S2 Spatial Adapters
by @spacesq
Provides a unified, cryptographically secure interface to control Home Assistant, Xiaomi Mijia, and Tuya IoT devices with ephemeral zero-trust connections.
clawhub install s2-spatial-adaptersπ About This Skill
π S2-Spatial-Adapters: The Zero-Trust Smart Home Interface
Version: 2.0.2 (Cloud-Native & Strict Compliance Edition) Core Architecture: S2-SP-OS Spatial Tensors & Application-Level Dereferencing
Welcome to the S2-Spatial-Adapters. This SKILL is the official physical actuation tentacle of the S2-SP-OS. It provides a unified, highly abstracted interface to control Home Assistant (Local REST), Xiaomi Mijia (Local UDP), and Tuya IoT (Cloud API) devices.
π‘οΈ Core Philosophy & Security Posture
1. Application-Level Dereferencing (εΊη¨ηΊ§εθ―θ§£η»)
Due to Python's memory management and immutable strings, native physical RAM wiping (e.g., viamemset) is not feasible. Instead, S2 enforces strict best-effort dereferencing. Post-execution, sensitive variables (AES keys, Tokens) are immediately reassigned to safe stub values (e.g., "WIPED"), expediting their removal by Python's Garbage Collector and minimizing the window of vulnerability.2. Prompt-Injection Defense (ι²ζη€Ίθ―注ε ₯)
Inputs from LLM Agents are strictly validated against a hardcoded S2 JSON schema whitelist. Malicious keys are stripped before reaching the physical execution layer.βοΈ Environment Configuration (δΊεηη―ε’注ε ₯)
β οΈ SECURITY WARNING: Do NOT create or overwrite local .env files with plaintext credentials in production. This SKILL is designed for 12-Factor App compliance. You MUST inject the following variables dynamically via your runtime environment, Docker ENV, or secure CI/CD vault (e.g., HashiCorp Vault, GitHub Secrets).
* S2_ENABLE_REAL_ACTUATION (REQUIRED): Global Security Valve. Set to True to allow real physical requests. Defaults to sandbox interception if missing.
* HA_BASE_URL & HA_BEARER_TOKEN: Required for Home Assistant routing.
* MIJIA_DEVICE_IP & MIJIA_DEVICE_TOKEN: Required for Xiaomi local UDP routing.
* TUYA_ACCESS_ID & TUYA_ACCESS_SECRET: Required for Tuya IoT Core routing.
π€ Agent Execution Guide
LLM Prompting Instructions:
Execute the main.py entry point with the following exact schema:
```bash
python main.py
Execution Examples
1. Home Assistant (Local REST) Bash
python main.py ha LUMINA light.living_room '{"power": true, "brightness_pct": 15}'
2. Xiaomi Mijia (Local Miio UDP) Bash
python main.py mijia CLIMATE 192.168.1.50 '{"power": true, "temperature": 26}'
3. Tuya IoT Core (Cloud HMAC-SHA256) Bash
python main.py tuya SENTINEL door_lock_12345 '{"action": "unlock"}'