR_WEBUI,
    PRIVILEGED_ALL,
    ROLE_ALL,
    ROLE_DEFAULT,
    AddonBoot,
    AddonBootConfig,
    AddonStage,
    AddonStartup,
    AddonState,
 )
-from ..coresys import CoreSys
+from ..docker.const import Capabilities
 from ..discovery.validate import valid_discovery_service
 from ..validate import (
    docker_image,
    docker_ports,
@@ -101,49 +113,25 @@ from ..validate import (
    uuid_match,
    version_tag,
 )
 from .const import (
    ATTR_BACKUP,
    ATTR_BREAKING_VERSIONS,
    ATTR_CODENOTARY,
    ATTR_PATH,
    ATTR_READ_ONLY,
    RE_SLUG,
    AddonBackupMode,
    MappingType,
 )
 from .options import RE_SCHEMA_ELEMENT
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-
+RE_VOLUME = re.compile(
-RE_VOLUME = re.compile(r"^(config|ssl|addons|backup|share|media)(?::(rw|ro))?$")
+    r"^(data|config|ssl|addons|backup|share|media|homeassistant_config|all_addon_configs|addon_config)(?::(rw|ro))?$"
 )
 RE_SERVICE = re.compile(r"^(?P<service>mqtt|mysql):(?P<rights>provide|want|need)$")
 V_STR = "str"
 V_INT = "int"
 V_FLOAT = "float"
 V_BOOL = "bool"
 V_PASSWORD = "password"
 V_EMAIL = "email"
 V_URL = "url"
 V_PORT = "port"
 V_MATCH = "match"
 V_LIST = "list"
 RE_SCHEMA_ELEMENT = re.compile(
    r"^(?:"
    r"|bool"
    r"|email"
    r"|url"
    r"|port"
    r"|str(?:\((?P<s_min>\d+)?,(?P<s_max>\d+)?\))?"
    r"|password(?:\((?P<p_min>\d+)?,(?P<p_max>\d+)?\))?"
    r"|int(?:\((?P<i_min>\d+)?,(?P<i_max>\d+)?\))?"
    r"|float(?:\((?P<f_min>[\d\.]+)?,(?P<f_max>[\d\.]+)?\))?"
    r"|match\((?P<match>.*)\)"
    r"|list\((?P<list>.+)\)"
    r")\??$"
 )
 _SCHEMA_LENGTH_PARTS = (
    "i_min",
    "i_max",
    "f_min",
    "f_max",
    "s_min",
    "s_max",
    "p_min",
    "p_max",
 )
 RE_DOCKER_IMAGE_BUILD = re.compile(
    r"^([a-zA-Z\-\.:\d{}]+/)*?([\-\w{}]+)/([\-\w{}]+)(:[\.\-\w{}]+)?$"
@@ -154,8 +142,10 @@ SCHEMA_ELEMENT = vol.Match(RE_SCHEMA_ELEMENT)
 RE_MACHINE = re.compile(
    r"^!?(?:"
    r"|intel-nuc"
    r"|generic-x86-64"
    r"|odroid-c2"
    r"|odroid-c4"
    r"|odroid-m1"
    r"|odroid-n2"
    r"|odroid-xu"
    r"|qemuarm-64"
@@ -168,41 +158,180 @@ RE_MACHINE = re.compile(
    r"|raspberrypi3"
    r"|raspberrypi4-64"
    r"|raspberrypi4"
    r"|raspberrypi5-64"
    r"|yellow"
    r"|green"
    r"|tinker"
    r")$"
 )
 RE_SLUG_FIELD = re.compile(r"^" + RE_SLUG + r"$")
-def _simple_startup(value) -> str:
+
-    """Define startup schema."""
+def _warn_addon_config(config: dict[str, Any]):
-    if value == "before":
+    """Warn about miss configs."""
-        return AddonStartup.SERVICES.value
+    name = config.get(ATTR_NAME)
-    if value == "after":
+    if not name:
-        return AddonStartup.APPLICATION.value
+        raise vol.Invalid("Invalid Add-on config!")
-    return value
+
    if config.get(ATTR_FULL_ACCESS, False) and (
        config.get(ATTR_DEVICES)
        or config.get(ATTR_UART)
        or config.get(ATTR_USB)
        or config.get(ATTR_GPIO)
    ):
        _LOGGER.warning(
            "Add-on have full device access, and selective device access in the configuration. Please report this to the maintainer of %s",
            name,
        )
    if config.get(ATTR_BACKUP, AddonBackupMode.HOT) == AddonBackupMode.COLD and (
        config.get(ATTR_BACKUP_POST) or config.get(ATTR_BACKUP_PRE)
    ):
        _LOGGER.warning(
            "Add-on which only support COLD backups trying to use post/pre commands. Please report this to the maintainer of %s",
            name,
        )
    return config
 def _migrate_addon_config(protocol=False):
    """Migrate addon config."""
    def _migrate(config: dict[str, Any]):
        name = config.get(ATTR_NAME)
        if not name:
            raise vol.Invalid("Invalid Add-on config!")
        # Startup 2018-03-30
        if config.get(ATTR_STARTUP) in ("before", "after"):
            value = config[ATTR_STARTUP]
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'startup' with '%s' is deprecated. Please report this to the maintainer of %s",
                    value,
                    name,
                )
            if value == "before":
                config[ATTR_STARTUP] = AddonStartup.SERVICES
            elif value == "after":
                config[ATTR_STARTUP] = AddonStartup.APPLICATION
        # UART 2021-01-20
        if "auto_uart" in config:
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'auto_uart' is deprecated, use 'uart'. Please report this to the maintainer of %s",
                    name,
                )
            config[ATTR_UART] = config.pop("auto_uart")
        # Device 2021-01-20
        if ATTR_DEVICES in config and any(":" in line for line in config[ATTR_DEVICES]):
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'devices' use a deprecated format, the new format uses a list of paths only. Please report this to the maintainer of %s",
                    name,
                )
            config[ATTR_DEVICES] = [line.split(":")[0] for line in config[ATTR_DEVICES]]
        # TMPFS 2021-02-01
        if ATTR_TMPFS in config and not isinstance(config[ATTR_TMPFS], bool):
            if protocol:
                _LOGGER.warning(
                    "Add-on config 'tmpfs' use a deprecated format, new it's only a boolean. Please report this to the maintainer of %s",
                    name,
                )
            config[ATTR_TMPFS] = True
        # 2021-06 "snapshot" renamed to "backup"
        for entry in (
            "snapshot_exclude",
            "snapshot_post",
            "snapshot_pre",
            "snapshot",
        ):
            if entry in config:
                new_entry = entry.replace("snapshot", "backup")
                config[new_entry] = config.pop(entry)
                _LOGGER.warning(
                    "Add-on config '%s' is deprecated, '%s' should be used instead. Please report this to the maintainer of %s",
                    entry,
                    new_entry,
                    name,
                )
        # 2023-11 "map" entries can also be dict to allow path configuration
        volumes = []
        for entry in config.get(ATTR_MAP, []):
            if isinstance(entry, dict):
                volumes.append(entry)
            if isinstance(entry, str):
                result = RE_VOLUME.match(entry)
                if not result:
                    continue
                volumes.append(
                    {
                        ATTR_TYPE: result.group(1),
                        ATTR_READ_ONLY: result.group(2) != "rw",
                    }
                )
        if volumes:
            config[ATTR_MAP] = volumes
        # 2023-10 "config" became "homeassistant" so /config can be used for addon's public config
        if any(volume[ATTR_TYPE] == MappingType.CONFIG for volume in volumes):
            if any(
                volume
                and volume[ATTR_TYPE]
                in {MappingType.ADDON_CONFIG, MappingType.HOMEASSISTANT_CONFIG}
                for volume in volumes
            ):
                _LOGGER.warning(
                    "Add-on config using incompatible map options, '%s' and '%s' are ignored if '%s' is included. Please report this to the maintainer of %s",
                    MappingType.ADDON_CONFIG,
                    MappingType.HOMEASSISTANT_CONFIG,
                    MappingType.CONFIG,
                    name,
                )
            else:
                _LOGGER.debug(
                    "Add-on config using deprecated map option '%s' instead of '%s'. Please report this to the maintainer of %s",
                    MappingType.CONFIG,
                    MappingType.HOMEASSISTANT_CONFIG,
                    name,
                )
        return config
    return _migrate
 # pylint: disable=no-value-for-parameter
-SCHEMA_ADDON_CONFIG = vol.Schema(
+_SCHEMA_ADDON_CONFIG = vol.Schema(
    {
-        vol.Required(ATTR_NAME): vol.Coerce(str),
+        vol.Required(ATTR_NAME): str,
        vol.Required(ATTR_VERSION): version_tag,
-        vol.Required(ATTR_SLUG): vol.Coerce(str),
+        vol.Required(ATTR_SLUG): vol.Match(RE_SLUG_FIELD),
-        vol.Required(ATTR_DESCRIPTON): vol.Coerce(str),
+        vol.Required(ATTR_DESCRIPTON): str,
        vol.Required(ATTR_ARCH): [vol.In(ARCH_ALL)],
        vol.Optional(ATTR_MACHINE): vol.All([vol.Match(RE_MACHINE)], vol.Unique()),
        vol.Optional(ATTR_URL): vol.Url(),
-        vol.Optional(ATTR_STARTUP, default=AddonStartup.APPLICATION): vol.All(
+        vol.Optional(ATTR_STARTUP, default=AddonStartup.APPLICATION): vol.Coerce(
-            _simple_startup, vol.Coerce(AddonStartup)
+            AddonStartup
        ),
        vol.Optional(ATTR_BOOT, default=AddonBootConfig.AUTO): vol.Coerce(
            AddonBootConfig
        ),
        vol.Optional(ATTR_BOOT, default=AddonBoot.AUTO): vol.Coerce(AddonBoot),
        vol.Optional(ATTR_INIT, default=True): vol.Boolean(),
        vol.Optional(ATTR_ADVANCED, default=False): vol.Boolean(),
        vol.Optional(ATTR_STAGE, default=AddonStage.STABLE): vol.Coerce(AddonStage),
        vol.Optional(ATTR_PORTS): docker_ports,
        vol.Optional(ATTR_PORTS_DESCRIPTION): docker_ports_description,
        vol.Optional(ATTR_WATCHDOG): vol.Match(
-            r"^(?:https?|\[PROTO:\w+\]|tcp):\/\/\[HOST\]:\[PORT:\d+\].*$"
+            r"^(?:https?|\[PROTO:\w+\]|tcp):\/\/\[HOST\]:(\[PORT:\d+\]|\d+).*$"
        ),
        vol.Optional(ATTR_WEBUI): vol.Match(
            r"^(?:https?|\[PROTO:\w+\]):\/\/\[HOST\]:\[PORT:\d+\].*$"
@@ -211,30 +340,41 @@ SCHEMA_ADDON_CONFIG = vol.Schema(
        vol.Optional(ATTR_INGRESS_PORT, default=8099): vol.Any(
            network_port, vol.Equal(0)
        ),
-        vol.Optional(ATTR_INGRESS_ENTRY): vol.Coerce(str),
+        vol.Optional(ATTR_INGRESS_ENTRY): str,
-        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): vol.Coerce(str),
+        vol.Optional(ATTR_INGRESS_STREAM, default=False): vol.Boolean(),
-        vol.Optional(ATTR_PANEL_TITLE): vol.Coerce(str),
+        vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): str,
        vol.Optional(ATTR_PANEL_TITLE): str,
        vol.Optional(ATTR_PANEL_ADMIN, default=True): vol.Boolean(),
-        vol.Optional(ATTR_HOMEASSISTANT): vol.Maybe(version_tag),
+        vol.Optional(ATTR_HOMEASSISTANT): version_tag,
        vol.Optional(ATTR_HOST_NETWORK, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_PID, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_IPC, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_UTS, default=False): vol.Boolean(),
        vol.Optional(ATTR_HOST_DBUS, default=False): vol.Boolean(),
-        vol.Optional(ATTR_DEVICES): [vol.Match(r"^(.*):(.*):([rwm]{1,3})$")],
+        vol.Optional(ATTR_DEVICES): [str],
        vol.Optional(ATTR_AUTO_UART, default=False): vol.Boolean(),
        vol.Optional(ATTR_UDEV, default=False): vol.Boolean(),
-        vol.Optional(ATTR_TMPFS): vol.Match(r"^size=(\d)*[kmg](,uid=\d{1,4})?(,rw)?$"),
+        vol.Optional(ATTR_TMPFS, default=False): vol.Boolean(),
-        vol.Optional(ATTR_MAP, default=list): [vol.Match(RE_VOLUME)],
+        vol.Optional(ATTR_MAP, default=list): [
-        vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): vol.Coerce(str)},
+            vol.Schema(
-        vol.Optional(ATTR_PRIVILEGED): [vol.In(PRIVILEGED_ALL)],
+                {
                    vol.Required(ATTR_TYPE): vol.Coerce(MappingType),
                    vol.Optional(ATTR_READ_ONLY, default=True): bool,
                    vol.Optional(ATTR_PATH): str,
                }
            )
        ],
        vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): str},
        vol.Optional(ATTR_PRIVILEGED): [vol.Coerce(Capabilities)],
        vol.Optional(ATTR_APPARMOR, default=True): vol.Boolean(),
        vol.Optional(ATTR_FULL_ACCESS, default=False): vol.Boolean(),
        vol.Optional(ATTR_AUDIO, default=False): vol.Boolean(),
        vol.Optional(ATTR_VIDEO, default=False): vol.Boolean(),
        vol.Optional(ATTR_GPIO, default=False): vol.Boolean(),
        vol.Optional(ATTR_USB, default=False): vol.Boolean(),
        vol.Optional(ATTR_UART, default=False): vol.Boolean(),
        vol.Optional(ATTR_DEVICETREE, default=False): vol.Boolean(),
        vol.Optional(ATTR_KERNEL_MODULES, default=False): vol.Boolean(),
        vol.Optional(ATTR_REALTIME, default=False): vol.Boolean(),
        vol.Optional(ATTR_HASSIO_API, default=False): vol.Boolean(),
        vol.Optional(ATTR_HASSIO_ROLE, default=ROLE_DEFAULT): vol.In(ROLE_ALL),
        vol.Optional(ATTR_HOMEASSISTANT_API, default=False): vol.Boolean(),
@@ -243,27 +383,27 @@ SCHEMA_ADDON_CONFIG = vol.Schema(
        vol.Optional(ATTR_DOCKER_API, default=False): vol.Boolean(),
        vol.Optional(ATTR_AUTH_API, default=False): vol.Boolean(),
        vol.Optional(ATTR_SERVICES): [vol.Match(RE_SERVICE)],
-        vol.Optional(ATTR_DISCOVERY): [valid_discovery_service],
+        vol.Optional(ATTR_DISCOVERY): [str],
-        vol.Optional(ATTR_SNAPSHOT_EXCLUDE): [vol.Coerce(str)],
+        vol.Optional(ATTR_BACKUP_EXCLUDE): [str],
        vol.Optional(ATTR_BACKUP_PRE): str,
        vol.Optional(ATTR_BACKUP_POST): str,
        vol.Optional(ATTR_BACKUP, default=AddonBackupMode.HOT): vol.Coerce(
            AddonBackupMode
        ),
        vol.Optional(ATTR_CODENOTARY): vol.Email(),
        vol.Optional(ATTR_OPTIONS, default={}): dict,
        vol.Optional(ATTR_SCHEMA, default={}): vol.Any(
            vol.Schema(
                {
-                    vol.Coerce(str): vol.Any(
+                    str: vol.Any(
                        SCHEMA_ELEMENT,
                        [
                            vol.Any(
                                SCHEMA_ELEMENT,
-                                {
+                                {str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])},
                                    vol.Coerce(str): vol.Any(
                                        SCHEMA_ELEMENT, [SCHEMA_ELEMENT]
                                    )
                                },
                            )
                        ],
-                        vol.Schema(
+                        vol.Schema({str: vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])}),
                            {vol.Coerce(str): vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])}
                        ),
                    )
                }
            ),
@@ -273,21 +413,44 @@ SCHEMA_ADDON_CONFIG = vol.Schema(
        vol.Optional(ATTR_TIMEOUT, default=10): vol.All(
            vol.Coerce(int), vol.Range(min=10, max=300)
        ),
        vol.Optional(ATTR_JOURNALD, default=False): vol.Boolean(),
        vol.Optional(ATTR_BREAKING_VERSIONS, default=list): [version_tag],
    },
    extra=vol.REMOVE_EXTRA,
 )
 SCHEMA_ADDON_CONFIG = vol.All(
    _migrate_addon_config(True), _warn_addon_config, _SCHEMA_ADDON_CONFIG
 )
 # pylint: disable=no-value-for-parameter
 SCHEMA_BUILD_CONFIG = vol.Schema(
    {
-        vol.Optional(ATTR_BUILD_FROM, default=dict): vol.Schema(
+        vol.Optional(ATTR_BUILD_FROM, default=dict): vol.Any(
-            {vol.In(ARCH_ALL): vol.Match(RE_DOCKER_IMAGE_BUILD)}
+            vol.Match(RE_DOCKER_IMAGE_BUILD),
            vol.Schema({vol.In(ARCH_ALL): vol.Match(RE_DOCKER_IMAGE_BUILD)}),
        ),
        vol.Optional(ATTR_SQUASH, default=False): vol.Boolean(),
-        vol.Optional(ATTR_ARGS, default=dict): vol.Schema(
+        vol.Optional(ATTR_ARGS, default=dict): vol.Schema({str: str}),
-            {vol.Coerce(str): vol.Coerce(str)}
+        vol.Optional(ATTR_LABELS, default=dict): vol.Schema({str: str}),
-        ),
+    },
    extra=vol.REMOVE_EXTRA,
 )
 SCHEMA_TRANSLATION_CONFIGURATION = vol.Schema(
    {
        vol.Required(ATTR_NAME): str,
        vol.Optional(ATTR_DESCRIPTON): vol.Maybe(str),
    },
    extra=vol.REMOVE_EXTRA,
 )
 SCHEMA_ADDON_TRANSLATIONS = vol.Schema(
    {
        vol.Optional(ATTR_CONFIGURATION): {str: SCHEMA_TRANSLATION_CONFIGURATION},
        vol.Optional(ATTR_NETWORK): {str: str},
    },
    extra=vol.REMOVE_EXTRA,
 )
@@ -300,301 +463,51 @@ SCHEMA_ADDON_USER = vol.Schema(
        vol.Optional(ATTR_IMAGE): docker_image,
        vol.Optional(ATTR_UUID, default=lambda: uuid.uuid4().hex): uuid_match,
        vol.Optional(ATTR_ACCESS_TOKEN): token,
-        vol.Optional(ATTR_INGRESS_TOKEN, default=secrets.token_urlsafe): vol.Coerce(
+        vol.Optional(ATTR_INGRESS_TOKEN, default=secrets.token_urlsafe): str,
            str
        ),
        vol.Optional(ATTR_OPTIONS, default=dict): dict,
        vol.Optional(ATTR_AUTO_UPDATE, default=False): vol.Boolean(),
        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
        vol.Optional(ATTR_NETWORK): docker_ports,
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
        vol.Optional(ATTR_PROTECTED, default=True): vol.Boolean(),
        vol.Optional(ATTR_INGRESS_PANEL, default=False): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG, default=False): vol.Boolean(),
        vol.Optional(ATTR_SYSTEM_MANAGED, default=False): vol.Boolean(),
        vol.Optional(ATTR_SYSTEM_MANAGED_CONFIG_ENTRY, default=None): vol.Maybe(str),
    },
    extra=vol.REMOVE_EXTRA,
 )
-
+SCHEMA_ADDON_SYSTEM = vol.All(
-SCHEMA_ADDON_SYSTEM = SCHEMA_ADDON_CONFIG.extend(
+    _migrate_addon_config(),
-    {
+    _SCHEMA_ADDON_CONFIG.extend(
-        vol.Required(ATTR_LOCATON): vol.Coerce(str),
+        {
-        vol.Required(ATTR_REPOSITORY): vol.Coerce(str),
+            vol.Required(ATTR_LOCATION): str,
-    }
+            vol.Required(ATTR_REPOSITORY): str,
            vol.Required(ATTR_TRANSLATIONS, default=dict): {
                str: SCHEMA_ADDON_TRANSLATIONS
            },
        }
    ),
 )
 SCHEMA_ADDONS_FILE = vol.Schema(
    {
-        vol.Optional(ATTR_USER, default=dict): {vol.Coerce(str): SCHEMA_ADDON_USER},
+        vol.Optional(ATTR_USER, default=dict): {str: SCHEMA_ADDON_USER},
-        vol.Optional(ATTR_SYSTEM, default=dict): {vol.Coerce(str): SCHEMA_ADDON_SYSTEM},
+        vol.Optional(ATTR_SYSTEM, default=dict): {str: SCHEMA_ADDON_SYSTEM},
    }
 )
 SCHEMA_ADDON_SNAPSHOT = vol.Schema(
    {
        vol.Required(ATTR_USER): SCHEMA_ADDON_USER,
        vol.Required(ATTR_SYSTEM): SCHEMA_ADDON_SYSTEM,
        vol.Required(ATTR_STATE): vol.Coerce(AddonState),
        vol.Required(ATTR_VERSION): vol.Coerce(str),
    },
    extra=vol.REMOVE_EXTRA,
 )
-def validate_options(coresys: CoreSys, raw_schema: Dict[str, Any]):
+SCHEMA_ADDON_BACKUP = vol.Schema(
-    """Validate schema."""
+    {
-
+        vol.Required(ATTR_USER): SCHEMA_ADDON_USER,
-    def validate(struct):
+        vol.Required(ATTR_SYSTEM): SCHEMA_ADDON_SYSTEM,
-        """Create schema validator for add-ons options."""
+        vol.Required(ATTR_STATE): vol.Coerce(AddonState),
-        options = {}
+        vol.Required(ATTR_VERSION): version_tag,
-
+    },
-        # read options
+    extra=vol.REMOVE_EXTRA,
-        for key, value in struct.items():
+)
            # Ignore unknown options / remove from list
            if key not in raw_schema:
                _LOGGER.warning("Unknown options %s", key)
                continue
            typ = raw_schema[key]
            try:
                if isinstance(typ, list):
                    # nested value list
                    options[key] = _nested_validate_list(coresys, typ[0], value, key)
                elif isinstance(typ, dict):
                    # nested value dict
                    options[key] = _nested_validate_dict(coresys, typ, value, key)
                else:
                    # normal value
                    options[key] = _single_validate(coresys, typ, value, key)
            except (IndexError, KeyError):
                raise vol.Invalid(f"Type error for {key}") from None
        _check_missing_options(raw_schema, options, "root")
        return options
    return validate
 # pylint: disable=no-value-for-parameter
 # pylint: disable=inconsistent-return-statements
 def _single_validate(coresys: CoreSys, typ: str, value: Any, key: str):
    """Validate a single element."""
    # if required argument
    if value is None:
        raise vol.Invalid(f"Missing required option '{key}'") from None
    # Lookup secret
    if str(value).startswith("!secret "):
        secret: str = value.partition(" ")[2]
        value = coresys.homeassistant.secrets.get(secret)
        if value is None:
            raise vol.Invalid(f"Unknown secret {secret}") from None
    # parse extend data from type
    match = RE_SCHEMA_ELEMENT.match(typ)
    if not match:
        raise vol.Invalid(f"Unknown type {typ}") from None
    # prepare range
    range_args = {}
    for group_name in _SCHEMA_LENGTH_PARTS:
        group_value = match.group(group_name)
        if group_value:
            range_args[group_name[2:]] = float(group_value)
    if typ.startswith(V_STR) or typ.startswith(V_PASSWORD):
        return vol.All(str(value), vol.Range(**range_args))(value)
    elif typ.startswith(V_INT):
        return vol.All(vol.Coerce(int), vol.Range(**range_args))(value)
    elif typ.startswith(V_FLOAT):
        return vol.All(vol.Coerce(float), vol.Range(**range_args))(value)
    elif typ.startswith(V_BOOL):
        return vol.Boolean()(value)
    elif typ.startswith(V_EMAIL):
        return vol.Email()(value)
    elif typ.startswith(V_URL):
        return vol.Url()(value)
    elif typ.startswith(V_PORT):
        return network_port(value)
    elif typ.startswith(V_MATCH):
        return vol.Match(match.group("match"))(str(value))
    elif typ.startswith(V_LIST):
        return vol.In(match.group("list").split("|"))(str(value))
    raise vol.Invalid(f"Fatal error for {key} type {typ}") from None
 def _nested_validate_list(coresys, typ, data_list, key):
    """Validate nested items."""
    options = []
    # Make sure it is a list
    if not isinstance(data_list, list):
        raise vol.Invalid(f"Invalid list for {key}") from None
    # Process list
    for element in data_list:
        # Nested?
        if isinstance(typ, dict):
            c_options = _nested_validate_dict(coresys, typ, element, key)
            options.append(c_options)
        else:
            options.append(_single_validate(coresys, typ, element, key))
    return options
 def _nested_validate_dict(coresys, typ, data_dict, key):
    """Validate nested items."""
    options = {}
    # Make sure it is a dict
    if not isinstance(data_dict, dict):
        raise vol.Invalid(f"Invalid dict for {key}") from None
    # Process dict
    for c_key, c_value in data_dict.items():
        # Ignore unknown options / remove from list
        if c_key not in typ:
            _LOGGER.warning("Unknown options %s", c_key)
            continue
        # Nested?
        if isinstance(typ[c_key], list):
            options[c_key] = _nested_validate_list(
                coresys, typ[c_key][0], c_value, c_key
            )
        else:
            options[c_key] = _single_validate(coresys, typ[c_key], c_value, c_key)
    _check_missing_options(typ, options, key)
    return options
 def _check_missing_options(origin, exists, root):
    """Check if all options are exists."""
    missing = set(origin) - set(exists)
    for miss_opt in missing:
        if isinstance(origin[miss_opt], str) and origin[miss_opt].endswith("?"):
            continue
        raise vol.Invalid(f"Missing option {miss_opt} in {root}") from None
 def schema_ui_options(raw_schema: Dict[str, Any]) -> List[Dict[str, Any]]:
    """Generate UI schema."""
    ui_schema: List[Dict[str, Any]] = []
    # read options
    for key, value in raw_schema.items():
        if isinstance(value, list):
            # nested value list
            _nested_ui_list(ui_schema, value, key)
        elif isinstance(value, dict):
            # nested value dict
            _nested_ui_dict(ui_schema, value, key)
        else:
            # normal value
            _single_ui_option(ui_schema, value, key)
    return ui_schema
 def _single_ui_option(
    ui_schema: List[Dict[str, Any]], value: str, key: str, multiple: bool = False
 ) -> None:
    """Validate a single element."""
