claude-remote-approver 0.6.1 → 0.7.2

package/README.md

@@ -128,6 +128,7 @@ claude-remote-approver status
 # Topic:   cra-a1b2c3d4...
 # Server:  https://ntfy.sh
 # Timeout: 120s
+# Auth:    not configured
 ```
 
 ### `enable`
@@ -197,6 +198,8 @@ Config file location: `~/.claude-remote-approver.json`
 | `planTimeout` | `number` | `300` | Seconds to wait for ExitPlanMode (plan approval) responses. Plan reviews need more reading time. |
 | `autoApprove` | `string[]` | `[]` | Reserved for future use. |
 | `autoDeny` | `string[]` | `[]` | Reserved for future use. |
+| `ntfyUsername` | `string` | `""` | Username for ntfy Basic Auth. Set this if your ntfy server requires authentication. |
+| `ntfyPassword` | `string` | `""` | Password for ntfy Basic Auth. Set this if your ntfy server requires authentication. |
 
 ### Using a self-hosted ntfy server
 
@@ -210,6 +213,39 @@ Edit `~/.claude-remote-approver.json` and set `ntfyServer` to your server URL:
 
 Then subscribe to the topic on your self-hosted server in the ntfy app.
 
+### Using authenticated topics
+
+If your ntfy server requires authentication, you can configure Basic Auth credentials.
+
+**Option 1: Interactive setup**
+
+```bash
+claude-remote-approver setup
+# ... after topic generation, you will be asked:
+# Use authenticated topics? (y/n): y
+# Username: myuser
+# Password: mypassword
+```
+
+**Option 2: Edit `~/.claude-remote-approver.json`**
+
+```json
+{
+  "ntfyServer": "https://ntfy.example.com",
+  "ntfyUsername": "myuser",
+  "ntfyPassword": "mypassword"
+}
+```
+
+**Option 3: Environment variables**
+
+```bash
+export NTFY_USERNAME=myuser
+export NTFY_PASSWORD=mypassword
+```
+
+Environment variables take priority over settings.json values. Credentials are included as `Authorization: Basic <base64>` headers in all requests to the ntfy server, including action button callbacks.
+
 ## How ntfy.sh works
 
 [ntfy.sh](https://ntfy.sh) is a simple HTTP-based pub-sub notification service. Any client can publish a message to a topic by sending a POST request, and any client subscribed to that topic receives the message as a push notification.

package/bin/cli.mjs

@@ -40,7 +40,7 @@ export async function main(args, deps) {
         const isHttps = serverUrl.protocol === "https:";
         const ntfyUrl = isHttps
           ? `ntfy://${serverUrl.host}/${result.topic}`
-          : `${result.ntfyServer.replace(/\/+$/, "")}/${result.topic}`;
+          : `ntfy://${serverUrl.host}/${result.topic}?secure=false`;
         const subscribeUrl = `${result.ntfyServer.replace(/\/+$/, "")}/${result.topic}`;
 
         deps.stdout.write("Scan this QR code in the ntfy app to subscribe:\n\n");
@@ -62,6 +62,7 @@ export async function main(args, deps) {
         deps.stderr.write("Error: No topic configured. Run 'claude-remote-approver setup' first.\n");
         break;
       }
+      const auth = deps.resolveAuth(config);
       try {
         await deps.sendNotification({
           server: config.ntfyServer,
@@ -70,6 +71,7 @@ export async function main(args, deps) {
           message: "Test notification - if you see this, setup is working!",
           actions: [],
           requestId: "test",
+          auth,
         });
         deps.stdout.write("Test notification sent successfully.\n");
       } catch (err) {
@@ -83,6 +85,12 @@ export async function main(args, deps) {
       deps.stdout.write(`Topic:   ${config.topic}\n`);
       deps.stdout.write(`Server:  ${config.ntfyServer}\n`);
       deps.stdout.write(`Timeout: ${config.timeout}s\n`);
+      const auth = deps.resolveAuth(config);
+      if (auth) {
+        deps.stdout.write(`Auth:    configured (username: ${auth.username})\n`);
+      } else {
+        deps.stdout.write(`Auth:    not configured\n`);
+      }
       break;
     }
 
@@ -184,7 +192,7 @@ const isMain =
 if (isMain) {
