feat(files): add compiled-check endpoint and VFS path for binary document self-verification

Author: waleedlatif1

apps/sim/app/api/workspaces/[id]/files/[fileId]/compiled-check/route.ts

@@ -0,0 +1,97 @@
+import { createLogger } from '@sim/logger'
+import { toError } from '@sim/utils/errors'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { withRouteHandler } from '@/lib/core/utils/with-route-handler'
+import { MAX_DOCUMENT_PREVIEW_CODE_BYTES } from '@/lib/execution/constants'
+import { runSandboxTask, SandboxUserCodeError } from '@/lib/execution/sandbox/run-task'
+import { downloadWorkspaceFile, getWorkspaceFile } from '@/lib/uploads/contexts/workspace'
+import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
+import type { SandboxTaskId } from '@/sandbox-tasks/registry'
+
+export const dynamic = 'force-dynamic'
+export const runtime = 'nodejs'
+
+const logger = createLogger('WorkspaceFileCompiledCheckAPI')
+
+const EXT_TO_TASK: Record<string, SandboxTaskId> = {
+  docx: 'docx-generate',
+  pptx: 'pptx-generate',
+  pdf: 'pdf-generate',
+}
+
+/**
+ * GET /api/workspaces/[id]/files/[fileId]/compiled-check
+ *
+ * Compiles the saved JavaScript source of a .docx / .pptx / .pdf file and
+ * returns whether it succeeds. Used by the file agent to self-verify generated
+ * code before finalising an edit.
+ *
+ * Returns:
+ *   200 { ok: true }
+ *   200 { ok: false, error: string, errorName: string }   — user code error
+ *   4xx on auth / missing file / unsupported extension
+ *   500 on system (sandbox infra) failure
+ */
+export const GET = withRouteHandler(
+  async (request: NextRequest, { params }: { params: Promise<{ id: string; fileId: string }> }) => {
+    const { id: workspaceId, fileId } = await params
+
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const membership = await verifyWorkspaceMembership(session.user.id, workspaceId)
+    if (!membership) {
+      return NextResponse.json({ error: 'Insufficient permissions' }, { status: 403 })
+    }
+
+    const fileRecord = await getWorkspaceFile(workspaceId, fileId)
+    if (!fileRecord) {
+      return NextResponse.json({ error: 'File not found' }, { status: 404 })
+    }
+
+    const ext = fileRecord.name.split('.').pop()?.toLowerCase() ?? ''
+    const taskId = EXT_TO_TASK[ext]
+    if (!taskId) {
+      return NextResponse.json(
+        { error: `Compiled check only supports .docx, .pptx, and .pdf files` },
+        { status: 422 }
+      )
+    }
+
+    let buffer: Buffer
+    try {
+      buffer = await downloadWorkspaceFile(fileRecord)
+    } catch (err) {
+      logger.error('Failed to download file for compiled check', {
+        fileId,
+        error: toError(err).message,
+      })
+      return NextResponse.json({ error: 'Failed to read file' }, { status: 500 })
+    }
+
+    const code = buffer.toString('utf-8')
+
+    if (Buffer.byteLength(code, 'utf-8') > MAX_DOCUMENT_PREVIEW_CODE_BYTES) {
+      return NextResponse.json({ error: 'File source exceeds maximum size' }, { status: 413 })
+    }
+
+    try {
+      await runSandboxTask(taskId, { code, workspaceId }, { ownerKey: `user:${session.user.id}` })
+      return NextResponse.json({ ok: true })
+    } catch (err) {
+      if (err instanceof SandboxUserCodeError) {
+        logger.info('Compiled check failed with user code error', {
+          fileId,
+          taskId,
+          error: toError(err).message,
+          errorName: err.name,
+        })
+        return NextResponse.json({ ok: false, error: toError(err).message, errorName: err.name })
+      }
+      throw err
+    }
+  }
+)

