@lingda_ai/agentrank 0.1.2 → 0.1.3

package/index.ts

@@ -5,7 +5,6 @@ import {
 import { parseConfig, validateConfig, type AgentRankConfig } from "./src/config.js";
 import { AgentRankClient, type TaskInfo } from "./src/agentrank-client.js";
 import { TaskRunner } from "./src/task-runner.js";
-import { homedir } from "node:os";
 
 export default definePluginEntry({
   id: "agentrank",
@@ -58,6 +57,56 @@ export default definePluginEntry({
     let runner: TaskRunner | null = null;
     let started = false;
 
+    // Shared helper: create client + runner + wire event handlers
+    function initClientAndRunner() {
+      client = new AgentRankClient({
+        apiKey: config.apiKey,
+        serverUrl: config.serverUrl,
+        deviceId: config.deviceId,
+        logger: (...args: unknown[]) => api.logger.info(args.map(String).join(" ")),
+      });
+
+      runner = new TaskRunner(
+        client,
+        api.runtime.subagent,
+        {
+          workspaceRoot: config.workspaceRoot,
+          taskTimeoutSeconds: config.taskTimeoutSeconds,
+          logger: api.logger,
+        },
+        config.maxConcurrentTasks,
+      );
+
+      client.on("task", (task: unknown) => {
+        const taskInfo = task as TaskInfo;
+        api.logger.info(
+          `[agentrank] Task received: ${taskInfo.taskId} - ${taskInfo.title}`,
+        );
+        if (config.autoAccept) {
+          runner!.handleTask(taskInfo);
+        }
+      });
+
+      client.on("connected", () => {
+        api.logger.info("[agentrank] Connected to AgentRank server");
+        client!.updateStatus("online", "Ready for tasks");
+      });
+
+      client.on("disconnected", (reason: unknown) => {
+        api.logger.warn(
+          `[agentrank] Disconnected: ${reason || "unknown"}`,
+        );
+      });
+
+      client.on("error", (err: unknown) => {
+        api.logger.error(
+          `[agentrank] Error: ${err instanceof Error ? err.message : String(err)}`,
+        );
+      });
+
+      return { client, runner };
+    }
+
     const getStatus = () => ({
       connected: client?.connected ?? false,
       started,
@@ -82,53 +131,9 @@ export default definePluginEntry({
             return;
           }
 
-          client = new AgentRankClient({
-            apiKey: config.apiKey,
-            serverUrl: config.serverUrl,
-            deviceId: config.deviceId,
-            logger: (...args: unknown[]) => api.logger.info(args.map(String).join(" ")),
-          });
-
-          runner = new TaskRunner(
-            client,
-            api.runtime.subagent,
-            {
-              workspaceRoot: config.workspaceRoot,
-              taskTimeoutSeconds: config.taskTimeoutSeconds,
-              logger: api.logger,
-            },
-            config.maxConcurrentTasks,
-          );
-
-          // Wire up task handler
-          client.on("task", (task: unknown) => {
-            const taskInfo = task as TaskInfo;
-            api.logger.info(
-              `[agentrank] Task received: ${taskInfo.taskId} - ${taskInfo.title}`,
-            );
-            if (config.autoAccept) {
-              runner!.handleTask(taskInfo);
-            }
-          });
-
-          client.on("connected", () => {
-            api.logger.info("[agentrank] Connected to AgentRank server");
-            client!.updateStatus("online", "Ready for tasks");
-          });
-
-          client.on("disconnected", (reason: unknown) => {
-            api.logger.warn(
-              `[agentrank] Disconnected: ${reason || "unknown"}`,
-            );
-          });
+          initClientAndRunner();
 
