Snips is not forcing you to install home assistant on the same computer as the snips runtime. A lot of the documentation suggests doing it that way, but I don’t like that, either. It’s also one of the reasons I suggested reading only the Triggering Actions and Examples sections of the home assistant snips document. There’s too much “do it this way” in there, and it’s suggesting the wrong way, IMO.
I like the idea of limiting the communication between snips and HA to the MQTT bus, because that means snips can only cause a very limited set of actions – actions that must be defined in HA. I also set up an MQTT bridge for this, and I don’t follow the common suggestions of bridging everything from hermes, I only bridge hermes/intent/# – HA can only see the intents this way. That is, communication between the two is even further separated.
I don’t really like the idea of snips calling the HA API directly – that lets a snips app do anything it wants, and I have to create a token and somehow securely store it in snips. IMO, that’s too much like giving snips direct access to HA. What I mean is, if someone breaks the security of your system running snips, that someone can modify the snips assistant or install new software to invoke the HA API and do whatever they want. If everything is limited to the MQTT bus, one who breaks into the system running snips can send whatever intents to the MQTT bus, but that doesn’t mean HA will do anything with them. Additionally, because you’ve stored the token with snips, the one can view that token, and invoke the HA API from some other system (theoretically from remote, if the HA API is open to the outside world). I think it’s far more secure to route through MQTT.
I think you misunderstand what my addon does, somewhat, and perhaps what hassio is for. Hassio is a group of docker containers for running and managing home assistant. An addon is an additional docker container that can provide new functionality, modify functionality, etc., of home assistant (although, technically, it could be an unrelated docker container). Each container shares a private network and can efficiently share files (e.g. HA’s config directory). The goal of hassio is to make configuring and managing HA easier.
My addon attempts to simplify the installation, management, and configuration of snips, and make it easy to configure integration with HA. The instance of snips in my addon should work with apps that use skills from git, apps that use python snippets, and apps that use home assistant snippets. My goal is to make it so one can create an assistant in the snips console, point the addon to it, and have everything work (it’s not there yet). There’s an official snips addon for hassio, too, but its far more limiting, working only with home assistant snippets).
Because my addon modifies the HA config, you might be thinking about my comments above the and the API. However, there are protections. When one breaks into the addon, one can still only send intents through MQTT. One cannot modify the HA configuration, because that’s limited a single script – one that only modifies the HA config to react to the intents which are defined in the snips assistant as being for HA. That script is protected from modification by apparmor. One who breaks into my addon still cannot use the HA API, either, since that access is forbidden by the configuration of the addon (which is not controlled at runtime, but at install time. Unfortunately, this means it wouldn’t work with your app. :(. You do need to trust the assistant you install, though, only to do the things you want it to do. If you can’t trust the assistant you install, then I’m not sure anything could be secure enough.
Note that hassio, my addon, and any other addons I install can modify HA’s config. That’s rather the point of them – to configure and manage home assistant. Apps like snips (and snips assistants) should not be allowed to modify HA’s config. Right now my addon would allow snips to modify HA’s config, but that’s a bug in my addon. I know about it, and it’s something I’ll have fix before releasing the version that modifies the HA config.