Starlight Bridge middleware

The safe bridge between cloud software and local controls.

Cloudbeds, booking tools, lock platforms, Home Assistant, and local devices should not all share passwords or expose secrets. Starlight Bridge gives each system a controlled lane.

Cloudbeds-style hospitality bridge

A booking platform can send authorized reservation or status events to `api.starlightlabllc.com`. Starlight Bridge validates the event, fetches detail only when needed, maps rooms to local devices, and sends a sanitized event to Home Assistant.

  • Booking system remains the source of truth.
  • Home Assistant remains local and owner-controlled.
  • Vendor secrets stay in the middleware runtime environment.
  • Guest PINs and private guest data stay out of GitHub and dashboards.
1. AuthorizeProperty owner approves scoped API access.
2. NormalizeStarlight Bridge maps event data to local rules.
3. Act safelyDry-run, pilot, then approved rollout.

Working product name

Recommended name: Starlight Bridge.

It is simple, descriptive, and fits the service: it bridges cloud software, local Home Assistant systems, vendor APIs, and real-world devices.

Starlight BridgeBest overall. Clear, serviceable, and easy to explain.
Starlight RelayGood for webhook/event routing, but slightly narrower.
Starlight NexusSounds powerful, but less plain-English for customers.
Starlight LinkSimple and friendly, but less distinctive.

What the service includes

A real middleware service, not just a script.

To sell this as a business service, Starlight Bridge should become a repeatable product pattern: setup checklist, authorization flow, customer mapping, dry-run previews, logs, monitoring, backups, and support boundaries.

Service modules
  • API authorization and webhook setup.
  • Event validation, retry handling, and failure alerts.
  • Room, device, lock, sign, and climate mapping.
  • Dry-run previews before live automation.
  • Audit-safe logs without secrets or private guest data.
  • Customer-specific deployment and support documentation.

Webhook intake

Fast public HTTPS endpoints for vendor callbacks, designed to acknowledge quickly and process safely.

Token handling

OAuth, API tokens, refresh logic, and secret storage belong in the private runtime environment.

Audit logs

Readable logs of what happened, why it happened, which rule made the decision, and whether it was preview-only or live.

Local delivery

Forward only safe, normalized events into Home Assistant, dashboards, vendor APIs, or local support tools.

Customer mapping

Map rooms, locks, thermostats, signs, cameras, staff roles, notification rules, and business-specific exceptions.

Support boundary

Keep the public website, API callback endpoint, customer runtime, and secrets clearly separated.