Self-Updating ESPHome Firmware (Device-Initiated Base Firmware Auto-Update, Preserve YAML Config)

[cometta]

Describe your core improvement

Currently, ESPHome devices can be updated via OTA from the ESPHome Dashboard or through external triggers (e.g., Home Assistant automation). However, these updates must be manually initiated and pushed to the device.

This proposal requests a new feature that allows ESPHome devices to automatically check for, download, and install updated base firmware by themselves, while keeping the same YAML configuration and device logic already flashed.

Current limitations

developer has to rebuild firmware and do OTA.

Technical benefits

Most ESPHome developers and maintainers want to ensure their deployed devices stay secure and up-to-date without needing to manually re-flash or recompile the same YAML every time a new ESPHome version is released.

In many deployments:

The YAML configuration rarely changes, but

The underlying ESPHome base firmware (core libraries, networking stack, SSL, etc.) needs regular updates to address security vulnerabilities and stability improvements.

Currently, every time ESPHome releases a patch, developers must rebuild and OTA flash every device manually — even if no YAML changes were made.
This becomes impractical for large or remote installations.

An automatic, self-initiated base firmware updater would greatly reduce maintenance effort and improve security posture for long-lived IoT devices.

Additional context

No response

[ssieb]

Are you suggesting that the device can trigger a new build and install? That would be terrible and you don't need to update for every point release unless there are relevant changes.
There is already support for http updates initiated from the device. You just need to place the files on a web server that the device can access. It might be possible to get them directly from the builder as well, but that's not documented.

[cometta]

device able to just download base esphome firmware from either esphome.io or base esphome fireware which developer already built. The current approach is like you said, developer has to rebuild firmwre each time, even if no changes in yaml file.