   const pkg = JSON.parse(fs.readFileSync(new URL("../package.json", import.meta.url), "utf-8"));
 
-  const { loadConfig, saveConfig, generateTopic } = await import(
+  const { loadConfig, saveConfig, generateTopic, resolveAuth } = await import(
     "../src/config.mjs"
   );
   const { sendNotification, waitForResponse, formatToolInfo } = await import(
@@ -208,6 +216,7 @@ if (isMain) {
     loadConfig,
     saveConfig,
     generateTopic,
+    resolveAuth,
     sendNotification,
     waitForResponse,
     formatToolInfo,
@@ -225,6 +234,40 @@ if (isMain) {
     stderr: process.stderr,
     stdin: stdinData,
     exit: process.exit,
+    prompt: async (question) => {
+      const { createInterface } = await import("node:readline");
+      const rl = createInterface({ input: process.stdin, output: process.stdout });
+      return new Promise((resolve) => rl.question(question, (answer) => { rl.close(); resolve(answer); }));
+    },
+    promptSecret: async (question) => {
+      process.stdout.write(question);
+      return new Promise((resolve) => {
+        let input = '';
+        process.stdin.setRawMode(true);
+        process.stdin.resume();
+        process.stdin.setEncoding('utf8');
+        const onData = (ch) => {
+          if (ch === '\r' || ch === '\n') {
+            process.stdin.setRawMode(false);
+            process.stdin.pause();
+            process.stdin.removeListener('data', onData);
+            process.stdout.write('\n');
+            resolve(input);
+          } else if (ch === '\u007f' || ch === '\b') {
+            if (input.length > 0) {
+              input = input.slice(0, -1);
+              process.stdout.write('\b \b');
+            }
+          } else if (ch === '\u0003') {
+            process.exit(0);
+          } else {
+            input += ch;
+            process.stdout.write('*');
+          }
+        };
+        process.stdin.on('data', onData);
+      });
+    },
   };
 
   await main(args, deps);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-remote-approver",
-  "version": "0.6.1",
+  "version": "0.7.2",
   "description": "Approve or deny Claude Code permission prompts remotely from your phone via ntfy.sh",
   "type": "module",
   "bin": {

package/src/config.mjs

@@ -13,6 +13,8 @@ export const DEFAULT_CONFIG = {
   // autoApprove/autoDeny are reserved for future use and not yet implemented
   autoApprove: [],
   autoDeny: [],
+  ntfyUsername: "",
+  ntfyPassword: "",
 };
 
 export function loadConfig(configPath = CONFIG_PATH) {
@@ -26,6 +28,8 @@ export function loadConfig(configPath = CONFIG_PATH) {
     if (!Number.isFinite(config.planTimeout) || config.planTimeout <= 0) config.planTimeout = DEFAULT_CONFIG.planTimeout;
     if (!Array.isArray(config.autoApprove)) config.autoApprove = DEFAULT_CONFIG.autoApprove;
     if (!Array.isArray(config.autoDeny)) config.autoDeny = DEFAULT_CONFIG.autoDeny;
+    if (typeof config.ntfyUsername !== "string") config.ntfyUsername = DEFAULT_CONFIG.ntfyUsername;
+    if (typeof config.ntfyPassword !== "string") config.ntfyPassword = DEFAULT_CONFIG.ntfyPassword;
     return config;
   } catch (err) {
     if (err.code === "ENOENT") {
@@ -42,3 +46,10 @@ export function saveConfig(config, configPath = CONFIG_PATH) {
 export function generateTopic() {
   return `cra-${crypto.randomBytes(16).toString("hex")}`;
 }
+
+export function resolveAuth(config, env = process.env) {
+  const username = env.NTFY_USERNAME || config.ntfyUsername || "";
+  const password = env.NTFY_PASSWORD || config.ntfyPassword || "";
+  if (!username || !password) return null;
+  return { username, password };
+}

package/src/hook.mjs

@@ -2,6 +2,7 @@
 
 import crypto from "node:crypto";
 import { DEFAULT_CONFIG } from "./config.mjs";
+import { buildAuthHeader } from "./ntfy.mjs";
 
 export const ASK = Object.freeze({ hookSpecificOutput: Object.freeze({ hookEventName: "PermissionRequest", decision: Object.freeze({ behavior: "ask" }) }) });
