@orchagent/cli 0.1.0

package/dist/lib/api.js

@@ -0,0 +1,179 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiError = void 0;
+exports.request = request;
+exports.publicRequest = publicRequest;
+exports.getOrg = getOrg;
+exports.updateOrg = updateOrg;
+exports.listPublicAgents = listPublicAgents;
+exports.getPublicAgent = getPublicAgent;
+exports.listMyAgents = listMyAgents;
+exports.createAgent = createAgent;
+exports.starAgent = starAgent;
+exports.unstarAgent = unstarAgent;
+exports.forkAgent = forkAgent;
+exports.searchAgents = searchAgents;
+exports.fetchLlmKeys = fetchLlmKeys;
+exports.uploadCodeBundle = uploadCodeBundle;
+class ApiError extends Error {
+    status;
+    payload;
+    constructor(message, status, payload) {
+        super(message);
+        this.status = status;
+        this.payload = payload;
+    }
+}
+exports.ApiError = ApiError;
+function buildUrl(apiUrl, path) {
+    return `${apiUrl.replace(/\/$/, '')}${path}`;
+}
+async function parseError(response) {
+    const text = await response.text();
+    let payload;
+    try {
+        payload = JSON.parse(text);
+    }
+    catch {
+        payload = text;
+    }
+    const message = typeof payload === 'object' && payload
+        ? payload.error
+            ?.message ||
+            payload.message ||
+            response.statusText
+        : response.statusText;
+    return new ApiError(message, response.status, payload);
+}
+async function request(config, method, path, options = {}) {
+    if (!config.apiKey) {
+        throw new ApiError('Missing API key. Run `orchagent login` first.', 401);
+    }
+    const response = await fetch(buildUrl(config.apiUrl, path), {
+        method,
+        headers: {
+            Authorization: `Bearer ${config.apiKey}`,
+            ...(options.headers ?? {}),
+        },
+        body: options.body,
+    });
+    if (!response.ok) {
+        throw await parseError(response);
+    }
+    return (await response.json());
+}
+async function publicRequest(config, path) {
+    const response = await fetch(buildUrl(config.apiUrl, path));
+    if (!response.ok) {
+        throw await parseError(response);
+    }
+    return (await response.json());
+}
+async function getOrg(config) {
+    return request(config, 'GET', '/org');
+}
+async function updateOrg(config, payload) {
+    return request(config, 'PATCH', '/org', {
+        body: JSON.stringify(payload),
+        headers: { 'Content-Type': 'application/json' },
+    });
+}
+async function listPublicAgents(config) {
+    return publicRequest(config, '/public/agents');
+}
+async function getPublicAgent(config, org, agent, version) {
+    return publicRequest(config, `/public/agents/${org}/${agent}/${version}`);
+}
+// GitHub-like features
+async function listMyAgents(config) {
+    return request(config, 'GET', '/agents');
+}
+async function createAgent(config, data) {
+    return request(config, 'POST', '/agents', {
+        body: JSON.stringify(data),
+        headers: { 'Content-Type': 'application/json' },
+    });
+}
+async function starAgent(config, agentId) {
+    await request(config, 'POST', `/agents/${agentId}/star`);
+}
+async function unstarAgent(config, agentId) {
+    await request(config, 'DELETE', `/agents/${agentId}/star`);
+}
+async function forkAgent(config, agentId) {
+    return request(config, 'POST', `/agents/${agentId}/fork`);
+}
+async function searchAgents(config, query, options) {
+    const params = new URLSearchParams();
+    if (query)
+        params.append('search', query);
+    if (options?.sort)
+        params.append('sort', options.sort);
+    if (options?.tags?.length)
+        params.append('tags', options.tags.join(','));
+    const queryStr = params.toString();
+    return publicRequest(config, `/public/agents${queryStr ? `?${queryStr}` : ''}`);
+}
+async function fetchLlmKeys(config) {
+    const result = await request(config, 'GET', '/llm-keys/export');
+    return result.keys;
+}
+/**
+ * Upload a code bundle for a hosted code agent.
