fix: address code quality issues across multiple files

- README.md: fix license badge URLs to reference template-playground
- e2e/navigation.spec.ts: use Playwright auto-waiting toHaveURL matcher
- AIConfigPopup.tsx: use debouncedApiKey in fetches, add isEncrypting
  try-finally in handleSave, validate maxTokens bounds, unify
  isSaveDisabled, surface save errors to user
- store.ts: fix agreementHtml type mismatch (undefined -> empty string)
- ErrorBoundary.test.tsx: wrap window.location mock in try-finally
- secureKeyStorage.ts: fix salt.buffer for HKDF, fix PRF error message

Signed-off-by: Shubh-Raj <shubhraj625@gmail.com>

Author: Shubh-Raj

README.md

@@ -1,6 +1,6 @@
 <h1 align="center">Accord Project Template Playground</h1>
 <p align="center">
-  <a href="https://github.com/accordproject/models/blob/master/LICENSE"><img src="https://img.shields.io/github/license/accordproject/models" alt="GitHub license"></a>
+  <a href="https://github.com/accordproject/template-playground/blob/main/LICENSE"><img src="https://img.shields.io/github/license/accordproject/template-playground" alt="GitHub license"></a>
   <a href="https://github.com/accordproject/template-playground/actions/workflows/test.yml?query=branch%3Amain"><img src="https://img.shields.io/badge/coverage-view%20artifacts-blue" alt="Coverage: view artifacts"></a>
   <a href="https://www.accordproject.org/">
     <img src="https://img.shields.io/badge/powered%20by-accord%20project-19C6C8.svg" alt="Accord Project" />

e2e/navigation.spec.ts

@@ -29,7 +29,7 @@ test.describe('Navigation', () => {
     await homeLink.click();
 
     // Should be back at the playground
-   await expect(page).toHaveURL(/\/$/);
+    await expect(page).toHaveURL(/^https?:\/\/[^/]+\/?$/);
   });
 
   test('should have Help dropdown menu', async ({ page }) => {

src/components/AIConfigPopup.tsx

@@ -141,15 +141,15 @@ const AIConfigPopup = ({ isOpen, onClose }: AIConfigPopupProps) => {
         switch (provider) {
           case 'openai':
 		  case 'openai-compatible':
-			if (!apiKey) return;
+			if (!debouncedApiKey) return;
 
 			let endpoint = provider === 'openai-compatible' ? customEndpoint : 'https://api.openai.com/v1';
 			if (!endpoint) return;
 			endpoint = endpoint.replace(/\/$/, '');
 			const url = `${endpoint}/models`;
 
 			const res = await fetch(url, {
-			  headers: { Authorization: `Bearer ${apiKey}` },
+			  headers: { Authorization: `Bearer ${debouncedApiKey}` },
 		  	  signal,
 			});
 
@@ -163,11 +163,11 @@ const AIConfigPopup = ({ isOpen, onClose }: AIConfigPopupProps) => {
 			break;
 
           case 'anthropic':
-            if (!apiKey) return;
+            if (!debouncedApiKey) return;
             {
               const res = await fetch('https://api.anthropic.com/v1/models', {
                 headers: {
-                  'x-api-key': apiKey,
+                  'x-api-key': debouncedApiKey,
                   'anthropic-version': '2023-06-01',
                   'content-type': 'application/json',
                 },
@@ -183,10 +183,10 @@ const AIConfigPopup = ({ isOpen, onClose }: AIConfigPopupProps) => {
             break;
 
           case 'google':
-            if (!apiKey) return;
+            if (!debouncedApiKey) return;
             {
               const res = await fetch('https://generativelanguage.googleapis.com/v1beta2/models', {
-                headers: { 'x-goog-api-key': apiKey },
+                headers: { 'x-goog-api-key': debouncedApiKey },
                 signal,
               });
 			  if (!res.ok) {
@@ -199,10 +199,10 @@ const AIConfigPopup = ({ isOpen, onClose }: AIConfigPopupProps) => {
             break;
 
           case 'mistral':
-            if (!apiKey) return;
+            if (!debouncedApiKey) return;
             {
               const res = await fetch('https://api.mistral.ai/v1/models', {
-                headers: { Authorization: `Bearer ${apiKey}` },
+                headers: { Authorization: `Bearer ${debouncedApiKey}` },
                 signal,
               });
 			  if (!res.ok) {
@@ -227,10 +227,10 @@ const AIConfigPopup = ({ isOpen, onClose }: AIConfigPopupProps) => {
 			break;
 
           case 'openrouter':
-            if (!apiKey) return;
+            if (!debouncedApiKey) return;
             {
               const res = await fetch('https://openrouter.ai/api/v1/models', {
-                headers: { Authorization: `Bearer ${apiKey}` },
+                headers: { Authorization: `Bearer ${debouncedApiKey}` },
                 signal,
               });
 			  if (!res.ok) {
@@ -261,71 +261,78 @@ const AIConfigPopup = ({ isOpen, onClose }: AIConfigPopupProps) => {
   }, [provider, debouncedApiKey, customEndpoint]);
 