 const DENY = Object.freeze({ hookSpecificOutput: Object.freeze({ hookEventName: "PermissionRequest", decision: Object.freeze({ behavior: "deny" }) }) });
@@ -20,8 +21,9 @@ export const _internal = { delay: ms => new Promise(r => setTimeout(r, ms)) };
  * @param {string[]} [options.permissionSuggestions] - When non-empty, adds an "Always Approve" button
  * @returns {Array<object>} Array of action objects
  */
-export function buildActions(server, topic, requestId, { permissionSuggestions } = {}) {
+export function buildActions(server, topic, requestId, { permissionSuggestions, auth } = {}) {
   const url = `${server}/${topic}-response`;
+  const authHeaders = auth ? buildAuthHeader(auth) : undefined;
   const actions = [
     {
       action: "http",
@@ -29,6 +31,7 @@ export function buildActions(server, topic, requestId, { permissionSuggestions }
       url,
       body: JSON.stringify({ requestId, approved: true }),
       method: "POST",
+      ...(authHeaders && { headers: authHeaders }),
     },
     {
       action: "http",
@@ -36,6 +39,7 @@ export function buildActions(server, topic, requestId, { permissionSuggestions }
       url,
       body: JSON.stringify({ requestId, approved: false }),
       method: "POST",
+      ...(authHeaders && { headers: authHeaders }),
     },
   ];
   if (permissionSuggestions?.length > 0) {
@@ -45,6 +49,7 @@ export function buildActions(server, topic, requestId, { permissionSuggestions }
       url,
       body: JSON.stringify({ requestId, approved: true, alwaysAllow: true }),
       method: "POST",
+      ...(authHeaders && { headers: authHeaders }),
     });
   }
   return actions;
@@ -83,14 +88,16 @@ export function isAskUserQuestion(input) {
 /**
  * Build ntfy action buttons for question options.
  */
-export function buildQuestionActions(server, topic, requestId, options) {
+export function buildQuestionActions(server, topic, requestId, options, { auth } = {}) {
   const url = `${server}/${topic}-response`;
+  const authHeaders = auth ? buildAuthHeader(auth) : undefined;
   return options.map((opt) => ({
     action: "http",
     label: opt.label,
     url,
     body: JSON.stringify({ requestId, answer: opt.label }),
     method: "POST",
+    ...(authHeaders && { headers: authHeaders }),
   }));
 }
 
@@ -116,6 +123,7 @@ export async function processAskUserQuestion(input, deps) {
   const config = deps.loadConfig();
   if (!config.topic) return ASK;
 
+  const auth = deps.resolveAuth ? deps.resolveAuth(config) : null;
   const questions = input.tool_input.questions;
   const answers = {};
 
@@ -132,7 +140,7 @@ export async function processAskUserQuestion(input, deps) {
     for (let i = 0; i < batches.length; i++) {
       const batch = batches[i];
       const batchInfo = batches.length > 1 ? `(${i + 1}/${batches.length})` : undefined;
-      const actions = buildQuestionActions(config.ntfyServer, config.topic, requestId, batch);
+      const actions = buildQuestionActions(config.ntfyServer, config.topic, requestId, batch, { ...(auth && { auth }) });
       const message = buildQuestionMessage(q.question, batch, { multiSelect: q.multiSelect, batchInfo });
 
       const sent = await sendWithRetry(deps.sendNotification, {
@@ -142,6 +150,7 @@ export async function processAskUserQuestion(input, deps) {
         message,
         actions,
         requestId,
+        ...(auth && { auth }),
       });
       if (!sent) return ASK;
     }
@@ -154,6 +163,7 @@ export async function processAskUserQuestion(input, deps) {
         topic: config.topic,
         requestId,
         timeout: config.timeout * 1000,
+        ...(auth && { auth }),
       });
     } catch (err) {
       console.error("[claude-remote-approver] Response listener failed:", err.message, "— Falling back to CLI.");