+ */
+async function uploadCodeBundle(config, agentId, bundlePath) {
+    if (!config.apiKey) {
+        throw new ApiError('Missing API key. Run `orchagent login` first.', 401);
+    }
+    // Read the bundle file
+    const fs = await Promise.resolve().then(() => __importStar(require('fs/promises')));
+    const buffer = await fs.readFile(bundlePath);
+    const blob = new Blob([buffer], { type: 'application/zip' });
+    // Create form data
+    const formData = new FormData();
+    formData.append('file', blob, 'bundle.zip');
+    const response = await fetch(`${config.apiUrl.replace(/\/$/, '')}/agents/${agentId}/upload`, {
+        method: 'POST',
+        headers: {
+            Authorization: `Bearer ${config.apiKey}`,
+        },
+        body: formData,
+    });
+    if (!response.ok) {
+        throw await parseError(response);
+    }
+    return (await response.json());
+}

package/dist/lib/api.test.js

@@ -0,0 +1,230 @@
+"use strict";
+/**
+ * Tests for API client functions.
+ *
+ * These tests cover the core API client that all CLI commands depend on:
+ * - Request building and authentication
+ * - Error parsing
+ * - Public vs authenticated requests
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const api_1 = require("./api");
+// Mock fetch globally
+const mockFetch = vitest_1.vi.fn();
+global.fetch = mockFetch;
+(0, vitest_1.describe)('ApiError', () => {
+    (0, vitest_1.it)('includes status code and message', () => {
+        const error = new api_1.ApiError('Not found', 404);
+        (0, vitest_1.expect)(error.message).toBe('Not found');
+        (0, vitest_1.expect)(error.status).toBe(404);
+    });
+    (0, vitest_1.it)('includes optional payload', () => {
+        const payload = { error: { code: 'NOT_FOUND' } };
+        const error = new api_1.ApiError('Not found', 404, payload);
+        (0, vitest_1.expect)(error.payload).toEqual(payload);
+    });
+});
+(0, vitest_1.describe)('request', () => {
+    const config = {
+        apiKey: 'sk_test_123',
+        apiUrl: 'https://api.test.com',
+    };
+    (0, vitest_1.beforeEach)(() => {
+        mockFetch.mockReset();
+    });
+    (0, vitest_1.afterEach)(() => {
+        vitest_1.vi.restoreAllMocks();
+    });
+    (0, vitest_1.it)('adds Authorization header with Bearer token', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve({ data: 'test' }),
+        });
+        await (0, api_1.request)(config, 'GET', '/test');
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith('https://api.test.com/test', vitest_1.expect.objectContaining({
+            method: 'GET',
+            headers: vitest_1.expect.objectContaining({
+                Authorization: 'Bearer sk_test_123',
+            }),
+        }));
+    });
+    (0, vitest_1.it)('returns parsed JSON response', async () => {
+        const responseData = { org: 'test', slug: 'test-org' };
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve(responseData),
+        });
+        const result = await (0, api_1.request)(config, 'GET', '/org');
+        (0, vitest_1.expect)(result).toEqual(responseData);
+    });
+    (0, vitest_1.it)('throws ApiError when response not ok', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: false,
+            status: 404,
+            statusText: 'Not Found',
+            text: () => Promise.resolve(JSON.stringify({
+                error: { message: 'Agent not found' }
+            })),
+        });
+        await (0, vitest_1.expect)((0, api_1.request)(config, 'GET', '/agents/missing'))
+            .rejects.toThrow(api_1.ApiError);
+    });
+    (0, vitest_1.it)('throws ApiError with 401 when no API key', async () => {
+        const noKeyConfig = {
+            apiKey: undefined,
+            apiUrl: 'https://api.test.com',
+        };
+        await (0, vitest_1.expect)((0, api_1.request)(noKeyConfig, 'GET', '/test'))
+            .rejects.toThrow('Missing API key');
+    });
+    (0, vitest_1.it)('parses error message from JSON response', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: false,
+            status: 403,
+            statusText: 'Forbidden',
+            text: () => Promise.resolve(JSON.stringify({
+                error: { message: 'Access denied to private agent' }
+            })),
+        });
+        try {
