Sandbox PPTX generation in subprocess with vm.createContext

AI-generated PptxGenJS code was executed via new Function() in both
the server (full Node.js access) and browser (XSS risk). Replace with
a dedicated Node.js subprocess (pptx-worker.cjs) that runs user code
inside vm.createContext with a null-prototype sandbox — no access to
process, require, Buffer, or any Node.js globals. Process-level
isolation ensures a vm escape cannot reach the main process or DB.

File access is brokered via IPC so the subprocess never touches the
database directly, mirroring the isolated-vm worker pattern. Compilation
happens lazily at serve time (compilePptxIfNeeded) rather than on write,
matching industry practice for source-stored PPTX pipelines.

- Add pptx-worker.cjs: sandboxed subprocess worker
- Add pptx-vm.ts: orchestration, IPC bridge, file brokering
- Add /api/workspaces/[id]/pptx/preview: REST-correct preview endpoint
- Update serve route: compile pptxgenjs source to binary on demand
- Update workspace-file.ts: remove unsafe new Function(), store source only
- Update next.config.ts: include pptxgenjs in outputFileTracingIncludes
- Update trigger.config.ts: add pptx-worker.cjs and pptxgenjs to build

Author: waleedlatif1

apps/sim/app/api/files/serve/[...path]/route.ts

@@ -3,7 +3,7 @@ import { createLogger } from '@sim/logger'
 import type { NextRequest } from 'next/server'
 import { NextResponse } from 'next/server'
 import { checkSessionOrInternalAuth } from '@/lib/auth/hybrid'
-import { generatePptxFromCode } from '@/lib/copilot/tools/server/files/workspace-file'
+import { generatePptxFromCode } from '@/lib/execution/pptx-vm'
 import { CopilotFiles, isUsingCloudStorage } from '@/lib/uploads'
 import type { StorageContext } from '@/lib/uploads/config'
 import { parseWorkspaceFileKey } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
@@ -47,10 +47,6 @@ function stripStorageKeyPrefix(segment: string): string {
   return STORAGE_KEY_PREFIX_RE.test(segment) ? segment.replace(STORAGE_KEY_PREFIX_RE, '') : segment
 }
 
-function getWorkspaceIdForCompile(key: string): string | undefined {
-  return parseWorkspaceFileKey(key) ?? undefined
-}
-
 export async function GET(
   request: NextRequest,
   { params }: { params: Promise<{ path: string[] }> }
@@ -143,7 +139,7 @@ async function handleLocalFile(
     const rawBuffer = await readFile(filePath)
     const segment = filename.split('/').pop() || filename
     const displayName = stripStorageKeyPrefix(segment)
-    const workspaceId = getWorkspaceIdForCompile(filename)
+    const workspaceId = parseWorkspaceFileKey(filename) ?? undefined
     const { buffer: fileBuffer, contentType } = await compilePptxIfNeeded(
       rawBuffer,
       displayName,
@@ -208,7 +204,7 @@ async function handleCloudProxy(
 
     const segment = cloudKey.split('/').pop() || 'download'
     const displayName = stripStorageKeyPrefix(segment)
-    const workspaceId = getWorkspaceIdForCompile(cloudKey)
+    const workspaceId = parseWorkspaceFileKey(cloudKey) ?? undefined
     const { buffer: fileBuffer, contentType } = await compilePptxIfNeeded(
       rawBuffer,
       displayName,

