Hello,
This morning, while simply chatting with an AI about being able to detect a command from Alexa, I was told that H.A doesn’t currently have this capability.
Apparently, it’s not being processed even though the data exists upstream?
Coming from eedomus, where command origins are differentiated, one naturally wonders about “security,” not at the code level itself, but regarding the origins of commands in case of third-party account hacking or theft or loss of mobile devices, for example.
This is rather curious in the context of a home automation system, and therefore home management (see more).
For example, here are some command origins that eedomus handles:
Please note, I’m not being paranoid, but I think it would be a plus to be able to distinguish “external” command origins in everyday use.
Do you know if this issue has been raised with the H.A. developers?
The argument of AI Claude :
To add some technical context to this request:
After digging into this topic, the interesting part is that the information actually exists upstream — it just gets silently dropped.
When Alexa sends a command through Nabu Casa, the incoming payload clearly identifies the source (namespace, endpoint, access token). However, when alexa/smart_home.py processes the directive and calls the corresponding HA service, it creates a Context object without propagating any origin metadata. The information is received, processed, and then discarded.
This is a deliberate implementation choice, not a technical impossibility.
A related (though broader) discussion was opened in the HA architecture repo — Add device_id to context #978 — but it seems to have stalled without follow-up.
A targeted fix could be as simple as extending the Context class in homeassistant/core.py with an optional source field (e.g. alexa, google_home, automation, ui), and having each integration populate it when calling services.
This would unlock meaningful use cases beyond just Alexa — conditional automations based on command origin, proper audit trails, and finer-grained access control (e.g. blocking sensitive actions like unlocking doors when the source is an external voice assistant).
Happy to elaborate further if any developer wants to pick this up.