    ui_node: Dict[str, Union[str, bool, float, List[str]]] = {"name": key}
    # If multiple
    if multiple:
        ui_node["multiple"] = True
    # Parse extend data from type
    match = RE_SCHEMA_ELEMENT.match(value)
    if not match:
        return
    # Prepare range
    for group_name in _SCHEMA_LENGTH_PARTS:
        group_value = match.group(group_name)
        if not group_value:
            continue
        if group_name[2:] == "min":
            ui_node["lengthMin"] = float(group_value)
        elif group_name[2:] == "max":
            ui_node["lengthMax"] = float(group_value)
    # If required
    if value.endswith("?"):
        ui_node["optional"] = True
    else:
        ui_node["required"] = True
    # Data types
    if value.startswith(V_STR):
        ui_node["type"] = "string"
    elif value.startswith(V_PASSWORD):
        ui_node["type"] = "string"
        ui_node["format"] = "password"
    elif value.startswith(V_INT):
        ui_node["type"] = "integer"
    elif value.startswith(V_FLOAT):
        ui_node["type"] = "float"
    elif value.startswith(V_BOOL):
        ui_node["type"] = "boolean"
    elif value.startswith(V_EMAIL):
        ui_node["type"] = "string"
        ui_node["format"] = "email"
    elif value.startswith(V_URL):
        ui_node["type"] = "string"
        ui_node["format"] = "url"
    elif value.startswith(V_PORT):
        ui_node["type"] = "integer"
    elif value.startswith(V_MATCH):
        ui_node["type"] = "string"
    elif value.startswith(V_LIST):
        ui_node["type"] = "select"
        ui_node["options"] = match.group("list").split("|")
    ui_schema.append(ui_node)
 def _nested_ui_list(
    ui_schema: List[Dict[str, Any]], option_list: List[Any], key: str
 ) -> None:
    """UI nested list items."""
    try:
        element = option_list[0]
    except IndexError:
        _LOGGER.error("Invalid schema %s", key)
        return
    if isinstance(element, dict):
        _nested_ui_dict(ui_schema, element, key, multiple=True)
    else:
        _single_ui_option(ui_schema, element, key, multiple=True)
 def _nested_ui_dict(
    ui_schema: List[Dict[str, Any]],
    option_dict: Dict[str, Any],
    key: str,
    multiple: bool = False,
 ) -> None:
    """UI nested dict items."""
    ui_node = {"name": key, "type": "schema", "optional": True, "multiple": multiple}
    nested_schema = []
    for c_key, c_value in option_dict.items():
        # Nested?
        if isinstance(c_value, list):
            _nested_ui_list(nested_schema, c_value, c_key)
        else:
            _single_ui_option(nested_schema, c_value, c_key)
    ui_node["schema"] = nested_schema
    ui_schema.append(ui_node)
--- a/supervisor/api/init.py
+++ b/supervisor/api/init.py
@@ -1,39 +1,59 @@
 """Init file for Supervisor RESTful API."""
 from dataclasses import dataclass
 from functools import partial
 import logging
 from pathlib import Path
-from typing import Optional
+from typing import Any
-from aiohttp import web
+from aiohttp import hdrs, web
 from ..const import SUPERVISOR_DOCKER_NAME, AddonState
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import APIAddonNotInstalled, HostNotSupportedError
 from ..utils.sentry import async_capture_exception
 from .addons import APIAddons
 from .audio import APIAudio
 from .auth import APIAuth
 from .backups import APIBackups
 from .cli import APICli
 from .const import CONTENT_TYPE_TEXT
 from .discovery import APIDiscovery
 from .dns import APICoreDNS
 from .docker import APIDocker
 from .hardware import APIHardware
 from .homeassistant import APIHomeAssistant
 from .host import APIHost
 from .info import APIInfo
 from .ingress import APIIngress
 from .jobs import APIJobs
 from .middleware.security import SecurityMiddleware
 from .mounts import APIMounts
 from .multicast import APIMulticast
 from .network import APINetwork
 from .observer import APIObserver
 from .os import APIOS
 from .proxy import APIProxy
 from .resolution import APIResoulution
-from .security import SecurityMiddleware
+from .root import APIRoot
 from .security import APISecurity
 from .services import APIServices
-from .snapshots import APISnapshots
+from .store import APIStore
 from .supervisor import APISupervisor
 from .utils import api_process, api_process_raw
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-MAX_CLIENT_SIZE: int = 1024 ** 2 * 16
+MAX_CLIENT_SIZE: int = 1024**2 * 16
 MAX_LINE_SIZE: int = 24570
@dataclass(slots=True, frozen=True)
 class StaticResourceConfig:
    """Configuration for a static resource."""
    prefix: str
    path: Path
 class RestAPI(CoreSysAttributes):
@@ -46,20 +66,33 @@ class RestAPI(CoreSysAttributes):
        self.webapp: web.Application = web.Application(
            client_max_size=MAX_CLIENT_SIZE,
            middlewares=[
                self.security.block_bad_requests,
                self.security.system_validation,
                self.security.token_validation,
                self.security.core_proxy,
            ],
            handler_args={
                "max_line_size": MAX_LINE_SIZE,
                "max_field_size": MAX_LINE_SIZE,
            },
        )
        # service stuff
-        self._runner: web.AppRunner = web.AppRunner(self.webapp)
+        self._runner: web.AppRunner = web.AppRunner(self.webapp, shutdown_timeout=5)
-        self._site: Optional[web.TCPSite] = None
+        self._site: web.TCPSite | None = None
        # share single host API handler for reuse in logging endpoints
        self._api_host: APIHost = APIHost()
        self._api_host.coresys = coresys
    async def load(self) -> None:
        """Register REST API Calls."""
        static_resource_configs: list[StaticResourceConfig] = []
        self._register_addons()
        self._register_audio()
        self._register_auth()
        self._register_backups()
        self._register_cli()
        self._register_discovery()
        self._register_dns()
@@ -67,40 +100,104 @@ class RestAPI(CoreSysAttributes):
        self._register_hardware()
        self._register_homeassistant()
        self._register_host()
-        self._register_info()
+        self._register_jobs()
        self._register_ingress()
        self._register_mounts()
        self._register_multicast()
        self._register_network()
        self._register_observer()
        self._register_os()
-        self._register_jobs()
+        static_resource_configs.extend(self._register_panel())
        self._register_panel()
        self._register_proxy()
        self._register_resolution()
        self._register_root()
        self._register_security()
        self._register_services()
-        self._register_snapshots()
+        self._register_store()
        self._register_supervisor()
        if static_resource_configs:
            def process_configs() -> list[web.StaticResource]:
                return [
                    web.StaticResource(config.prefix, config.path)
                    for config in static_resource_configs
                ]
            for resource in await self.sys_run_in_executor(process_configs):
                self.webapp.router.register_resource(resource)
        await self.start()
    def _register_advanced_logs(self, path: str, syslog_identifier: str):
        """Register logs endpoint for a given path, returning logs for single syslog identifier."""
        self.webapp.add_routes(
            [
                web.get(
                    f"{path}/logs",
                    partial(self._api_host.advanced_logs, identifier=syslog_identifier),
                ),
                web.get(
                    f"{path}/logs/follow",
                    partial(
                        self._api_host.advanced_logs,
                        identifier=syslog_identifier,
                        follow=True,
                    ),
                ),
                web.get(
                    f"{path}/logs/boots/{{bootid}}",
                    partial(self._api_host.advanced_logs, identifier=syslog_identifier),
                ),
                web.get(
                    f"{path}/logs/boots/{{bootid}}/follow",
                    partial(
                        self._api_host.advanced_logs,
                        identifier=syslog_identifier,
                        follow=True,
                    ),
                ),
            ]
        )
    def _register_host(self) -> None:
        """Register hostcontrol functions."""
-        api_host = APIHost()
+        api_host = self._api_host
        api_host.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/host/info", api_host.info),
-                web.get("/host/logs", api_host.logs),
+                web.get("/host/logs", api_host.advanced_logs),
                web.get(
                    "/host/logs/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.get("/host/logs/identifiers", api_host.list_identifiers),
                web.get("/host/logs/identifiers/{identifier}", api_host.advanced_logs),
                web.get(
                    "/host/logs/identifiers/{identifier}/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.get("/host/logs/boots", api_host.list_boots),
                web.get("/host/logs/boots/{bootid}", api_host.advanced_logs),
                web.get(
                    "/host/logs/boots/{bootid}/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.get(
                    "/host/logs/boots/{bootid}/identifiers/{identifier}",
                    api_host.advanced_logs,
                ),
                web.get(
                    "/host/logs/boots/{bootid}/identifiers/{identifier}/follow",
                    partial(api_host.advanced_logs, follow=True),
                ),
                web.post("/host/reboot", api_host.reboot),
                web.post("/host/shutdown", api_host.shutdown),
                web.post("/host/reload", api_host.reload),
                web.post("/host/options", api_host.options),
                web.get("/host/services", api_host.services),
                web.post("/host/services/{service}/stop", api_host.service_stop),
                web.post("/host/services/{service}/start", api_host.service_start),
                web.post("/host/services/{service}/restart", api_host.service_restart),
                web.post("/host/services/{service}/reload", api_host.service_reload),
            ]
        )
@@ -140,7 +237,37 @@ class RestAPI(CoreSysAttributes):
            [
                web.get("/os/info", api_os.info),
                web.post("/os/update", api_os.update),
                web.get("/os/config/swap", api_os.config_swap_info),
                web.post("/os/config/swap", api_os.config_swap_options),
                web.post("/os/config/sync", api_os.config_sync),
                web.post("/os/datadisk/move", api_os.migrate_data),
                web.get("/os/datadisk/list", api_os.list_data),
                web.post("/os/datadisk/wipe", api_os.wipe_data),
                web.post("/os/boot-slot", api_os.set_boot_slot),
            ]
        )
        # Boards endpoints
        self.webapp.add_routes(
            [
                web.get("/os/boards/green", api_os.boards_green_info),
                web.post("/os/boards/green", api_os.boards_green_options),
                web.get("/os/boards/yellow", api_os.boards_yellow_info),
                web.post("/os/boards/yellow", api_os.boards_yellow_options),
                web.get("/os/boards/{board}", api_os.boards_other_info),
            ]
        )
    def _register_security(self) -> None:
        """Register Security functions."""
        api_security = APISecurity()
        api_security.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/security/info", api_security.info),
                web.post("/security/options", api_security.options),
                web.post("/security/integrity", api_security.integrity_check),
            ]
        )
@@ -154,6 +281,8 @@ class RestAPI(CoreSysAttributes):
                web.get("/jobs/info", api_jobs.info),
                web.post("/jobs/options", api_jobs.options),
                web.post("/jobs/reset", api_jobs.reset),
                web.get("/jobs/{uuid}", api_jobs.job_info),
                web.delete("/jobs/{uuid}", api_jobs.remove_job),
            ]
        )
@@ -192,11 +321,11 @@ class RestAPI(CoreSysAttributes):
            [
                web.get("/multicast/info", api_multicast.info),
                web.get("/multicast/stats", api_multicast.stats),
                web.get("/multicast/logs", api_multicast.logs),
                web.post("/multicast/update", api_multicast.update),
                web.post("/multicast/restart", api_multicast.restart),
            ]
        )
        self._register_advanced_logs("/multicast", "hassio_multicast")
    def _register_hardware(self) -> None:
        """Register hardware functions."""
@@ -207,16 +336,27 @@ class RestAPI(CoreSysAttributes):
            [
                web.get("/hardware/info", api_hardware.info),
                web.get("/hardware/audio", api_hardware.audio),
                web.post("/hardware/trigger", api_hardware.trigger),
            ]
        )
-    def _register_info(self) -> None:
+    def _register_root(self) -> None:
-        """Register info functions."""
+        """Register root functions."""
-        api_info = APIInfo()
+        api_root = APIRoot()
-        api_info.coresys = self.coresys
+        api_root.coresys = self.coresys
-        self.webapp.add_routes([web.get("/info", api_info.info)])
+        self.webapp.add_routes([web.get("/info", api_root.info)])
        self.webapp.add_routes([web.post("/reload_updates", api_root.reload_updates)])
        # Discouraged
        self.webapp.add_routes([web.post("/refresh_updates", api_root.refresh_updates)])
        self.webapp.add_routes(
            [web.get("/available_updates", api_root.available_updates)]
        )
        # Remove: 2023
        self.webapp.add_routes(
            [web.get("/supervisor/available_updates", api_root.available_updates)]
        )
    def _register_resolution(self) -> None:
        """Register info functions."""
@@ -226,6 +366,10 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.get("/resolution/info", api_resolution.info),
                web.post(
                    "/resolution/check/{check}/options", api_resolution.options_check
                ),
                web.post("/resolution/check/{check}/run", api_resolution.run_check),
                web.post(
                    "/resolution/suggestion/{suggestion}",
                    api_resolution.apply_suggestion,
@@ -238,6 +382,11 @@ class RestAPI(CoreSysAttributes):
                    "/resolution/issue/{issue}",
                    api_resolution.dismiss_issue,
                ),
                web.get(
                    "/resolution/issue/{issue}/suggestions",
                    api_resolution.suggestions_for_issue,
                ),
                web.post("/resolution/healthcheck", api_resolution.healthcheck),
            ]
        )
@@ -252,6 +401,7 @@ class RestAPI(CoreSysAttributes):
                web.post("/auth", api_auth.auth),
                web.post("/auth/reset", api_auth.reset),
                web.delete("/auth/cache", api_auth.cache),
                web.get("/auth/list", api_auth.list_users),
            ]
        )
@@ -265,7 +415,6 @@ class RestAPI(CoreSysAttributes):
                web.get("/supervisor/ping", api_supervisor.ping),
                web.get("/supervisor/info", api_supervisor.info),
                web.get("/supervisor/stats", api_supervisor.stats),
                web.get("/supervisor/logs", api_supervisor.logs),
                web.post("/supervisor/update", api_supervisor.update),
                web.post("/supervisor/reload", api_supervisor.reload),
                web.post("/supervisor/restart", api_supervisor.restart),
@@ -274,6 +423,39 @@ class RestAPI(CoreSysAttributes):
            ]
        )
        async def get_supervisor_logs(*args, **kwargs):
            try:
                return await self._api_host.advanced_logs_handler(
                    *args, identifier=SUPERVISOR_DOCKER_NAME, **kwargs
                )
            except Exception as err:  # pylint: disable=broad-exception-caught
                # Supervisor logs are critical, so catch everything, log the exception
                # and try to return Docker container logs as the fallback
                _LOGGER.exception(
                    "Failed to get supervisor logs using advanced_logs API"
                )
                if not isinstance(err, HostNotSupportedError):
                    # No need to capture HostNotSupportedError to Sentry, the cause
                    # is known and reported to the user using the resolution center.
                    await async_capture_exception(err)
                kwargs.pop("follow", None)  # Follow is not supported for Docker logs
                return await api_supervisor.logs(*args, **kwargs)
        self.webapp.add_routes(
            [
                web.get("/supervisor/logs", get_supervisor_logs),
                web.get(
                    "/supervisor/logs/follow",
                    partial(get_supervisor_logs, follow=True),
                ),
                web.get("/supervisor/logs/boots/{bootid}", get_supervisor_logs),
                web.get(
                    "/supervisor/logs/boots/{bootid}/follow",
                    partial(get_supervisor_logs, follow=True),
                ),
            ]
        )
    def _register_homeassistant(self) -> None:
        """Register Home Assistant functions."""
        api_hass = APIHomeAssistant()
@@ -282,7 +464,6 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.get("/core/info", api_hass.info),
                web.get("/core/logs", api_hass.logs),
                web.get("/core/stats", api_hass.stats),
                web.post("/core/options", api_hass.options),
                web.post("/core/update", api_hass.update),
@@ -291,20 +472,28 @@ class RestAPI(CoreSysAttributes):
                web.post("/core/start", api_hass.start),
                web.post("/core/check", api_hass.check),
                web.post("/core/rebuild", api_hass.rebuild),
-                # Remove with old Supervisor fallback
+            ]
        )
        self._register_advanced_logs("/core", "homeassistant")
        # Reroute from legacy
        self.webapp.add_routes(
            [
                web.get("/homeassistant/info", api_hass.info),
                web.get("/homeassistant/logs", api_hass.logs),
                web.get("/homeassistant/stats", api_hass.stats),
                web.post("/homeassistant/options", api_hass.options),
                web.post("/homeassistant/update", api_hass.update),
                web.post("/homeassistant/restart", api_hass.restart),
                web.post("/homeassistant/stop", api_hass.stop),
                web.post("/homeassistant/start", api_hass.start),
-                web.post("/homeassistant/check", api_hass.check),
+                web.post("/homeassistant/update", api_hass.update),
                web.post("/homeassistant/rebuild", api_hass.rebuild),
                web.post("/homeassistant/check", api_hass.check),
            ]
        )
        self._register_advanced_logs("/homeassistant", "homeassistant")
    def _register_proxy(self) -> None:
        """Register Home Assistant API Proxy."""
        api_proxy = APIProxy()
@@ -318,7 +507,12 @@ class RestAPI(CoreSysAttributes):
                web.post("/core/api/{path:.+}", api_proxy.api),
                web.get("/core/api/{path:.+}", api_proxy.api),
                web.get("/core/api/", api_proxy.api),
-                # Remove with old Supervisor fallback
+            ]
        )
        # Reroute from legacy
        self.webapp.add_routes(
            [
                web.get("/homeassistant/api/websocket", api_proxy.websocket),
                web.get("/homeassistant/websocket", api_proxy.websocket),
                web.get("/homeassistant/api/stream", api_proxy.stream),
@@ -335,31 +529,64 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
-                web.get("/addons", api_addons.list),
+                web.get("/addons", api_addons.list_addons),
                web.post("/addons/reload", api_addons.reload),
                web.get("/addons/{addon}/info", api_addons.info),
                web.post("/addons/{addon}/install", api_addons.install),
                web.post("/addons/{addon}/uninstall", api_addons.uninstall),
                web.post("/addons/{addon}/start", api_addons.start),
                web.post("/addons/{addon}/stop", api_addons.stop),
                web.post("/addons/{addon}/restart", api_addons.restart),
                web.post("/addons/{addon}/update", api_addons.update),
                web.post("/addons/{addon}/options", api_addons.options),
                web.post("/addons/{addon}/sys_options", api_addons.sys_options),
                web.post(
                    "/addons/{addon}/options/validate", api_addons.options_validate
                ),
                web.get("/addons/{addon}/options/config", api_addons.options_config),
                web.post("/addons/{addon}/rebuild", api_addons.rebuild),
                web.get("/addons/{addon}/logs", api_addons.logs),
                web.get("/addons/{addon}/icon", api_addons.icon),
                web.get("/addons/{addon}/logo", api_addons.logo),
                web.get("/addons/{addon}/changelog", api_addons.changelog),
                web.get("/addons/{addon}/documentation", api_addons.documentation),
                web.post("/addons/{addon}/stdin", api_addons.stdin),
                web.post("/addons/{addon}/security", api_addons.security),
                web.get("/addons/{addon}/stats", api_addons.stats),
            ]
        )
        @api_process_raw(CONTENT_TYPE_TEXT, error_type=CONTENT_TYPE_TEXT)
        async def get_addon_logs(request, *args, **kwargs):
            addon = api_addons.get_addon_for_request(request)
            kwargs["identifier"] = f"addon_{addon.slug}"
            return await self._api_host.advanced_logs(request, *args, **kwargs)
        self.webapp.add_routes(
            [
                web.get("/addons/{addon}/logs", get_addon_logs),
                web.get(
                    "/addons/{addon}/logs/follow",
                    partial(get_addon_logs, follow=True),
                ),
                web.get("/addons/{addon}/logs/boots/{bootid}", get_addon_logs),
                web.get(
                    "/addons/{addon}/logs/boots/{bootid}/follow",
                    partial(get_addon_logs, follow=True),
                ),
            ]
        )
        # Legacy routing to support requests for not installed addons
        api_store = APIStore()
        api_store.coresys = self.coresys
        @api_process
        async def addons_addon_info(request: web.Request) -> dict[str, Any]:
            """Route to store if info requested for not installed addon."""
            try:
                return await api_addons.info(request)
            except APIAddonNotInstalled:
                # Route to store/{addon}/info but add missing fields
                return dict(
                    await api_store.addons_addon_info_wrapped(request),
                    state=AddonState.UNKNOWN,
                    options=self.sys_addons.store[request.match_info["addon"]].options,
                )
        self.webapp.add_routes([web.get("/addons/{addon}/info", addons_addon_info)])
    def _register_ingress(self) -> None:
        """Register Ingress functions."""
        api_ingress = APIIngress()
@@ -370,34 +597,36 @@ class RestAPI(CoreSysAttributes):
                web.post("/ingress/session", api_ingress.create_session),
                web.post("/ingress/validate_session", api_ingress.validate_session),
                web.get("/ingress/panels", api_ingress.panels),
-                web.view("/ingress/{token}/{path:.*}", api_ingress.handler),
+                web.route(
                    hdrs.METH_ANY, "/ingress/{token}/{path:.*}", api_ingress.handler
                ),
            ]
        )
-    def _register_snapshots(self) -> None:
+    def _register_backups(self) -> None:
-        """Register snapshots functions."""
+        """Register backups functions."""
-        api_snapshots = APISnapshots()
+        api_backups = APIBackups()
-        api_snapshots.coresys = self.coresys
+        api_backups.coresys = self.coresys
        self.webapp.add_routes(
            [
-                web.get("/snapshots", api_snapshots.list),
+                web.get("/backups", api_backups.list_backups),
-                web.post("/snapshots/reload", api_snapshots.reload),
+                web.get("/backups/info", api_backups.info),
-                web.post("/snapshots/new/full", api_snapshots.snapshot_full),
+                web.post("/backups/options", api_backups.options),
-                web.post("/snapshots/new/partial", api_snapshots.snapshot_partial),
+                web.post("/backups/reload", api_backups.reload),
-                web.post("/snapshots/new/upload", api_snapshots.upload),
+                web.post("/backups/freeze", api_backups.freeze),
-                web.get("/snapshots/{snapshot}/info", api_snapshots.info),
+                web.post("/backups/thaw", api_backups.thaw),
-                web.delete("/snapshots/{snapshot}", api_snapshots.remove),
+                web.post("/backups/new/full", api_backups.backup_full),
                web.post("/backups/new/partial", api_backups.backup_partial),
                web.post("/backups/new/upload", api_backups.upload),
                web.get("/backups/{slug}/info", api_backups.backup_info),
                web.delete("/backups/{slug}", api_backups.remove),
                web.post("/backups/{slug}/restore/full", api_backups.restore_full),
                web.post(
-                    "/snapshots/{snapshot}/restore/full", api_snapshots.restore_full
+                    "/backups/{slug}/restore/partial",
                    api_backups.restore_partial,
                ),
-                web.post(
+                web.get("/backups/{slug}/download", api_backups.download),
                    "/snapshots/{snapshot}/restore/partial",
                    api_snapshots.restore_partial,
                ),
                web.get("/snapshots/{snapshot}/download", api_snapshots.download),
                # Old, remove at end of 2020
                web.post("/snapshots/{snapshot}/remove", api_snapshots.remove),
            ]
        )
@@ -408,7 +637,7 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
-                web.get("/services", api_services.list),
+                web.get("/services", api_services.list_services),
                web.get("/services/{service}", api_services.get_service),
                web.post("/services/{service}", api_services.set_service),
                web.delete("/services/{service}", api_services.del_service),
@@ -422,7 +651,7 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
-                web.get("/discovery", api_discovery.list),
+                web.get("/discovery", api_discovery.list_discovery),
                web.get("/discovery/{uuid}", api_discovery.get_discovery),
                web.delete("/discovery/{uuid}", api_discovery.del_discovery),
                web.post("/discovery", api_discovery.set_discovery),
@@ -438,7 +667,6 @@ class RestAPI(CoreSysAttributes):
            [
                web.get("/dns/info", api_dns.info),
                web.get("/dns/stats", api_dns.stats),
                web.get("/dns/logs", api_dns.logs),
                web.post("/dns/update", api_dns.update),
                web.post("/dns/options", api_dns.options),
                web.post("/dns/restart", api_dns.restart),
@@ -446,6 +674,8 @@ class RestAPI(CoreSysAttributes):
            ]
        )
        self._register_advanced_logs("/dns", "hassio_dns")
    def _register_audio(self) -> None:
        """Register Audio functions."""
        api_audio = APIAudio()
@@ -455,7 +685,6 @@ class RestAPI(CoreSysAttributes):
            [
                web.get("/audio/info", api_audio.info),
                web.get("/audio/stats", api_audio.stats),
                web.get("/audio/logs", api_audio.logs),
                web.post("/audio/update", api_audio.update),
                web.post("/audio/restart", api_audio.restart),
                web.post("/audio/reload", api_audio.reload),
@@ -468,10 +697,89 @@ class RestAPI(CoreSysAttributes):
            ]
        )
-    def _register_panel(self) -> None:
+        self._register_advanced_logs("/audio", "hassio_audio")
    def _register_mounts(self) -> None:
        """Register mounts endpoints."""
        api_mounts = APIMounts()
        api_mounts.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/mounts", api_mounts.info),
                web.post("/mounts/options", api_mounts.options),
                web.post("/mounts", api_mounts.create_mount),
                web.put("/mounts/{mount}", api_mounts.update_mount),
                web.delete("/mounts/{mount}", api_mounts.delete_mount),
                web.post("/mounts/{mount}/reload", api_mounts.reload_mount),
            ]
        )
    def _register_store(self) -> None:
        """Register store endpoints."""
        api_store = APIStore()
        api_store.coresys = self.coresys
        self.webapp.add_routes(
            [
                web.get("/store", api_store.store_info),
                web.get("/store/addons", api_store.addons_list),
                web.get("/store/addons/{addon}", api_store.addons_addon_info),
                web.get("/store/addons/{addon}/icon", api_store.addons_addon_icon),
                web.get("/store/addons/{addon}/logo", api_store.addons_addon_logo),
                web.get(
                    "/store/addons/{addon}/changelog", api_store.addons_addon_changelog
                ),
                web.get(
                    "/store/addons/{addon}/documentation",
                    api_store.addons_addon_documentation,
                ),
                web.post(
                    "/store/addons/{addon}/install", api_store.addons_addon_install
                ),
                web.post(
                    "/store/addons/{addon}/install/{version}",
                    api_store.addons_addon_install,
                ),
                web.post("/store/addons/{addon}/update", api_store.addons_addon_update),
                web.post(
                    "/store/addons/{addon}/update/{version}",
                    api_store.addons_addon_update,
                ),
                # Must be below others since it has a wildcard in resource path
                web.get("/store/addons/{addon}/{version}", api_store.addons_addon_info),
                web.post("/store/reload", api_store.reload),
                web.get("/store/repositories", api_store.repositories_list),
                web.get(
                    "/store/repositories/{repository}",
                    api_store.repositories_repository_info,
                ),
                web.post("/store/repositories", api_store.add_repository),
                web.delete(
                    "/store/repositories/{repository}", api_store.remove_repository
                ),
            ]
        )
        # Reroute from legacy
        self.webapp.add_routes(
            [
                web.post("/addons/reload", api_store.reload),
                web.post("/addons/{addon}/install", api_store.addons_addon_install),
                web.post("/addons/{addon}/update", api_store.addons_addon_update),
                web.get("/addons/{addon}/icon", api_store.addons_addon_icon),
                web.get("/addons/{addon}/logo", api_store.addons_addon_logo),
                web.get("/addons/{addon}/changelog", api_store.addons_addon_changelog),
                web.get(
                    "/addons/{addon}/documentation",
                    api_store.addons_addon_documentation,
                ),
            ]
        )
    def _register_panel(self) -> list[StaticResourceConfig]:
        """Register panel for Home Assistant."""
