feat(mothership): add cli execution

Author: Sg312

apps/sim/app/api/function/execute/route.ts

@@ -1,11 +1,18 @@
 import { createLogger } from '@sim/logger'
 import { type NextRequest, NextResponse } from 'next/server'
 import { checkInternalAuth } from '@/lib/auth/hybrid'
+import {
+  FORMAT_TO_CONTENT_TYPE,
+  normalizeOutputWorkspaceFileName,
+  resolveOutputFormat,
+} from '@/lib/copilot/request/tools/files'
 import { isE2bEnabled } from '@/lib/core/config/feature-flags'
 import { generateRequestId } from '@/lib/core/utils/request'
-import { executeInE2B } from '@/lib/execution/e2b'
+import { executeInE2B, executeShellInE2B } from '@/lib/execution/e2b'
 import { executeInIsolatedVM } from '@/lib/execution/isolated-vm'
 import { CodeLanguage, DEFAULT_CODE_LANGUAGE, isValidCodeLanguage } from '@/lib/execution/languages'
+import { uploadWorkspaceFile } from '@/lib/uploads/contexts/workspace/workspace-file-manager'
+import { getWorkflowById } from '@/lib/workflows/utils'
 import { escapeRegExp, normalizeName, REFERENCE } from '@/executor/constants'
 import { type OutputSchema, resolveBlockReference } from '@/executor/utils/block-reference'
 import { formatLiteralForCode } from '@/executor/utils/code-formatting'
@@ -580,6 +587,96 @@ function cleanStdout(stdout: string): string {
   return stdout
 }
 
+async function maybeExportSandboxFileToWorkspace(args: {
+  authUserId: string
+  workflowId?: string
+  workspaceId?: string
+  outputPath?: string
+  outputFormat?: string
+  outputSandboxPath?: string
+  exportedFileContent?: string
+  stdout: string
+  executionTime: number
+}) {
+  const {
+    authUserId,
+    workflowId,
+    workspaceId,
+    outputPath,
+    outputFormat,
+    outputSandboxPath,
+    exportedFileContent,
+    stdout,
+    executionTime,
+  } = args
+
+  if (!outputSandboxPath) return null
+
+  if (!outputPath) {
+    return NextResponse.json(
+      {
+        success: false,
+        error:
+          'outputSandboxPath requires outputPath. Set outputPath to the destination workspace file, e.g. "files/result.csv".',
+        output: { result: null, stdout: cleanStdout(stdout), executionTime },
+      },
+      { status: 400 }
+    )
+  }
+
+  const resolvedWorkspaceId =
+    workspaceId || (workflowId ? (await getWorkflowById(workflowId))?.workspaceId : undefined)
+
+  if (!resolvedWorkspaceId) {
+    return NextResponse.json(
+      {
+        success: false,
+        error: 'Workspace context required to save sandbox file to workspace',
+        output: { result: null, stdout: cleanStdout(stdout), executionTime },
+      },
+      { status: 400 }
+    )
+  }
+
+  if (exportedFileContent === undefined) {
+    return NextResponse.json(
+      {
+        success: false,
+        error: `Sandbox file "${outputSandboxPath}" was not found or could not be read`,
+        output: { result: null, stdout: cleanStdout(stdout), executionTime },
+      },
+      { status: 500 }
+    )
+  }
+
+  const fileName = normalizeOutputWorkspaceFileName(outputPath)
+  const format = resolveOutputFormat(fileName, outputFormat)
+  const contentType = FORMAT_TO_CONTENT_TYPE[format]
+  const uploaded = await uploadWorkspaceFile(
+    resolvedWorkspaceId,
+    authUserId,
+    Buffer.from(exportedFileContent, 'utf-8'),
+    fileName,
+    contentType
+  )
+
+  return NextResponse.json({
+    success: true,
+    output: {
+      result: {
+        message: `Sandbox file exported to files/${fileName}`,
+        fileId: uploaded.id,
+        fileName,
+        downloadUrl: uploaded.url,
+        sandboxPath: outputSandboxPath,
+      },
+      stdout: cleanStdout(stdout),
+      executionTime,
+    },
+    resources: [{ type: 'file', id: uploaded.id, title: fileName }],
+  })
+}
+
 export async function POST(req: NextRequest) {
   const requestId = generateRequestId()
   const startTime = Date.now()
@@ -603,12 +700,16 @@ export async function POST(req: NextRequest) {
       params = {},
       timeout = DEFAULT_EXECUTION_TIMEOUT_MS,
       language = DEFAULT_CODE_LANGUAGE,
+      outputPath,
+      outputFormat,
+      outputSandboxPath,
       envVars = {},
       blockData = {},
       blockNameMapping = {},
       blockOutputSchemas = {},
       workflowVariables = {},
       workflowId,
+      workspaceId,
       isCustomTool = false,
       _sandboxFiles,
     } = body
@@ -652,6 +753,82 @@ export async function POST(req: NextRequest) {
       hasImports = jsImports.trim().length > 0 || hasRequireStatements
     }
 