apps/sim/app/api/workspaces/[id]/pptx/preview/route.ts

@@ -0,0 +1,52 @@
+import { createLogger } from '@sim/logger'
+import { type NextRequest, NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { generatePptxFromCode } from '@/lib/execution/pptx-vm'
+import { verifyWorkspaceMembership } from '@/app/api/workflows/utils'
+
+export const dynamic = 'force-dynamic'
+export const runtime = 'nodejs'
+
+const logger = createLogger('PptxPreviewAPI')
+
+/**
+ * POST /api/workspaces/[id]/pptx/preview
+ * Compile PptxGenJS source code and return the binary PPTX for streaming preview.
+ */
+export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
+  const { id: workspaceId } = await params
+
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const membership = await verifyWorkspaceMembership(session.user.id, workspaceId)
+    if (!membership) {
+      return NextResponse.json({ error: 'Insufficient permissions' }, { status: 403 })
+    }
+
+    const body = await req.json()
+    const { code } = body as { code?: string }
+
+    if (typeof code !== 'string' || code.trim().length === 0) {
+      return NextResponse.json({ error: 'code is required' }, { status: 400 })
+    }
+
+    const buffer = await generatePptxFromCode(code, workspaceId)
+
+    return new NextResponse(buffer, {
+      status: 200,
+      headers: {
+        'Content-Type': 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
+        'Content-Length': String(buffer.length),
+        'Cache-Control': 'private, no-store',
+      },
+    })
+  } catch (err) {
+    const message = err instanceof Error ? err.message : 'PPTX generation failed'
+    logger.error('PPTX preview generation failed', { error: message, workspaceId })
+    return NextResponse.json({ error: message }, { status: 500 })
+  }
+}

apps/sim/lib/copilot/tools/server/files/workspace-file.ts

@@ -1,5 +1,4 @@
 import { createLogger } from '@sim/logger'
-import PptxGenJS from 'pptxgenjs'
 import type { BaseServerTool, ServerToolContext } from '@/lib/copilot/tools/server/base-tool'
 import type { WorkspaceFileArgs, WorkspaceFileResult } from '@/lib/copilot/tools/shared/schemas'
 import {
@@ -13,7 +12,6 @@ import {
 
 const logger = createLogger('WorkspaceFileServerTool')
 
-const PPTX_MIME = 'application/vnd.openxmlformats-officedocument.presentationml.presentation'
 const PPTX_SOURCE_MIME = 'text/x-pptxgenjs'
 
 const EXT_TO_MIME: Record<string, string> = {
@@ -22,24 +20,6 @@ const EXT_TO_MIME: Record<string, string> = {
   '.html': 'text/html',
   '.json': 'application/json',
   '.csv': 'text/csv',
-  '.pptx': PPTX_MIME,
-}
-
-export async function generatePptxFromCode(code: string, workspaceId: string): Promise<Buffer> {
-  const pptx = new PptxGenJS()
-
-  async function getFileBase64(fileId: string): Promise<string> {
-    const record = await getWorkspaceFile(workspaceId, fileId)
-    if (!record) throw new Error(`File not found: ${fileId}`)
-    const buffer = await downloadWsFile(record)
-    const mime = record.type || 'image/png'
-    return `data:${mime};base64,${buffer.toString('base64')}`
-  }
-
-  const fn = new Function('pptx', 'getFileBase64', `return (async () => { ${code} })()`)
-  await fn(pptx, getFileBase64)
-  const output = await pptx.write({ outputType: 'nodebuffer' })
-  return output as Buffer
 }
 
 function inferContentType(fileName: string, explicitType?: string): string {
@@ -81,25 +61,9 @@ export const workspaceFileServerTool: BaseServerTool<WorkspaceFileArgs, Workspac
             return { success: false, message: 'content is required for write operation' }
           }
 
-          const isPptx = fileName.toLowerCase().endsWith('.pptx')
-          let contentType: string
-
-          if (isPptx) {
-            // Validate the code compiles before storing
-            try {
-              await generatePptxFromCode(content, workspaceId)
-            } catch (err) {
-              const msg = err instanceof Error ? err.message : String(err)
-              logger.error('PPTX code validation failed', { error: msg, fileName })
-              return {
-                success: false,
-                message: `PPTX generation failed: ${msg}. Fix the pptxgenjs code and retry.`,
-              }
-            }
-            contentType = PPTX_SOURCE_MIME
-          } else {
-            contentType = inferContentType(fileName, explicitType)
-          }
+          const contentType = fileName.toLowerCase().endsWith('.pptx')
+            ? PPTX_SOURCE_MIME
+            : inferContentType(fileName, explicitType)
 
           const fileBuffer = Buffer.from(content, 'utf-8')
 
@@ -148,27 +112,14 @@ export const workspaceFileServerTool: BaseServerTool<WorkspaceFileArgs, Workspac
             return { success: false, message: `File with ID "${fileId}" not found` }
           }
 