-        panel_dir = Path(__file__).parent.joinpath("panel")
+        return [StaticResourceConfig("/app", Path(__file__).parent.joinpath("panel"))]
        self.webapp.add_routes([web.static("/app", panel_dir)])
    def _register_docker(self) -> None:
        """Register docker configuration functions."""
@@ -481,6 +789,7 @@ class RestAPI(CoreSysAttributes):
        self.webapp.add_routes(
            [
                web.get("/docker/info", api_docker.info),
                web.post("/docker/options", api_docker.options),
                web.get("/docker/registries", api_docker.registries),
                web.post("/docker/registries", api_docker.create_registry),
                web.delete("/docker/registries/{hostname}", api_docker.remove_registry),
@@ -490,9 +799,7 @@ class RestAPI(CoreSysAttributes):
    async def start(self) -> None:
        """Run RESTful API webserver."""
        await self._runner.setup()
-        self._site = web.TCPSite(
+        self._site = web.TCPSite(self._runner, host="0.0.0.0", port=80)
            self._runner, host="0.0.0.0", port=80, shutdown_timeout=5
        )
        try:
            await self._site.start()
--- a/supervisor/api/addons.py
+++ b/supervisor/api/addons.py
@@ -1,13 +1,14 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict, List
+from typing import Any, TypedDict
 from aiohttp import web
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 from ..addons import AnyAddon
 from ..addons.addon import Addon
 from ..addons.utils import rating_security
 from ..const import (
@@ -35,6 +36,7 @@ from ..const import (
    ATTR_DNS,
    ATTR_DOCKER_API,
    ATTR_DOCUMENTATION,
    ATTR_FORCE,
    ATTR_FULL_ACCESS,
    ATTR_GPIO,
    ATTR_HASSIO_API,
@@ -45,6 +47,7 @@ from ..const import (
    ATTR_HOST_IPC,
    ATTR_HOST_NETWORK,
    ATTR_HOST_PID,
    ATTR_HOST_UTS,
    ATTR_HOSTNAME,
    ATTR_ICON,
    ATTR_INGRESS,
@@ -52,17 +55,14 @@ from ..const import (
    ATTR_INGRESS_PANEL,
    ATTR_INGRESS_PORT,
    ATTR_INGRESS_URL,
    ATTR_INSTALLED,
    ATTR_IP_ADDRESS,
    ATTR_KERNEL_MODULES,
    ATTR_LOGO,
    ATTR_LONG_DESCRIPTION,
    ATTR_MACHINE,
    ATTR_MAINTAINER,
    ATTR_MEMORY_LIMIT,
    ATTR_MEMORY_PERCENT,
    ATTR_MEMORY_USAGE,
    ATTR_MESSAGE,
    ATTR_NAME,
    ATTR_NETWORK,
    ATTR_NETWORK_DESCRIPTION,
@@ -72,42 +72,48 @@ from ..const import (
    ATTR_PRIVILEGED,
    ATTR_PROTECTED,
    ATTR_RATING,
    ATTR_REPOSITORIES,
    ATTR_REPOSITORY,
    ATTR_SCHEMA,
    ATTR_SERVICES,
    ATTR_SLUG,
    ATTR_SOURCE,
    ATTR_STAGE,
    ATTR_STARTUP,
    ATTR_STATE,
    ATTR_STDIN,
    ATTR_SYSTEM_MANAGED,
    ATTR_SYSTEM_MANAGED_CONFIG_ENTRY,
    ATTR_TRANSLATIONS,
    ATTR_UART,
    ATTR_UDEV,
    ATTR_UPDATE_AVAILABLE,
    ATTR_URL,
    ATTR_USB,
    ATTR_VALID,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    ATTR_VIDEO,
    ATTR_WATCHDOG,
    ATTR_WEBUI,
    CONTENT_TYPE_BINARY,
    CONTENT_TYPE_PNG,
    CONTENT_TYPE_TEXT,
    REQUEST_FROM,
    AddonBoot,
-    AddonState,
+    AddonBootConfig,
 )
 from ..coresys import CoreSysAttributes
 from ..docker.stats import DockerStats
-from ..exceptions import APIError
+from ..exceptions import (
    APIAddonNotInstalled,
    APIError,
    APIForbidden,
    APINotFound,
    PwnedError,
    PwnedSecret,
 )
 from ..validate import docker_ports
-from .utils import api_process, api_process_raw, api_validate
+from .const import ATTR_BOOT_CONFIG, ATTR_REMOVE_CONFIG, ATTR_SIGNED
 from .utils import api_process, api_validate, json_loads
 _LOGGER: logging.Logger = logging.getLogger(__name__)
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): str})
 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema(
@@ -115,23 +121,44 @@ SCHEMA_OPTIONS = vol.Schema(
        vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
        vol.Optional(ATTR_NETWORK): vol.Maybe(docker_ports),
        vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
        vol.Optional(ATTR_INGRESS_PANEL): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
    }
 )
-# pylint: disable=no-value-for-parameter
+SCHEMA_SYS_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_SYSTEM_MANAGED): vol.Boolean(),
        vol.Optional(ATTR_SYSTEM_MANAGED_CONFIG_ENTRY): vol.Maybe(str),
    }
 )
 SCHEMA_SECURITY = vol.Schema({vol.Optional(ATTR_PROTECTED): vol.Boolean()})
 SCHEMA_UNINSTALL = vol.Schema(
    {vol.Optional(ATTR_REMOVE_CONFIG, default=False): vol.Boolean()}
 )
 SCHEMA_REBUILD = vol.Schema({vol.Optional(ATTR_FORCE, default=False): vol.Boolean()})
 # pylint: enable=no-value-for-parameter
 class OptionsValidateResponse(TypedDict):
    """Response object for options validate."""
    message: str
    valid: bool
    pwned: bool | None
 class APIAddons(CoreSysAttributes):
    """Handle RESTful API for add-on functions."""
-    def _extract_addon(self, request: web.Request) -> AnyAddon:
+    def get_addon_for_request(self, request: web.Request) -> Addon:
-        """Return addon, throw an exception it it doesn't exist."""
+        """Return addon, throw an exception if it doesn't exist."""
-        addon_slug: str = request.match_info.get("addon")
+        addon_slug: str = request.match_info["addon"]
        # Lookup itself
        if addon_slug == "self":
@@ -142,18 +169,14 @@ class APIAddons(CoreSysAttributes):
        addon = self.sys_addons.get(addon_slug)
        if not addon:
-            raise APIError(f"Addon {addon_slug} does not exist")
+            raise APINotFound(f"Addon {addon_slug} does not exist")
        return addon
    def _extract_addon_installed(self, request: web.Request) -> Addon:
        addon = self._extract_addon(request)
        if not isinstance(addon, Addon) or not addon.is_installed:
-            raise APIError("Addon is not installed")
+            raise APIAddonNotInstalled("Addon is not installed")
        return addon
    @api_process
-    async def list(self, request: web.Request) -> Dict[str, Any]:
+    async def list_addons(self, request: web.Request) -> dict[str, Any]:
        """Return all add-ons or repositories."""
        data_addons = [
            {
@@ -162,44 +185,33 @@ class APIAddons(CoreSysAttributes):
                ATTR_DESCRIPTON: addon.description,
                ATTR_ADVANCED: addon.advanced,
                ATTR_STAGE: addon.stage,
-                ATTR_VERSION: addon.version if addon.is_installed else None,
+                ATTR_VERSION: addon.version,
                ATTR_VERSION_LATEST: addon.latest_version,
-                ATTR_UPDATE_AVAILABLE: addon.need_update
+                ATTR_UPDATE_AVAILABLE: addon.need_update,
                if addon.is_installed
                else False,
                ATTR_INSTALLED: addon.is_installed,
                ATTR_AVAILABLE: addon.available,
                ATTR_DETACHED: addon.is_detached,
                ATTR_HOMEASSISTANT: addon.homeassistant_version,
                ATTR_STATE: addon.state,
                ATTR_REPOSITORY: addon.repository,
                ATTR_BUILD: addon.need_build,
                ATTR_URL: addon.url,
                ATTR_ICON: addon.with_icon,
                ATTR_LOGO: addon.with_logo,
                ATTR_SYSTEM_MANAGED: addon.system_managed,
            }
-            for addon in self.sys_addons.all
+            for addon in self.sys_addons.installed
        ]
-        data_repositories = [
+        return {ATTR_ADDONS: data_addons}
            {
                ATTR_SLUG: repository.slug,
                ATTR_NAME: repository.name,
                ATTR_SOURCE: repository.source,
                ATTR_URL: repository.url,
                ATTR_MAINTAINER: repository.maintainer,
            }
            for repository in self.sys_store.all
        ]
        return {ATTR_ADDONS: data_addons, ATTR_REPOSITORIES: data_repositories}
    @api_process
    async def reload(self, request: web.Request) -> None:
        """Reload all add-on data from store."""
        await asyncio.shield(self.sys_store.reload())
-    @api_process
+    async def info(self, request: web.Request) -> dict[str, Any]:
    async def info(self, request: web.Request) -> Dict[str, Any]:
        """Return add-on information."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon: Addon = self.get_addon_for_request(request)
        data = {
            ATTR_NAME: addon.name,
@@ -207,16 +219,14 @@ class APIAddons(CoreSysAttributes):
            ATTR_HOSTNAME: addon.hostname,
            ATTR_DNS: addon.dns,
            ATTR_DESCRIPTON: addon.description,
-            ATTR_LONG_DESCRIPTION: addon.long_description,
+            ATTR_LONG_DESCRIPTION: await addon.long_description(),
            ATTR_ADVANCED: addon.advanced,
            ATTR_STAGE: addon.stage,
            ATTR_AUTO_UPDATE: None,
            ATTR_REPOSITORY: addon.repository,
            ATTR_VERSION: None,
            ATTR_VERSION_LATEST: addon.latest_version,
            ATTR_UPDATE_AVAILABLE: False,
            ATTR_PROTECTED: addon.protected,
            ATTR_RATING: rating_security(addon),
            ATTR_BOOT_CONFIG: addon.boot_config,
            ATTR_BOOT: addon.boot,
            ATTR_OPTIONS: addon.options,
            ATTR_SCHEMA: addon.schema_ui,
@@ -224,7 +234,6 @@ class APIAddons(CoreSysAttributes):
            ATTR_MACHINE: addon.supported_machine,
            ATTR_HOMEASSISTANT: addon.homeassistant_version,
            ATTR_URL: addon.url,
            ATTR_STATE: AddonState.UNKNOWN,
            ATTR_DETACHED: addon.is_detached,
            ATTR_AVAILABLE: addon.available,
            ATTR_BUILD: addon.need_build,
@@ -233,75 +242,67 @@ class APIAddons(CoreSysAttributes):
            ATTR_HOST_NETWORK: addon.host_network,
            ATTR_HOST_PID: addon.host_pid,
            ATTR_HOST_IPC: addon.host_ipc,
            ATTR_HOST_UTS: addon.host_uts,
            ATTR_HOST_DBUS: addon.host_dbus,
            ATTR_PRIVILEGED: addon.privileged,
            ATTR_FULL_ACCESS: addon.with_full_access,
            ATTR_APPARMOR: addon.apparmor,
            ATTR_DEVICES: _pretty_devices(addon),
            ATTR_ICON: addon.with_icon,
            ATTR_LOGO: addon.with_logo,
            ATTR_CHANGELOG: addon.with_changelog,
            ATTR_DOCUMENTATION: addon.with_documentation,
            ATTR_STDIN: addon.with_stdin,
            ATTR_WEBUI: None,
            ATTR_HASSIO_API: addon.access_hassio_api,
            ATTR_HASSIO_ROLE: addon.hassio_role,
            ATTR_AUTH_API: addon.access_auth_api,
            ATTR_HOMEASSISTANT_API: addon.access_homeassistant_api,
            ATTR_GPIO: addon.with_gpio,
            ATTR_USB: addon.with_usb,
            ATTR_UART: addon.with_uart,
            ATTR_KERNEL_MODULES: addon.with_kernel_modules,
            ATTR_DEVICETREE: addon.with_devicetree,
            ATTR_UDEV: addon.with_udev,
            ATTR_DOCKER_API: addon.access_docker_api,
            ATTR_VIDEO: addon.with_video,
            ATTR_AUDIO: addon.with_audio,
            ATTR_AUDIO_INPUT: None,
            ATTR_AUDIO_OUTPUT: None,
            ATTR_STARTUP: addon.startup,
            ATTR_SERVICES: _pretty_services(addon),
            ATTR_DISCOVERY: addon.discovery,
-            ATTR_IP_ADDRESS: None,
+            ATTR_TRANSLATIONS: addon.translations,
            ATTR_INGRESS: addon.with_ingress,
-            ATTR_INGRESS_ENTRY: None,
+            ATTR_SIGNED: addon.signed,
-            ATTR_INGRESS_URL: None,
+            ATTR_STATE: addon.state,
-            ATTR_INGRESS_PORT: None,
+            ATTR_WEBUI: addon.webui,
-            ATTR_INGRESS_PANEL: None,
+            ATTR_INGRESS_ENTRY: addon.ingress_entry,
-            ATTR_WATCHDOG: None,
+            ATTR_INGRESS_URL: addon.ingress_url,
            ATTR_INGRESS_PORT: addon.ingress_port,
            ATTR_INGRESS_PANEL: addon.ingress_panel,
            ATTR_AUDIO_INPUT: addon.audio_input,
            ATTR_AUDIO_OUTPUT: addon.audio_output,
            ATTR_AUTO_UPDATE: addon.auto_update,
            ATTR_IP_ADDRESS: str(addon.ip_address),
            ATTR_VERSION: addon.version,
            ATTR_UPDATE_AVAILABLE: addon.need_update,
            ATTR_WATCHDOG: addon.watchdog,
            ATTR_DEVICES: addon.static_devices
            + [device.path for device in addon.devices],
            ATTR_SYSTEM_MANAGED: addon.system_managed,
            ATTR_SYSTEM_MANAGED_CONFIG_ENTRY: addon.system_managed_config_entry,
        }
        if isinstance(addon, Addon) and addon.is_installed:
            data.update(
                {
                    ATTR_STATE: addon.state,
                    ATTR_WEBUI: addon.webui,
                    ATTR_INGRESS_ENTRY: addon.ingress_entry,
                    ATTR_INGRESS_URL: addon.ingress_url,
                    ATTR_INGRESS_PORT: addon.ingress_port,
                    ATTR_INGRESS_PANEL: addon.ingress_panel,
                    ATTR_AUDIO_INPUT: addon.audio_input,
                    ATTR_AUDIO_OUTPUT: addon.audio_output,
                    ATTR_AUTO_UPDATE: addon.auto_update,
                    ATTR_IP_ADDRESS: str(addon.ip_address),
                    ATTR_VERSION: addon.version,
                    ATTR_UPDATE_AVAILABLE: addon.need_update,
                    ATTR_WATCHDOG: addon.watchdog,
                }
            )
        return data
    @api_process
    async def options(self, request: web.Request) -> None:
        """Store user options for add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
        # Update secrets for validation
        await self.sys_homeassistant.secrets.reload()
        # Extend schema with add-on specific validation
        addon_schema = SCHEMA_OPTIONS.extend(
-            {vol.Optional(ATTR_OPTIONS): vol.Any(None, addon.schema)}
+            {vol.Optional(ATTR_OPTIONS): vol.Maybe(addon.schema)}
        )
        # Validate/Process Body
@@ -309,6 +310,10 @@ class APIAddons(CoreSysAttributes):
        if ATTR_OPTIONS in body:
            addon.options = body[ATTR_OPTIONS]
        if ATTR_BOOT in body:
            if addon.boot_config == AddonBootConfig.MANUAL_ONLY:
                raise APIError(
                    f"Addon {addon.slug} boot option is set to {addon.boot_config} so it cannot be changed"
                )
            addon.boot = body[ATTR_BOOT]
        if ATTR_AUTO_UPDATE in body:
            addon.auto_update = body[ATTR_AUTO_UPDATE]
@@ -324,37 +329,92 @@ class APIAddons(CoreSysAttributes):
        if ATTR_WATCHDOG in body:
            addon.watchdog = body[ATTR_WATCHDOG]
-        addon.save_persist()
+        await addon.save_persist()
    @api_process
-    async def options_validate(self, request: web.Request) -> None:
+    async def sys_options(self, request: web.Request) -> None:
        """Store system options for an add-on."""
        addon = self.get_addon_for_request(request)
        # Validate/Process Body
        body = await api_validate(SCHEMA_SYS_OPTIONS, request)
        if ATTR_SYSTEM_MANAGED in body:
            addon.system_managed = body[ATTR_SYSTEM_MANAGED]
        if ATTR_SYSTEM_MANAGED_CONFIG_ENTRY in body:
            addon.system_managed_config_entry = body[ATTR_SYSTEM_MANAGED_CONFIG_ENTRY]
        await addon.save_persist()
    @api_process
    async def options_validate(self, request: web.Request) -> OptionsValidateResponse:
        """Validate user options for add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
-        data = {ATTR_MESSAGE: "", ATTR_VALID: True}
+        data = OptionsValidateResponse(message="", valid=True, pwned=False)
        options = await request.json(loads=json_loads) or addon.options
        # Validate config
        options_schema = addon.schema
        try:
-            addon.schema(addon.options)
+            options_schema.validate(options)
        except vol.Invalid as ex:
-            data[ATTR_MESSAGE] = humanize_error(addon.options, ex)
+            data["message"] = humanize_error(options, ex)
-            data[ATTR_VALID] = False
+            data["valid"] = False
        if not self.sys_security.pwned:
            return data
        # Pwned check
        for secret in options_schema.pwned:
            try:
                await self.sys_security.verify_secret(secret)
                continue
            except PwnedSecret:
                data["pwned"] = True
            except PwnedError:
                data["pwned"] = None
            break
        if self.sys_security.force and data["pwned"] in (None, True):
            data["valid"] = False
            if data["pwned"] is None:
                data["message"] = "Error happening on pwned secrets check!"
            else:
                data["message"] = "Add-on uses pwned secrets!"
        return data
    @api_process
    async def options_config(self, request: web.Request) -> None:
        """Validate user options for add-on."""
        slug: str = request.match_info["addon"]
        if slug != "self":
            raise APIForbidden("This can be only read by the Add-on itself!")
        addon = self.get_addon_for_request(request)
        # Lookup/reload secrets
        await self.sys_homeassistant.secrets.reload()
        try:
            return addon.schema.validate(addon.options)
        except vol.Invalid:
            raise APIError("Invalid configuration data for the add-on") from None
    @api_process
    async def security(self, request: web.Request) -> None:
        """Store security options for add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
-        body: Dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
+        body: dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
        if ATTR_PROTECTED in body:
            _LOGGER.warning("Changing protected flag for %s!", addon.slug)
            addon.protected = body[ATTR_PROTECTED]
-        addon.save_persist()
+        await addon.save_persist()
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
        stats: DockerStats = await addon.stats()
@@ -370,97 +430,51 @@ class APIAddons(CoreSysAttributes):
        }
    @api_process
-    def install(self, request: web.Request) -> Awaitable[None]:
+    async def uninstall(self, request: web.Request) -> Awaitable[None]:
        """Install add-on."""
        addon = self._extract_addon(request)
        return asyncio.shield(addon.install())
    @api_process
    def uninstall(self, request: web.Request) -> Awaitable[None]:
        """Uninstall add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
-        return asyncio.shield(addon.uninstall())
+        body: dict[str, Any] = await api_validate(SCHEMA_UNINSTALL, request)
        return await asyncio.shield(
            self.sys_addons.uninstall(
                addon.slug, remove_config=body[ATTR_REMOVE_CONFIG]
            )
        )
    @api_process
-    def start(self, request: web.Request) -> Awaitable[None]:
+    async def start(self, request: web.Request) -> None:
        """Start add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
-        return asyncio.shield(addon.start())
+        if start_task := await asyncio.shield(addon.start()):
            await start_task
    @api_process
    def stop(self, request: web.Request) -> Awaitable[None]:
        """Stop add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
        return asyncio.shield(addon.stop())
    @api_process
-    def update(self, request: web.Request) -> Awaitable[None]:
+    async def restart(self, request: web.Request) -> None:
        """Update add-on."""
        addon: Addon = self._extract_addon_installed(request)
        return asyncio.shield(addon.update())
    @api_process
    def restart(self, request: web.Request) -> Awaitable[None]:
        """Restart add-on."""
-        addon: Addon = self._extract_addon_installed(request)
+        addon: Addon = self.get_addon_for_request(request)
-        return asyncio.shield(addon.restart())
+        if start_task := await asyncio.shield(addon.restart()):
            await start_task
    @api_process
-    def rebuild(self, request: web.Request) -> Awaitable[None]:
+    async def rebuild(self, request: web.Request) -> None:
        """Rebuild local build add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
-        return asyncio.shield(addon.rebuild())
+        body: dict[str, Any] = await api_validate(SCHEMA_REBUILD, request)
-    @api_process_raw(CONTENT_TYPE_BINARY)
+        if start_task := await asyncio.shield(
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
+            self.sys_addons.rebuild(addon.slug, force=body[ATTR_FORCE])
-        """Return logs from add-on."""
+        ):
-        addon = self._extract_addon_installed(request)
+            await start_task
        return addon.logs()
    @api_process_raw(CONTENT_TYPE_PNG)
    async def icon(self, request: web.Request) -> bytes:
        """Return icon from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_icon:
            raise APIError(f"No icon found for add-on {addon.slug}!")
        with addon.path_icon.open("rb") as png:
            return png.read()
    @api_process_raw(CONTENT_TYPE_PNG)
    async def logo(self, request: web.Request) -> bytes:
        """Return logo from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_logo:
            raise APIError(f"No logo found for add-on {addon.slug}!")
        with addon.path_logo.open("rb") as png:
            return png.read()
    @api_process_raw(CONTENT_TYPE_TEXT)
    async def changelog(self, request: web.Request) -> str:
        """Return changelog from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_changelog:
            raise APIError(f"No changelog found for add-on {addon.slug}!")
        with addon.path_changelog.open("r") as changelog:
            return changelog.read()
    @api_process_raw(CONTENT_TYPE_TEXT)
    async def documentation(self, request: web.Request) -> str:
        """Return documentation from add-on."""
        addon = self._extract_addon(request)
        if not addon.with_documentation:
            raise APIError(f"No documentation found for add-on {addon.slug}!")
        with addon.path_documentation.open("r") as documentation:
            return documentation.read()
    @api_process
    async def stdin(self, request: web.Request) -> None:
        """Write to stdin of add-on."""
-        addon = self._extract_addon_installed(request)
+        addon = self.get_addon_for_request(request)
        if not addon.with_stdin:
            raise APIError(f"STDIN not supported the {addon.slug} add-on")
@@ -468,14 +482,6 @@ class APIAddons(CoreSysAttributes):
        await asyncio.shield(addon.write_stdin(data))
-def _pretty_devices(addon: AnyAddon) -> List[str]:
+def _pretty_services(addon: Addon) -> list[str]:
    """Return a simplified device list."""
    dev_list = addon.devices
    if not dev_list:
        return []
    return [row.split(":")[0] for row in dev_list]
 def _pretty_services(addon: AnyAddon) -> List[str]:
    """Return a simplified services role list."""
    return [f"{name}:{access}" for name, access in addon.services_role.items()]
--- a/supervisor/api/audio.py
+++ b/supervisor/api/audio.py
@@ -1,10 +1,12 @@
 """Init file for Supervisor Audio RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 from dataclasses import asdict
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import attr
 import voluptuous as vol
 from ..const import (
@@ -29,13 +31,12 @@ from ..const import (
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    ATTR_VOLUME,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..host.sound import StreamType
 from ..validate import version_tag
-from .utils import api_process, api_process_raw, api_validate
+from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -56,10 +57,10 @@ SCHEMA_MUTE = vol.Schema(
    }
 )
-SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): vol.Coerce(str)})
+SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): str})
 SCHEMA_PROFILE = vol.Schema(
-    {vol.Required(ATTR_CARD): vol.Coerce(str), vol.Required(ATTR_NAME): vol.Coerce(str)}
+    {vol.Required(ATTR_CARD): str, vol.Required(ATTR_NAME): str}
 )
@@ -67,7 +68,7 @@ class APIAudio(CoreSysAttributes):
    """Handle RESTful API for Audio functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return Audio information."""
        return {
            ATTR_VERSION: self.sys_plugins.audio.version,
@@ -75,21 +76,17 @@ class APIAudio(CoreSysAttributes):
            ATTR_UPDATE_AVAILABLE: self.sys_plugins.audio.need_update,
            ATTR_HOST: str(self.sys_docker.network.audio),
            ATTR_AUDIO: {
-                ATTR_CARD: [attr.asdict(card) for card in self.sys_host.sound.cards],
+                ATTR_CARD: [asdict(card) for card in self.sys_host.sound.cards],
-                ATTR_INPUT: [
+                ATTR_INPUT: [asdict(stream) for stream in self.sys_host.sound.inputs],
-                    attr.asdict(stream) for stream in self.sys_host.sound.inputs
+                ATTR_OUTPUT: [asdict(stream) for stream in self.sys_host.sound.outputs],
                ],
                ATTR_OUTPUT: [
                    attr.asdict(stream) for stream in self.sys_host.sound.outputs
                ],
                ATTR_APPLICATION: [
-                    attr.asdict(stream) for stream in self.sys_host.sound.applications
+                    asdict(stream) for stream in self.sys_host.sound.applications
                ],
            },
        }
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.audio.stats()
@@ -114,11 +111,6 @@ class APIAudio(CoreSysAttributes):
            raise APIError(f"Version {version} is already in use")
        await asyncio.shield(self.sys_plugins.audio.update(version))
    @api_process_raw(CONTENT_TYPE_BINARY)
    def logs(self, request: web.Request) -> Awaitable[bytes]:
        """Return Audio Docker logs."""
        return self.sys_plugins.audio.logs()
    @api_process
    def restart(self, request: web.Request) -> Awaitable[None]:
        """Restart Audio plugin."""
@@ -132,7 +124,7 @@ class APIAudio(CoreSysAttributes):
    @api_process
    async def set_volume(self, request: web.Request) -> None:
        """Set audio volume on stream."""
-        source: StreamType = StreamType(request.match_info.get("source"))
+        source: StreamType = StreamType(request.match_info["source"])
        application: bool = request.path.endswith("application")
        body = await api_validate(SCHEMA_VOLUME, request)
@@ -145,7 +137,7 @@ class APIAudio(CoreSysAttributes):
    @api_process
    async def set_mute(self, request: web.Request) -> None:
        """Mute audio volume on stream."""