+    if (lang === CodeLanguage.Shell) {
+      if (!isE2bEnabled) {
+        throw new Error(
+          'Shell execution requires E2B to be enabled. Please contact your administrator to enable E2B.'
+        )
+      }
+
+      const shellEnvs: Record<string, string> = {}
+      for (const [k, v] of Object.entries(envVars)) {
+        shellEnvs[k] = String(v)
+      }
+      for (const [k, v] of Object.entries(contextVariables)) {
+        shellEnvs[k] = String(v)
+      }
+
+      logger.info(`[${requestId}] E2B shell execution`, {
+        enabled: isE2bEnabled,
+        hasApiKey: Boolean(process.env.E2B_API_KEY),
+        envVarCount: Object.keys(shellEnvs).length,
+      })
+
+      const execStart = Date.now()
+      const {
+        result: shellResult,
+        stdout: shellStdout,
+        sandboxId,
+        error: shellError,
+        exportedFileContent,
+      } = await executeShellInE2B({
+        code: resolvedCode,
+        envs: shellEnvs,
+        timeoutMs: timeout,
+        sandboxFiles: _sandboxFiles,
+        outputSandboxPath,
+      })
+      const executionTime = Date.now() - execStart
+
+      logger.info(`[${requestId}] E2B shell sandbox`, {
+        sandboxId,
+        stdoutPreview: shellStdout?.slice(0, 200),
+        error: shellError,
+        executionTime,
+      })
+
+      if (shellError) {
+        return NextResponse.json(
+          {
+            success: false,
+            error: shellError,
+            output: { result: null, stdout: cleanStdout(shellStdout), executionTime },
+          },
+          { status: 500 }
+        )
+      }
+
+      if (outputSandboxPath) {
+        const fileExportResponse = await maybeExportSandboxFileToWorkspace({
+          authUserId: auth.userId,
+          workflowId,
+          workspaceId,
+          outputPath,
+          outputFormat,
+          outputSandboxPath,
+          exportedFileContent,
+          stdout: shellStdout,
+          executionTime,
+        })
+        if (fileExportResponse) return fileExportResponse
+      }
+
+      return NextResponse.json({
+        success: true,
+        output: { result: shellResult ?? null, stdout: cleanStdout(shellStdout), executionTime },
+      })
+    }
+
     if (lang === CodeLanguage.Python && !isE2bEnabled) {
       throw new Error(
         'Python execution requires E2B to be enabled. Please contact your administrator to enable E2B, or use JavaScript instead.'
@@ -719,11 +896,13 @@ export async function POST(req: NextRequest) {
           stdout: e2bStdout,
           sandboxId,
           error: e2bError,
+          exportedFileContent,
         } = await executeInE2B({
           code: codeForE2B,
           language: CodeLanguage.JavaScript,
           timeoutMs: timeout,
           sandboxFiles: _sandboxFiles,
+          outputSandboxPath,
         })
         const executionTime = Date.now() - execStart
         stdout += e2bStdout
@@ -752,6 +931,21 @@ export async function POST(req: NextRequest) {
           )
         }
 
+        if (outputSandboxPath) {
+          const fileExportResponse = await maybeExportSandboxFileToWorkspace({
+            authUserId: auth.userId,
+            workflowId,
+            workspaceId,
+            outputPath,
+            outputFormat,
+            outputSandboxPath,
+            exportedFileContent,
+            stdout,
+            executionTime,
+          })
+          if (fileExportResponse) return fileExportResponse
+        }
+
         return NextResponse.json({
           success: true,
           output: { result: e2bResult ?? null, stdout: cleanStdout(stdout), executionTime },
@@ -783,11 +977,13 @@ export async function POST(req: NextRequest) {
         stdout: e2bStdout,
         sandboxId,
         error: e2bError,
+        exportedFileContent,
       } = await executeInE2B({
         code: codeForE2B,
         language: CodeLanguage.Python,
         timeoutMs: timeout,
         sandboxFiles: _sandboxFiles,
+        outputSandboxPath,
       })
       const executionTime = Date.now() - execStart
       stdout += e2bStdout
@@ -816,6 +1012,21 @@ export async function POST(req: NextRequest) {
         )
       }
 