@@ -193,21 +203,24 @@ export async function processAskUserQuestion(input, deps) {
  * @param {Function} deps.formatToolInfo
  * @returns {Promise<object>} Decision JSON
  */
-export async function processHook(input, { loadConfig, sendNotification, waitForResponse, formatToolInfo }) {
+export async function processHook(input, { loadConfig, sendNotification, waitForResponse, formatToolInfo, resolveAuth }) {
   const config = loadConfig();
 
   if (!config.topic) {
     return ASK;
   }
 
+  const auth = resolveAuth ? resolveAuth(config) : null;
+
   if (isAskUserQuestion(input)) {
-    return processAskUserQuestion(input, { loadConfig, sendNotification, waitForResponse });
+    return processAskUserQuestion(input, { loadConfig, sendNotification, waitForResponse, resolveAuth });
   }
 
   const requestId = crypto.randomUUID();
   const { title, message } = formatToolInfo(input);
   const actions = buildActions(config.ntfyServer, config.topic, requestId, {
     permissionSuggestions: input.permission_suggestions,
+    ...(auth && { auth }),
   });
 
   const sent = await sendWithRetry(sendNotification, {
@@ -217,6 +230,7 @@ export async function processHook(input, { loadConfig, sendNotification, waitFor
     message,
     actions,
     requestId,
+    ...(auth && { auth }),
   });
   if (!sent) return ASK;
 
@@ -229,6 +243,7 @@ export async function processHook(input, { loadConfig, sendNotification, waitFor
       topic: config.topic,
       requestId,
       timeout,
+      ...(auth && { auth }),
     });
   } catch (err) {
     console.error("[claude-remote-approver] Response listener failed:", err.message, "— Falling back to CLI.");

package/src/ntfy.mjs

@@ -1,18 +1,23 @@
 // src/ntfy.mjs
 
+export function buildAuthHeader(auth) {
+  if (!auth) return {};
+  return { Authorization: `Basic ${Buffer.from(auth.username + ':' + auth.password).toString('base64')}` };
+}
+
 /**
  * Send a push notification via ntfy.
  *
  * @param {{ server: string, topic: string, title: string, message: string, actions: unknown[], requestId: string }} params
  * @returns {Promise<Response>}
  */
-export async function sendNotification({ server, topic, title, message, actions, requestId }) {
+export async function sendNotification({ server, topic, title, message, actions, requestId, auth }) {
   const baseUrl = server.replace(/\/+$/, '');
   const url = baseUrl;
 
   const response = await fetch(url, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', ...buildAuthHeader(auth) },
     body: JSON.stringify({ topic, title, message, actions }),
   });
 
@@ -29,7 +34,7 @@ export async function sendNotification({ server, topic, title, message, actions,
  * @param {{ server: string, topic: string, requestId: string, timeout: number }} params
  * @returns {Promise<{ approved: boolean } | { timeout: true } | { error: Error } | { answer: string }>}
  */
-export async function waitForResponse({ server, topic, requestId, timeout }) {
+export async function waitForResponse({ server, topic, requestId, timeout, auth }) {
   const baseUrl = server.replace(/\/+$/, '');
   const url = `${baseUrl}/${topic}-response/json`;
 
@@ -39,7 +44,8 @@ export async function waitForResponse({ server, topic, requestId, timeout }) {
   let timer;
 
   try {
-    const response = await fetch(url, { signal: controller.signal });
+    const authHeaders = auth ? buildAuthHeader(auth) : undefined;
+    const response = await fetch(url, { signal: controller.signal, ...(authHeaders && { headers: authHeaders }) });
     const reader = response.body.getReader();
     const decoder = new TextDecoder();
     let buffer = '';
@@ -127,6 +133,7 @@ export function stripMarkdown(text) {
 // ---------------------------------------------------------------------------
 
 const MAX_INPUT = 10000;
+const MESSAGE_MAX_LENGTH = 1000;
 
 /**
  * Count consecutive runs of character ch starting at pos.