-        source: StreamType = StreamType(request.match_info.get("source"))
+        source: StreamType = StreamType(request.match_info["source"])
        application: bool = request.path.endswith("application")
        body = await api_validate(SCHEMA_MUTE, request)
@@ -158,7 +150,7 @@ class APIAudio(CoreSysAttributes):
    @api_process
    async def set_default(self, request: web.Request) -> None:
        """Set audio default stream."""
-        source: StreamType = StreamType(request.match_info.get("source"))
+        source: StreamType = StreamType(request.match_info["source"])
        body = await api_validate(SCHEMA_DEFAULT, request)
        await asyncio.shield(self.sys_host.sound.set_default(source, body[ATTR_NAME]))
--- a/supervisor/api/auth.py
+++ b/supervisor/api/auth.py
@@ -1,35 +1,42 @@
 """Init file for Supervisor auth/SSO RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Dict
+from typing import Any, cast
 from aiohttp import BasicAuth, web
 from aiohttp.hdrs import AUTHORIZATION, CONTENT_TYPE, WWW_AUTHENTICATE
 from aiohttp.web import FileField
 from aiohttp.web_exceptions import HTTPUnauthorized
 from multidict import MultiDictProxy
 import voluptuous as vol
 from ..addons.addon import Addon
-from ..const import (
+from ..const import ATTR_NAME, ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
    ATTR_PASSWORD,
    ATTR_USERNAME,
    CONTENT_TYPE_JSON,
    CONTENT_TYPE_URL,
    REQUEST_FROM,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIForbidden
-from .utils import api_process, api_validate
+from .const import (
    ATTR_GROUP_IDS,
    ATTR_IS_ACTIVE,
    ATTR_IS_OWNER,
    ATTR_LOCAL_ONLY,
    ATTR_USERS,
    CONTENT_TYPE_JSON,
    CONTENT_TYPE_URL,
 )
 from .utils import api_process, api_validate, json_loads
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_PASSWORD_RESET = vol.Schema(
    {
-        vol.Required(ATTR_USERNAME): vol.Coerce(str),
+        vol.Required(ATTR_USERNAME): str,
-        vol.Required(ATTR_PASSWORD): vol.Coerce(str),
+        vol.Required(ATTR_PASSWORD): str,
    }
 )
-REALM_HEADER: Dict[str, str] = {
+REALM_HEADER: dict[str, str] = {
    WWW_AUTHENTICATE: 'Basic realm="Home Assistant Authentication"'
 }
@@ -37,7 +44,7 @@ REALM_HEADER: Dict[str, str] = {
 class APIAuth(CoreSysAttributes):
    """Handle RESTful API for auth functions."""
-    def _process_basic(self, request: web.Request, addon: Addon) -> bool:
+    def _process_basic(self, request: web.Request, addon: Addon) -> Awaitable[bool]:
        """Process login request with basic auth.
        Return a coroutine.
@@ -46,8 +53,11 @@ class APIAuth(CoreSysAttributes):
        return self.sys_auth.check_login(addon, auth.login, auth.password)
    def _process_dict(
-        self, request: web.Request, addon: Addon, data: Dict[str, str]
+        self,
-    ) -> bool:
+        request: web.Request,
        addon: Addon,
        data: dict[str, Any] | MultiDictProxy[str | bytes | FileField],
    ) -> Awaitable[bool]:
        """Process login with dict data.
        Return a coroutine.
@@ -55,14 +65,22 @@ class APIAuth(CoreSysAttributes):
        username = data.get("username") or data.get("user")
        password = data.get("password")
-        return self.sys_auth.check_login(addon, username, password)
+        # Test that we did receive strings and not something else, raise if so
        try:
            _ = username.encode and password.encode  # type: ignore
        except AttributeError:
            raise HTTPUnauthorized(headers=REALM_HEADER) from None
        return self.sys_auth.check_login(
            addon, cast(str, username), cast(str, password)
        )
    @api_process
    async def auth(self, request: web.Request) -> bool:
        """Process login request."""
        addon = request[REQUEST_FROM]
-        if not addon.access_auth_api:
+        if not isinstance(addon, Addon) or not addon.access_auth_api:
            raise APIForbidden("Can't use Home Assistant auth!")
        # BasicAuth
@@ -73,20 +91,25 @@ class APIAuth(CoreSysAttributes):
        # Json
        if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON:
-            data = await request.json()
+            data = await request.json(loads=json_loads)
-            return await self._process_dict(request, addon, data)
+            if not await self._process_dict(request, addon, data):
                raise HTTPUnauthorized()
            return True
        # URL encoded
        if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_URL:
            data = await request.post()
-            return await self._process_dict(request, addon, data)
+            if not await self._process_dict(request, addon, data):
                raise HTTPUnauthorized()
            return True
        # Advertise Basic authentication by default
        raise HTTPUnauthorized(headers=REALM_HEADER)
    @api_process
    async def reset(self, request: web.Request) -> None:
        """Process reset password request."""
-        body: Dict[str, str] = await api_validate(SCHEMA_PASSWORD_RESET, request)
+        body: dict[str, str] = await api_validate(SCHEMA_PASSWORD_RESET, request)
        await asyncio.shield(
            self.sys_auth.change_password(body[ATTR_USERNAME], body[ATTR_PASSWORD])
        )
@@ -94,4 +117,22 @@ class APIAuth(CoreSysAttributes):
    @api_process
    async def cache(self, request: web.Request) -> None:
        """Process cache reset request."""
-        self.sys_auth.reset_data()
+        await self.sys_auth.reset_data()
    @api_process
    async def list_users(self, request: web.Request) -> dict[str, list[dict[str, Any]]]:
        """List users on the Home Assistant instance."""
        return {
            ATTR_USERS: [
                {
                    ATTR_USERNAME: user[ATTR_USERNAME],
                    ATTR_NAME: user[ATTR_NAME],
                    ATTR_IS_OWNER: user[ATTR_IS_OWNER],
                    ATTR_IS_ACTIVE: user[ATTR_IS_ACTIVE],
                    ATTR_LOCAL_ONLY: user[ATTR_LOCAL_ONLY],
                    ATTR_GROUP_IDS: user[ATTR_GROUP_IDS],
                }
                for user in await self.sys_auth.list_users()
                if user[ATTR_USERNAME]
            ]
        }
--- a/supervisor/api/backups.py
+++ b/supervisor/api/backups.py
@@ -0,0 +1,579 @@
 """Backups RESTful API."""
 from __future__ import annotations
 import asyncio
 from collections.abc import Callable
 import errno
 from io import IOBase
 import logging
 from pathlib import Path
 import re
 from tempfile import TemporaryDirectory
 from typing import Any, cast
 from aiohttp import BodyPartReader, web
 from aiohttp.hdrs import CONTENT_DISPOSITION
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 from ..backups.backup import Backup
 from ..backups.const import LOCATION_CLOUD_BACKUP, LOCATION_TYPE
 from ..backups.validate import ALL_FOLDERS, FOLDER_HOMEASSISTANT, days_until_stale
 from ..const import (
    ATTR_ADDONS,
    ATTR_BACKUPS,
    ATTR_COMPRESSED,
    ATTR_CONTENT,
    ATTR_DATE,
    ATTR_DAYS_UNTIL_STALE,
    ATTR_EXTRA,
    ATTR_FILENAME,
    ATTR_FOLDERS,
    ATTR_HOMEASSISTANT,
    ATTR_HOMEASSISTANT_EXCLUDE_DATABASE,
    ATTR_JOB_ID,
    ATTR_LOCATION,
    ATTR_NAME,
    ATTR_PASSWORD,
    ATTR_PROTECTED,
    ATTR_REPOSITORIES,
    ATTR_SIZE,
    ATTR_SIZE_BYTES,
    ATTR_SLUG,
    ATTR_SUPERVISOR_VERSION,
    ATTR_TIMEOUT,
    ATTR_TYPE,
    ATTR_VERSION,
    REQUEST_FROM,
    BusEvent,
    CoreState,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError, APIForbidden, APINotFound
 from ..jobs import JobSchedulerOptions, SupervisorJob
 from ..mounts.const import MountUsage
 from ..resolution.const import UnhealthyReason
 from .const import (
    ATTR_ADDITIONAL_LOCATIONS,
    ATTR_BACKGROUND,
    ATTR_LOCATION_ATTRIBUTES,
    ATTR_LOCATIONS,
    CONTENT_TYPE_TAR,
 )
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 ALL_ADDONS_FLAG = "ALL"
 LOCATION_LOCAL = ".local"
 RE_SLUGIFY_NAME = re.compile(r"[^A-Za-z0-9]+")
 RE_BACKUP_FILENAME = re.compile(r"^[^\\\/]+\.tar$")
 # Backwards compatible
 # Remove: 2022.08
 _ALL_FOLDERS = ALL_FOLDERS + [FOLDER_HOMEASSISTANT]
 def _ensure_list(item: Any) -> list:
    """Ensure value is a list."""
    if not isinstance(item, list):
        return [item]
    return item
 def _convert_local_location(item: str | None) -> str | None:
    """Convert local location value."""
    if item in {LOCATION_LOCAL, ""}:
        return None
    return item
 # pylint: disable=no-value-for-parameter
 SCHEMA_FOLDERS = vol.All([vol.In(_ALL_FOLDERS)], vol.Unique())
 SCHEMA_LOCATION = vol.All(vol.Maybe(str), _convert_local_location)
 SCHEMA_LOCATION_LIST = vol.All(_ensure_list, [SCHEMA_LOCATION], vol.Unique())
 SCHEMA_RESTORE_FULL = vol.Schema(
    {
        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
        vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION,
    }
 )
 SCHEMA_RESTORE_PARTIAL = SCHEMA_RESTORE_FULL.extend(
    {
        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
        vol.Optional(ATTR_FOLDERS): SCHEMA_FOLDERS,
    }
 )
 SCHEMA_BACKUP_FULL = vol.Schema(
    {
        vol.Optional(ATTR_NAME): str,
        vol.Optional(ATTR_FILENAME): vol.Match(RE_BACKUP_FILENAME),
        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
        vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
        vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION_LIST,
        vol.Optional(ATTR_HOMEASSISTANT_EXCLUDE_DATABASE): vol.Boolean(),
        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
        vol.Optional(ATTR_EXTRA): dict,
    }
 )
 SCHEMA_BACKUP_PARTIAL = SCHEMA_BACKUP_FULL.extend(
    {
        vol.Optional(ATTR_ADDONS): vol.Or(
            ALL_ADDONS_FLAG, vol.All([str], vol.Unique())
        ),
        vol.Optional(ATTR_FOLDERS): SCHEMA_FOLDERS,
        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
    }
 )
 SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_DAYS_UNTIL_STALE): days_until_stale})
 SCHEMA_FREEZE = vol.Schema({vol.Optional(ATTR_TIMEOUT): vol.All(int, vol.Range(min=1))})
 SCHEMA_REMOVE = vol.Schema({vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION_LIST})
 class APIBackups(CoreSysAttributes):
    """Handle RESTful API for backups functions."""
    def _extract_slug(self, request):
        """Return backup, throw an exception if it doesn't exist."""
        backup = self.sys_backups.get(request.match_info.get("slug"))
        if not backup:
            raise APINotFound("Backup does not exist")
        return backup
    def _make_location_attributes(self, backup: Backup) -> dict[str, dict[str, Any]]:
        """Make location attributes dictionary."""
        return {
            loc if loc else LOCATION_LOCAL: {
                ATTR_PROTECTED: backup.all_locations[loc].protected,
                ATTR_SIZE_BYTES: backup.all_locations[loc].size_bytes,
            }
            for loc in backup.locations
        }
    def _list_backups(self):
        """Return list of backups."""
        return [
            {
                ATTR_SLUG: backup.slug,
                ATTR_NAME: backup.name,
                ATTR_DATE: backup.date,
                ATTR_TYPE: backup.sys_type,
                ATTR_SIZE: backup.size,
                ATTR_SIZE_BYTES: backup.size_bytes,
                ATTR_LOCATION: backup.location,
                ATTR_LOCATIONS: backup.locations,
                ATTR_PROTECTED: backup.protected,
                ATTR_LOCATION_ATTRIBUTES: self._make_location_attributes(backup),
                ATTR_COMPRESSED: backup.compressed,
                ATTR_CONTENT: {
                    ATTR_HOMEASSISTANT: backup.homeassistant_version is not None,
                    ATTR_ADDONS: backup.addon_list,
                    ATTR_FOLDERS: backup.folders,
                },
            }
            for backup in self.sys_backups.list_backups
            if backup.location != LOCATION_CLOUD_BACKUP
        ]
    @api_process
    async def list_backups(self, request):
        """Return backup list."""
        data_backups = self._list_backups()
        if request.path == "/snapshots":
            # Kept for backwards compability
            return {"snapshots": data_backups}
        return {ATTR_BACKUPS: data_backups}
    @api_process
    async def info(self, request):
        """Return backup list and manager info."""
        return {
            ATTR_BACKUPS: self._list_backups(),
            ATTR_DAYS_UNTIL_STALE: self.sys_backups.days_until_stale,
        }
    @api_process
    async def options(self, request):
        """Set backup manager options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        if ATTR_DAYS_UNTIL_STALE in body:
            self.sys_backups.days_until_stale = body[ATTR_DAYS_UNTIL_STALE]
        await self.sys_backups.save_data()
    @api_process
    async def reload(self, _):
        """Reload backup list."""
        await asyncio.shield(self.sys_backups.reload())
        return True
    @api_process
    async def backup_info(self, request):
        """Return backup info."""
        backup = self._extract_slug(request)
        data_addons = []
        for addon_data in backup.addons:
            data_addons.append(
                {
                    ATTR_SLUG: addon_data[ATTR_SLUG],
                    ATTR_NAME: addon_data[ATTR_NAME],
                    ATTR_VERSION: addon_data[ATTR_VERSION],
                    ATTR_SIZE: addon_data[ATTR_SIZE],
                }
            )
        return {
            ATTR_SLUG: backup.slug,
            ATTR_TYPE: backup.sys_type,
            ATTR_NAME: backup.name,
            ATTR_DATE: backup.date,
            ATTR_SIZE: backup.size,
            ATTR_SIZE_BYTES: backup.size_bytes,
            ATTR_COMPRESSED: backup.compressed,
            ATTR_PROTECTED: backup.protected,
            ATTR_LOCATION_ATTRIBUTES: self._make_location_attributes(backup),
            ATTR_SUPERVISOR_VERSION: backup.supervisor_version,
            ATTR_HOMEASSISTANT: backup.homeassistant_version,
            ATTR_LOCATION: backup.location,
            ATTR_LOCATIONS: backup.locations,
            ATTR_ADDONS: data_addons,
            ATTR_REPOSITORIES: backup.repositories,
            ATTR_FOLDERS: backup.folders,
            ATTR_HOMEASSISTANT_EXCLUDE_DATABASE: backup.homeassistant_exclude_database,
            ATTR_EXTRA: backup.extra,
        }
    def _location_to_mount(self, location: str | None) -> LOCATION_TYPE:
        """Convert a single location to a mount if possible."""
        if not location or location == LOCATION_CLOUD_BACKUP:
            return cast(LOCATION_TYPE, location)
        mount = self.sys_mounts.get(location)
        if mount.usage != MountUsage.BACKUP:
            raise APIError(
                f"Mount {mount.name} is not used for backups, cannot backup to there"
            )
        return mount
    def _location_field_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
        """Change location field to mount if necessary."""
        body[ATTR_LOCATION] = self._location_to_mount(body.get(ATTR_LOCATION))
        return body
    def _validate_cloud_backup_location(
        self, request: web.Request, location: list[str | None] | str | None
    ) -> None:
        """Cloud backup location is only available to Home Assistant."""
        if not isinstance(location, list):
            location = [location]
        if (
            LOCATION_CLOUD_BACKUP in location
            and request.get(REQUEST_FROM) != self.sys_homeassistant
        ):
            raise APIForbidden(
                f"Location {LOCATION_CLOUD_BACKUP} is only available for Home Assistant"
            )
    async def _background_backup_task(
        self, backup_method: Callable, *args, **kwargs
    ) -> tuple[asyncio.Task, str]:
        """Start backup task in  background and return task and job ID."""
        event = asyncio.Event()
        job, backup_task = cast(
            tuple[SupervisorJob, asyncio.Task],
            self.sys_jobs.schedule_job(
                backup_method, JobSchedulerOptions(), *args, **kwargs
            ),
        )
        async def release_on_freeze(new_state: CoreState):
            if new_state == CoreState.FREEZE:
                event.set()
        # Wait for system to get into freeze state before returning
        # If the backup fails validation it will raise before getting there
        listener = self.sys_bus.register_event(
            BusEvent.SUPERVISOR_STATE_CHANGE, release_on_freeze
        )
        try:
            event_task = self.sys_create_task(event.wait())
            _, pending = await asyncio.wait(
                (backup_task, event_task),
                return_when=asyncio.FIRST_COMPLETED,
            )
            # It seems backup returned early (error or something), make sure to cancel
            # the event task to avoid "Task was destroyed but it is pending!" errors.
            if event_task in pending:
                event_task.cancel()
            return (backup_task, job.uuid)
        finally:
            self.sys_bus.remove_listener(listener)
    @api_process
    async def backup_full(self, request: web.Request):
        """Create full backup."""
        body = await api_validate(SCHEMA_BACKUP_FULL, request)
        locations: list[LOCATION_TYPE] | None = None
        if ATTR_LOCATION in body:
            location_names: list[str | None] = body.pop(ATTR_LOCATION)
            self._validate_cloud_backup_location(request, location_names)
            locations = [
                self._location_to_mount(location) for location in location_names
            ]
            body[ATTR_LOCATION] = locations.pop(0)
            if locations:
                body[ATTR_ADDITIONAL_LOCATIONS] = locations
        background = body.pop(ATTR_BACKGROUND)
        backup_task, job_id = await self._background_backup_task(
            self.sys_backups.do_backup_full, **body
        )
        if background and not backup_task.done():
            return {ATTR_JOB_ID: job_id}
        backup: Backup = await backup_task
        if backup:
            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
        raise APIError(
            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
            job_id=job_id,
        )
    @api_process
    async def backup_partial(self, request: web.Request):
        """Create a partial backup."""
        body = await api_validate(SCHEMA_BACKUP_PARTIAL, request)
        locations: list[LOCATION_TYPE] | None = None
        if ATTR_LOCATION in body:
            location_names: list[str | None] = body.pop(ATTR_LOCATION)
            self._validate_cloud_backup_location(request, location_names)
            locations = [
                self._location_to_mount(location) for location in location_names
            ]
            body[ATTR_LOCATION] = locations.pop(0)
            if locations:
                body[ATTR_ADDITIONAL_LOCATIONS] = locations
        if body.get(ATTR_ADDONS) == ALL_ADDONS_FLAG:
            body[ATTR_ADDONS] = list(self.sys_addons.local)
        background = body.pop(ATTR_BACKGROUND)
        backup_task, job_id = await self._background_backup_task(
            self.sys_backups.do_backup_partial, **body
        )
        if background and not backup_task.done():
            return {ATTR_JOB_ID: job_id}
        backup: Backup = await backup_task
        if backup:
            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
        raise APIError(
            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
            job_id=job_id,
        )
    @api_process
    async def restore_full(self, request: web.Request):
        """Full restore of a backup."""
        backup = self._extract_slug(request)
        body = await api_validate(SCHEMA_RESTORE_FULL, request)
        self._validate_cloud_backup_location(
            request, body.get(ATTR_LOCATION, backup.location)
        )
        background = body.pop(ATTR_BACKGROUND)
        restore_task, job_id = await self._background_backup_task(
            self.sys_backups.do_restore_full, backup, **body
        )
        if background and not restore_task.done() or await restore_task:
            return {ATTR_JOB_ID: job_id}
        raise APIError(
            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
            job_id=job_id,
        )
    @api_process
    async def restore_partial(self, request: web.Request):
        """Partial restore a backup."""
        backup = self._extract_slug(request)
        body = await api_validate(SCHEMA_RESTORE_PARTIAL, request)
        self._validate_cloud_backup_location(
            request, body.get(ATTR_LOCATION, backup.location)
        )
        background = body.pop(ATTR_BACKGROUND)
        restore_task, job_id = await self._background_backup_task(
            self.sys_backups.do_restore_partial, backup, **body
        )
        if background and not restore_task.done() or await restore_task:
            return {ATTR_JOB_ID: job_id}
        raise APIError(
            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
            job_id=job_id,
        )
    @api_process
    async def freeze(self, request: web.Request):
        """Initiate manual freeze for external backup."""
        body = await api_validate(SCHEMA_FREEZE, request)
        await asyncio.shield(self.sys_backups.freeze_all(**body))
    @api_process
    async def thaw(self, request: web.Request):
        """Begin thaw after manual freeze."""
        await self.sys_backups.thaw_all()
    @api_process
    async def remove(self, request: web.Request):
        """Remove a backup."""
        backup = self._extract_slug(request)
        body = await api_validate(SCHEMA_REMOVE, request)
        locations: list[LOCATION_TYPE] | None = None
        if ATTR_LOCATION in body:
            self._validate_cloud_backup_location(request, body[ATTR_LOCATION])
            locations = [self._location_to_mount(name) for name in body[ATTR_LOCATION]]
        else:
            self._validate_cloud_backup_location(request, backup.location)
        await self.sys_backups.remove(backup, locations=locations)
    @api_process
    async def download(self, request: web.Request):
        """Download a backup file."""
        backup = self._extract_slug(request)
        # Query will give us '' for /backups, convert value to None
        location = _convert_local_location(
            request.query.get(ATTR_LOCATION, backup.location)
        )
        self._validate_cloud_backup_location(request, location)
        if location not in backup.all_locations:
            raise APIError(f"Backup {backup.slug} is not in location {location}")
        _LOGGER.info("Downloading backup %s", backup.slug)
        filename = backup.all_locations[location].path
        # If the file is missing, return 404 and trigger reload of location
        if not await self.sys_run_in_executor(filename.is_file):
            self.sys_create_task(self.sys_backups.reload(location))
            return web.Response(status=404)
        response = web.FileResponse(filename)
        response.content_type = CONTENT_TYPE_TAR
        download_filename = filename.name
        if download_filename == f"{backup.slug}.tar":
            download_filename = f"{RE_SLUGIFY_NAME.sub('_', backup.name)}.tar"
        response.headers[CONTENT_DISPOSITION] = (
            f"attachment; filename={download_filename}"
        )
        return response
    @api_process
    async def upload(self, request: web.Request):
        """Upload a backup file."""
        location: LOCATION_TYPE = None
        locations: list[LOCATION_TYPE] | None = None
        if ATTR_LOCATION in request.query:
            location_names: list[str] = request.query.getall(ATTR_LOCATION, [])
            self._validate_cloud_backup_location(
                request, cast(list[str | None], location_names)
            )
            # Convert empty string to None if necessary
            locations = [
                self._location_to_mount(location)
                if _convert_local_location(location)
                else None
                for location in location_names
            ]
            location = locations.pop(0)
        filename: str | None = None
        if ATTR_FILENAME in request.query:
            filename = request.query.get(ATTR_FILENAME)
            try:
                vol.Match(RE_BACKUP_FILENAME)(filename)
            except vol.Invalid as ex:
                raise APIError(humanize_error(filename, ex)) from None
        tmp_path = await self.sys_backups.get_upload_path_for_location(location)
        temp_dir: TemporaryDirectory | None = None
        backup_file_stream: IOBase | None = None
        def open_backup_file() -> Path:
            nonlocal temp_dir, backup_file_stream
            temp_dir = TemporaryDirectory(dir=tmp_path.as_posix())
            tar_file = Path(temp_dir.name, "upload.tar")
            backup_file_stream = tar_file.open("wb")
            return tar_file
        def close_backup_file() -> None:
            if backup_file_stream:
                # Make sure it got closed, in case of exception. It is safe to
                # close the file stream twice.
                backup_file_stream.close()
            if temp_dir:
                temp_dir.cleanup()
        try:
            reader = await request.multipart()
            contents = await reader.next()
            if not isinstance(contents, BodyPartReader):
                raise APIError("Improperly formatted upload, could not read backup")
            tar_file = await self.sys_run_in_executor(open_backup_file)
            while chunk := await contents.read_chunk(size=2**16):
                await self.sys_run_in_executor(
                    cast(IOBase, backup_file_stream).write, chunk
                )
            await self.sys_run_in_executor(cast(IOBase, backup_file_stream).close)
            backup = await asyncio.shield(
                self.sys_backups.import_backup(
                    tar_file,
                    filename,
                    location=location,
                    additional_locations=locations,
                )
            )
        except OSError as err:
            if err.errno == errno.EBADMSG and location in {
                LOCATION_CLOUD_BACKUP,
                None,
            }:
                self.sys_resolution.add_unhealthy_reason(
                    UnhealthyReason.OSERROR_BAD_MESSAGE
                )
            _LOGGER.error("Can't write new backup file: %s", err)
            return False
        except asyncio.CancelledError:
            return False
        finally:
            await self.sys_run_in_executor(close_backup_file)
        if backup:
            return {ATTR_SLUG: backup.slug}
        return False
--- a/supervisor/api/cli.py
+++ b/supervisor/api/cli.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor HA cli RESTful API."""
 import asyncio
 import logging
-from typing import Any, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -32,7 +33,7 @@ class APICli(CoreSysAttributes):
    """Handle RESTful API for HA Cli functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return HA cli information."""
        return {
            ATTR_VERSION: self.sys_plugins.cli.version,
@@ -41,7 +42,7 @@ class APICli(CoreSysAttributes):
        }
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.cli.stats()
--- a/supervisor/api/const.py
+++ b/supervisor/api/const.py
@@ -0,0 +1,90 @@
 """Const for API."""
 from enum import StrEnum
 CONTENT_TYPE_BINARY = "application/octet-stream"
 CONTENT_TYPE_JSON = "application/json"
 CONTENT_TYPE_PNG = "image/png"
 CONTENT_TYPE_TAR = "application/tar"
 CONTENT_TYPE_TEXT = "text/plain"
 CONTENT_TYPE_URL = "application/x-www-form-urlencoded"
 CONTENT_TYPE_X_LOG = "text/x-log"
 COOKIE_INGRESS = "ingress_session"
 ATTR_ADDITIONAL_LOCATIONS = "additional_locations"
 ATTR_AGENT_VERSION = "agent_version"
 ATTR_APPARMOR_VERSION = "apparmor_version"
 ATTR_ATTRIBUTES = "attributes"
 ATTR_AVAILABLE_UPDATES = "available_updates"
 ATTR_BACKGROUND = "background"
 ATTR_BOOT_CONFIG = "boot_config"
 ATTR_BOOT_SLOT = "boot_slot"
 ATTR_BOOT_SLOTS = "boot_slots"
 ATTR_BOOT_TIMESTAMP = "boot_timestamp"
 ATTR_BOOTS = "boots"
 ATTR_BROADCAST_LLMNR = "broadcast_llmnr"
 ATTR_BROADCAST_MDNS = "broadcast_mdns"
 ATTR_BY_ID = "by_id"
 ATTR_CHILDREN = "children"
 ATTR_CONNECTION_BUS = "connection_bus"
 ATTR_DATA_DISK = "data_disk"
 ATTR_DEVICE = "device"
 ATTR_DEV_PATH = "dev_path"
 ATTR_DISKS = "disks"
 ATTR_DRIVES = "drives"
 ATTR_DT_SYNCHRONIZED = "dt_synchronized"
 ATTR_DT_UTC = "dt_utc"
 ATTR_EJECTABLE = "ejectable"
 ATTR_FALLBACK = "fallback"
 ATTR_FILESYSTEMS = "filesystems"
 ATTR_FORCE = "force"
 ATTR_GROUP_IDS = "group_ids"
 ATTR_IDENTIFIERS = "identifiers"
 ATTR_IS_ACTIVE = "is_active"
 ATTR_IS_OWNER = "is_owner"
 ATTR_JOBS = "jobs"
 ATTR_LLMNR = "llmnr"
 ATTR_LLMNR_HOSTNAME = "llmnr_hostname"
 ATTR_LOCAL_ONLY = "local_only"
 ATTR_LOCATION_ATTRIBUTES = "location_attributes"
 ATTR_LOCATIONS = "locations"
 ATTR_MDNS = "mdns"
 ATTR_MODEL = "model"
 ATTR_MOUNTS = "mounts"
 ATTR_MOUNT_POINTS = "mount_points"
 ATTR_PANEL_PATH = "panel_path"
 ATTR_REMOVABLE = "removable"
 ATTR_REMOVE_CONFIG = "remove_config"
 ATTR_REVISION = "revision"
 ATTR_SAFE_MODE = "safe_mode"
 ATTR_SEAT = "seat"
 ATTR_SIGNED = "signed"
 ATTR_STARTUP_TIME = "startup_time"
 ATTR_STATUS = "status"
 ATTR_SUBSYSTEM = "subsystem"
 ATTR_SYSFS = "sysfs"
 ATTR_SYSTEM_HEALTH_LED = "system_health_led"
 ATTR_TIME_DETECTED = "time_detected"
 ATTR_UPDATE_TYPE = "update_type"
 ATTR_USAGE = "usage"
 ATTR_USE_NTP = "use_ntp"
 ATTR_USERS = "users"
 ATTR_USER_PATH = "user_path"
 ATTR_VENDOR = "vendor"
 ATTR_VIRTUALIZATION = "virtualization"
 class BootSlot(StrEnum):
    """Boot slots used by HAOS."""
