Advanced Token Management

Give your AI agent the keys to exactly what it needs.

ATM is more than just a replacement for Home Assistant's MCP server. Every client gets its own token, scoped to the entities you allow, rate-limited, audited, and revocable in one click.

Runs entirely inside Home Assistant No cloud, no extra process HA 2024.5+
One token, filtered through ATM into per-entity permissions atm_ one client ATM tree caps MESA gate your entities

Why ATM instead of a long-lived access token

A long-lived access token (LLAT) plus the native MCP server gives every client the same all-or-nothing view of your home. ATM keeps the same tools and adds the control layer that the native system has no place for.

CapabilityLLAT + native MCPATM token
MCP tool compatibility20 native toolsSame 20 tools, identical names and responses, plus 78 more
Entity filteringBinary: expose or hide, same for all clientsFour permission states, per token
Per-client controlNo, all clients share one exposed setYes, independent permissions per token
Read-only accessNoYes, READ allows reads and blocks writes
Audit trailNoneEvery request logged with outcome and entity
Rate limitingNonePer token, configurable
ExpiryNoneOptional, auto-archived on expiry
RevocationRevoke the LLAT on the HA profile pageInstant; the token's next request is rejected
Sensitive attribute scrubbingNoneAlways applied
Client reconfiguration/api/mcp/api/atm/mcp (URL change only)

If you are connecting Claude Code, Cursor, ChatGPT, Antigravity, or any other AI tool to Home Assistant, ATM gives you control the native system cannot.

How ATM compares:

We benchmarked ATM against Home Assistant's built-in MCP server and the popular community server, one agent model, one synthetic home, the same tasks. ATM came out cheapest per completed task, the only server that left every off-limits device untouched, and it's the most capable.

Three layers between an agent and your home

Every request runs the same gauntlet, in order. ATM resolves and flattens the target to explicit entities, checks the token's permissions and capabilities, and only then lets MESA, the semantic safety net, have the final say, a backstop that holds even over a token that was granted too much.

The permission tree

Domains, devices, and entities, each set to read-write, read-only, deny, or inherit. A two-pass resolver decides what every request can touch.

Permissions

Capability flags

Twenty-two opt-in switches gate the high-impact operations: restart, physical control, writing automations, reading logs, editing YAML. Off by default.

Capabilities

Semantic safety profiles

MESA stores a semantic profile for each entity: what it is, how sensitive it is, and how it should be treated by your AI agent, not just allow or deny. Describe your home's nature once, and every agent inherits the safe treatment: a lock or camera stays read-only or confirmation-only because of what it is, no matter which token is asking.

MESA

From install to a scoped agent in four steps

Prefer not to install a client? Chat inside Home Assistant

Agent Chat runs the agent inside ATM itself, on a token you choose, using your own Claude, DeepSeek, Ollama or other provider account. Same permission tree, same capabilities, same approvals and MESA, just a chat window floating above Home Assistant instead of an external tool.