+            await (0, api_1.request)(config, 'GET', '/agents/private');
+            vitest_1.expect.fail('Should have thrown');
+        }
+        catch (error) {
+            (0, vitest_1.expect)(error).toBeInstanceOf(api_1.ApiError);
+            (0, vitest_1.expect)(error.message).toBe('Access denied to private agent');
+            (0, vitest_1.expect)(error.status).toBe(403);
+        }
+    });
+    (0, vitest_1.it)('uses statusText when no JSON message', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: false,
+            status: 500,
+            statusText: 'Internal Server Error',
+            text: () => Promise.resolve('not json'),
+        });
+        try {
+            await (0, api_1.request)(config, 'GET', '/broken');
+            vitest_1.expect.fail('Should have thrown');
+        }
+        catch (error) {
+            (0, vitest_1.expect)(error).toBeInstanceOf(api_1.ApiError);
+            (0, vitest_1.expect)(error.message).toBe('Internal Server Error');
+        }
+    });
+    (0, vitest_1.it)('includes custom headers', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve({}),
+        });
+        await (0, api_1.request)(config, 'POST', '/agents', {
+            body: JSON.stringify({ name: 'test' }),
+            headers: { 'Content-Type': 'application/json' },
+        });
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith(vitest_1.expect.any(String), vitest_1.expect.objectContaining({
+            headers: vitest_1.expect.objectContaining({
+                'Content-Type': 'application/json',
+                Authorization: 'Bearer sk_test_123',
+            }),
+        }));
+    });
+    (0, vitest_1.it)('strips trailing slash from API URL', async () => {
+        const configWithSlash = {
+            apiKey: 'sk_test_123',
+            apiUrl: 'https://api.test.com/',
+        };
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve({}),
+        });
+        await (0, api_1.request)(configWithSlash, 'GET', '/test');
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith('https://api.test.com/test', vitest_1.expect.any(Object));
+    });
+});
+(0, vitest_1.describe)('publicRequest', () => {
+    const config = {
+        apiUrl: 'https://api.test.com',
+    };
+    (0, vitest_1.beforeEach)(() => {
+        mockFetch.mockReset();
+    });
+    (0, vitest_1.it)('makes unauthenticated request', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve([]),
+        });
+        await (0, api_1.publicRequest)(config, '/public/agents');
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith('https://api.test.com/public/agents');
+    });
+    (0, vitest_1.it)('returns parsed JSON', async () => {
+        const agents = [{ name: 'agent1' }, { name: 'agent2' }];
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve(agents),
+        });
+        const result = await (0, api_1.publicRequest)(config, '/public/agents');
+        (0, vitest_1.expect)(result).toEqual(agents);
+    });
+    (0, vitest_1.it)('throws ApiError on failure', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: false,
+            status: 404,
+            statusText: 'Not Found',
+            text: () => Promise.resolve('{}'),
+        });
+        await (0, vitest_1.expect)((0, api_1.publicRequest)(config, '/public/agents/missing'))
+            .rejects.toThrow(api_1.ApiError);
+    });
+});
+(0, vitest_1.describe)('getOrg', () => {
+    const config = {
+        apiKey: 'sk_test_123',
+        apiUrl: 'https://api.test.com',
+    };
+    (0, vitest_1.beforeEach)(() => {
+        mockFetch.mockReset();
+    });
+    (0, vitest_1.it)('calls GET /org endpoint', async () => {
+        const orgData = { id: '123', slug: 'test-org', name: 'Test Org' };
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve(orgData),
+        });
+        const result = await (0, api_1.getOrg)(config);
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith('https://api.test.com/org', vitest_1.expect.objectContaining({ method: 'GET' }));
+        (0, vitest_1.expect)(result).toEqual(orgData);
+    });
+});
+(0, vitest_1.describe)('searchAgents', () => {
+    const config = {
+        apiUrl: 'https://api.test.com',
+    };
+    (0, vitest_1.beforeEach)(() => {
+        mockFetch.mockReset();
+    });