@@ -442,37 +449,32 @@ function stripInline(text) {
  * @returns {{ title: string, message: string }}
  */
 export function formatToolInfo({ hook_event_name, tool_name, tool_input }) {
-  // Plan approval detection
+  let title;
+  let message;
+
   if (tool_name === 'ExitPlanMode' && typeof tool_input?.plan === 'string') {
-    const PLAN_MESSAGE_MAX_LENGTH = 300;
-    const title = 'Claude Code: Plan Review';
-    if (!tool_input.plan.trim()) {
-      return { title, message: '(empty plan)' };
+    title = 'Claude Code: Plan Review';
+    const plain = tool_input.plan.trim() ? stripMarkdown(tool_input.plan) : '';
+    message = plain || '(empty plan)';
+  } else {
+    title = `Claude Code: ${tool_name}`;
+    switch (tool_name) {
+      case 'Bash':
+        message = tool_input?.command ?? JSON.stringify(tool_input);
+        break;
+      case 'Read':
+      case 'Write':
+      case 'Edit':
+        message = tool_input?.file_path ?? JSON.stringify(tool_input);
+        break;
+      default:
+        message = JSON.stringify(tool_input);
+        break;
     }
-    const raw = tool_input.plan;
-    const plain = stripMarkdown(raw);
-    const message = plain
-      ? (plain.length > PLAN_MESSAGE_MAX_LENGTH ? plain.slice(0, PLAN_MESSAGE_MAX_LENGTH) + '...' : plain)
-      : '(empty plan)';
-    return { title, message };
   }
 
-  const title = `Claude Code: ${tool_name}`;
-  let message;
-
-  switch (tool_name) {
-    case 'Bash':
-      message = tool_input?.command ?? JSON.stringify(tool_input);
-      break;
-    case 'Read':
-    case 'Write':
-    case 'Edit':
-      message = tool_input?.file_path ?? JSON.stringify(tool_input);
-      break;
-    default:
-      message = JSON.stringify(tool_input);
-      break;
+  if (message.length > MESSAGE_MAX_LENGTH) {
+    message = message.slice(0, MESSAGE_MAX_LENGTH) + '...';
   }
-
   return { title, message };
 }

package/src/setup.mjs

@@ -105,11 +105,23 @@ export async function runSetup({
   generateTopic,
   saveConfig,
   loadConfig,
+  prompt,
+  promptSecret,
 }) {
   const topic = generateTopic();
 
   const config = loadConfig(configPath);
   config.topic = topic;
+
+  if (prompt) {
+    const useAuth = await prompt("Use authenticated topics? (y/n): ");
+    if (useAuth?.toLowerCase() === "y") {
+      config.ntfyUsername = await prompt("Username: ");
+      const promptSecretFn = promptSecret || prompt;
+      config.ntfyPassword = await promptSecretFn("Password: ");
+    }
+  }
+
   saveConfig(config, configPath);
 
   const hookCommand = getHookCommand();