   const handleSave = async () => {
-    localStorage.setItem('aiProvider', provider);
-    localStorage.setItem('aiModel', model);
-
-    if (provider === 'openai-compatible') {
-      localStorage.setItem('aiCustomEndpoint', customEndpoint);
-    } else {
-      localStorage.removeItem('aiCustomEndpoint');
-    }
+    setIsEncrypting(true);
+    try {
+      localStorage.setItem('aiProvider', provider);
+      localStorage.setItem('aiModel', model);
+
+      if (provider === 'openai-compatible') {
+        localStorage.setItem('aiCustomEndpoint', customEndpoint);
+      } else {
+        localStorage.removeItem('aiCustomEndpoint');
+      }
 
-    if (maxTokens) {
-      localStorage.setItem('aiResMaxTokens', maxTokens);
-    } else {
-      localStorage.removeItem('aiResMaxTokens');
-    }
+      if (maxTokens) {
+        localStorage.setItem('aiResMaxTokens', maxTokens);
+      } else {
+        localStorage.removeItem('aiResMaxTokens');
+      }
 
-    localStorage.setItem('aiShowFullPrompt', showFullPrompt.toString());
-    localStorage.setItem('aiEnableCodeSelectionMenu', enableCodeSelectionMenu.toString());
-    localStorage.setItem('aiEnableInlineSuggestions', enableInlineSuggestions.toString());
-
-    // Securely store the API key
-    let protectionLevel: KeyProtectionLevel = 'memory-only';
-
-    if (apiKey && provider !== 'ollama') {
-      if (webauthnAvailable) {
-        try {
-          const success = await encryptAndStoreApiKey(apiKey);
-          if (success) {
-            protectionLevel = 'webauthn';
-            // Only remove legacy plaintext key when encryption succeeds
-            localStorage.removeItem('aiApiKey');
+      localStorage.setItem('aiShowFullPrompt', showFullPrompt.toString());
+      localStorage.setItem('aiEnableCodeSelectionMenu', enableCodeSelectionMenu.toString());
+      localStorage.setItem('aiEnableInlineSuggestions', enableInlineSuggestions.toString());
+
+      // Securely store the API key
+      let protectionLevel: KeyProtectionLevel = 'memory-only';
+
+      if (apiKey && provider !== 'ollama') {
+        if (webauthnAvailable) {
+          try {
+            const success = await encryptAndStoreApiKey(apiKey);
+            if (success) {
+              protectionLevel = 'webauthn';
+              // Only remove legacy plaintext key when encryption succeeds
+              localStorage.removeItem('aiApiKey');
+            }
+          } catch {
+            // Encryption failed — fall through to memory-only
           }
-        } catch {
-          // Encryption failed — fall through to memory-only
         }
       }
-    }
 
-    // Build the config from the current form values and set it directly
-    // in the Zustand store. This avoids calling loadConfigFromLocalStorage()
-    // which would re-trigger a WebAuthn prompt to decrypt the key we just saved.
-    const config: AIConfig = {
-      provider,
-      model,
-      apiKey: provider === 'ollama' ? '' : apiKey,
-      includeTemplateMarkContent: localStorage.getItem('aiIncludeTemplateMark') === 'true',
-      includeConcertoModelContent: localStorage.getItem('aiIncludeConcertoModel') === 'true',
-      includeDataContent: localStorage.getItem('aiIncludeData') === 'true',
-      showFullPrompt,
-      enableCodeSelectionMenu,
-      enableInlineSuggestions,
-    };
+      // Build the config from the current form values and set it directly
+      // in the Zustand store. This avoids calling loadConfigFromLocalStorage()
+      // which would re-trigger a WebAuthn prompt to decrypt the key we just saved.
+      const config: AIConfig = {
+        provider,
+        model,
+        apiKey: provider === 'ollama' ? '' : apiKey,
+        includeTemplateMarkContent: localStorage.getItem('aiIncludeTemplateMark') === 'true',
+        includeConcertoModelContent: localStorage.getItem('aiIncludeConcertoModel') === 'true',
+        includeDataContent: localStorage.getItem('aiIncludeData') === 'true',
+        showFullPrompt,
+        enableCodeSelectionMenu,
+        enableInlineSuggestions,
+      };
+
+      if (provider === 'openai-compatible' && customEndpoint) {
+        config.customEndpoint = customEndpoint;
+      }
 
-    if (provider === 'openai-compatible' && customEndpoint) {
-      config.customEndpoint = customEndpoint;
-    }
+      if (maxTokens) {
+        const parsed = parseInt(maxTokens, 10);
+        if (Number.isFinite(parsed) && parsed >= 1 && parsed <= 32000) {
+          config.maxTokens = parsed;
+        }
+      }
 
