feat: v0.15.0 — scheduled periodic scans of installed HACS components

- New scheduler module: asyncio background task for periodic re-scans
- Configurable interval (default 24h), enable/disable via API
- Settings persistence: schedule_enabled, schedule_interval_hours
- API: GET/POST /api/scheduler (status + enable/disable)
- Auto-start on boot if previously enabled
- Scheduler status visible in /api/system

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: jrx-code

ha-sandbox/app/main.py

@@ -19,6 +19,7 @@
 from app.report.mqtt import disconnect, publish_discovery, publish_status
 from app.scanner.hacs_list import fetch_installed_hacs, repo_to_url, test_ha_connection
 from app.scanner.pipeline import run_scan
+from app import scheduler
 
 logging.basicConfig(level=logging.INFO, format="%(asctime)s %(name)s %(levelname)s %(message)s")
 log = logging.getLogger(__name__)
@@ -49,7 +50,12 @@ async def lifespan(app: FastAPI):
         publish_status("idle")
     except Exception as e:
         log.warning("MQTT init failed (non-fatal): %s", e)
+    # Start scheduled scans if enabled
+    cfg = app_settings.load()
+    if cfg.get("schedule_enabled"):
+        scheduler.start(cfg.get("schedule_interval_hours", 24))
     yield
+    scheduler.stop()
     storage.close()
     disconnect()
 
@@ -386,6 +392,33 @@ async def api_reputation_all():
     return JSONResponse(content=get_all_reputations(conn))
 
 
+# --- Scheduler API ---
+
+@app.get("/api/scheduler")
+async def api_scheduler_status():
+    return JSONResponse(content=scheduler.status())
+
+
+@app.post("/api/scheduler")
+async def api_scheduler_update(request: Request):
+    """Enable/disable scheduled scans.
+
+    Body: {"enabled": true/false, "interval_hours": 24}
+    """
+    data = await request.json()
+    enabled = data.get("enabled", False)
+    interval = float(data.get("interval_hours", 24))
+
+    app_settings.save({"schedule_enabled": enabled, "schedule_interval_hours": interval})
+
+    if enabled and interval > 0:
+        scheduler.start(interval)
+    else:
+        scheduler.stop()
+
+    return JSONResponse(content={"ok": True, **scheduler.status()})
+
+
 @app.get("/api/system")
 async def api_system_info():
     repos_dir = Path(app_settings.get("repos_dir", "/data/repos"))
@@ -398,4 +431,5 @@ async def api_system_info():
         "reports": report_count,
         "repos_cached": repo_count,
         "cache_size_mb": round(repo_size / 1024 / 1024, 1),
+        "scheduler": scheduler.status(),
     })

ha-sandbox/app/scheduler.py

@@ -0,0 +1,94 @@
+"""Scheduled periodic scans of installed HACS components."""
+
+import asyncio
+import logging
+from datetime import datetime
+
+log = logging.getLogger(__name__)
+
+_task: asyncio.Task | None = None
+_interval_hours: float = 0
+_enabled: bool = False
+
+
+async def _scheduled_loop():
+    """Run periodic scan of installed HACS components."""
+    from app.scanner.hacs_list import fetch_installed_hacs, repo_to_url
+    from app.scanner.pipeline import run_scan
+    from app import storage
+    from app.report.mqtt import publish_status
+
+    while True:
+        await asyncio.sleep(_interval_hours * 3600)
+        if not _enabled:
+            continue
+
+        log.info("Scheduled scan starting (interval=%gh)", _interval_hours)
+        publish_status("scheduled_scan")
+
+        try:
+            installed = await fetch_installed_hacs()
+            if not installed:
+                log.warning("Scheduled scan: no HACS components found")
+                continue
+
+            scanned = 0
+            for comp in installed:
+                url = repo_to_url(comp.get("full_name", ""))
+                if not url:
+                    continue
+                name = comp.get("name", comp.get("full_name", ""))
+                job_id = f"sched:{name}"
+                storage.create_job(job_id, name, url, batch_id="scheduled")
+                try:
+                    await run_scan(url, name)
+                    storage.complete_job(job_id)
+                    scanned += 1
+                except Exception as e:
+                    storage.fail_job(job_id, str(e))
+                    log.warning("Scheduled scan failed for %s: %s", name, e)
+
+            log.info("Scheduled scan done: %d/%d components scanned", scanned, len(installed))
+            publish_status("idle")
+            storage.cleanup_repo_cache()
+
+        except Exception as e:
+            log.exception("Scheduled scan loop error: %s", e)
+            publish_status("idle")
+
+
+def start(interval_hours: float = 24):
+    """Start the scheduled scan loop."""
+    global _task, _interval_hours, _enabled
+    if interval_hours <= 0:
+        log.info("Scheduled scans disabled (interval=0)")
+        return
+
+    _interval_hours = interval_hours
+    _enabled = True
+
+    if _task and not _task.done():
+        log.info("Scheduler already running, updating interval to %gh", interval_hours)
+        return
+
+    _task = asyncio.create_task(_scheduled_loop())
+    log.info("Scheduled scans enabled: every %gh", interval_hours)
+
+
+def stop():
+    """Stop the scheduled scan loop."""
+    global _task, _enabled
+    _enabled = False
+    if _task and not _task.done():
+        _task.cancel()
+        _task = None
+    log.info("Scheduled scans disabled")
+
+
+def status() -> dict:
+    """Return scheduler status."""
+    return {
+        "enabled": _enabled,
+        "interval_hours": _interval_hours,
+        "running": _task is not None and not _task.done() if _task else False,
+    }

ha-sandbox/app/settings.py

@@ -30,6 +30,8 @@
     "ai_timeout": 300,
     "max_file_size_kb": 500,
     "log_level": "info",
+    "schedule_enabled": False,
+    "schedule_interval_hours": 24,
 }
 
 # Public API provider presets

ha-sandbox/config.yaml

@@ -1,5 +1,5 @@
 name: "HA Security Sandbox"
-version: "0.14.0"
+version: "0.15.0"
 slug: ha_security_sandbox
 description: "Security scanner for Home Assistant custom components — static analysis + AI review"
 url: "https://github.com/jrx-code/ha-security-sandbox"