apps/sim/lib/copilot/vfs/workspace-vfs.ts

@@ -58,6 +58,7 @@ import {
   getAccessibleOAuthCredentials,
 } from '@/lib/credentials/environment'
 import { getPersonalAndWorkspaceEnv } from '@/lib/environment/utils'
+import { runSandboxTask, SandboxUserCodeError } from '@/lib/execution/sandbox/run-task'
 import { getKnowledgeBases } from '@/lib/knowledge/service'
 import { listTables } from '@/lib/table/service'
 import {
@@ -79,6 +80,7 @@ import {
 } from '@/lib/workspaces/permissions/utils'
 import { getAllBlocks } from '@/blocks/registry'
 import { CONNECTOR_REGISTRY } from '@/connectors/registry'
+import type { SandboxTaskId } from '@/sandbox-tasks/registry'
 import { tools as toolRegistry } from '@/tools/registry'
 import { getLatestVersionTools, stripVersionSuffix } from '@/tools/utils'
 import { TRIGGER_REGISTRY } from '@/triggers/registry'
@@ -313,6 +315,8 @@ function getStaticComponentFiles(): Map<string, string> {
  *   tables/{name}/meta.json
  *   files/{name}/meta.json
  *   files/by-id/{id}/meta.json
+ *   files/by-id/{id}/style            (dynamic — OOXML theme/font extraction for .docx/.pptx)
+ *   files/by-id/{id}/compiled-check   (dynamic — compile JS source via sandbox, returns {ok,error?})
  *   jobs/{title}/meta.json
  *   jobs/{title}/history.json
  *   jobs/{title}/executions.json
@@ -451,10 +455,52 @@ export class WorkspaceVFS {
   /**
    * Attempt to read dynamic workspace file content from storage.
    * Handles images (base64), parseable documents (PDF, etc.), and text files.
-   * Also handles `files/by-id/{id}/style` for OOXML theme/style extraction.
+   * Also handles:
+   *   `files/by-id/{id}/style`           — OOXML theme/style extraction (.docx / .pptx only)
+   *   `files/by-id/{id}/compiled-check`  — sandbox compile check for JS-source binary files
    * Returns null if the path doesn't match `files/{name}` / `files/by-id/{id}` or the file isn't found.
    */
   async readFileContent(path: string): Promise<FileReadResult | null> {
+    // Handle compiled-check path: files/by-id/{id}/compiled-check
+    const compiledCheckMatch = path.match(/^files\/by-id\/([^/]+)\/compiled-check$/)
+    if (compiledCheckMatch) {
+      const fileId = compiledCheckMatch[1]
+      try {
+        const record = await getWorkspaceFile(this._workspaceId, fileId)
+        if (!record) return null
+        const ext = record.name.split('.').pop()?.toLowerCase() ?? ''
+        const EXT_TASK: Record<string, SandboxTaskId> = {
+          docx: 'docx-generate',
+          pptx: 'pptx-generate',
+          pdf: 'pdf-generate',
+        }
+        const taskId = EXT_TASK[ext]
+        if (!taskId) return null
+        const buffer = await downloadWorkspaceFile(record)
+        const code = buffer.toString('utf-8')
+        let result: { ok: boolean; error?: string; errorName?: string }
+        try {
+          await runSandboxTask(taskId, { code, workspaceId: this._workspaceId })
+          result = { ok: true }
+        } catch (err) {
+          if (err instanceof SandboxUserCodeError) {
+            result = { ok: false, error: toError(err).message, errorName: err.name }
+          } else {
+            throw err
+          }
+        }
+        const json = JSON.stringify(result)
+        return { content: json, totalLines: 1 }
+      } catch (err) {
+        logger.warn('Compiled check failed via VFS', {
+          workspaceId: this._workspaceId,
+          fileId,
+          error: toError(err).message,
+        })
+        return null
+      }
+    }
+
     // Handle style extraction path: files/by-id/{id}/style
     const styleMatch = path.match(/^files\/by-id\/([^/]+)\/style$/)
     if (styleMatch) {