+    (0, vitest_1.it)('builds search query params', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve([]),
+        });
+        await (0, api_1.searchAgents)(config, 'pdf analyzer', { sort: 'stars' });
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith('https://api.test.com/public/agents?search=pdf+analyzer&sort=stars');
+    });
+    (0, vitest_1.it)('handles empty query', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve([]),
+        });
+        await (0, api_1.searchAgents)(config, '');
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith('https://api.test.com/public/agents');
+    });
+    (0, vitest_1.it)('includes tags in query', async () => {
+        mockFetch.mockResolvedValueOnce({
+            ok: true,
+            json: () => Promise.resolve([]),
+        });
+        await (0, api_1.searchAgents)(config, 'test', { tags: ['ai', 'document'] });
+        (0, vitest_1.expect)(mockFetch).toHaveBeenCalledWith(vitest_1.expect.stringContaining('tags=ai%2Cdocument'));
+    });
+});

package/dist/lib/browser-auth.js

@@ -0,0 +1,278 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.browserAuthFlow = browserAuthFlow;
+exports.startBrowserAuth = startBrowserAuth;
+const http_1 = __importDefault(require("http"));
+const open_1 = __importDefault(require("open"));
+const errors_1 = require("./errors");
+const DEFAULT_PORT = 8374;
+const AUTH_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+/**
+ * Perform browser-based OAuth authentication.
+ *
+ * 1. Starts a local HTTP server to receive the callback
+ * 2. Opens the browser to the auth URL
+ * 3. Waits for the callback with the one-time token
+ * 4. Exchanges the token for an API key
+ */
+async function browserAuthFlow(apiUrl, port = DEFAULT_PORT) {
+    // Step 1: Initialize the auth flow
+    const initResponse = await fetch(`${apiUrl}/auth/cli-init`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ redirect_port: port }),
+    });
+    if (!initResponse.ok) {
+        const error = await initResponse.json().catch(() => ({}));
+        throw new errors_1.CliError(error?.error?.message || `Failed to initialize auth: ${initResponse.statusText}`);
+    }
+    const { auth_url } = await initResponse.json();
+    // Step 2: Start local server and wait for callback
+    const token = await waitForCallback(port, AUTH_TIMEOUT_MS);
+    // Step 3: Exchange token for API key
+    const exchangeResponse = await fetch(`${apiUrl}/auth/cli-exchange`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ token }),
+    });
+    if (!exchangeResponse.ok) {
+        const error = await exchangeResponse.json().catch(() => ({}));
+        throw new errors_1.CliError(error?.error?.message || `Failed to exchange token: ${exchangeResponse.statusText}`);
+    }
+    const result = await exchangeResponse.json();
+    // Step 4: Open browser (do this after server is ready but before waiting)
+    // Actually we need to open browser earlier, let's restructure
+    return {
+        apiKey: result.api_key,
+        orgSlug: result.org_slug,
+        orgName: result.org_name,
+    };
+}
+/**
+ * Start a local HTTP server, open the browser, and wait for the callback.
+ */
+async function waitForCallback(port, timeoutMs) {
+    return new Promise((resolve, reject) => {
+        let resolved = false;
+        let server = null;
+        const cleanup = () => {
+            if (server) {
+                server.close();
+                server = null;
+            }
+        };
+        const timeout = setTimeout(() => {
+            if (!resolved) {
+                resolved = true;
+                cleanup();
+                reject(new errors_1.CliError('Authentication timed out. Please try again.'));
+            }
+        }, timeoutMs);
+        server = http_1.default.createServer((req, res) => {
+            // Only handle GET /callback
+            const url = new URL(req.url || '/', `http://127.0.0.1:${port}`);
+            if (url.pathname !== '/callback') {
+                res.writeHead(404);
+                res.end('Not Found');
+                return;
+            }
+            const token = url.searchParams.get('token');
+            if (!token) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(errorHtml('Missing token parameter'));
+                return;
+            }
+            // Success!