+      if (outputSandboxPath) {
+        const fileExportResponse = await maybeExportSandboxFileToWorkspace({
+          authUserId: auth.userId,
+          workflowId,
+          workspaceId,
+          outputPath,
+          outputFormat,
+          outputSandboxPath,
+          exportedFileContent,
+          stdout,
+          executionTime,
+        })
+        if (fileExportResponse) return fileExportResponse
+      }
+
       return NextResponse.json({
         success: true,
         output: { result: e2bResult ?? null, stdout: cleanStdout(stdout), executionTime },

apps/sim/lib/copilot/request/tools/files.ts

@@ -138,6 +138,10 @@ export async function maybeWriteOutputToFile(
   const outputPath =
     (params?.outputPath as string | undefined) ?? (args?.outputPath as string | undefined)
   if (!outputPath) return result
+  const outputSandboxPath =
+    (params?.outputSandboxPath as string | undefined) ??
+    (args?.outputSandboxPath as string | undefined)
+  if (toolName === FunctionExecute.id && outputSandboxPath) return result
 
   const explicitFormat =
     (params?.outputFormat as string | undefined) ?? (args?.outputFormat as string | undefined)
@@ -179,6 +183,7 @@ export async function maybeWriteOutputToFile(
         size: buffer.length,
         downloadUrl: uploaded.url,
       },
+      resources: [{ type: 'file', id: uploaded.id, title: fileName }],
     }
   } catch (err) {
     const message = err instanceof Error ? err.message : String(err)

apps/sim/lib/copilot/tool-executor/register-handlers.ts

@@ -12,6 +12,7 @@ import {
   DeployApi,
   DeployChat,
   DeployMcp,
+  FunctionExecute,
   GenerateApiKey,
   GetBlockOutputs,
   GetBlockUpstreamReferences,
@@ -61,6 +62,7 @@ import {
   executeRevertToVersion,
   executeUpdateWorkspaceMcpServer,
 } from '../tools/handlers/deployment/manage'
+import { executeFunctionExecute } from '../tools/handlers/function-execute'
 import {
   executeCompleteJob,
   executeCreateJob,
@@ -167,6 +169,7 @@ function buildHandlerMap(): Record<string, ToolHandler> {
     [OpenResource.id]: h(executeOpenResource),
     [GetPlatformActions.id]: h(executeGetPlatformActions),
     [MaterializeFile.id]: h(executeMaterializeFile),
+    [FunctionExecute.id]: h(executeFunctionExecute),
 
     ...buildServerToolHandlers(),
   }

apps/sim/lib/copilot/tools/handlers/function-execute.ts

@@ -0,0 +1,31 @@
+import { executeTool as executeAppTool } from '@/tools'
+import type { ToolExecutionContext, ToolExecutionResult } from '../../tool-executor/types'
+
+export async function executeFunctionExecute(
+  params: Record<string, unknown>,
+  context: ToolExecutionContext
+): Promise<ToolExecutionResult> {
+  const enrichedParams = { ...params }
+
+  if (context.decryptedEnvVars && Object.keys(context.decryptedEnvVars).length > 0) {
+    enrichedParams.envVars = {
+      ...context.decryptedEnvVars,
+      ...((enrichedParams.envVars as Record<string, string>) || {}),
+    }
+  }
+
+  enrichedParams._context = {
+    ...(typeof enrichedParams._context === 'object' && enrichedParams._context !== null
+      ? (enrichedParams._context as object)
+      : {}),
+    userId: context.userId,
+    workflowId: context.workflowId,
+    workspaceId: context.workspaceId,
+    chatId: context.chatId,
+    executionId: context.executionId,
+    runId: context.runId,
+    enforceCredentialAccess: true,
+  }
+
+  return executeAppTool('function_execute', enrichedParams, false)
+}

apps/sim/lib/core/config/env.ts

@@ -319,6 +319,7 @@ export const env = createEnv({
     // E2B Remote Code Execution
     E2B_ENABLED:                           z.string().optional(),                  // Enable E2B remote code execution
     E2B_API_KEY:                           z.string().optional(),                  // E2B API key for sandbox creation
+    MOTHERSHIP_E2B_TEMPLATE_ID:             z.string().optional(),                  // Custom E2B template with pre-installed CLI tools for shell execution
 
     // Credential Sets (Email Polling) - for self-hosted deployments
     CREDENTIAL_SETS_ENABLED:               z.boolean().optional(),                 // Enable credential sets on self-hosted (bypasses plan requirements)