bug: improve WASM Vertex AI authentication + VSCode env var deletion

[hellovai]

Summary

This PR fixes two critical issues affecting the VSCode playground:

1. WASM Vertex AI authentication failures - GCP service account JWT encoding was not sufficiently resilient
2. Environment variable deletion not persisting - Clicking trash icon didn't save changes

Changes

1. Fix JWT encoding for GCP service account keys in WASM

Problem: The base64 decoder was producing only 3 bytes instead of 1600+ bytes for RSA keys because literal \n characters in JSON strings weren't being removed.

Root cause: GCP service account JSON files contain the private key with escaped newlines like:

{
  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIE...\n-----END PRIVATE KEY-----\n"
}

The code was only removing actual newline characters (\n) but not the two-character literal string \n.

Solution:

• Added .replace("\\n", "") to handle escaped newlines in JSON strings
• Added support for both PKCS#8 (BEGIN PRIVATE KEY) and PKCS#1 (BEGIN RSA PRIVATE KEY) formats
• Added validation: keys < 100 bytes now fail early with clear error
• Enhanced error messages with actionable troubleshooting steps

2. Fix environment variable deletion not persisting

Problem: When users clicked the trash icon to delete an env var, it disappeared from the UI but remained in memory after reload.

Root cause: The deleteApiKeyAtom only updated local state but didn't call save, unlike the auto-save behavior for edits.

Solution:

• Modified deleteApiKeyAtom to auto-save deletions immediately
• Now consistent with the debounced auto-save used for value edits
• Centralized the fix at the atom level (not component level)

Testing

• ✅ Tested with real GCP service account credentials
• ✅ Verified env var deletion persists across reloads
• ✅ Error messages provide clear guidance for common issues
• ✅ WASM build compiles successfully

Files Changed

• engine/baml-runtime/src/internal/wasm_jwt.rs - JWT encoding fixes
• engine/baml-runtime/src/internal/llm_client/primitive/vertex/wasm_auth.rs - Early validation
• typescript/packages/playground-common/src/components/api-keys-dialog/atoms.ts - Auto-save deletions

🤖 Generated with Claude Code

---

Note

Strengthens WASM Vertex AI JWT/key handling and makes API key deletions auto-save in the VSCode playground.

• Runtime (WASM/Vertex AI):
  • Add early validation for short JSON creds in wasm_auth.rs and improve JWT serialization/encoding error contexts.
  • In wasm_jwt.rs, normalize PEM input (handle escaped \n, PKCS#8 and PKCS#1 headers), validate key length, and provide clearer WebCrypto/base64 errors.
• VSCode Playground:
  • deleteApiKeyAtom: auto-save deletions by syncing localApiKeys to userApiKeysAtom and clearing hasLocalChanges.

^{Written by Cursor Bugbot for commit c03040c. This will update automatically on new commits. Configure here.}

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
promptfiddle	Skipped			Nov 4, 2025 1:28pm

[github-actions]

🌿 Preview your docs: https://boundary-preview-6be1654d-140a-4815-acf6-f2181d062d50.docs.buildwithfern.com

[github-actions]

🌿 Preview your docs: https://boundary-preview-09bd42f3-4e96-410c-990a-05de6d9d9884.docs.buildwithfern.com

[github-actions]

https://sage-backend-h00madtdx-baml.vercel.app

[github-actions]

🌿 Preview your docs: https://boundary-preview-622fa00b-d91d-48e9-a7c0-ac147a03038c.docs.buildwithfern.com

[github-actions]

https://sage-backend-7nar1ould-baml.vercel.app

[github-actions]

🌿 Preview your docs: https://boundary-preview-b9261b22-2515-4463-acef-c83e10b81c78.docs.buildwithfern.com

[github-actions]

https://sage-backend-r3xzk5odw-baml.vercel.app