-          client.on("error", (err: unknown) => {
-            api.logger.error(
-              `[agentrank] Error: ${err instanceof Error ? err.message : String(err)}`,
-            );
-          });
-
-          await client.connect();
+          await client!.connect();
           started = true;
           respond(true, getStatus());
         } catch (err) {
@@ -223,11 +228,17 @@ export default definePluginEntry({
               if (!params?.taskId) {
                 return json({ error: "taskId required for accept action" });
               }
-              if (!runner) {
+              if (!runner || !client) {
                 return json({ error: "Not started" });
               }
-              client!.acceptTask(params.taskId);
-              return json({ accepted: true, taskId: params.taskId });
+              // Fetch full task info from server, then dispatch to runner
+              try {
+                const taskData = await client.getTask(params.taskId) as TaskInfo;
+                const accepted = await runner.handleTask(taskData);
+                return json({ accepted, taskId: params.taskId });
+              } catch (err) {
+                return json({ error: err instanceof Error ? err.message : String(err) });
+              }
             }
             case "reject": {
               if (!params?.taskId) {
@@ -325,51 +336,8 @@ export default definePluginEntry({
         }
         api.logger.info("[agentrank] Service auto-start enabled, connecting...");
         try {
-          // Trigger the start gateway method logic
-          client = new AgentRankClient({
-            apiKey: config.apiKey,
-            serverUrl: config.serverUrl,
-            deviceId: config.deviceId,
-            logger: (...args: unknown[]) => api.logger.info(args.map(String).join(" ")),
-          });
-
-          runner = new TaskRunner(
-            client,
-            api.runtime.subagent,
-            {
-              workspaceRoot: config.workspaceRoot,
-              taskTimeoutSeconds: config.taskTimeoutSeconds,
-              logger: api.logger,
-            },
-            config.maxConcurrentTasks,
-          );
-
-          client.on("task", (task: unknown) => {
-            const taskInfo = task as TaskInfo;
-            api.logger.info(
-              `[agentrank] Task received: ${taskInfo.taskId} - ${taskInfo.title}`,
-            );
-            if (config.autoAccept) {
-              runner!.handleTask(taskInfo);
-            }
-          });
-
-          client.on("connected", () => {
-            api.logger.info("[agentrank] Connected to AgentRank server");
-            client!.updateStatus("online", "Ready for tasks");
-          });
-
-          client.on("disconnected", (reason: unknown) => {
-            api.logger.warn(`[agentrank] Disconnected: ${reason || "unknown"}`);
-          });
-
-          client.on("error", (err: unknown) => {
-            api.logger.error(
-              `[agentrank] Error: ${err instanceof Error ? err.message : String(err)}`,
-            );
-          });
-
-          await client.connect();
+          initClientAndRunner();
+          await client!.connect();
           started = true;
           api.logger.info("[agentrank] Service started and ready for tasks");
         } catch (err) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lingda_ai/agentrank",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "AgentRank task market plugin for OpenClaw",
   "type": "module",
   "main": "index.ts",
@@ -11,7 +11,9 @@
     "test:config": "bun test tests/config.test.ts"
   },
   "openclaw": {
-    "extensions": ["./index.ts"],
+    "extensions": [
+      "./index.ts"
+    ],
     "compat": {
       "pluginApi": ">=2026.3.24",
       "minGatewayVersion": "2026.3.24"

package/src/agentrank-client.ts

@@ -10,6 +10,8 @@ export interface TaskInfo {
   price?: number;
   deadline?: string;
   inputData?: Record<string, unknown>;
+  /** File extensions this agent is allowed to output (set by platform at registration) */
+  allowedFileTypes?: string[];
 }
 
 export interface ProgressUpdate {
@@ -59,6 +61,7 @@ export class AgentRankClient extends Emitter {
   private ws: WebSocket | null = null;
   private heartbeatTimer: ReturnType<typeof setInterval> | null = null;
   private reconnectTimer: ReturnType<typeof setTimeout> | null = null;
+  private reconnectAttempts = 0;
   private _connected = false;
   private _stopped = false;
   private options: { apiKey: string; serverUrl: string; deviceId: string };
@@ -83,22 +86,35 @@ export class AgentRankClient extends Emitter {
     this._stopped = false;
     return new Promise((resolve, reject) => {
       const wsUrl = this.options.serverUrl.replace(/^http/, "ws");
-      const url = `${wsUrl}/ws/agent?key=***&device=${this.options.deviceId}`;
-      this.log("[agentrank][ws] connecting to", url);
+      this.log("[agentrank][ws] connecting to", `${wsUrl}/ws/agent?device=${this.options.deviceId}`);
 