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(successHtml());
+            if (!resolved) {
+                resolved = true;
+                clearTimeout(timeout);
+                cleanup();
+                resolve(token);
+            }
+        });
+        server.on('error', (err) => {
+            if (!resolved) {
+                resolved = true;
+                clearTimeout(timeout);
+                cleanup();
+                if (err.code === 'EADDRINUSE') {
+                    reject(new errors_1.CliError(`Port ${port} is already in use. Try a different port with --port.`));
+                }
+                else {
+                    reject(new errors_1.CliError(`Failed to start auth server: ${err.message}`));
+                }
+            }
+        });
+        // Bind to localhost only for security
+        server.listen(port, '127.0.0.1', () => {
+            // Server is ready
+        });
+    });
+}
+/**
+ * Open browser and wait for callback token.
+ */
+async function startBrowserAuth(apiUrl, port = DEFAULT_PORT) {
+    // Step 1: Initialize the auth flow
+    const initResponse = await fetch(`${apiUrl}/auth/cli-init`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ redirect_port: port }),
+    });
+    if (!initResponse.ok) {
+        const error = await initResponse.json().catch(() => ({}));
+        throw new errors_1.CliError(error?.error?.message || `Failed to initialize auth: ${initResponse.statusText}`);
+    }
+    const { auth_url } = await initResponse.json();
+    // Step 2: Start local server to receive callback
+    const tokenPromise = waitForCallback(port, AUTH_TIMEOUT_MS);
+    // Step 3: Open browser
+    try {
+        await (0, open_1.default)(auth_url);
+    }
+    catch {
+        // If browser fails to open, show the URL for manual opening
+        process.stdout.write(`\nPlease open this URL in your browser:\n${auth_url}\n\n`);
+    }
+    // Step 4: Wait for callback
+    const token = await tokenPromise;
+    // Step 5: Exchange token for API key
+    const exchangeResponse = await fetch(`${apiUrl}/auth/cli-exchange`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ token }),
+    });
+    if (!exchangeResponse.ok) {
+        const error = await exchangeResponse.json().catch(() => ({}));
+        throw new errors_1.CliError(error?.error?.message || `Failed to complete authentication: ${exchangeResponse.statusText}`);
+    }
+    const result = await exchangeResponse.json();
+    return {
+        apiKey: result.api_key,
+        orgSlug: result.org_slug,
+        orgName: result.org_name,
+    };
+}
+function successHtml() {
+    return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>OrchAgent CLI - Authentication Successful</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      min-height: 100vh;
+      margin: 0;
+      background: #0a0a0a;
+      color: #fafafa;
+    }
+    .container {
+      text-align: center;
+      padding: 2rem;
+    }
+    .icon {
+      width: 64px;
+      height: 64px;
+      background: rgba(34, 197, 94, 0.1);
+      border-radius: 50%;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      margin: 0 auto 1.5rem;
+    }
+    .icon svg {
+      width: 32px;
+      height: 32px;
+      color: #22c55e;
+    }
+    h1 {
+      font-size: 1.5rem;
+      margin: 0 0 0.5rem;
+    }
+    p {
+      color: #a1a1aa;
+      margin: 0;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">
+      <svg fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M5 13l4 4L19 7"/>
+      </svg>
+    </div>
+    <h1>Authentication Successful</h1>
+    <p>You can close this tab and return to your terminal.</p>
+  </div>
+</body>
+</html>`;
+}
+function errorHtml(message) {
+    return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <title>OrchAgent CLI - Authentication Error</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      min-height: 100vh;
+      margin: 0;
+      background: #0a0a0a;
+      color: #fafafa;
+    }
+    .container {
+      text-align: center;
+      padding: 2rem;
+    }
+    .icon {
+      width: 64px;
+      height: 64px;
+      background: rgba(239, 68, 68, 0.1);
+      border-radius: 50%;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      margin: 0 auto 1.5rem;
+    }
+    .icon svg {
+      width: 32px;
+      height: 32px;
+      color: #ef4444;
+    }
+    h1 {
+      font-size: 1.5rem;
+      margin: 0 0 0.5rem;
+    }
+    p {
+      color: #a1a1aa;
+      margin: 0;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">
+      <svg fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M6 18L18 6M6 6l12 12"/>
+      </svg>
+    </div>
+    <h1>Authentication Error</h1>
+    <p>${message}</p>
+  </div>
+</body>
+</html>`;
+}