    A = "A"
    B = "B"
 class DetectBlockingIO(StrEnum):
    """Enable/Disable detection for blocking I/O in event loop."""
    OFF = "off"
    ON = "on"
    ON_AT_STARTUP = "on-at-startup"
--- a/supervisor/api/discovery.py
+++ b/supervisor/api/discovery.py
@@ -1,6 +1,12 @@
 """Init file for Supervisor network RESTful API."""
 import logging
 from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..addons.addon import Addon
 from ..const import (
    ATTR_ADDON,
    ATTR_CONFIG,
@@ -9,16 +15,19 @@ from ..const import (
    ATTR_SERVICES,
    ATTR_UUID,
    REQUEST_FROM,
    AddonState,
 )
 from ..coresys import CoreSysAttributes
-from ..discovery.validate import valid_discovery_service
+from ..discovery import Message
-from ..exceptions import APIError, APIForbidden
+from ..exceptions import APIForbidden, APINotFound
-from .utils import api_process, api_validate
+from .utils import api_process, api_validate, require_home_assistant
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_DISCOVERY = vol.Schema(
    {
-        vol.Required(ATTR_SERVICE): valid_discovery_service,
+        vol.Required(ATTR_SERVICE): str,
-        vol.Optional(ATTR_CONFIG): vol.Maybe(dict),
+        vol.Required(ATTR_CONFIG): dict,
    }
 )
@@ -26,37 +35,36 @@ SCHEMA_DISCOVERY = vol.Schema(
 class APIDiscovery(CoreSysAttributes):
    """Handle RESTful API for discovery functions."""
-    def _extract_message(self, request):
+    def _extract_message(self, request: web.Request) -> Message:
        """Extract discovery message from URL."""
-        message = self.sys_discovery.get(request.match_info.get("uuid"))
+        message = self.sys_discovery.get(request.match_info["uuid"])
        if not message:
-            raise APIError("Discovery message not found")
+            raise APINotFound("Discovery message not found")
        return message
    def _check_permission_ha(self, request):
        """Check permission for API call / Home Assistant."""
        if request[REQUEST_FROM] != self.sys_homeassistant:
            raise APIForbidden("Only HomeAssistant can use this API!")
    @api_process
-    async def list(self, request):
+    @require_home_assistant
-        """Show register services."""
+    async def list_discovery(self, request: web.Request) -> dict[str, Any]:
-        self._check_permission_ha(request)
+        """Show registered and available services."""
        # Get available discovery
-        discovery = []
+        discovery = [
-        for message in self.sys_discovery.list_messages:
+            {
-            discovery.append(
+                ATTR_ADDON: message.addon,
-                {
+                ATTR_SERVICE: message.service,
-                    ATTR_ADDON: message.addon,
+                ATTR_UUID: message.uuid,
-                    ATTR_SERVICE: message.service,
+                ATTR_CONFIG: message.config,
-                    ATTR_UUID: message.uuid,
+            }
-                    ATTR_CONFIG: message.config,
+            for message in self.sys_discovery.list_messages
-                }
+            if (
                discovered := self.sys_addons.get_local_only(
                    message.addon,
                )
            )
            and discovered.state == AddonState.STARTED
        ]
        # Get available services/add-ons
-        services = {}
+        services: dict[str, list[str]] = {}
        for addon in self.sys_addons.all:
            for name in addon.discovery:
                services.setdefault(name, []).append(addon.slug)
@@ -64,28 +72,34 @@ class APIDiscovery(CoreSysAttributes):
        return {ATTR_DISCOVERY: discovery, ATTR_SERVICES: services}
    @api_process
-    async def set_discovery(self, request):
+    async def set_discovery(self, request: web.Request) -> dict[str, str]:
        """Write data into a discovery pipeline."""
        body = await api_validate(SCHEMA_DISCOVERY, request)
-        addon = request[REQUEST_FROM]
+        addon: Addon = request[REQUEST_FROM]
        service = body[ATTR_SERVICE]
        # Access?
        if body[ATTR_SERVICE] not in addon.discovery:
-            raise APIForbidden("Can't use discovery!")
+            _LOGGER.error(
                "Add-on %s attempted to send discovery for service %s which is not listed in its config. Please report this to the maintainer of the add-on",
                addon.name,
                service,
            )
            raise APIForbidden(
                "Add-ons must list services they provide via discovery in their config!"
            )
        # Process discovery message
-        message = self.sys_discovery.send(addon, **body)
+        message = await self.sys_discovery.send(addon, **body)
        return {ATTR_UUID: message.uuid}
    @api_process
-    async def get_discovery(self, request):
+    @require_home_assistant
    async def get_discovery(self, request: web.Request) -> dict[str, Any]:
        """Read data into a discovery message."""
        message = self._extract_message(request)
        # HomeAssistant?
        self._check_permission_ha(request)
        return {
            ATTR_ADDON: message.addon,
            ATTR_SERVICE: message.service,
@@ -94,7 +108,7 @@ class APIDiscovery(CoreSysAttributes):
        }
    @api_process
-    async def del_discovery(self, request):
+    async def del_discovery(self, request: web.Request) -> None:
        """Delete data into a discovery message."""
        message = self._extract_message(request)
        addon = request[REQUEST_FROM]
@@ -103,5 +117,4 @@ class APIDiscovery(CoreSysAttributes):
        if message.addon != addon.slug:
            raise APIForbidden("Can't remove discovery message")
-        self.sys_discovery.remove(message)
+        await self.sys_discovery.remove(message)
        return True
--- a/supervisor/api/dns.py
+++ b/supervisor/api/dns.py
@@ -1,7 +1,9 @@
 """Init file for Supervisor DNS RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -21,17 +23,22 @@ from ..const import (
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import dns_server_list, version_tag
-from .utils import api_process, api_process_raw, api_validate
+from .const import ATTR_FALLBACK, ATTR_LLMNR, ATTR_MDNS
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 # pylint: disable=no-value-for-parameter
-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_SERVERS): dns_server_list})
+SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_SERVERS): dns_server_list,
        vol.Optional(ATTR_FALLBACK): vol.Boolean(),
    }
 )
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
@@ -40,7 +47,7 @@ class APICoreDNS(CoreSysAttributes):
    """Handle RESTful API for DNS functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return DNS information."""
        return {
            ATTR_VERSION: self.sys_plugins.dns.version,
@@ -49,21 +56,32 @@ class APICoreDNS(CoreSysAttributes):
            ATTR_HOST: str(self.sys_docker.network.dns),
            ATTR_SERVERS: self.sys_plugins.dns.servers,
            ATTR_LOCALS: self.sys_plugins.dns.locals,
            ATTR_MDNS: self.sys_plugins.dns.mdns,
            ATTR_LLMNR: self.sys_plugins.dns.llmnr,
            ATTR_FALLBACK: self.sys_plugins.dns.fallback,
        }
    @api_process
    async def options(self, request: web.Request) -> None:
        """Set DNS options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        restart_required = False
        if ATTR_SERVERS in body:
            self.sys_plugins.dns.servers = body[ATTR_SERVERS]
            restart_required = True
        if ATTR_FALLBACK in body:
            self.sys_plugins.dns.fallback = body[ATTR_FALLBACK]
            restart_required = True
        if restart_required:
            self.sys_create_task(self.sys_plugins.dns.restart())
-        self.sys_plugins.dns.save_data()
+        await self.sys_plugins.dns.save_data()
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.dns.stats()
@@ -88,11 +106,6 @@ class APICoreDNS(CoreSysAttributes):
            raise APIError(f"Version {version} is already in use")
        await asyncio.shield(self.sys_plugins.dns.update(version))
    @api_process_raw(CONTENT_TYPE_BINARY)
    def logs(self, request: web.Request) -> Awaitable[bytes]:
        """Return DNS Docker logs."""
        return self.sys_plugins.dns.logs()
    @api_process
    def restart(self, request: web.Request) -> Awaitable[None]:
        """Restart CoreDNS plugin."""
--- a/supervisor/api/docker.py
+++ b/supervisor/api/docker.py
@@ -1,11 +1,15 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import logging
-from typing import Any, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from supervisor.resolution.const import ContextType, IssueType, SuggestionType
 from ..const import (
    ATTR_ENABLE_IPV6,
    ATTR_HOSTNAME,
    ATTR_LOGGING,
    ATTR_PASSWORD,
@@ -15,25 +19,64 @@ from ..const import (
    ATTR_VERSION,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APINotFound
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_DOCKER_REGISTRY = vol.Schema(
    {
-        vol.Coerce(str): {
+        str: {
            vol.Required(ATTR_USERNAME): str,
            vol.Required(ATTR_PASSWORD): str,
        }
    }
 )
 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_ENABLE_IPV6): vol.Maybe(vol.Boolean())})
 class APIDocker(CoreSysAttributes):
    """Handle RESTful API for Docker configuration."""
    @api_process
-    async def registries(self, request) -> Dict[str, Any]:
+    async def info(self, request: web.Request):
        """Get docker info."""
        data_registries = {}
        for hostname, registry in self.sys_docker.config.registries.items():
            data_registries[hostname] = {
                ATTR_USERNAME: registry[ATTR_USERNAME],
            }
        return {
            ATTR_VERSION: self.sys_docker.info.version,
            ATTR_ENABLE_IPV6: self.sys_docker.config.enable_ipv6,
            ATTR_STORAGE: self.sys_docker.info.storage,
            ATTR_LOGGING: self.sys_docker.info.logging,
            ATTR_REGISTRIES: data_registries,
        }
    @api_process
    async def options(self, request: web.Request) -> None:
        """Set docker options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        if (
            ATTR_ENABLE_IPV6 in body
            and self.sys_docker.config.enable_ipv6 != body[ATTR_ENABLE_IPV6]
        ):
            self.sys_docker.config.enable_ipv6 = body[ATTR_ENABLE_IPV6]
            _LOGGER.info("Host system reboot required to apply new IPv6 configuration")
            self.sys_resolution.create_issue(
                IssueType.REBOOT_REQUIRED,
                ContextType.SYSTEM,
                suggestions=[SuggestionType.EXECUTE_REBOOT],
            )
        await self.sys_docker.config.save_data()
    @api_process
    async def registries(self, request) -> dict[str, Any]:
        """Return the list of registries."""
        data_registries = {}
        for hostname, registry in self.sys_docker.config.registries.items():
@@ -51,26 +94,14 @@ class APIDocker(CoreSysAttributes):
        for hostname, registry in body.items():
            self.sys_docker.config.registries[hostname] = registry
-        self.sys_docker.config.save_data()
+        await self.sys_docker.config.save_data()
    @api_process
    async def remove_registry(self, request: web.Request):
        """Delete a docker registry."""
        hostname = request.match_info.get(ATTR_HOSTNAME)
-        del self.sys_docker.config.registries[hostname]
+        if hostname not in self.sys_docker.config.registries:
-        self.sys_docker.config.save_data()
+            raise APINotFound(f"Hostname {hostname} does not exist in registries")
-    @api_process
+        del self.sys_docker.config.registries[hostname]
-    async def info(self, request: web.Request):
+        await self.sys_docker.config.save_data()
        """Get docker info."""
        data_registries = {}
        for hostname, registry in self.sys_docker.config.registries.items():
            data_registries[hostname] = {
                ATTR_USERNAME: registry[ATTR_USERNAME],
            }
        return {
            ATTR_VERSION: self.sys_docker.info.version,
            ATTR_STORAGE: self.sys_docker.info.storage,
            ATTR_LOGGING: self.sys_docker.info.logging,
            ATTR_REGISTRIES: data_registries,
        }
--- a/supervisor/api/hardware.py
+++ b/supervisor/api/hardware.py
@@ -1,54 +1,121 @@
 """Init file for Supervisor hardware RESTful API."""
-import asyncio
+
 import logging
-from typing import Any, Awaitable, Dict, List
+from typing import Any
 from aiohttp import web
 from ..const import (
    ATTR_AUDIO,
-    ATTR_DISK,
+    ATTR_DEVICES,
-    ATTR_GPIO,
+    ATTR_ID,
    ATTR_INPUT,
    ATTR_NAME,
    ATTR_OUTPUT,
    ATTR_SERIAL,
-    ATTR_USB,
+    ATTR_SIZE,
    ATTR_SYSTEM,
 )
 from ..coresys import CoreSysAttributes
 from ..dbus.udisks2 import UDisks2Manager
 from ..dbus.udisks2.block import UDisks2Block
 from ..dbus.udisks2.drive import UDisks2Drive
 from ..hardware.data import Device
 from .const import (
    ATTR_ATTRIBUTES,
    ATTR_BY_ID,
    ATTR_CHILDREN,
    ATTR_CONNECTION_BUS,
    ATTR_DEV_PATH,
    ATTR_DEVICE,
    ATTR_DRIVES,
    ATTR_EJECTABLE,
    ATTR_FILESYSTEMS,
    ATTR_MODEL,
    ATTR_MOUNT_POINTS,
    ATTR_REMOVABLE,
    ATTR_REVISION,
    ATTR_SEAT,
    ATTR_SUBSYSTEM,
    ATTR_SYSFS,
    ATTR_TIME_DETECTED,
    ATTR_VENDOR,
 )
 from .utils import api_process
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 def device_struct(device: Device) -> dict[str, Any]:
    """Return a dict with information of a interface to be used in the API."""
    return {
        ATTR_NAME: device.name,
        ATTR_SYSFS: device.sysfs,
        ATTR_DEV_PATH: device.path,
        ATTR_SUBSYSTEM: device.subsystem,
        ATTR_BY_ID: device.by_id,
        ATTR_ATTRIBUTES: device.attributes,
        ATTR_CHILDREN: device.children,
    }
 def filesystem_struct(fs_block: UDisks2Block) -> dict[str, Any]:
    """Return a dict with information of a filesystem block device to be used in the API."""
    return {
        ATTR_DEVICE: str(fs_block.device),
        ATTR_ID: fs_block.id,
        ATTR_SIZE: fs_block.size,
        ATTR_NAME: fs_block.id_label,
        ATTR_SYSTEM: fs_block.hint_system,
        ATTR_MOUNT_POINTS: [
            str(mount_point)
            for mount_point in (
                fs_block.filesystem.mount_points if fs_block.filesystem else []
            )
        ],
    }
 def drive_struct(udisks2: UDisks2Manager, drive: UDisks2Drive) -> dict[str, Any]:
    """Return a dict with information of a disk to be used in the API."""
    return {
        ATTR_VENDOR: drive.vendor,
        ATTR_MODEL: drive.model,
        ATTR_REVISION: drive.revision,
        ATTR_SERIAL: drive.serial,
        ATTR_ID: drive.id,
        ATTR_SIZE: drive.size,
        ATTR_TIME_DETECTED: drive.time_detected.isoformat(),
        ATTR_CONNECTION_BUS: drive.connection_bus,
        ATTR_SEAT: drive.seat,
        ATTR_REMOVABLE: drive.removable,
        ATTR_EJECTABLE: drive.ejectable,
        ATTR_FILESYSTEMS: [
            filesystem_struct(block)
            for block in udisks2.block_devices
            if block.filesystem and block.drive == drive.object_path
        ],
    }
 class APIHardware(CoreSysAttributes):
    """Handle RESTful API for hardware functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Show hardware info."""
        serial: List[str] = []
        # Create Serial list with device links
        for device in self.sys_hardware.serial_devices:
            serial.append(device.path.as_posix())
            for link in device.links:
                serial.append(link.as_posix())
        return {
-            ATTR_SERIAL: serial,
+            ATTR_DEVICES: [
-            ATTR_INPUT: list(self.sys_hardware.input_devices),
+                device_struct(device) for device in self.sys_hardware.devices
            ATTR_DISK: [
                device.path.as_posix() for device in self.sys_hardware.disk_devices
            ],
-            ATTR_GPIO: list(self.sys_hardware.gpio_devices),
+            ATTR_DRIVES: [
-            ATTR_USB: [
+                drive_struct(self.sys_dbus.udisks2, drive)
-                device.path.as_posix() for device in self.sys_hardware.usb_devices
+                for drive in self.sys_dbus.udisks2.drives
            ],
            ATTR_AUDIO: self.sys_hardware.audio_devices,
        }
    @api_process
-    async def audio(self, request: web.Request) -> Dict[str, Any]:
+    async def audio(self, request: web.Request) -> dict[str, Any]:
        """Show pulse audio profiles."""
        return {
            ATTR_AUDIO: {
@@ -62,8 +129,3 @@ class APIHardware(CoreSysAttributes):
                },
            }
        }
    @api_process
    def trigger(self, request: web.Request) -> Awaitable[None]:
        """Trigger a udev device reload."""
        return asyncio.shield(self.sys_hardware.udev_trigger())
--- a/supervisor/api/homeassistant.py
+++ b/supervisor/api/homeassistant.py
@@ -1,7 +1,9 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -10,6 +12,8 @@ from ..const import (
    ATTR_ARCH,
    ATTR_AUDIO_INPUT,
    ATTR_AUDIO_OUTPUT,
    ATTR_BACKUP,
    ATTR_BACKUPS_EXCLUDE_DATABASE,
    ATTR_BLK_READ,
    ATTR_BLK_WRITE,
    ATTR_BOOT,
@@ -28,14 +32,13 @@ from ..const import (
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    ATTR_WAIT_BOOT,
    ATTR_WATCHDOG,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError
+from ..exceptions import APIDBMigrationInProgress, APIError
 from ..validate import docker_image, network_port, version_tag
-from .utils import api_process, api_process_raw, api_validate
+from .const import ATTR_FORCE, ATTR_SAFE_MODE
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -43,25 +46,54 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_BOOT): vol.Boolean(),
-        vol.Optional(ATTR_IMAGE): docker_image,
+        vol.Optional(ATTR_IMAGE): vol.Maybe(docker_image),
        vol.Optional(ATTR_PORT): network_port,
        vol.Optional(ATTR_SSL): vol.Boolean(),
        vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
-        vol.Optional(ATTR_WAIT_BOOT): vol.All(vol.Coerce(int), vol.Range(min=60)),
+        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(str),
-        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_BACKUPS_EXCLUDE_DATABASE): vol.Boolean(),
    }
 )
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+SCHEMA_UPDATE = vol.Schema(
    {
        vol.Optional(ATTR_VERSION): version_tag,
        vol.Optional(ATTR_BACKUP): bool,
    }
 )
 SCHEMA_RESTART = vol.Schema(
    {
        vol.Optional(ATTR_SAFE_MODE, default=False): vol.Boolean(),
        vol.Optional(ATTR_FORCE, default=False): vol.Boolean(),
    }
 )
 SCHEMA_STOP = vol.Schema(
    {
        vol.Optional(ATTR_FORCE, default=False): vol.Boolean(),
    }
 )
 class APIHomeAssistant(CoreSysAttributes):
    """Handle RESTful API for Home Assistant functions."""
    async def _check_offline_migration(self, force: bool = False) -> None:
        """Check and raise if there's an offline DB migration in progress."""
        if (
            not force
            and (state := await self.sys_homeassistant.api.get_api_state())
            and state.offline_db_migration
        ):
            raise APIDBMigrationInProgress(
                "Offline database migration in progress, try again after it has completed"
            )
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return host information."""
        return {
            ATTR_VERSION: self.sys_homeassistant.version,
@@ -75,11 +107,9 @@ class APIHomeAssistant(CoreSysAttributes):
            ATTR_PORT: self.sys_homeassistant.api_port,
            ATTR_SSL: self.sys_homeassistant.api_ssl,
            ATTR_WATCHDOG: self.sys_homeassistant.watchdog,
            ATTR_WAIT_BOOT: self.sys_homeassistant.wait_boot,
            ATTR_AUDIO_INPUT: self.sys_homeassistant.audio_input,
            ATTR_AUDIO_OUTPUT: self.sys_homeassistant.audio_output,
-            # Remove end of Q3 2020
+            ATTR_BACKUPS_EXCLUDE_DATABASE: self.sys_homeassistant.backups_exclude_database,
            "last_version": self.sys_homeassistant.latest_version,
        }
    @api_process
@@ -88,7 +118,10 @@ class APIHomeAssistant(CoreSysAttributes):
        body = await api_validate(SCHEMA_OPTIONS, request)
        if ATTR_IMAGE in body:
-            self.sys_homeassistant.image = body[ATTR_IMAGE]
+            self.sys_homeassistant.set_image(body[ATTR_IMAGE])
            self.sys_homeassistant.override_image = (
                self.sys_homeassistant.image != self.sys_homeassistant.default_image
            )
        if ATTR_BOOT in body:
            self.sys_homeassistant.boot = body[ATTR_BOOT]
@@ -102,9 +135,6 @@ class APIHomeAssistant(CoreSysAttributes):
        if ATTR_WATCHDOG in body:
            self.sys_homeassistant.watchdog = body[ATTR_WATCHDOG]
        if ATTR_WAIT_BOOT in body:
            self.sys_homeassistant.wait_boot = body[ATTR_WAIT_BOOT]
        if ATTR_REFRESH_TOKEN in body:
            self.sys_homeassistant.refresh_token = body[ATTR_REFRESH_TOKEN]
@@ -114,10 +144,15 @@ class APIHomeAssistant(CoreSysAttributes):
        if ATTR_AUDIO_OUTPUT in body:
            self.sys_homeassistant.audio_output = body[ATTR_AUDIO_OUTPUT]
-        self.sys_homeassistant.save_data()
+        if ATTR_BACKUPS_EXCLUDE_DATABASE in body:
            self.sys_homeassistant.backups_exclude_database = body[
                ATTR_BACKUPS_EXCLUDE_DATABASE
            ]
        await self.sys_homeassistant.save_data()
    @api_process
-    async def stats(self, request: web.Request) -> Dict[Any, str]:
+    async def stats(self, request: web.Request) -> dict[Any, str]:
        """Return resource information."""
        stats = await self.sys_homeassistant.core.stats()
        if not stats:
@@ -137,15 +172,23 @@ class APIHomeAssistant(CoreSysAttributes):
    @api_process
    async def update(self, request: web.Request) -> None:
        """Update Home Assistant."""
-        body = await api_validate(SCHEMA_VERSION, request)
+        body = await api_validate(SCHEMA_UPDATE, request)
-        version = body.get(ATTR_VERSION, self.sys_homeassistant.latest_version)
+        await self._check_offline_migration()
-        await asyncio.shield(self.sys_homeassistant.core.update(version))
+        await asyncio.shield(
            self.sys_homeassistant.core.update(
                version=body.get(ATTR_VERSION, self.sys_homeassistant.latest_version),
                backup=body.get(ATTR_BACKUP),
            )
        )
    @api_process
-    def stop(self, request: web.Request) -> Awaitable[None]:
+    async def stop(self, request: web.Request) -> Awaitable[None]:
        """Stop Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.core.stop())
+        body = await api_validate(SCHEMA_STOP, request)
        await self._check_offline_migration(force=body[ATTR_FORCE])
        return await asyncio.shield(self.sys_homeassistant.core.stop())
    @api_process
    def start(self, request: web.Request) -> Awaitable[None]:
@@ -153,19 +196,24 @@ class APIHomeAssistant(CoreSysAttributes):
        return asyncio.shield(self.sys_homeassistant.core.start())
    @api_process
-    def restart(self, request: web.Request) -> Awaitable[None]:
+    async def restart(self, request: web.Request) -> None:
        """Restart Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.core.restart())
+        body = await api_validate(SCHEMA_RESTART, request)
        await self._check_offline_migration(force=body[ATTR_FORCE])
        await asyncio.shield(
            self.sys_homeassistant.core.restart(safe_mode=body[ATTR_SAFE_MODE])
        )
    @api_process
-    def rebuild(self, request: web.Request) -> Awaitable[None]:
+    async def rebuild(self, request: web.Request) -> None:
        """Rebuild Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.core.rebuild())
+        body = await api_validate(SCHEMA_RESTART, request)
        await self._check_offline_migration(force=body[ATTR_FORCE])
-    @api_process_raw(CONTENT_TYPE_BINARY)
+        await asyncio.shield(
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
+            self.sys_homeassistant.core.rebuild(safe_mode=body[ATTR_SAFE_MODE])
-        """Return Home Assistant Docker logs."""