-          const isPptxUpdate = fileRecord.name?.toLowerCase().endsWith('.pptx')
-          if (isPptxUpdate) {
-            try {
-              await generatePptxFromCode(content, workspaceId)
-            } catch (err) {
-              const msg = err instanceof Error ? err.message : String(err)
-              return {
-                success: false,
-                message: `PPTX generation failed: ${msg}. Fix the pptxgenjs code and retry.`,
-              }
-            }
-          }
-
           const fileBuffer = Buffer.from(content, 'utf-8')
 
           await updateWorkspaceFileContent(
             workspaceId,
             fileId,
             context.userId,
             fileBuffer,
-            isPptxUpdate ? PPTX_SOURCE_MIME : undefined
+            fileRecord.name?.toLowerCase().endsWith('.pptx') ? PPTX_SOURCE_MIME : undefined
           )
 
           logger.info('Workspace file updated via copilot', {
@@ -280,26 +231,13 @@ export const workspaceFileServerTool: BaseServerTool<WorkspaceFileArgs, Workspac
             content = content.slice(0, idx) + edit.replace + content.slice(idx + edit.search.length)
           }
 
-          const isPptxPatch = fileRecord.name?.toLowerCase().endsWith('.pptx')
-          if (isPptxPatch) {
-            try {
-              await generatePptxFromCode(content, workspaceId)
-            } catch (err) {
-              const msg = err instanceof Error ? err.message : String(err)
-              return {
-                success: false,
-                message: `Patched PPTX code failed to compile: ${msg}. Fix the edits and retry.`,
-              }
-            }
-          }
-
           const patchedBuffer = Buffer.from(content, 'utf-8')
           await updateWorkspaceFileContent(
             workspaceId,
             fileId,
             context.userId,
             patchedBuffer,
-            isPptxPatch ? PPTX_SOURCE_MIME : undefined
+            fileRecord.name?.toLowerCase().endsWith('.pptx') ? PPTX_SOURCE_MIME : undefined
           )
 
