fix: Added dangerouslyAllowBrowser

Author: asafgardin

src/AI21.ts

@@ -1,20 +1,25 @@
 import * as Types from './types';
 import { AI21EnvConfig } from './EnvConfig';
-import { MissingAPIKeyError } from './errors';
+import { AI21Error, MissingAPIKeyError } from './errors';
 import { Chat } from './resources/chat';
 import { APIClient } from './APIClient';
 import { Headers } from './types';
+import * as Runtime from './runtime';
 import { ConversationalRag } from './resources/rag/conversationalRag';
 
-export type ClientOptions = {
+export interface ClientOptions {
   baseURL?: string;
   apiKey?: string;
   maxRetries?: number;
   timeout?: number;
   via?: string | null;
   defaultHeaders?: Headers;
+  /**
+   * By default, using this library on the client side is prohibited to prevent exposing your secret API credentials to potential attackers.
+   * Only enable this option by setting it to `true` if you fully understand the risks and have implemented appropriate security measures.
+   */
   dangerouslyAllowBrowser?: boolean;
-};
+}
 
 export class AI21 extends APIClient {
   protected options: ClientOptions;
@@ -28,7 +33,7 @@ export class AI21 extends APIClient {
     maxRetries,
     via,
     ...opts
-  }: ClientOptions) {
+  }: ClientOptions = {}) {
     const options: ClientOptions = {
       apiKey,
       baseURL,
@@ -38,6 +43,12 @@ export class AI21 extends APIClient {
       ...opts,
     };
 
+    if (!options.dangerouslyAllowBrowser && Runtime.isBrowser) {
+      throw new AI21Error(
+        'AI21 client is not supported in the browser by default due to potential API key exposure. Use `dangerouslyAllowBrowser` option to `true` to override it.',
+      );
+    }
+
     super({
       baseURL,
       timeout,

tests/AI21.test.ts

@@ -1,5 +1,5 @@
 import { AI21, ClientOptions } from '../src/AI21';
-import { MissingAPIKeyError } from '../src/errors';
+import { AI21Error, MissingAPIKeyError } from '../src/errors';
 import { Chat } from '../src/resources/chat';
 
 describe('AI21', () => {
@@ -8,11 +8,12 @@ describe('AI21', () => {
     apiKey: mockApiKey,
     baseURL: 'https://some-url/v1',
     timeout: 600,
+    dangerouslyAllowBrowser: true,  // Test env is in the browser and we need to allow it
   };
 
   describe('constructor', () => {
     it('should initialize with default options', () => {
-      const client = new AI21({ apiKey: mockApiKey });
+      const client = new AI21({ apiKey: mockApiKey, dangerouslyAllowBrowser: true });
       expect(client).toBeInstanceOf(AI21);
       expect(client.chat).toBeInstanceOf(Chat);
     });
@@ -21,6 +22,10 @@ describe('AI21', () => {
       expect(() => new AI21({apiKey: undefined} as ClientOptions)).toThrow(MissingAPIKeyError);
     });
 
+    it('should throw AI21Error when browser is detected without dangerouslyAllowBrowser option', () => {
+      expect(() => new AI21({...defaultOptions, dangerouslyAllowBrowser: false})).toThrow(AI21Error);
+    });
+
     it('should initialize with custom options', () => {
       const customOptions: ClientOptions = {
         ...defaultOptions,