+        )
        return self.sys_homeassistant.core.logs()
    @api_process
    async def check(self, request: web.Request) -> None:
--- a/supervisor/api/host.py
+++ b/supervisor/api/host.py
@@ -1,9 +1,14 @@
 """Init file for Supervisor host RESTful API."""
 import asyncio
 from typing import Awaitable
-from aiohttp import web
+import asyncio
 from contextlib import suppress
 import logging
 from typing import Any
 from aiohttp import ClientConnectionResetError, ClientPayloadError, web
 from aiohttp.hdrs import ACCEPT, RANGE
 import voluptuous as vol
 from voluptuous.error import CoerceInvalid
 from ..const import (
    ATTR_CHASSIS,
@@ -11,6 +16,7 @@ from ..const import (
    ATTR_DEPLOYMENT,
    ATTR_DESCRIPTON,
    ATTR_DISK_FREE,
    ATTR_DISK_LIFE_TIME,
    ATTR_DISK_TOTAL,
    ATTR_DISK_USED,
    ATTR_FEATURES,
@@ -20,33 +26,97 @@ from ..const import (
    ATTR_OPERATING_SYSTEM,
    ATTR_SERVICES,
    ATTR_STATE,
-    CONTENT_TYPE_BINARY,
+    ATTR_TIMEZONE,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIDBMigrationInProgress, APIError, HostLogError
 from ..host.const import (
    PARAM_BOOT_ID,
    PARAM_FOLLOW,
    PARAM_SYSLOG_IDENTIFIER,
    LogFormat,
    LogFormatter,
 )
 from ..host.logs import SYSTEMD_JOURNAL_GATEWAYD_LINES_MAX
 from ..utils.systemd_journal import journal_logs_reader
 from .const import (
    ATTR_AGENT_VERSION,
    ATTR_APPARMOR_VERSION,
    ATTR_BOOT_TIMESTAMP,
    ATTR_BOOTS,
    ATTR_BROADCAST_LLMNR,
    ATTR_BROADCAST_MDNS,
    ATTR_DT_SYNCHRONIZED,
    ATTR_DT_UTC,
    ATTR_FORCE,
    ATTR_IDENTIFIERS,
    ATTR_LLMNR_HOSTNAME,
    ATTR_STARTUP_TIME,
    ATTR_USE_NTP,
    ATTR_VIRTUALIZATION,
    CONTENT_TYPE_TEXT,
    CONTENT_TYPE_X_LOG,
 )
 from .utils import api_process, api_process_raw, api_validate
-SERVICE = "service"
+_LOGGER: logging.Logger = logging.getLogger(__name__)
-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): vol.Coerce(str)})
+IDENTIFIER = "identifier"
 BOOTID = "bootid"
 DEFAULT_LINES = 100
 SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): str})
 # pylint: disable=no-value-for-parameter
 SCHEMA_SHUTDOWN = vol.Schema(
    {
        vol.Optional(ATTR_FORCE, default=False): vol.Boolean(),
    }
 )
 # pylint: enable=no-value-for-parameter
 class APIHost(CoreSysAttributes):
    """Handle RESTful API for host functions."""
    async def _check_ha_offline_migration(self, force: bool) -> None:
        """Check if HA has an offline migration in progress and raise if not forced."""
        if (
            not force
            and (state := await self.sys_homeassistant.api.get_api_state())
            and state.offline_db_migration
        ):
            raise APIDBMigrationInProgress(
                "Home Assistant offline database migration in progress, please wait until complete before shutting down host"
            )
    @api_process
    async def info(self, request):
        """Return host information."""
        return {
            ATTR_AGENT_VERSION: self.sys_dbus.agent.version,
            ATTR_APPARMOR_VERSION: self.sys_host.apparmor.version,
            ATTR_CHASSIS: self.sys_host.info.chassis,
            ATTR_VIRTUALIZATION: self.sys_host.info.virtualization,
            ATTR_CPE: self.sys_host.info.cpe,
            ATTR_DEPLOYMENT: self.sys_host.info.deployment,
-            ATTR_DISK_FREE: self.sys_host.info.free_space,
+            ATTR_DISK_FREE: await self.sys_host.info.free_space(),
-            ATTR_DISK_TOTAL: self.sys_host.info.total_space,
+            ATTR_DISK_TOTAL: await self.sys_host.info.total_space(),
-            ATTR_DISK_USED: self.sys_host.info.used_space,
+            ATTR_DISK_USED: await self.sys_host.info.used_space(),
            ATTR_DISK_LIFE_TIME: await self.sys_host.info.disk_life_time(),
            ATTR_FEATURES: self.sys_host.features,
            ATTR_HOSTNAME: self.sys_host.info.hostname,
            ATTR_LLMNR_HOSTNAME: self.sys_host.info.llmnr_hostname,
            ATTR_KERNEL: self.sys_host.info.kernel,
            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
            ATTR_TIMEZONE: self.sys_host.info.timezone,
            ATTR_DT_UTC: self.sys_host.info.dt_utc,
            ATTR_DT_SYNCHRONIZED: self.sys_host.info.dt_synchronized,
            ATTR_USE_NTP: self.sys_host.info.use_ntp,
            ATTR_STARTUP_TIME: self.sys_host.info.startup_time,
            ATTR_BOOT_TIMESTAMP: self.sys_host.info.boot_timestamp,
            ATTR_BROADCAST_LLMNR: self.sys_host.info.broadcast_llmnr,
            ATTR_BROADCAST_MDNS: self.sys_host.info.broadcast_mdns,
        }
    @api_process
@@ -61,23 +131,25 @@ class APIHost(CoreSysAttributes):
            )
    @api_process
-    def reboot(self, request):
+    async def reboot(self, request):
        """Reboot host."""
-        return asyncio.shield(self.sys_host.control.reboot())
+        body = await api_validate(SCHEMA_SHUTDOWN, request)
        await self._check_ha_offline_migration(force=body[ATTR_FORCE])
        return await asyncio.shield(self.sys_host.control.reboot())
    @api_process
-    def shutdown(self, request):
+    async def shutdown(self, request):
        """Poweroff host."""
-        return asyncio.shield(self.sys_host.control.shutdown())
+        body = await api_validate(SCHEMA_SHUTDOWN, request)
        await self._check_ha_offline_migration(force=body[ATTR_FORCE])
        return await asyncio.shield(self.sys_host.control.shutdown())
    @api_process
    def reload(self, request):
        """Reload host data."""
-        return asyncio.shield(
+        return asyncio.shield(self.sys_host.reload())
            asyncio.wait(
                [self.sys_host.reload(), self.sys_resolution.evaluate.evaluate_system()]
            )
        )
    @api_process
    async def services(self, request):
@@ -95,30 +167,125 @@ class APIHost(CoreSysAttributes):
        return {ATTR_SERVICES: services}
    @api_process
-    def service_start(self, request):
+    async def list_boots(self, _: web.Request):
-        """Start a service."""
+        """Return a list of boot IDs."""
-        unit = request.match_info.get(SERVICE)
+        boot_ids = await self.sys_host.logs.get_boot_ids()
-        return asyncio.shield(self.sys_host.services.start(unit))
+        return {
            ATTR_BOOTS: {
                str(1 + i - len(boot_ids)): boot_id
                for i, boot_id in enumerate(boot_ids)
            }
        }
    @api_process
-    def service_stop(self, request):
+    async def list_identifiers(self, _: web.Request):
-        """Stop a service."""
+        """Return a list of syslog identifiers."""
-        unit = request.match_info.get(SERVICE)
+        return {ATTR_IDENTIFIERS: await self.sys_host.logs.get_identifiers()}
        return asyncio.shield(self.sys_host.services.stop(unit))
-    @api_process
+    async def _get_boot_id(self, possible_offset: str) -> str:
-    def service_reload(self, request):
+        """Convert offset into boot ID if required."""
-        """Reload a service."""
+        with suppress(CoerceInvalid):
-        unit = request.match_info.get(SERVICE)
+            offset = vol.Coerce(int)(possible_offset)
-        return asyncio.shield(self.sys_host.services.reload(unit))
+            try:
                return await self.sys_host.logs.get_boot_id(offset)
            except (ValueError, HostLogError) as err:
                raise APIError() from err
        return possible_offset
-    @api_process
+    async def advanced_logs_handler(
-    def service_restart(self, request):
+        self, request: web.Request, identifier: str | None = None, follow: bool = False
-        """Restart a service."""
+    ) -> web.StreamResponse:
-        unit = request.match_info.get(SERVICE)
+        """Return systemd-journald logs."""
-        return asyncio.shield(self.sys_host.services.restart(unit))
+        log_formatter = LogFormatter.PLAIN
        params: dict[str, Any] = {}
        if identifier:
            params[PARAM_SYSLOG_IDENTIFIER] = identifier
        elif IDENTIFIER in request.match_info:
            params[PARAM_SYSLOG_IDENTIFIER] = request.match_info[IDENTIFIER]
        else:
            params[PARAM_SYSLOG_IDENTIFIER] = self.sys_host.logs.default_identifiers
            # host logs should be always verbose, no matter what Accept header is used
            log_formatter = LogFormatter.VERBOSE
-    @api_process_raw(CONTENT_TYPE_BINARY)
+        if BOOTID in request.match_info:
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
+            params[PARAM_BOOT_ID] = await self._get_boot_id(request.match_info[BOOTID])
-        """Return host kernel logs."""
+        if follow:
-        return self.sys_host.info.get_dmesg()
+            params[PARAM_FOLLOW] = ""
        if ACCEPT in request.headers and request.headers[ACCEPT] not in [
            CONTENT_TYPE_TEXT,
            CONTENT_TYPE_X_LOG,
            "*/*",
        ]:
            raise APIError(
                "Invalid content type requested. Only text/plain and text/x-log "
                "supported for now."
            )
        if "verbose" in request.query or request.headers[ACCEPT] == CONTENT_TYPE_X_LOG:
            log_formatter = LogFormatter.VERBOSE
        if "lines" in request.query:
            lines = request.query.get("lines", DEFAULT_LINES)
            try:
                lines = int(lines)
            except ValueError:
                # If the user passed a non-integer value, just use the default instead of error.
                lines = DEFAULT_LINES
            finally:
                # We can't use the entries= Range header syntax to refer to the last 1 line,
                # and passing 1 to the calculation below would return the 1st line of the logs
                # instead. Since this is really an edge case that doesn't matter much, we'll just
                # return 2 lines at minimum.
                lines = max(2, lines)
            # entries=cursor[[:num_skip]:num_entries]
            range_header = f"entries=:-{lines - 1}:{SYSTEMD_JOURNAL_GATEWAYD_LINES_MAX if follow else lines}"
        elif RANGE in request.headers:
            range_header = request.headers[RANGE]
        else:
            range_header = f"entries=:-{DEFAULT_LINES - 1}:{SYSTEMD_JOURNAL_GATEWAYD_LINES_MAX if follow else DEFAULT_LINES}"
        async with self.sys_host.logs.journald_logs(
            params=params, range_header=range_header, accept=LogFormat.JOURNAL
        ) as resp:
            try:
                response = web.StreamResponse()
                response.content_type = CONTENT_TYPE_TEXT
                headers_returned = False
                async for cursor, line in journal_logs_reader(resp, log_formatter):
                    try:
                        if not headers_returned:
                            if cursor:
                                response.headers["X-First-Cursor"] = cursor
                            response.headers["X-Accel-Buffering"] = "no"
                            await response.prepare(request)
                            headers_returned = True
                        await response.write(line.encode("utf-8") + b"\n")
                    except ClientConnectionResetError as err:
                        # When client closes the connection while reading busy logs, we
                        # sometimes get this exception. It should be safe to ignore it.
                        _LOGGER.debug(
                            "ClientConnectionResetError raised when returning journal logs: %s",
                            err,
                        )
                        break
                    except ConnectionError as err:
                        _LOGGER.warning(
                            "%s raised when returning journal logs: %s",
                            type(err).__name__,
                            err,
                        )
                        break
            except (ConnectionResetError, ClientPayloadError) as ex:
                # ClientPayloadError is most likely caused by the closing the connection
                raise APIError(
                    "Connection reset when trying to fetch data from systemd-journald."
                ) from ex
            return response
    @api_process_raw(CONTENT_TYPE_TEXT, error_type=CONTENT_TYPE_TEXT)
    async def advanced_logs(
        self, request: web.Request, identifier: str | None = None, follow: bool = False
    ) -> web.StreamResponse:
        """Return systemd-journald logs. Wrapped as standard API handler."""
        return await self.advanced_logs_handler(request, identifier, follow)
--- a/supervisor/api/info.py
+++ b/supervisor/api/info.py
@@ -1,50 +0,0 @@
 """Init file for Supervisor info RESTful API."""
 import logging
 from typing import Any, Dict
 from aiohttp import web
 from ..const import (
    ATTR_ARCH,
    ATTR_CHANNEL,
    ATTR_DOCKER,
    ATTR_FEATURES,
    ATTR_HASSOS,
    ATTR_HOMEASSISTANT,
    ATTR_HOSTNAME,
    ATTR_LOGGING,
    ATTR_MACHINE,
    ATTR_OPERATING_SYSTEM,
    ATTR_SUPERVISOR,
    ATTR_SUPPORTED,
    ATTR_SUPPORTED_ARCH,
    ATTR_TIMEZONE,
 )
 from ..coresys import CoreSysAttributes
 from .utils import api_process
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 class APIInfo(CoreSysAttributes):
    """Handle RESTful API for info functions."""
    @api_process
    async def info(self, request: web.Request) -> Dict[str, Any]:
        """Show system info."""
        return {
            ATTR_SUPERVISOR: self.sys_supervisor.version,
            ATTR_HOMEASSISTANT: self.sys_homeassistant.version,
            ATTR_HASSOS: self.sys_hassos.version,
            ATTR_DOCKER: self.sys_docker.info.version,
            ATTR_HOSTNAME: self.sys_host.info.hostname,
            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
            ATTR_FEATURES: self.sys_host.features,
            ATTR_MACHINE: self.sys_machine,
            ATTR_ARCH: self.sys_arch.default,
            ATTR_SUPPORTED_ARCH: self.sys_arch.supported,
            ATTR_SUPPORTED: self.sys_core.supported,
            ATTR_CHANNEL: self.sys_updater.channel,
            ATTR_LOGGING: self.sys_config.logging,
            ATTR_TIMEZONE: self.sys_config.timezone,
        }
--- a/supervisor/api/ingress.py
+++ b/supervisor/api/ingress.py
@@ -1,11 +1,12 @@
 """Supervisor Add-on ingress service."""
 import asyncio
 from ipaddress import ip_address
 import logging
-from typing import Any, Dict, Union
+from typing import Any
 import aiohttp
-from aiohttp import hdrs, web
+from aiohttp import ClientTimeout, hdrs, web
 from aiohttp.web_exceptions import (
    HTTPBadGateway,
    HTTPServiceUnavailable,
@@ -21,26 +22,68 @@ from ..const import (
    ATTR_ICON,
    ATTR_PANELS,
    ATTR_SESSION,
    ATTR_SESSION_DATA_USER_ID,
    ATTR_TITLE,
-    COOKIE_INGRESS,
+    HEADER_REMOTE_USER_DISPLAY_NAME,
    HEADER_REMOTE_USER_ID,
    HEADER_REMOTE_USER_NAME,
    HEADER_TOKEN,
    HEADER_TOKEN_OLD,
-    REQUEST_FROM,
+    IngressSessionData,
    IngressSessionDataUser,
 )
 from ..coresys import CoreSysAttributes
-from .utils import api_process, api_validate
+from ..exceptions import HomeAssistantAPIError
 from .const import COOKIE_INGRESS
 from .utils import api_process, api_validate, require_home_assistant
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 VALIDATE_SESSION_DATA = vol.Schema({ATTR_SESSION: str})
 """Expected optional payload of create session request"""
 SCHEMA_INGRESS_CREATE_SESSION_DATA = vol.Schema(
    {
        vol.Optional(ATTR_SESSION_DATA_USER_ID): str,
    }
 )
 # from https://github.com/aio-libs/aiohttp/blob/8ae650bee4add9f131d49b96a0a150311ea58cd1/aiohttp/helpers.py#L1059C1-L1079C1
 def must_be_empty_body(method: str, code: int) -> bool:
    """Check if a request must return an empty body."""
    return (
        status_code_must_be_empty_body(code)
        or method_must_be_empty_body(method)
        or (200 <= code < 300 and method.upper() == hdrs.METH_CONNECT)
    )
 def method_must_be_empty_body(method: str) -> bool:
    """Check if a method must return an empty body."""
    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.1
    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.2
    return method.upper() == hdrs.METH_HEAD
 def status_code_must_be_empty_body(code: int) -> bool:
    """Check if a status code must return an empty body."""
    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.1
    return code in {204, 304} or 100 <= code < 200
 class APIIngress(CoreSysAttributes):
    """Ingress view to handle add-on webui routing."""
    _list_of_users: list[IngressSessionDataUser]
    def __init__(self) -> None:
        """Initialize APIIngress."""
        self._list_of_users = []
    def _extract_addon(self, request: web.Request) -> Addon:
        """Return addon, throw an exception it it doesn't exist."""
-        token = request.match_info.get("token")
+        token = request.match_info["token"]
        # Find correct add-on
        addon = self.sys_ingress.get(token)
@@ -50,17 +93,12 @@ class APIIngress(CoreSysAttributes):
        return addon
    def _check_ha_access(self, request: web.Request) -> None:
        if request[REQUEST_FROM] != self.sys_homeassistant:
            _LOGGER.warning("Ingress is only available behind Home Assistant")
            raise HTTPUnauthorized()
    def _create_url(self, addon: Addon, path: str) -> str:
        """Create URL to container."""
        return f"http://{addon.ip_address}:{addon.ingress_port}/{path}"
    @api_process
-    async def panels(self, request: web.Request) -> Dict[str, Any]:
+    async def panels(self, request: web.Request) -> dict[str, Any]:
        """Create a list of panel data."""
        addons = {}
        for addon in self.sys_ingress.addons:
@@ -74,18 +112,28 @@ class APIIngress(CoreSysAttributes):
        return {ATTR_PANELS: addons}
    @api_process
-    async def create_session(self, request: web.Request) -> Dict[str, Any]:
+    @require_home_assistant
    async def create_session(self, request: web.Request) -> dict[str, Any]:
        """Create a new session."""
-        self._check_ha_access(request)
+        schema_ingress_config_session_data = await api_validate(
            SCHEMA_INGRESS_CREATE_SESSION_DATA, request
        )
        data: IngressSessionData | None = None
-        session = self.sys_ingress.create_session()
+        if ATTR_SESSION_DATA_USER_ID in schema_ingress_config_session_data:
            user = await self._find_user_by_id(
                schema_ingress_config_session_data[ATTR_SESSION_DATA_USER_ID]
            )
            if user:
                data = IngressSessionData(user)
        session = self.sys_ingress.create_session(data)
        return {ATTR_SESSION: session}
    @api_process
-    async def validate_session(self, request: web.Request) -> Dict[str, Any]:
+    @require_home_assistant
    async def validate_session(self, request: web.Request) -> None:
        """Validate session and extending how long it's valid for."""
        self._check_ha_access(request)
        data = await api_validate(VALIDATE_SESSION_DATA, request)
        # Check Ingress Session
@@ -95,26 +143,26 @@ class APIIngress(CoreSysAttributes):
    async def handler(
        self, request: web.Request
-    ) -> Union[web.Response, web.StreamResponse, web.WebSocketResponse]:
+    ) -> web.Response | web.StreamResponse | web.WebSocketResponse:
        """Route data to Supervisor ingress service."""
        self._check_ha_access(request)
        # Check Ingress Session
-        session = request.cookies.get(COOKIE_INGRESS)
+        session = request.cookies.get(COOKIE_INGRESS, "")
        if not self.sys_ingress.validate_session(session):
            _LOGGER.warning("No valid ingress session %s", session)
            raise HTTPUnauthorized()
        # Process requests
        addon = self._extract_addon(request)
-        path = request.match_info.get("path")
+        path = request.match_info.get("path", "")
        session_data = self.sys_ingress.get_session_data(session)
        try:
            # Websocket
            if _is_websocket(request):
-                return await self._handle_websocket(request, addon, path)
+                return await self._handle_websocket(request, addon, path, session_data)
            # Request
-            return await self._handle_request(request, addon, path)
+            return await self._handle_request(request, addon, path, session_data)
        except aiohttp.ClientError as err:
            _LOGGER.error("Ingress error: %s", err)
@@ -122,7 +170,11 @@ class APIIngress(CoreSysAttributes):
        raise HTTPBadGateway()
    async def _handle_websocket(
-        self, request: web.Request, addon: Addon, path: str
+        self,
        request: web.Request,
        addon: Addon,
        path: str,
        session_data: IngressSessionData | None,
    ) -> web.WebSocketResponse:
        """Ingress route for websocket."""
        if hdrs.SEC_WEBSOCKET_PROTOCOL in request.headers:
@@ -131,7 +183,7 @@ class APIIngress(CoreSysAttributes):
                for proto in request.headers[hdrs.SEC_WEBSOCKET_PROTOCOL].split(",")
            ]
        else:
-            req_protocols = ()
+            req_protocols = []
        ws_server = web.WebSocketResponse(
            protocols=req_protocols, autoclose=False, autoping=False
@@ -140,7 +192,7 @@ class APIIngress(CoreSysAttributes):
        # Preparing
        url = self._create_url(addon, path)
-        source_header = _init_header(request, addon)
+        source_header = _init_header(request, addon, session_data)
        # Support GET query
        if request.query_string:
@@ -157,8 +209,8 @@ class APIIngress(CoreSysAttributes):
            # Proxy requests
            await asyncio.wait(
                [
-                    _websocket_forward(ws_server, ws_client),
+                    self.sys_create_task(_websocket_forward(ws_server, ws_client)),
-                    _websocket_forward(ws_client, ws_server),
+                    self.sys_create_task(_websocket_forward(ws_client, ws_server)),
                ],
                return_when=asyncio.FIRST_COMPLETED,
            )
@@ -166,12 +218,25 @@ class APIIngress(CoreSysAttributes):
        return ws_server
    async def _handle_request(
-        self, request: web.Request, addon: Addon, path: str
+        self,
-    ) -> Union[web.Response, web.StreamResponse]:
+        request: web.Request,
        addon: Addon,
        path: str,
        session_data: IngressSessionData | None,
    ) -> web.Response | web.StreamResponse:
        """Ingress route for request."""
        url = self._create_url(addon, path)
-        data = await request.read()
+        source_header = _init_header(request, addon, session_data)
-        source_header = _init_header(request, addon)
+
        # Passing the raw stream breaks requests for some webservers
        # since we just need it for POST requests really, for all other methods
        # we read the bytes and pass that to the request to the add-on
        # add-ons needs to add support with that in the configuration
        data = (
            request.content
            if request.method == "POST" and addon.ingress_stream
            else await request.read()
        )
        async with self.sys_websession.request(
            request.method,
@@ -180,12 +245,22 @@ class APIIngress(CoreSysAttributes):
            params=request.query,
            allow_redirects=False,
            data=data,
            timeout=ClientTimeout(total=None),
            skip_auto_headers={hdrs.CONTENT_TYPE},
        ) as result:
            headers = _response_header(result)
-
+            # Avoid parsing content_type in simple cases for better performance
            if maybe_content_type := result.headers.get(hdrs.CONTENT_TYPE):
                content_type = (maybe_content_type.partition(";"))[0].strip()
            else:
                content_type = result.content_type
            # Simple request
            if (
-                hdrs.CONTENT_LENGTH in result.headers
+                # empty body responses should not be streamed,
                # otherwise aiohttp < 3.9.0 may generate
                # an invalid "0\r\n\r\n" chunk instead of an empty response.
                must_be_empty_body(request.method, result.status)
                or hdrs.CONTENT_LENGTH in result.headers
                and int(result.headers.get(hdrs.CONTENT_LENGTH, 0)) < 4_194_000
            ):
                # Return Response
@@ -193,17 +268,18 @@ class APIIngress(CoreSysAttributes):
                return web.Response(
                    headers=headers,
                    status=result.status,
-                    content_type=result.content_type,
+                    content_type=content_type,
                    body=body,
                )
            # Stream response
            response = web.StreamResponse(status=result.status, headers=headers)
-            response.content_type = result.content_type
+            response.content_type = content_type
            try:
                response.headers["X-Accel-Buffering"] = "no"
                await response.prepare(request)
-                async for data in result.content.iter_chunked(4096):
+                async for data, _ in result.content.iter_chunks():
                    await response.write(data)
            except (
@@ -215,39 +291,66 @@ class APIIngress(CoreSysAttributes):
            return response
    async def _find_user_by_id(self, user_id: str) -> IngressSessionDataUser | None:
        """Find user object by the user's ID."""
        try:
            list_of_users = await self.sys_homeassistant.get_users()
        except (HomeAssistantAPIError, TypeError) as err:
            _LOGGER.error(
                "%s error occurred while requesting list of users: %s", type(err), err
            )
            return None
        if list_of_users is not None:
            self._list_of_users = list_of_users
        return next((user for user in self._list_of_users if user.id == user_id), None)
 def _init_header(
-    request: web.Request, addon: str
+    request: web.Request, addon: Addon, session_data: IngressSessionData | None
-) -> Union[CIMultiDict, Dict[str, str]]:
+) -> CIMultiDict[str]:
    """Create initial header."""
-    headers = {}
+    headers = CIMultiDict[str]()
    if session_data is not None:
        headers[HEADER_REMOTE_USER_ID] = session_data.user.id
        if session_data.user.username is not None:
            headers[HEADER_REMOTE_USER_NAME] = session_data.user.username
        if session_data.user.display_name is not None:
            headers[HEADER_REMOTE_USER_DISPLAY_NAME] = session_data.user.display_name
    # filter flags
    for name, value in request.headers.items():
        if name in (
            hdrs.CONTENT_LENGTH,
            hdrs.CONTENT_ENCODING,
            hdrs.TRANSFER_ENCODING,
            hdrs.SEC_WEBSOCKET_EXTENSIONS,
            hdrs.SEC_WEBSOCKET_PROTOCOL,
            hdrs.SEC_WEBSOCKET_VERSION,
            hdrs.SEC_WEBSOCKET_KEY,
            istr(HEADER_TOKEN),
            istr(HEADER_TOKEN_OLD),
            istr(HEADER_REMOTE_USER_ID),
            istr(HEADER_REMOTE_USER_NAME),
            istr(HEADER_REMOTE_USER_DISPLAY_NAME),
        ):
            continue
-        headers[name] = value
+        headers.add(name, value)
    # Update X-Forwarded-For
-    forward_for = request.headers.get(hdrs.X_FORWARDED_FOR)
+    if request.transport:
-    connected_ip = ip_address(request.transport.get_extra_info("peername")[0])
+        forward_for = request.headers.get(hdrs.X_FORWARDED_FOR)
-    headers[hdrs.X_FORWARDED_FOR] = f"{forward_for}, {connected_ip!s}"
+        connected_ip = ip_address(request.transport.get_extra_info("peername")[0])
        headers[hdrs.X_FORWARDED_FOR] = f"{forward_for}, {connected_ip!s}"
    return headers
-def _response_header(response: aiohttp.ClientResponse) -> Dict[str, str]:
+def _response_header(response: aiohttp.ClientResponse) -> CIMultiDict[str]:
    """Create response header."""