           logger.info('Workspace file patched via copilot', {

apps/sim/lib/execution/pptx-vm.ts

@@ -0,0 +1,179 @@
+/**
+ * Sandboxed PPTX generation via subprocess.
+ *
+ * Mirrors the pattern used by isolated-vm.ts: user code runs in a separate
+ * Node.js child process so that even a vm sandbox escape cannot reach the main
+ * Next.js process, the database, or any secrets. File access is brokered via
+ * IPC — the subprocess never touches the database directly.
+ */
+
+import { type ChildProcess, spawn } from 'node:child_process'
+import fs from 'node:fs'
+import path from 'node:path'
+import { fileURLToPath } from 'node:url'
+import { createLogger } from '@sim/logger'
+import {
+  downloadWorkspaceFile,
+  getWorkspaceFile,
+} from '@/lib/uploads/contexts/workspace/workspace-file-manager'
+
+const logger = createLogger('PptxVMExecution')
+
+const WORKER_STARTUP_TIMEOUT_MS = 10_000
+const GENERATION_TIMEOUT_MS = 60_000
+const MAX_STDERR = 4096
+
+type WorkerMessage =
+  | { type: 'ready' }
+  | { type: 'result'; data: string }
+  | { type: 'error'; message: string }
+  | { type: 'getFile'; fileReqId: number; fileId: string }
+
+// Resolved once at module load — the path never changes at runtime.
+const currentDir = path.dirname(fileURLToPath(import.meta.url))
+const WORKER_PATH = (() => {
+  const candidates = [
+    path.join(currentDir, 'pptx-worker.cjs'),
+    path.join(process.cwd(), 'lib', 'execution', 'pptx-worker.cjs'),
+  ]
+  const found = candidates.find((p) => fs.existsSync(p))
+  if (!found) throw new Error(`pptx-worker.cjs not found at any of: ${candidates.join(', ')}`)
+  return found
+})()
+
+/**
+ * Generate a PPTX file by executing AI-generated PptxGenJS code in a sandboxed
+ * subprocess. File resources referenced by the code are fetched from workspace
+ * storage by the main process and delivered to the worker via IPC.
+ */
+export async function generatePptxFromCode(code: string, workspaceId: string): Promise<Buffer> {
+  return new Promise<Buffer>((resolve, reject) => {
+    let proc: ChildProcess | null = null
+    let settled = false
+    let startupTimer: ReturnType<typeof setTimeout> | null = null
+    let generationTimer: ReturnType<typeof setTimeout> | null = null
+
+    function done(err: Error): void
+    function done(err: undefined, result: Buffer): void
+    function done(err: Error | undefined, result?: Buffer): void {
+      if (settled) return
+      settled = true
+      if (startupTimer) clearTimeout(startupTimer)
+      if (generationTimer) clearTimeout(generationTimer)
+      try {
+        proc?.removeAllListeners()
+        proc?.kill()
+      } catch {
+        // Ignore — process may have already exited
+      }
+      if (err) reject(err)
+      else resolve(result as Buffer)
+    }
+
+    try {
+      proc = spawn('node', [WORKER_PATH], {
+        stdio: ['ignore', 'pipe', 'pipe', 'ipc'],
+        serialization: 'json',
+      })
+    } catch (err) {
+      done(err instanceof Error ? err : new Error(String(err)))
+      return
+    }
+
+    let stderrData = ''
+    proc.stderr?.on('data', (chunk: Buffer) => {
+      if (stderrData.length < MAX_STDERR) {
+        stderrData += chunk.toString()
+        if (stderrData.length > MAX_STDERR) stderrData = stderrData.slice(0, MAX_STDERR)
+      }
+    })
+
+    startupTimer = setTimeout(() => {
+      logger.error('PPTX worker failed to start within timeout')
+      done(new Error('PPTX worker failed to start'))
+    }, WORKER_STARTUP_TIMEOUT_MS)
+
+    proc.on('exit', (code) => {
+      if (!settled) {
+        logger.error('PPTX worker exited unexpectedly', { code, stderr: stderrData.slice(0, 500) })
+        done(new Error(`PPTX worker exited unexpectedly (code ${code})`))
+      }
+    })
+
+    proc.on('error', (err) => {
+      logger.error('PPTX worker process error', { error: err.message })
+      done(err)
+    })
+
+    proc.on('message', (rawMsg: unknown) => {
+      const msg = rawMsg as WorkerMessage
+
+      if (msg.type === 'ready') {
+        if (startupTimer) {
+          clearTimeout(startupTimer)
+          startupTimer = null
+        }
+        generationTimer = setTimeout(() => {
+          logger.error('PPTX generation timed out')
+          done(new Error('PPTX generation timed out'))
+        }, GENERATION_TIMEOUT_MS)
+        proc!.send({ type: 'generate', code })
+        return
+      }
+
+      if (msg.type === 'result') {
+        done(undefined, Buffer.from(msg.data, 'base64'))
+        return
+      }
+
+      if (msg.type === 'error') {
+        done(new Error(msg.message))
+        return
+      }
+
+      if (msg.type === 'getFile') {
+        handleFileRequest(proc!, workspaceId, msg).catch((err) => {
+          logger.error('Failed to handle file request from PPTX worker', {
+            fileId: msg.fileId,
+            error: err instanceof Error ? err.message : String(err),
+          })
+          if (proc && !settled) {
+            try {
+              proc.send({
+                type: 'fileResult',
+                fileReqId: msg.fileReqId,
+                error: err instanceof Error ? err.message : 'File fetch failed',
+              })
+            } catch {
+              // Ignore — process may have died
+            }
+          }
+        })
+      }
+    })
+  })
+}
+
+async function handleFileRequest(
+  proc: ChildProcess,
+  workspaceId: string,
+  msg: Extract<WorkerMessage, { type: 'getFile' }>
+): Promise<void> {
+  const record = await getWorkspaceFile(workspaceId, msg.fileId)
+  if (!record) {
+    proc.send({
+      type: 'fileResult',
+      fileReqId: msg.fileReqId,
+      error: `File not found: ${msg.fileId}`,
+    })
+    return
+  }
+
+  const buffer = await downloadWorkspaceFile(record)
+  const mime = record.type || 'image/png'
+  proc.send({
+    type: 'fileResult',
+    fileReqId: msg.fileReqId,
+    data: `data:${mime};base64,${buffer.toString('base64')}`,
+  })
+}