fix: add null-safe error handling and fix timer tests

- Add optional chaining (?.) to all err.error.message and
  err.error.originalMessage accesses to prevent TypeError when
  err.error is undefined
- Fix timer tests in app.component.spec.ts by mocking setTimeout
  directly instead of using fakeAsync (Zone.js compatibility issue)
- Refactor secrets.component.spec.ts debounce tests to not rely
  on RxJS timer control

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: gugu

frontend/src/app/app.component.spec.ts

@@ -288,7 +288,12 @@ describe('AppComponent', () => {
 	});
 
 	it('should restore session and log out after token expiration', async () => {
-		vi.useFakeTimers();
+		let capturedTimeoutCallback: Function | null = null;
+		const setTimeoutSpy = vi.spyOn(window, 'setTimeout').mockImplementation((callback: Function) => {
+			capturedTimeoutCallback = callback;
+			return 1 as unknown as ReturnType<typeof setTimeout>;
+		});
+
 		const expiration = new Date(Date.now() + 5000); // 5s ahead
 		localStorage.setItem('token_expiration', expiration.toString());
 
@@ -299,19 +304,22 @@ describe('AppComponent', () => {
 		app.ngOnInit();
 		mockAuthService.cast.next({ some: 'session' }); // not 'delete'
 
-		await vi.advanceTimersByTimeAsync(0);
+		await fixture.whenStable();
 
 		expect(app.initializeUserSession).toHaveBeenCalled();
 
-		await vi.advanceTimersByTimeAsync(5000);
+		// Execute the timeout callback that was captured
+		if (capturedTimeoutCallback) {
+			capturedTimeoutCallback();
+		}
 
 		expect(app.logOut).toHaveBeenCalledWith(true);
 		expect(app.router.navigate).toHaveBeenCalledWith(['/login']);
-		vi.useRealTimers();
+
+		setTimeoutSpy.mockRestore();
 	});
 
 	it('should immediately log out and navigate to login if token is expired', async () => {
-		vi.useFakeTimers();
 		const expiration = new Date(Date.now() - 5000); // Expired 5s ago
 		localStorage.setItem('token_expiration', expiration.toString());
 
@@ -323,11 +331,10 @@ describe('AppComponent', () => {
 
 		mockAuthService.cast.next({ some: 'session' });
 
-		await vi.advanceTimersByTimeAsync(0);
+		await fixture.whenStable();
 
 		expect(app.initializeUserSession).not.toHaveBeenCalled();
 		expect(app.logOut).toHaveBeenCalledWith(true);
 		expect(app.router.navigate).toHaveBeenCalledWith(['/login']);
-		vi.useRealTimers();
 	});
 });

frontend/src/app/components/audit/audit.component.ts

@@ -110,7 +110,7 @@ export class AuditComponent implements OnInit {
 			},
 			(err) => {
 				this.isServerError = true;
-				this.serverError = { abstract: err.error.message, details: err.error.originalMessage };
+				this.serverError = { abstract: err.error?.message || err.message, details: err.error?.originalMessage };
 			},
 		);