-    headers = {}
+    headers = CIMultiDict[str]()
    for name, value in response.headers.items():
        if name in (
@@ -257,7 +360,7 @@ def _response_header(response: aiohttp.ClientResponse) -> Dict[str, str]:
            hdrs.CONTENT_ENCODING,
        ):
            continue
-        headers[name] = value
+        headers.add(name, value)
    return headers
--- a/supervisor/api/jobs.py
+++ b/supervisor/api/jobs.py
@@ -1,12 +1,16 @@
 """Init file for Supervisor Jobs RESTful API."""
 import logging
-from typing import Any, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError, APINotFound, JobNotFound
 from ..jobs import SupervisorJob
 from ..jobs.const import ATTR_IGNORE_CONDITIONS, JobCondition
 from .const import ATTR_JOBS
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -19,11 +23,68 @@ SCHEMA_OPTIONS = vol.Schema(
 class APIJobs(CoreSysAttributes):
    """Handle RESTful API for OS functions."""
    def _extract_job(self, request: web.Request) -> SupervisorJob:
        """Extract job from request or raise."""
        try:
            return self.sys_jobs.get_job(request.match_info["uuid"])
        except JobNotFound:
            raise APINotFound("Job does not exist") from None
    def _list_jobs(self, start: SupervisorJob | None = None) -> list[dict[str, Any]]:
        """Return current job tree.
        Jobs are added to cache as they are created so by default they are in oldest to newest.
        This is correct ordering for child jobs as it makes logical sense to present those in
        the order they occurred within the parent. For the list as a whole, sort from newest
        to oldest as its likely any client is most interested in the newer ones.
        """
        # Initially sort oldest to newest so all child lists end up in correct order
        jobs_by_parent: dict[str | None, list[SupervisorJob]] = {}
        for job in sorted(self.sys_jobs.jobs):
            if job.internal:
                continue
            if job.parent_id not in jobs_by_parent:
                jobs_by_parent[job.parent_id] = [job]
            else:
                jobs_by_parent[job.parent_id].append(job)
        # After parent-child organization, sort the root jobs only from newest to oldest
        job_list: list[dict[str, Any]] = []
        queue: list[tuple[list[dict[str, Any]], SupervisorJob]] = (
            [(job_list, start)]
            if start
            else [
                (job_list, job)
                for job in sorted(jobs_by_parent.get(None, []), reverse=True)
            ]
        )
        while queue:
            (current_list, current_job) = queue.pop(0)
            child_jobs: list[dict[str, Any]] = []
            # We remove parent_id and instead use that info to represent jobs as a tree
            job_dict = current_job.as_dict() | {"child_jobs": child_jobs}
            job_dict.pop("parent_id")
            current_list.append(job_dict)
            if current_job.uuid in jobs_by_parent:
                queue.extend(
                    [
                        (child_jobs, job)
                        for job in jobs_by_parent.get(current_job.uuid, [])
                    ]
                )
        return job_list
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return JobManager information."""
        return {
            ATTR_IGNORE_CONDITIONS: self.sys_jobs.ignore_conditions,
            ATTR_JOBS: self._list_jobs(),
        }
    @api_process
@@ -34,9 +95,27 @@ class APIJobs(CoreSysAttributes):
        if ATTR_IGNORE_CONDITIONS in body:
            self.sys_jobs.ignore_conditions = body[ATTR_IGNORE_CONDITIONS]
-        self.sys_jobs.save_data()
+        await self.sys_jobs.save_data()
        await self.sys_resolution.evaluate.evaluate_system()
    @api_process
    async def reset(self, request: web.Request) -> None:
        """Reset options for JobManager."""
-        self.sys_jobs.reset_data()
+        await self.sys_jobs.reset_data()
    @api_process
    async def job_info(self, request: web.Request) -> dict[str, Any]:
        """Get details of a job by ID."""
        job = self._extract_job(request)
        return self._list_jobs(job)[0]
    @api_process
    async def remove_job(self, request: web.Request) -> None:
        """Remove a completed job."""
        job = self._extract_job(request)
        if not job.done:
            raise APIError(f"Job {job.uuid} is not done!")
        self.sys_jobs.remove_job(job)
--- a/supervisor/api/middleware/init.py
+++ b/supervisor/api/middleware/init.py
@@ -0,0 +1 @@
 """API middleware for aiohttp."""
--- a/supervisor/api/middleware/security.py
+++ b/supervisor/api/middleware/security.py
@@ -0,0 +1,322 @@
 """Handle security part of this API."""
 from collections.abc import Callable
 import logging
 import re
 from typing import Final
 from urllib.parse import unquote
 from aiohttp.web import Request, Response, middleware
 from aiohttp.web_exceptions import HTTPBadRequest, HTTPForbidden, HTTPUnauthorized
 from awesomeversion import AwesomeVersion
 from supervisor.homeassistant.const import LANDINGPAGE
 from ...addons.const import RE_SLUG
 from ...const import (
    REQUEST_FROM,
    ROLE_ADMIN,
    ROLE_BACKUP,
    ROLE_DEFAULT,
    ROLE_HOMEASSISTANT,
    ROLE_MANAGER,
    VALID_API_STATES,
 )
 from ...coresys import CoreSys, CoreSysAttributes
 from ...utils import version_is_new_enough
 from ..utils import api_return_error, extract_supervisor_token
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 _CORE_VERSION: Final = AwesomeVersion("2023.3.4")
 # fmt: off
 _CORE_FRONTEND_PATHS: Final = (
    r"|/app/.*\.(?:js|gz|json|map|woff2)"
    r"|/(store/)?addons/" + RE_SLUG + r"/(logo|icon)"
 )
 CORE_FRONTEND: Final = re.compile(
    r"^(?:" + _CORE_FRONTEND_PATHS + r")$"
 )
 # Block Anytime
 BLACKLIST: Final = re.compile(
    r"^(?:"
    r"|/homeassistant/api/hassio/.*"
    r"|/core/api/hassio/.*"
    r")$"
 )
 # Free to call or have own security concepts
 NO_SECURITY_CHECK: Final = re.compile(
    r"^(?:"
    r"|/homeassistant/api/.*"
    r"|/homeassistant/websocket"
    r"|/core/api/.*"
    r"|/core/websocket"
    r"|/supervisor/ping"
    r"|/ingress/[-_A-Za-z0-9]+/.*"
    + _CORE_FRONTEND_PATHS
    + r")$"
 )
 # Observer allow API calls
 OBSERVER_CHECK: Final = re.compile(
    r"^(?:"
    r"|/.+/info"
    r")$"
 )
 # Can called by every add-on
 ADDONS_API_BYPASS: Final = re.compile(
    r"^(?:"
    r"|/addons/self/(?!security|update)[^/]+"
    r"|/addons/self/options/config"
    r"|/info"
    r"|/services.*"
    r"|/discovery.*"
    r"|/auth"
    r")$"
 )
 # Home Assistant only
 CORE_ONLY_PATHS: Final = re.compile(
    r"^(?:"
    r"/addons/" + RE_SLUG + "/sys_options"
    r")$"
 )
 # Policy role add-on API access
 ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
    ROLE_DEFAULT: re.compile(
        r"^(?:"
        r"|/.+/info"
        r")$"
    ),
    ROLE_HOMEASSISTANT: re.compile(
        r"^(?:"
        r"|/.+/info"
        r"|/core/.+"
        r"|/homeassistant/.+"
        r")$"
    ),
    ROLE_BACKUP: re.compile(
        r"^(?:"
        r"|/.+/info"
        r"|/backups.*"
        r")$"
    ),
    ROLE_MANAGER: re.compile(
        r"^(?:"
        r"|/.+/info"
        r"|/addons(?:/" + RE_SLUG + r"/(?!security).+|/reload)?"
        r"|/audio/.+"
        r"|/auth/cache"
        r"|/available_updates"
        r"|/backups.*"
        r"|/cli/.+"
        r"|/core/.+"
        r"|/dns/.+"
        r"|/docker/.+"
        r"|/jobs/.+"
        r"|/hardware/.+"
        r"|/hassos/.+"
        r"|/homeassistant/.+"
        r"|/host/.+"
        r"|/mounts.*"
        r"|/multicast/.+"
        r"|/network/.+"
        r"|/observer/.+"
        r"|/os/(?!datadisk/wipe).+"
        r"|/refresh_updates"
        r"|/resolution/.+"
        r"|/security/.+"
        r"|/snapshots.*"
        r"|/store.*"
        r"|/supervisor/.+"
        r")$"
    ),
    ROLE_ADMIN: re.compile(
        r".*"
    ),
 }
 FILTERS: Final = re.compile(
    r"(?:"
    # Common exploits
    r"proc/self/environ"
    r"|(<|%3C).*script.*(>|%3E)"
    # File Injections
    r"|(\.\.//?)+"  # ../../anywhere
    r"|[a-zA-Z0-9_]=/([a-z0-9_.]//?)+"  # .html?v=/.//test
    # SQL Injections
    r"|union.*select.*\("
    r"|union.*all.*select.*"
    r"|concat.*\("
    r")",
    flags=re.IGNORECASE,
 )
 # fmt: on
 class SecurityMiddleware(CoreSysAttributes):
    """Security middleware functions."""
    def __init__(self, coresys: CoreSys):
        """Initialize security middleware."""
        self.coresys: CoreSys = coresys
    def _recursive_unquote(self, value: str) -> str:
        """Handle values that are encoded multiple times."""
        if (unquoted := unquote(value)) != value:
            unquoted = self._recursive_unquote(unquoted)
        return unquoted
    @middleware
    async def block_bad_requests(self, request: Request, handler: Callable) -> Response:
        """Process request and tblock commonly known exploit attempts."""
        if FILTERS.search(self._recursive_unquote(request.path)):
            _LOGGER.warning(
                "Filtered a potential harmful request to: %s", request.raw_path
            )
            raise HTTPBadRequest
        if FILTERS.search(self._recursive_unquote(request.query_string)):
            _LOGGER.warning(
                "Filtered a request with a potential harmful query string: %s",
                request.raw_path,
            )
            raise HTTPBadRequest
        return await handler(request)
    @middleware
    async def system_validation(self, request: Request, handler: Callable) -> Response:
        """Check if core is ready to response."""
        if self.sys_core.state not in VALID_API_STATES:
            return api_return_error(
                message=f"System is not ready with state: {self.sys_core.state}"
            )
        return await handler(request)
    @middleware
    async def token_validation(self, request: Request, handler: Callable) -> Response:
        """Check security access of this layer."""
        request_from: CoreSysAttributes | None = None
        supervisor_token = extract_supervisor_token(request)
        # Blacklist
        if BLACKLIST.match(request.path):
            _LOGGER.error("%s is blacklisted!", request.path)
            raise HTTPForbidden()
        # Ignore security check
        if NO_SECURITY_CHECK.match(request.path):
            _LOGGER.debug("Passthrough %s", request.path)
            request[REQUEST_FROM] = None
            return await handler(request)
        # Not token
        if not supervisor_token:
            _LOGGER.warning("No API token provided for %s", request.path)
            raise HTTPUnauthorized()
        # Home-Assistant
        if supervisor_token == self.sys_homeassistant.supervisor_token:
            _LOGGER.debug("%s access from Home Assistant", request.path)
            request_from = self.sys_homeassistant
        elif CORE_ONLY_PATHS.match(request.path):
            _LOGGER.warning("Attempted access to %s from client besides Home Assistant")
            raise HTTPForbidden()
        # Host
        if supervisor_token == self.sys_plugins.cli.supervisor_token:
            _LOGGER.debug("%s access from Host", request.path)
            request_from = self.sys_host
        # Observer
        if supervisor_token == self.sys_plugins.observer.supervisor_token:
            if not OBSERVER_CHECK.match(request.path):
                _LOGGER.warning("%s invalid Observer access", request.path)
                raise HTTPForbidden()
            _LOGGER.debug("%s access from Observer", request.path)
            request_from = self.sys_plugins.observer
        # Add-on
        addon = None
        if supervisor_token and not request_from:
            addon = self.sys_addons.from_token(supervisor_token)
        # Check Add-on API access
        if addon and ADDONS_API_BYPASS.match(request.path):
            _LOGGER.debug("Passthrough %s from %s", request.path, addon.slug)
            request_from = addon
        elif addon and addon.access_hassio_api:
            # Check Role
            if ADDONS_ROLE_ACCESS[addon.hassio_role].match(request.path):
                _LOGGER.info("%s access from %s", request.path, addon.slug)
                request_from = addon
            else:
                _LOGGER.warning("%s no role for %s", request.path, addon.slug)
        elif addon:
            _LOGGER.warning(
                "%s missing API permission for %s", addon.slug, request.path
            )
        if request_from:
            request[REQUEST_FROM] = request_from
            return await handler(request)
        _LOGGER.error("Invalid token for access %s", request.path)
        raise HTTPForbidden()
    @middleware
    async def core_proxy(self, request: Request, handler: Callable) -> Response:
        """Validate user from Core API proxy."""
        if (
            request[REQUEST_FROM] != self.sys_homeassistant
            or self.sys_homeassistant.version == LANDINGPAGE
            or version_is_new_enough(self.sys_homeassistant.version, _CORE_VERSION)
        ):
            return await handler(request)
        authorization_index: int | None = None
        content_type_index: int | None = None
        user_request: bool = False
        admin_request: bool = False
        ingress_request: bool = False
        for idx, (key, value) in enumerate(request.raw_headers):
            if key in (b"Authorization", b"X-Hassio-Key"):
                authorization_index = idx
            elif key == b"Content-Type":
                content_type_index = idx
            elif key == b"X-Hass-User-ID":
                user_request = True
            elif key == b"X-Hass-Is-Admin":
                admin_request = value == b"1"
            elif key == b"X-Ingress-Path":
                ingress_request = True
        if (user_request or admin_request) and not ingress_request:
            return await handler(request)
        is_proxy_request = (
            authorization_index is not None
            and content_type_index is not None
            and content_type_index - authorization_index == 1
        )
        if (
            not CORE_FRONTEND.match(request.path) and is_proxy_request
        ) or ingress_request:
            raise HTTPBadRequest()
        return await handler(request)
--- a/supervisor/api/mounts.py
+++ b/supervisor/api/mounts.py
@@ -0,0 +1,138 @@
 """Inits file for supervisor mounts REST API."""
 from typing import Any, cast
 from aiohttp import web
 import voluptuous as vol
 from ..const import ATTR_NAME, ATTR_STATE
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError, APINotFound
 from ..mounts.const import ATTR_DEFAULT_BACKUP_MOUNT, MountUsage
 from ..mounts.mount import Mount
 from ..mounts.validate import SCHEMA_MOUNT_CONFIG, MountData
 from .const import ATTR_MOUNTS, ATTR_USER_PATH
 from .utils import api_process, api_validate
 SCHEMA_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_DEFAULT_BACKUP_MOUNT): vol.Maybe(str),
    }
 )
 class APIMounts(CoreSysAttributes):
    """Handle REST API for mounting options."""
    def _extract_mount(self, request: web.Request) -> Mount:
        """Extract mount from request or raise."""
        name = request.match_info["mount"]
        if name not in self.sys_mounts:
            raise APINotFound(f"No mount exists with name {name}")
        return self.sys_mounts.get(name)
    @api_process
    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return MountManager info."""
        return {
            ATTR_DEFAULT_BACKUP_MOUNT: self.sys_mounts.default_backup_mount.name
            if self.sys_mounts.default_backup_mount
            else None,
            ATTR_MOUNTS: [
                mount.to_dict()
                | {
                    ATTR_STATE: mount.state,
                    ATTR_USER_PATH: mount.container_where.as_posix()
                    if mount.container_where
                    else None,
                }
                for mount in self.sys_mounts.mounts
            ],
        }
    @api_process
    async def options(self, request: web.Request) -> None:
        """Set Mount Manager options."""
        body = await api_validate(SCHEMA_OPTIONS, request)
        if ATTR_DEFAULT_BACKUP_MOUNT in body:
            name: str | None = body[ATTR_DEFAULT_BACKUP_MOUNT]
            if name is None:
                self.sys_mounts.default_backup_mount = None
            elif (mount := self.sys_mounts.get(name)).usage != MountUsage.BACKUP:
                raise APIError(
                    f"Mount {name} is not used for backups, cannot use it as default backup mount"
                )
            else:
                self.sys_mounts.default_backup_mount = mount
        await self.sys_mounts.save_data()
    @api_process
    async def create_mount(self, request: web.Request) -> None:
        """Create a new mount in supervisor."""
        body = cast(MountData, await api_validate(SCHEMA_MOUNT_CONFIG, request))
        if body["name"] in self.sys_mounts:
            raise APIError(f"A mount already exists with name {body['name']}")
        mount = Mount.from_dict(self.coresys, body)
        await self.sys_mounts.create_mount(mount)
        # If it's a backup mount, reload backups
        if mount.usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
            # If there's no default backup mount, set it to the new mount
            if not self.sys_mounts.default_backup_mount:
                self.sys_mounts.default_backup_mount = mount
        await self.sys_mounts.save_data()
    @api_process
    async def update_mount(self, request: web.Request) -> None:
        """Update an existing mount in supervisor."""
        current = self._extract_mount(request)
        name_schema = vol.Schema(
            {vol.Optional(ATTR_NAME, default=current.name): current.name},
            extra=vol.ALLOW_EXTRA,
        )
        body = cast(
            MountData,
            await api_validate(vol.All(name_schema, SCHEMA_MOUNT_CONFIG), request),
        )
        mount = Mount.from_dict(self.coresys, body)
        await self.sys_mounts.create_mount(mount)
        # If it's a backup mount, reload backups
        if mount.usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
        # If this mount was the default backup mount and isn't for backups any more, remove it
        elif self.sys_mounts.default_backup_mount == mount:
            self.sys_mounts.default_backup_mount = None
        await self.sys_mounts.save_data()
    @api_process
    async def delete_mount(self, request: web.Request) -> None:
        """Delete an existing mount in supervisor."""
        current = self._extract_mount(request)
        mount = await self.sys_mounts.remove_mount(current.name)
        # If it was a backup mount, reload backups
        if mount.usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
        await self.sys_mounts.save_data()
    @api_process
    async def reload_mount(self, request: web.Request) -> None:
        """Reload an existing mount in supervisor."""
        mount = self._extract_mount(request)
        await self.sys_mounts.reload_mount(mount.name)
        # If it's a backup mount, reload backups
        if mount.usage == MountUsage.BACKUP:
            self.sys_create_task(self.sys_backups.reload())
--- a/supervisor/api/multicast.py
+++ b/supervisor/api/multicast.py
@@ -1,7 +1,9 @@
 """Init file for Supervisor Multicast RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -18,12 +20,11 @@ from ..const import (
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
    CONTENT_TYPE_BINARY,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import version_tag
-from .utils import api_process, api_process_raw, api_validate
+from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -34,7 +35,7 @@ class APIMulticast(CoreSysAttributes):
    """Handle RESTful API for Multicast functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return Multicast information."""
        return {
            ATTR_VERSION: self.sys_plugins.multicast.version,
@@ -43,7 +44,7 @@ class APIMulticast(CoreSysAttributes):
        }
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.multicast.stats()
@@ -68,11 +69,6 @@ class APIMulticast(CoreSysAttributes):
            raise APIError(f"Version {version} is already in use")
        await asyncio.shield(self.sys_plugins.multicast.update(version))
    @api_process_raw(CONTENT_TYPE_BINARY)
    def logs(self, request: web.Request) -> Awaitable[bytes]:
        """Return Multicast Docker logs."""
        return self.sys_plugins.multicast.logs()
    @api_process
    def restart(self, request: web.Request) -> Awaitable[None]:
        """Restart Multicast plugin."""
--- a/supervisor/api/network.py
+++ b/supervisor/api/network.py
@@ -1,14 +1,16 @@
 """REST API for network."""
 import asyncio
-from ipaddress import ip_address, ip_interface
+from collections.abc import Awaitable
-from typing import Any, Awaitable, Dict
+from ipaddress import IPv4Address, IPv4Interface, IPv6Address, IPv6Interface
 from typing import Any
 from aiohttp import web
 import attr
 import voluptuous as vol
 from ..const import (
    ATTR_ACCESSPOINTS,
    ATTR_ADDR_GEN_MODE,
    ATTR_ADDRESS,
    ATTR_AUTH,
    ATTR_CONNECTED,
@@ -21,6 +23,7 @@ from ..const import (
    ATTR_ID,
    ATTR_INTERFACE,
    ATTR_INTERFACES,
    ATTR_IP6_PRIVACY,
    ATTR_IPV4,
    ATTR_IPV6,
    ATTR_MAC,
@@ -30,34 +33,50 @@ from ..const import (
    ATTR_PARENT,
    ATTR_PRIMARY,
    ATTR_PSK,
    ATTR_READY,
    ATTR_SIGNAL,
    ATTR_SSID,
    ATTR_SUPERVISOR_INTERNET,
    ATTR_TYPE,
    ATTR_VLAN,
    ATTR_WIFI,
    DOCKER_IPV4_NETWORK_MASK,
    DOCKER_NETWORK,
    DOCKER_NETWORK_MASK,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError, HostNetworkNotFound
+from ..exceptions import APIError, APINotFound, HostNetworkNotFound
-from ..host.const import AuthMethod, InterfaceType, WifiMode
+from ..host.configuration import (
 from ..host.network import (
    AccessPoint,
    Interface,
    InterfaceAddrGenMode,
    InterfaceIp6Privacy,
    InterfaceMethod,
    Ip6Setting,
    IpConfig,
    IpSetting,
    VlanConfig,
    WifiConfig,
 )
 from ..host.const import AuthMethod, InterfaceType, WifiMode
 from .utils import api_process, api_validate
-_SCHEMA_IP_CONFIG = vol.Schema(
+_SCHEMA_IPV4_CONFIG = vol.Schema(
    {
-        vol.Optional(ATTR_ADDRESS): [vol.Coerce(ip_interface)],
+        vol.Optional(ATTR_ADDRESS): [vol.Coerce(IPv4Interface)],
        vol.Optional(ATTR_METHOD): vol.Coerce(InterfaceMethod),
-        vol.Optional(ATTR_GATEWAY): vol.Coerce(ip_address),
+        vol.Optional(ATTR_GATEWAY): vol.Coerce(IPv4Address),
-        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(ip_address)],
+        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(IPv4Address)],
    }
 )
 _SCHEMA_IPV6_CONFIG = vol.Schema(
    {
        vol.Optional(ATTR_ADDRESS): [vol.Coerce(IPv6Interface)],
        vol.Optional(ATTR_METHOD): vol.Coerce(InterfaceMethod),
        vol.Optional(ATTR_ADDR_GEN_MODE): vol.Coerce(InterfaceAddrGenMode),
        vol.Optional(ATTR_IP6_PRIVACY): vol.Coerce(InterfaceIp6Privacy),
        vol.Optional(ATTR_GATEWAY): vol.Coerce(IPv6Address),
        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(IPv6Address)],
    }
 )
@@ -74,25 +93,39 @@ _SCHEMA_WIFI_CONFIG = vol.Schema(
 # pylint: disable=no-value-for-parameter
 SCHEMA_UPDATE = vol.Schema(
    {
-        vol.Optional(ATTR_IPV4): _SCHEMA_IP_CONFIG,
+        vol.Optional(ATTR_IPV4): _SCHEMA_IPV4_CONFIG,
-        vol.Optional(ATTR_IPV6): _SCHEMA_IP_CONFIG,
+        vol.Optional(ATTR_IPV6): _SCHEMA_IPV6_CONFIG,
        vol.Optional(ATTR_WIFI): _SCHEMA_WIFI_CONFIG,
        vol.Optional(ATTR_ENABLED): vol.Boolean(),
    }
 )
-def ipconfig_struct(config: IpConfig) -> Dict[str, Any]:
+def ip4config_struct(config: IpConfig, setting: IpSetting) -> dict[str, Any]:
-    """Return a dict with information about ip configuration."""
+    """Return a dict with information about IPv4 configuration."""
    return {
-        ATTR_METHOD: config.method,
+        ATTR_METHOD: setting.method,
        ATTR_ADDRESS: [address.with_prefixlen for address in config.address],
        ATTR_NAMESERVERS: [str(address) for address in config.nameservers],
        ATTR_GATEWAY: str(config.gateway) if config.gateway else None,
        ATTR_READY: config.ready,
    }
-def wifi_struct(config: WifiConfig) -> Dict[str, Any]:
+def ip6config_struct(config: IpConfig, setting: Ip6Setting) -> dict[str, Any]:
    """Return a dict with information about IPv6 configuration."""
    return {
        ATTR_METHOD: setting.method,
        ATTR_ADDR_GEN_MODE: setting.addr_gen_mode,
        ATTR_IP6_PRIVACY: setting.ip6_privacy,
        ATTR_ADDRESS: [address.with_prefixlen for address in config.address],
        ATTR_NAMESERVERS: [str(address) for address in config.nameservers],
        ATTR_GATEWAY: str(config.gateway) if config.gateway else None,
        ATTR_READY: config.ready,
    }
 def wifi_struct(config: WifiConfig) -> dict[str, Any]:
    """Return a dict with information about wifi configuration."""
    return {
        ATTR_MODE: config.mode,
@@ -102,7 +135,7 @@ def wifi_struct(config: WifiConfig) -> Dict[str, Any]:
    }
-def vlan_struct(config: VlanConfig) -> Dict[str, Any]:
+def vlan_struct(config: VlanConfig) -> dict[str, Any]:
    """Return a dict with information about VLAN configuration."""
    return {
        ATTR_ID: config.id,
@@ -110,7 +143,7 @@ def vlan_struct(config: VlanConfig) -> Dict[str, Any]:
    }
-def interface_struct(interface: Interface) -> Dict[str, Any]:
+def interface_struct(interface: Interface) -> dict[str, Any]:
    """Return a dict with information of a interface to be used in th API."""
    return {
        ATTR_INTERFACE: interface.name,
@@ -118,14 +151,19 @@ def interface_struct(interface: Interface) -> Dict[str, Any]:
        ATTR_ENABLED: interface.enabled,
        ATTR_CONNECTED: interface.connected,
        ATTR_PRIMARY: interface.primary,
-        ATTR_IPV4: ipconfig_struct(interface.ipv4) if interface.ipv4 else None,
+        ATTR_MAC: interface.mac,
-        ATTR_IPV6: ipconfig_struct(interface.ipv6) if interface.ipv6 else None,
+        ATTR_IPV4: ip4config_struct(interface.ipv4, interface.ipv4setting)
        if interface.ipv4 and interface.ipv4setting
        else None,
        ATTR_IPV6: ip6config_struct(interface.ipv6, interface.ipv6setting)
        if interface.ipv6 and interface.ipv6setting
        else None,
        ATTR_WIFI: wifi_struct(interface.wifi) if interface.wifi else None,
        ATTR_VLAN: vlan_struct(interface.vlan) if interface.vlan else None,
    }
-def accesspoint_struct(accesspoint: AccessPoint) -> Dict[str, Any]:
+def accesspoint_struct(accesspoint: AccessPoint) -> dict[str, Any]:
    """Return a dict for AccessPoint."""
    return {
        ATTR_MODE: accesspoint.mode,
@@ -141,9 +179,7 @@ class APINetwork(CoreSysAttributes):
    def _get_interface(self, name: str) -> Interface:
        """Get Interface by name or default."""
