[Bug] Building for Vercel/Nextjs Edge Runtime fails on Dynamic Code Evaluation

DhenPadilla commented 7 months ago

Is this a new bug?

[X] I believe this is a new bug
[X] I have searched the existing issues, and I could not find an existing issue for this bug

Current Behavior

I have a streaming RAG edge function API call that first calls pinecone (then cohere), then provides the context to OpenAI for completion.

I'm experiencing an issue with the building this new api call as it seems like the compilation of pinecone's sdk creates a new Function dynamic code evaluation snippet after ajv.compile() of the schema.

Full stack trace

Failed to compile.

./node_modules/@pinecone-database/pinecone/node_modules/ajv/dist/compile/index.js
Dynamic Code Evaluation (e. g. 'eval', 'new Function', 'WebAssembly.compile') not allowed in Edge Runtime
Learn More: https://nextjs.org/docs/messages/edge-dynamic-code-evaluation

Import trace for requested module:
./node_modules/@pinecone-database/pinecone/node_modules/ajv/dist/compile/index.js
./node_modules/@pinecone-database/pinecone/node_modules/ajv/dist/core.js
./node_modules/@pinecone-database/pinecone/node_modules/ajv/dist/ajv.js
./node_modules/@pinecone-database/pinecone/dist/validator.js
./node_modules/@pinecone-database/pinecone/dist/pinecone.js
./node_modules/@pinecone-database/pinecone/dist/index.js
./src/utils/rag.ts
./src/utils/streamableRag.ts

I inspected the code that was written before the compile (validator.js) - and it seems that there already is a catch for edge Runtime? But somehow gets ignored

var buildValidator = function (errorMessagePrefix, schema) {
    if ((0, environment_1.isEdge)()) {
        // Ajv schema compilation does not work in the Edge Runtime.
        return function (data) { }; // eslint-disable-line
    }
    if (typeof process !== 'undefined' &&
        process &&
        process.env &&
        process.env.PINECONE_DISABLE_RUNTIME_VALIDATIONS) {
        // Runtime method validations are most useful when learning to use the client
        // in an interactive REPL or when developing an application that does not use
        // Typescript to provide the benefits of static type-checking. However, if your
        // application is using Typescript and/or you have gained confidence of correct
        // usage through testing, you may want to disable these runtime validations
        // to improve performance.
        //
        // The PINECONE_DISABLE_RUNTIME_VALIDATIONS env var provides a way to disable
        // all runtime validation. If it is set, all validator functions will immediately
        // return without performing any validation.
        return function (data) { }; // eslint-disable-line
    }
    var ajv = new ajv_1.default({ allErrors: true });
    var validate = ajv.compile(schema);
    return function (data) {
        var valid = validate(data);
        if (!valid) {
            var errors = validate.errors || [];
            var msg = (0, exports.errorFormatter)(errorMessagePrefix, errors);
            throw new errors_1.PineconeArgumentError(msg);
        }
        return data;
    };
};

Right now, I'm using:

unstable_allowDynamic: [
        '**/node_modules/@pinecone-database/pinecone/node_modules/ajv/dist/compile/index.js',
    ],

to address build failures and compile to completion, though my hope here is so that I don't have to use this workaround as I'd rather not have the security vulnerability.

Expected Behavior

I was expecting an npm run build with pinecone index instantiated in my edge run time runs to completion without using unstable_allowDynamic

Steps To Reproduce

Create an edge function in next using a pages-api route (not a router api)

Under the edge function, set:

export const config = {
runtime: 'edge'
}

Create new Pinecone: 1. client, 2. index and 3. query call in the edge function

Using the OS and the given pinecone node sdk version + next 13.5.6 next build

Relevant log output

No response

Environment

- **OS**: macOS 13.5 v22G74
- **Language version**: Node 18.15.0
- **Pinecone client version**: 1.1.2 (`"@pinecone-database/pinecone": "^1.1.2`)
- **Next JS**: 13.5.6 (`"next": "13.5.6"`)

Additional Context

No response

DhenPadilla commented 7 months ago

Re-reading my issue, I see that PINECONE_DISABLE_RUNTIME_VALIDATIONS could be used to solve this;

But I'm wondering why the catch doesn't work as I believe it should?

Edit: Nevermind, tried setting this locally and next build fails with error above

yazinsai commented 6 months ago

Same issue; can't use Pinecone in NextJS Edge because of this

heymartinadams commented 3 months ago

Yeah, that sucks. It would be great if this was fixed. Referenced here as well. https://github.com/langchain-ai/langchainjs/issues/1055

heymartinadams commented 3 months ago

Was able to create a temporary workaround by using:

export const config = {
  runtime: 'edge',
  unstable_allowDynamic: [
    '**/node_modules/@pinecone-database/pinecone/node_modules/ajv/**'
  ]
}

But like @DhenPadilla mentioned, this could potentially be a security issue, although I’m not qualified enough to know this for certain.

anawishnoff commented 3 weeks ago

Thanks for filing this issue - we have plans to make adjustments to fix this issue and will circle back once that's complete.

aulorbe commented 2 days ago

Hey all,

We have now removed ajv, typebox, and native Node utility funcs from our client in the hopes that these changes enable users running on Edge runtimes to use the client effectively.

Please pull down version 3.0.2 from npm and let us know if you're still experiencing issues!

https://www.npmjs.com/package/@pinecone-database/pinecone

pinecone-io / pinecone-ts-client