-    if (maxTokens) {
-      config.maxTokens = parseInt(maxTokens);
+      const { setAIConfig } = useAppStore.getState();
+      setAIConfig(config);
+      setKeyProtectionLevel(protectionLevel);
+      onClose();
+    } finally {
+      setIsEncrypting(false);
     }
-
-    const { setAIConfig } = useAppStore.getState();
-    setAIConfig(config);
-    setKeyProtectionLevel(protectionLevel);
-    setIsEncrypting(false);
-    onClose();
   };
 
   const handleReset = () => {
@@ -612,16 +619,27 @@ const AIConfigPopup = ({ isOpen, onClose }: AIConfigPopupProps) => {
             )}
           </div>
 
-          <button
-            onClick={() => { handleSave().catch(console.warn); }}
-            disabled={isEncrypting || !provider || !model || (availableModels.length > 0 && !availableModels.includes(model)) || (provider !== 'ollama' && !apiKey) || (provider === 'openai-compatible' && !customEndpoint)}
-            className={`w-full py-2 rounded-lg transition-colors disabled:cursor-not-allowed ${isEncrypting || !provider || !model || (provider !== 'ollama' && !apiKey) || (provider === 'openai-compatible' && !customEndpoint)
-              ? theme.saveButton.disabled
-              : theme.saveButton.enabled
-              }`}
-          >
-            {isEncrypting ? 'Encrypting & Saving...' : 'Save Configuration'}
-          </button>
+          {(() => {
+            const isSaveDisabled = isEncrypting || !provider || !model || (availableModels.length > 0 && !availableModels.includes(model)) || (provider !== 'ollama' && !apiKey) || (provider === 'openai-compatible' && !customEndpoint);
+            return (
+              <button
+                onClick={() => {
+                  setSecurityMessage('');
+                  handleSave().catch((err) => {
+                    console.warn(err);
+                    setSecurityMessage(`Save failed: ${err instanceof Error ? err.message : String(err)}`);
+                  });
+                }}
+                disabled={isSaveDisabled}
+                className={`w-full py-2 rounded-lg transition-colors disabled:cursor-not-allowed ${isSaveDisabled
+                  ? theme.saveButton.disabled
+                  : theme.saveButton.enabled
+                  }`}
+              >
+                {isEncrypting ? 'Encrypting & Saving...' : 'Save Configuration'}
+              </button>
+            );
+          })()}
 
           <button
             onClick={handleReset}

src/store/store.ts

@@ -243,7 +243,7 @@ const useAppStore = create<AppState>()(
           if (sample) {
             set(() => ({
               sampleName: sample.NAME,
-              agreementHtml: undefined,
+              agreementHtml: "",
               error: undefined,
               templateMarkdown: sample.TEMPLATE,
               editorValue: sample.TEMPLATE,

src/tests/components/ErrorBoundary.test.tsx

@@ -55,21 +55,23 @@ describe("ErrorBoundary", () => {
     delete (window as any).location;
     window.location = { ...originalLocation, reload: reloadMock } as any;
 
-    render(
-      <ErrorBoundary>
-        <ThrowError shouldThrow={true} />
-      </ErrorBoundary>
-    );
-
-    const reloadButton = screen.getByRole("button", { name: /Reload Page/i });
-    expect(reloadButton).toBeInTheDocument();
+    try {
+      render(
+        <ErrorBoundary>
+          <ThrowError shouldThrow={true} />
+        </ErrorBoundary>
+      );
 
-    reloadButton.click();
-    expect(reloadMock).toHaveBeenCalledTimes(1);
+      const reloadButton = screen.getByRole("button", { name: /Reload Page/i });
+      expect(reloadButton).toBeInTheDocument();
 
-    // Restore original location
-    delete (window as any).location;
-    window.location = originalLocation as any;
+      reloadButton.click();
+      expect(reloadMock).toHaveBeenCalledTimes(1);
+    } finally {
+      // Restore original location
+      delete (window as any).location;
+      window.location = originalLocation as any;
+    }
   });
 
   it("should display error details in development mode", () => {

src/utils/secureKeyStorage.ts

@@ -110,8 +110,8 @@ export async function registerCredential(): Promise<string> {
     const prfResult = (credential.getClientExtensionResults() as Record<string, unknown>)?.prf as { enabled?: boolean } | undefined;
     if (!prfResult?.enabled) {
         throw new Error(
-            'Your authenticator does not support the PRF extension. ' +
-            'API key will be stored in memory only for this session.'
+            'Authenticator does not support PRF extension; operation aborted — ' +
+            'no API key was stored; caller must handle this exception.'
         );
     }
 
@@ -184,7 +184,7 @@ export async function deriveEncryptionKey(
         {
             name: 'HKDF',
             hash: 'SHA-256',
-            salt: salt.buffer as ArrayBuffer,
+            salt: new Uint8Array(salt).buffer as ArrayBuffer,
             info: HKDF_INFO,
         },
         hkdfKey,