-        name = name.lower()
+        if name.lower() == "default":
        if name == "default":
            for interface in self.sys_host.network.interfaces:
                if not interface.primary:
                    continue
@@ -155,10 +191,10 @@ class APINetwork(CoreSysAttributes):
            except HostNetworkNotFound:
                pass
-        raise APIError(f"Interface {name} does not exsist") from None
+        raise APINotFound(f"Interface {name} does not exist") from None
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return network information."""
        return {
            ATTR_INTERFACES: [
@@ -167,7 +203,7 @@ class APINetwork(CoreSysAttributes):
            ],
            ATTR_DOCKER: {
                ATTR_INTERFACE: DOCKER_NETWORK,
-                ATTR_ADDRESS: str(DOCKER_NETWORK_MASK),
+                ATTR_ADDRESS: str(DOCKER_IPV4_NETWORK_MASK),
                ATTR_GATEWAY: str(self.sys_docker.network.gateway),
                ATTR_DNS: str(self.sys_docker.network.dns),
            },
@@ -176,16 +212,16 @@ class APINetwork(CoreSysAttributes):
        }
    @api_process
-    async def interface_info(self, request: web.Request) -> Dict[str, Any]:
+    async def interface_info(self, request: web.Request) -> dict[str, Any]:
        """Return network information for a interface."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
        return interface_struct(interface)
    @api_process
    async def interface_update(self, request: web.Request) -> None:
        """Update the configuration of an interface."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
        # Validate data
        body = await api_validate(SCHEMA_UPDATE, request)
@@ -195,22 +231,32 @@ class APINetwork(CoreSysAttributes):
        # Apply config
        for key, config in body.items():
            if key == ATTR_IPV4:
-                interface.ipv4 = attr.evolve(
+                interface.ipv4setting = IpSetting(
-                    interface.ipv4 or IpConfig(InterfaceMethod.STATIC, [], None, []),
+                    method=config.get(ATTR_METHOD, InterfaceMethod.STATIC),
-                    **config,
+                    address=config.get(ATTR_ADDRESS, []),
                    gateway=config.get(ATTR_GATEWAY),
                    nameservers=config.get(ATTR_NAMESERVERS, []),
                )
            elif key == ATTR_IPV6:
-                interface.ipv6 = attr.evolve(
+                interface.ipv6setting = Ip6Setting(
-                    interface.ipv6 or IpConfig(InterfaceMethod.STATIC, [], None, []),
+                    method=config.get(ATTR_METHOD, InterfaceMethod.STATIC),
-                    **config,
+                    addr_gen_mode=config.get(
                        ATTR_ADDR_GEN_MODE, InterfaceAddrGenMode.DEFAULT
                    ),
                    ip6_privacy=config.get(
                        ATTR_IP6_PRIVACY, InterfaceIp6Privacy.DEFAULT
                    ),
                    address=config.get(ATTR_ADDRESS, []),
                    gateway=config.get(ATTR_GATEWAY),
                    nameservers=config.get(ATTR_NAMESERVERS, []),
                )
            elif key == ATTR_WIFI:
-                interface.wifi = attr.evolve(
+                interface.wifi = WifiConfig(
-                    interface.wifi
+                    mode=config.get(ATTR_MODE, WifiMode.INFRASTRUCTURE),
-                    or WifiConfig(
+                    ssid=config.get(ATTR_SSID, ""),
-                        WifiMode.INFRASTRUCTURE, "", AuthMethod.OPEN, None, None
+                    auth=config.get(ATTR_AUTH, AuthMethod.OPEN),
-                    ),
+                    psk=config.get(ATTR_PSK, None),
-                    **config,
+                    signal=None,
                )
            elif key == ATTR_ENABLED:
                interface.enabled = config
@@ -220,12 +266,14 @@ class APINetwork(CoreSysAttributes):
    @api_process
    def reload(self, request: web.Request) -> Awaitable[None]:
        """Reload network data."""
-        return asyncio.shield(self.sys_host.network.update())
+        return asyncio.shield(
            self.sys_host.network.update(force_connectivity_check=True)
        )
    @api_process
-    async def scan_accesspoints(self, request: web.Request) -> Dict[str, Any]:
+    async def scan_accesspoints(self, request: web.Request) -> dict[str, Any]:
        """Scan and return a list of available networks."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
        # Only wlan is supported
        if interface.type != InterfaceType.WIRELESS:
@@ -238,8 +286,10 @@ class APINetwork(CoreSysAttributes):
    @api_process
    async def create_vlan(self, request: web.Request) -> None:
        """Create a new vlan."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
-        vlan = int(request.match_info.get(ATTR_VLAN))
+        vlan = int(request.match_info.get(ATTR_VLAN, -1))
        if vlan < 0:
            raise APIError(f"Invalid vlan specified: {vlan}")
        # Only ethernet is supported
        if interface.type != InterfaceType.ETHERNET:
@@ -250,32 +300,42 @@ class APINetwork(CoreSysAttributes):
        vlan_config = VlanConfig(vlan, interface.name)
-        ipv4_config = None
+        ipv4_setting = None
        if ATTR_IPV4 in body:
-            ipv4_config = IpConfig(
+            ipv4_setting = IpSetting(
-                body[ATTR_IPV4].get(ATTR_METHOD, InterfaceMethod.AUTO),
+                method=body[ATTR_IPV4].get(ATTR_METHOD, InterfaceMethod.AUTO),
-                body[ATTR_IPV4].get(ATTR_ADDRESS, []),
+                address=body[ATTR_IPV4].get(ATTR_ADDRESS, []),
-                body[ATTR_IPV4].get(ATTR_GATEWAY, None),
+                gateway=body[ATTR_IPV4].get(ATTR_GATEWAY, None),
-                body[ATTR_IPV4].get(ATTR_NAMESERVERS, []),
+                nameservers=body[ATTR_IPV4].get(ATTR_NAMESERVERS, []),
            )
-        ipv6_config = None
+        ipv6_setting = None
        if ATTR_IPV6 in body:
-            ipv6_config = IpConfig(
+            ipv6_setting = Ip6Setting(
-                body[ATTR_IPV6].get(ATTR_METHOD, InterfaceMethod.AUTO),
+                method=body[ATTR_IPV6].get(ATTR_METHOD, InterfaceMethod.AUTO),
-                body[ATTR_IPV6].get(ATTR_ADDRESS, []),
+                addr_gen_mode=body[ATTR_IPV6].get(
-                body[ATTR_IPV6].get(ATTR_GATEWAY, None),
+                    ATTR_ADDR_GEN_MODE, InterfaceAddrGenMode.DEFAULT
-                body[ATTR_IPV6].get(ATTR_NAMESERVERS, []),
+                ),
                ip6_privacy=body[ATTR_IPV6].get(
                    ATTR_IP6_PRIVACY, InterfaceIp6Privacy.DEFAULT
                ),
                address=body[ATTR_IPV6].get(ATTR_ADDRESS, []),
                gateway=body[ATTR_IPV6].get(ATTR_GATEWAY, None),
                nameservers=body[ATTR_IPV6].get(ATTR_NAMESERVERS, []),
            )
        vlan_interface = Interface(
            "",
            "",
            "",
            True,
            True,
            False,
            InterfaceType.VLAN,
-            ipv4_config,
+            None,
-            ipv6_config,
+            ipv4_setting,
            None,
            ipv6_setting,
            None,
            vlan_config,
        )
--- a/supervisor/api/observer.py
+++ b/supervisor/api/observer.py
@@ -1,7 +1,8 @@
 """Init file for Supervisor Observer RESTful API."""
 import asyncio
 import logging
-from typing import Any, Dict
+from typing import Any
 from aiohttp import web
 import voluptuous as vol
@@ -33,7 +34,7 @@ class APIObserver(CoreSysAttributes):
    """Handle RESTful API for Observer functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return HA Observer information."""
        return {
            ATTR_HOST: str(self.sys_docker.network.observer),
@@ -43,7 +44,7 @@ class APIObserver(CoreSysAttributes):
        }
    @api_process
-    async def stats(self, request: web.Request) -> Dict[str, Any]:
+    async def stats(self, request: web.Request) -> dict[str, Any]:
        """Return resource information."""
        stats = await self.sys_plugins.observer.stats()
--- a/supervisor/api/os.py
+++ b/supervisor/api/os.py
@@ -1,50 +1,276 @@
 """Init file for Supervisor HassOS RESTful API."""
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable, Dict
+import re
 from typing import Any
 from aiohttp import web
 import voluptuous as vol
 from ..const import (
    ATTR_ACTIVITY_LED,
    ATTR_BOARD,
    ATTR_BOOT,
    ATTR_DEVICES,
    ATTR_DISK_LED,
    ATTR_HEARTBEAT_LED,
    ATTR_ID,
    ATTR_NAME,
    ATTR_POWER_LED,
    ATTR_SERIAL,
    ATTR_SIZE,
    ATTR_STATE,
    ATTR_SWAP_SIZE,
    ATTR_SWAPPINESS,
    ATTR_UPDATE_AVAILABLE,
    ATTR_VERSION,
    ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APINotFound, BoardInvalidError
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..validate import version_tag
 from .const import (
    ATTR_BOOT_SLOT,
    ATTR_BOOT_SLOTS,
    ATTR_DATA_DISK,
    ATTR_DEV_PATH,
    ATTR_DEVICE,
    ATTR_DISKS,
    ATTR_MODEL,
    ATTR_STATUS,
    ATTR_SYSTEM_HEALTH_LED,
    ATTR_VENDOR,
    BootSlot,
 )
 from .utils import api_process, api_validate
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 # pylint: disable=no-value-for-parameter
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 SCHEMA_SET_BOOT_SLOT = vol.Schema({vol.Required(ATTR_BOOT_SLOT): vol.Coerce(BootSlot)})
 SCHEMA_DISK = vol.Schema({vol.Required(ATTR_DEVICE): str})
 SCHEMA_YELLOW_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_DISK_LED): vol.Boolean(),
        vol.Optional(ATTR_HEARTBEAT_LED): vol.Boolean(),
        vol.Optional(ATTR_POWER_LED): vol.Boolean(),
    }
 )
 SCHEMA_GREEN_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_ACTIVITY_LED): vol.Boolean(),
        vol.Optional(ATTR_POWER_LED): vol.Boolean(),
        vol.Optional(ATTR_SYSTEM_HEALTH_LED): vol.Boolean(),
    }
 )
 RE_SWAP_SIZE = re.compile(r"^\d+([KMG](i?B)?|B)?$", re.IGNORECASE)
 SCHEMA_SWAP_OPTIONS = vol.Schema(
    {
        vol.Optional(ATTR_SWAP_SIZE): vol.Match(RE_SWAP_SIZE),
        vol.Optional(ATTR_SWAPPINESS): vol.All(int, vol.Range(min=0, max=200)),
    }
 )
 # pylint: enable=no-value-for-parameter
 class APIOS(CoreSysAttributes):
    """Handle RESTful API for OS functions."""
    @api_process
-    async def info(self, request: web.Request) -> Dict[str, Any]:
+    async def info(self, request: web.Request) -> dict[str, Any]:
        """Return OS information."""
        return {
-            ATTR_VERSION: self.sys_hassos.version,
+            ATTR_VERSION: self.sys_os.version,
-            ATTR_VERSION_LATEST: self.sys_hassos.latest_version,
+            ATTR_VERSION_LATEST: self.sys_os.latest_version,
-            ATTR_UPDATE_AVAILABLE: self.sys_hassos.need_update,
+            ATTR_UPDATE_AVAILABLE: self.sys_os.need_update,
-            ATTR_BOARD: self.sys_hassos.board,
+            ATTR_BOARD: self.sys_os.board,
            ATTR_BOOT: self.sys_dbus.rauc.boot_slot,
            ATTR_DATA_DISK: self.sys_os.datadisk.disk_used_id,
            ATTR_BOOT_SLOTS: {
                slot.bootname: {
                    ATTR_STATE: slot.state,
                    ATTR_STATUS: slot.boot_status,
                    ATTR_VERSION: slot.bundle_version,
                }
                for slot in self.sys_os.slots
                if slot.bootname
            },
        }
    @api_process
    async def update(self, request: web.Request) -> None:
        """Update OS."""
        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.sys_hassos.latest_version)
+        version = body.get(ATTR_VERSION, self.sys_os.latest_version)
-        await asyncio.shield(self.sys_hassos.update(version))
+        await asyncio.shield(self.sys_os.update(version))
    @api_process
    def config_sync(self, request: web.Request) -> Awaitable[None]:
        """Trigger config reload on OS."""
-        return asyncio.shield(self.sys_hassos.config_sync())
+        return asyncio.shield(self.sys_os.config_sync())
    @api_process
    async def migrate_data(self, request: web.Request) -> None:
        """Trigger data disk migration on Host."""
        body = await api_validate(SCHEMA_DISK, request)
        await asyncio.shield(self.sys_os.datadisk.migrate_disk(body[ATTR_DEVICE]))
    @api_process
    def wipe_data(self, request: web.Request) -> Awaitable[None]:
        """Trigger data disk wipe on Host."""
        return asyncio.shield(self.sys_os.datadisk.wipe_disk())
    @api_process
    async def set_boot_slot(self, request: web.Request) -> None:
        """Change the active boot slot and reboot into it."""
        body = await api_validate(SCHEMA_SET_BOOT_SLOT, request)
        await asyncio.shield(self.sys_os.set_boot_slot(body[ATTR_BOOT_SLOT]))
    @api_process
    async def list_data(self, request: web.Request) -> dict[str, Any]:
        """Return possible data targets."""
        return {
            ATTR_DEVICES: [disk.id for disk in self.sys_os.datadisk.available_disks],
            ATTR_DISKS: [
                {
                    ATTR_NAME: disk.name,
                    ATTR_VENDOR: disk.vendor,
                    ATTR_MODEL: disk.model,
                    ATTR_SERIAL: disk.serial,
                    ATTR_SIZE: disk.size,
                    ATTR_ID: disk.id,
                    ATTR_DEV_PATH: disk.device_path.as_posix(),
                }
                for disk in self.sys_os.datadisk.available_disks
            ],
        }
    @api_process
    async def boards_green_info(self, request: web.Request) -> dict[str, Any]:
        """Get green board settings."""
        return {
            ATTR_ACTIVITY_LED: self.sys_dbus.agent.board.green.activity_led,
            ATTR_POWER_LED: self.sys_dbus.agent.board.green.power_led,
            ATTR_SYSTEM_HEALTH_LED: self.sys_dbus.agent.board.green.user_led,
        }
    @api_process
    async def boards_green_options(self, request: web.Request) -> None:
        """Update green board settings."""
        body = await api_validate(SCHEMA_GREEN_OPTIONS, request)
        if ATTR_ACTIVITY_LED in body:
            await self.sys_dbus.agent.board.green.set_activity_led(
                body[ATTR_ACTIVITY_LED]
            )
        if ATTR_POWER_LED in body:
            await self.sys_dbus.agent.board.green.set_power_led(body[ATTR_POWER_LED])
        if ATTR_SYSTEM_HEALTH_LED in body:
            await self.sys_dbus.agent.board.green.set_user_led(
                body[ATTR_SYSTEM_HEALTH_LED]
            )
        await self.sys_dbus.agent.board.green.save_data()
    @api_process
    async def boards_yellow_info(self, request: web.Request) -> dict[str, Any]:
        """Get yellow board settings."""
        return {
            ATTR_DISK_LED: self.sys_dbus.agent.board.yellow.disk_led,
            ATTR_HEARTBEAT_LED: self.sys_dbus.agent.board.yellow.heartbeat_led,
            ATTR_POWER_LED: self.sys_dbus.agent.board.yellow.power_led,
        }
    @api_process
    async def boards_yellow_options(self, request: web.Request) -> None:
        """Update yellow board settings."""
        body = await api_validate(SCHEMA_YELLOW_OPTIONS, request)
        if ATTR_DISK_LED in body:
            await self.sys_dbus.agent.board.yellow.set_disk_led(body[ATTR_DISK_LED])
        if ATTR_HEARTBEAT_LED in body:
            await self.sys_dbus.agent.board.yellow.set_heartbeat_led(
                body[ATTR_HEARTBEAT_LED]
            )
        if ATTR_POWER_LED in body:
            await self.sys_dbus.agent.board.yellow.set_power_led(body[ATTR_POWER_LED])
        await self.sys_dbus.agent.board.yellow.save_data()
        self.sys_resolution.create_issue(
            IssueType.REBOOT_REQUIRED,
            ContextType.SYSTEM,
            suggestions=[SuggestionType.EXECUTE_REBOOT],
        )
    @api_process
    async def boards_other_info(self, request: web.Request) -> dict[str, Any]:
        """Empty success return if board is in use, error otherwise."""
        if request.match_info["board"] != self.sys_os.board:
            raise BoardInvalidError(
                f"{request.match_info['board']} board is not in use", _LOGGER.error
            )
        return {}
    @api_process
    async def config_swap_info(self, request: web.Request) -> dict[str, Any]:
        """Get swap settings."""
        if (
            not self.coresys.os.available
            or not self.coresys.os.version
            or self.coresys.os.version < "15.0"
        ):
            raise APINotFound(
                "Home Assistant OS 15.0 or newer required for swap settings"
            )
        return {
            ATTR_SWAP_SIZE: self.sys_dbus.agent.swap.swap_size,
            ATTR_SWAPPINESS: self.sys_dbus.agent.swap.swappiness,
        }
    @api_process
    async def config_swap_options(self, request: web.Request) -> None:
        """Update swap settings."""
        if (
            not self.coresys.os.available
            or not self.coresys.os.version
            or self.coresys.os.version < "15.0"
        ):
            raise APINotFound(
                "Home Assistant OS 15.0 or newer required for swap settings"
            )
        body = await api_validate(SCHEMA_SWAP_OPTIONS, request)
        reboot_required = False
        if ATTR_SWAP_SIZE in body:
            old_size = self.sys_dbus.agent.swap.swap_size
            await self.sys_dbus.agent.swap.set_swap_size(body[ATTR_SWAP_SIZE])
            reboot_required = reboot_required or old_size != body[ATTR_SWAP_SIZE]
        if ATTR_SWAPPINESS in body:
            old_swappiness = self.sys_dbus.agent.swap.swappiness
            await self.sys_dbus.agent.swap.set_swappiness(body[ATTR_SWAPPINESS])
            reboot_required = reboot_required or old_swappiness != body[ATTR_SWAPPINESS]
        if reboot_required:
            self.sys_resolution.create_issue(
                IssueType.REBOOT_REQUIRED,
                ContextType.SYSTEM,
                suggestions=[SuggestionType.EXECUTE_REBOOT],
            )
--- a/supervisor/api/panel/entrypoint.js
+++ b/supervisor/api/panel/entrypoint.js
@@ -1,9 +1 @@
-
+!function(){function d(d){var e=document.createElement("script");e.src=d,document.body.appendChild(e)}if(/Edge?\/(12[89]|1[3-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|Firefox\/(12[89]|1[3-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|Chrom(ium|e)\/(109|1[1-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|(Maci|X1{2}).+ Version\/(18\.\d+|(19|[2-9]\d|\d{3,})\.\d+)([,.]\d+|)( \(\w+\)|)( Mobile\/\w+|) Safari\/|Chrome.+OPR\/(1{2}[3-9]|1[2-9]\d|[2-9]\d{2}|\d{4,})\.\d+\.\d+|(CPU[ +]OS|iPhone[ +]OS|CPU[ +]iPhone|CPU IPhone OS|CPU iPad OS)[ +]+(16[._]([6-9]|\d{2,})|(1[7-9]|[2-9]\d|\d{3,})[._]\d+)([._]\d+|)|Android:?[ /-](12[89]|1[3-9]\d|[2-9]\d{2}|\d{4,})(\.\d+|)(\.\d+|)|Mobile Safari.+OPR\/([89]\d|\d{3,})\.\d+\.\d+|Android.+Firefox\/(13\d|1[4-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|Android.+Chrom(ium|e)\/(12[89]|1[3-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|SamsungBrowser\/(2[7-9]|[3-9]\d|\d{3,})\.\d+|Home As{2}istant\/[\d.]+ \(.+; macOS (1[3-9]|[2-9]\d|\d{3,})\.\d+(\.\d+)?\)/.test(navigator.userAgent))try{new Function("import('/api/hassio/app/frontend_latest/entrypoint.9b475c5882bbf15f.js')")()}catch(e){d("/api/hassio/app/frontend_es5/entrypoint.73551a66a38f3359.js")}else d("/api/hassio/app/frontend_es5/entrypoint.73551a66a38f3359.js")}()
 try {
  new Function("import('/api/hassio/app/frontend_latest/entrypoint.2471a57c.js')")();
 } catch (err) {
  var el = document.createElement('script');
  el.src = '/api/hassio/app/frontend_es5/entrypoint.43c7c12c.js';
  document.body.appendChild(el);
 }
--- a/supervisor/api/panel/entrypoint.js.br
+++ b/supervisor/api/panel/entrypoint.js.br
--- a/supervisor/api/panel/entrypoint.js.gz
+++ b/supervisor/api/panel/entrypoint.js.gz
--- a/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js
+++ b/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js
--- a/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.LICENSE.txt
+++ b/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.LICENSE.txt
@@ -0,0 +1,11 @@
 /**
 * @license
 * Copyright 2019 Google LLC
 * SPDX-License-Identifier: Apache-2.0
 */
 /**
 * @license
 * Copyright 2021 Google LLC
 * SPDX-LIcense-Identifier: Apache-2.0
 */
--- a/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.br
+++ b/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.br
--- a/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.gz
+++ b/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.gz
--- a/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.map
+++ b/supervisor/api/panel/frontend_es5/1028.ed91bed4e208ccab.js.map
--- a/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js
+++ b/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js
--- a/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js.br
+++ b/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js.br
--- a/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js.gz
+++ b/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js.gz
--- a/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js.map
+++ b/supervisor/api/panel/frontend_es5/1066.2d3485fe168fe07f.js.map
--- a/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js
+++ b/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js
@@ -0,0 +1,2 @@
 "use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([["113"],{51383:function(t,o,e){e.r(o),e.d(o,{HaIconButtonArrowNext:function(){return c}});e(26847),e(27530);var n=e(73742),a=e(59048),i=e(7616),r=e(88479);e(81777);let s,d=t=>t;class c extends a.oi{render(){var t;return(0,a.dy)(s||(s=d` <ha-icon-button .disabled="${0}" .label="${0}" .path="${0}"></ha-icon-button> `),this.disabled,this.label||(null===(t=this.hass)||void 0===t?void 0:t.localize("ui.common.next"))||"Next",this._icon)}constructor(...t){super(...t),this.disabled=!1,this._icon="rtl"===r.E.document.dir?"M20,11V13H8L13.5,18.5L12.08,19.92L4.16,12L12.08,4.08L13.5,5.5L8,11H20Z":"M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z"}}(0,n.__decorate)([(0,i.Cb)({attribute:!1})],c.prototype,"hass",void 0),(0,n.__decorate)([(0,i.Cb)({type:Boolean})],c.prototype,"disabled",void 0),(0,n.__decorate)([(0,i.Cb)()],c.prototype,"label",void 0),(0,n.__decorate)([(0,i.SB)()],c.prototype,"_icon",void 0),c=(0,n.__decorate)([(0,i.Mo)("ha-icon-button-arrow-next")],c)}}]);
 //# sourceMappingURL=113.13cc15fa81bd492f.js.map
--- a/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js.br
+++ b/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js.br
--- a/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js.gz
+++ b/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js.gz
--- a/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js.map
+++ b/supervisor/api/panel/frontend_es5/113.13cc15fa81bd492f.js.map
@@ -0,0 +1 @@
 {"version":3,"file":"113.13cc15fa81bd492f.js","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20250806.0/src/components/ha-icon-button-arrow-next.ts"],"names":["HaIconButtonArrowNext","LitElement","render","_this$hass","html","_t","_","this","disabled","label","hass","localize","_icon","args","mainWindow","attribute","type","Boolean"],"mappings":"4RASO,MAAMA,UAA8BC,EAAAA,GAU/BC,MAAAA,GAAyB,IAAAC,EACjC,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,EAAAC,CAAA,mFAEKC,KAAKC,SACRD,KAAKE,QAAkB,QAAbN,EAAII,KAAKG,YAAI,IAAAP,OAAA,EAATA,EAAWQ,SAAS,oBAAqB,OACxDJ,KAAKK,MAGnB,C,kBAlBK,SAAAC,GAAA,KAG+BL,UAAW,OAI9BI,MACa,QAA5BE,EAAAA,EAAAA,SAAAA,I,gLAPUC,WAAW,K,uDAEXC,KAAMC,W"}
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1,2 @@`
							"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend\|\|[]).push([["113"],{51383:function(t,o,e){e.r(o),e.d(o,{HaIconButtonArrowNext:function(){return c}});e(26847),e(27530);var n=e(73742),a=e(59048),i=e(7616),r=e(88479);e(81777);let s,d=t=>t;class c extends a.oi{render(){var t;return(0,a.dy)(s\|\|(s=d` <ha-icon-button .disabled="${0}" .label="${0}" .path="${0}"></ha-icon-button> `),this.disabled,this.label\|\|(null===(t=this.hass)\|\|void 0===t?void 0:t.localize("ui.common.next"))\|\|"Next",this._icon)}constructor(...t){super(...t),this.disabled=!1,this._icon="rtl"===r.E.document.dir?"M20,11V13H8L13.5,18.5L12.08,19.92L4.16,12L12.08,4.08L13.5,5.5L8,11H20Z":"M4,11V13H16L10.5,18.5L11.92,19.92L19.84,12L11.92,4.08L10.5,5.5L16,11H4Z"}}(0,n.__decorate)([(0,i.Cb)({attribute:!1})],c.prototype,"hass",void 0),(0,n.__decorate)([(0,i.Cb)({type:Boolean})],c.prototype,"disabled",void 0),(0,n.__decorate)([(0,i.Cb)()],c.prototype,"label",void 0),(0,n.__decorate)([(0,i.SB)()],c.prototype,"_icon",void 0),c=(0,n.__decorate)([(0,i.Mo)("ha-icon-button-arrow-next")],c)}}]);
							`//# sourceMappingURL=113.13cc15fa81bd492f.js.map`
		`@@ -0,0 +1 @@`
							{"version":3,"file":"113.13cc15fa81bd492f.js","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20250806.0/src/components/ha-icon-button-arrow-next.ts"],"names":["HaIconButtonArrowNext","LitElement","render","_this$hass","html","_t","_","this","disabled","label","hass","localize","_icon","args","mainWindow","attribute","type","Boolean"],"mappings":"4RASO,MAAMA,UAA8BC,EAAAA,GAU/BC,MAAAA,GAAyB,IAAAC,EACjC,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,EAAAC,CAAA,mFAEKC,KAAKC,SACRD,KAAKE,QAAkB,QAAbN,EAAII,KAAKG,YAAI,IAAAP,OAAA,EAATA,EAAWQ,SAAS,oBAAqB,OACxDJ,KAAKK,MAGnB,C,kBAlBK,SAAAC,GAAA,KAG+BL,UAAW,OAI9BI,MACa,QAA5BE,EAAAA,EAAAA,SAAAA,I,gLAPUC,WAAW,K,uDAEXC,KAAMC,W"}