-      this.ws = new WebSocket(`${wsUrl}/ws/agent?key=${this.options.apiKey}&device=${this.options.deviceId}`);
+      this.ws = new WebSocket(`${wsUrl}/ws/agent?device=${this.options.deviceId}`, {
+        maxPayload: 1024 * 1024, // 1MB message size limit
+      });
+
+      this.ws.on("upgrade", () => {
+        // Send auth as first message instead of URL query to avoid key leaking in logs
+        this.sendAuth();
+      });
 
       this.ws.onopen = () => {
         this._connected = true;
+        this.reconnectAttempts = 0; // Reset backoff on successful connect
         this.startHeartbeat();
         this.log("[agentrank][ws] connected");
         this.emit("connected");
         resolve();
       };
 
+      const MAX_MESSAGE_SIZE = 1024 * 1024; // 1MB
       this.ws.onmessage = (event) => {
         try {
-          const msg = JSON.parse(event.data as string) as { type: string; payload: unknown };
+          const raw = event.data as string;
+          if (raw.length > MAX_MESSAGE_SIZE) {
+            this.log("[agentrank][ws] message too large (%d bytes), dropping", raw.length);
+            return;
+          }
+          const msg = JSON.parse(raw) as { type: string; payload: unknown };
           this.handleMessage(msg);
         } catch {
           this.log("[agentrank][ws] received malformed message");
@@ -238,6 +254,13 @@ export class AgentRankClient extends Emitter {
 
   // ---- Internal ----
 
+  private sendAuth() {
+    this.send("auth", {
+      key: this.options.apiKey,
+      device: this.options.deviceId,
+    });
+  }
+
   private send(type: string, payload: unknown) {
     if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
       this.log("[agentrank][ws] send dropped (not connected): %s", type);
@@ -267,7 +290,7 @@ export class AgentRankClient extends Emitter {
   private startHeartbeat() {
     this.heartbeatTimer = setInterval(() => {
       if (this.ws?.readyState === WebSocket.OPEN) {
-        this.ws.send(JSON.stringify({ type: "pong", payload: {}, ts: Date.now() }));
+        this.ws.send(JSON.stringify({ type: "ping", payload: {}, ts: Date.now() }));
       }
     }, 30_000);
     this.log("[agentrank][ws] heartbeat started (30s interval)");
@@ -283,13 +306,16 @@ export class AgentRankClient extends Emitter {
 
   private scheduleReconnect() {
     if (this._stopped) return;
-    this.log("[agentrank][ws] reconnecting in 5s...");
+    // Exponential backoff: 5s, 10s, 20s, 40s... capped at 5min
+    const delay = Math.min(5000 * Math.pow(2, this.reconnectAttempts), 300_000);
+    this.reconnectAttempts++;
+    this.log("[agentrank][ws] reconnecting in %dms (attempt %d)...", delay, this.reconnectAttempts);
     this.reconnectTimer = setTimeout(async () => {
       try {
         await this.connect();
       } catch {
         // scheduleReconnect will be triggered by onclose again
       }
-    }, 5000);
+    }, delay);
   }
 }

package/src/config.ts

@@ -1,6 +1,45 @@
 import { z } from "zod";
+import { resolve, join } from "node:path";
+import { tmpdir, homedir } from "node:os";
 
-export const AgentRankConfigSchema = z.object({
+/**
+ * Whitelist of allowed temp directory prefixes per platform.
+ * workspaceRoot must resolve to a path under one of these.
+ */
+function getAllowedTempPrefixes(): string[] {
+  const prefixes: string[] = [];
+
+  // --- macOS ---
+  prefixes.push("/tmp");                     // /tmp → /private/tmp
+  prefixes.push("/private/tmp");             // resolved symlink target
+  prefixes.push(resolve(tmpdir()));          // e.g. /var/folders/x.../T
+
+  // --- Linux ---
+  prefixes.push("/tmp");
+  prefixes.push("/var/tmp");
+
+  // --- Windows (Git Bash / WSL / native) ---
+  const winTemp = process.env.TEMP || process.env.TMP;
+  if (winTemp) prefixes.push(resolve(winTemp));
+  // Common Windows temp patterns
+  prefixes.push(resolve(join(homedir(), "AppData", "Local", "Temp")));
+
+  // --- Also allow the default we generate ---
+  prefixes.push(resolve(join(tmpdir(), "agentrank-tasks")));
+
+  // Deduplicate
+  return [...new Set(prefixes.filter(Boolean).map(p => resolve(p)))];
+}
+
+function isSafeWorkspaceRoot(path: string): boolean {
+  const resolved = resolve(path.replace("~", homedir()));
+  if (resolved === "/") return false;
+
+  const allowed = getAllowedTempPrefixes();
+  return allowed.some((prefix) => resolved === prefix || resolved.startsWith(prefix + "/"));
+}
+
+const BaseConfigSchema = z.object({
   enabled: z.boolean().default(true),
   serverUrl: z.string().default("http://localhost:3000"),
   apiKey: z.string().min(1, "API key is required"),
@@ -8,15 +47,22 @@ export const AgentRankConfigSchema = z.object({
   autoAccept: z.boolean().default(true),
   maxConcurrentTasks: z.number().int().min(1).max(10).default(3),
   taskTimeoutSeconds: z.number().int().min(60).max(3600).default(600),
-  workspaceRoot: z.string().default("~/.agentrank/workspace"),
+  workspaceRoot: z.string().default(join(tmpdir(), "agentrank-tasks")),
 });
-export type AgentRankConfig = z.infer<typeof AgentRankConfigSchema>;
+export type AgentRankConfig = z.infer<typeof BaseConfigSchema>;
 
 export function parseConfig(raw: unknown): AgentRankConfig {
   const input = raw && typeof raw === "object" && !Array.isArray(raw)
     ? (raw as Record<string, unknown>)
     : {};
-  return AgentRankConfigSchema.parse(input);
+  const config = BaseConfigSchema.parse(input);
+  if (!isSafeWorkspaceRoot(config.workspaceRoot)) {
+    throw new Error(
+      "workspaceRoot must be under a system temp directory (/tmp, /private/tmp, /var/tmp, or OS tmpdir). " +
+      `Got: ${config.workspaceRoot}`,
+    );
+  }
+  return config;
 }
 
 export function validateConfig(config: AgentRankConfig): { valid: boolean; errors: string[] } {
@@ -27,5 +73,8 @@ export function validateConfig(config: AgentRankConfig): { valid: boolean; error
   if (!config.serverUrl) {
     errors.push("serverUrl is required");
   }
+  if (!isSafeWorkspaceRoot(config.workspaceRoot)) {
+    errors.push("workspaceRoot must be under a system temp directory");
+  }
   return { valid: errors.length === 0, errors };
 }

package/src/output-guard.ts

@@ -79,23 +79,25 @@ export function scanFileContent(
   content: Buffer,
 ): ScanResult {
   // Skip binary files — only scan text
-  const ext = fileName.split(".").pop()?.toLowerCase() ?? "";
+  // Determine extension: handle files without extension (e.g., Makefile, Dockerfile)
+  const dotIndex = fileName.lastIndexOf(".");
+  const ext = dotIndex > 0 ? fileName.slice(dotIndex + 1).toLowerCase() : "";
+  const hasNoExtension = !fileName.includes(".");
+
   const textExtensions = new Set([
     "md", "txt", "json", "ts", "js", "py", "csv", "html", "xml",
     "yaml", "yml", "toml", "ini", "cfg", "conf", "env", "sh",
     "bash", "zsh", "sql", "log", "tsx", "jsx", "pem", "key",
     "pub", "cert", "crt", "asc",
   ]);
-  if (!textExtensions.has(ext) && ext !== "") {
+  // Skip non-text extensions (but allow files without extension like Makefile)
+  if (!hasNoExtension && !textExtensions.has(ext)) {
     return { safe: true, findings: [] };
   }
 
-  let text: string;
-  try {
-    text = content.toString("utf-8");
-  } catch {
-    return { safe: true, findings: [] };
-  }
+  // Buffer.toString("utf-8") never throws; it replaces invalid bytes with U+FFFD.
+  // No try/catch needed.
+  const text = content.toString("utf-8");
 
   const findings: ScanFinding[] = [];
   for (const { pattern, label } of SENSITIVE_PATTERNS) {

package/src/task-guard.ts

@@ -34,7 +34,7 @@ const RULES: GuardRule[] = [
     reason: "AWS credential access",
   },
   {
-    pattern: /\.env\b|credentials\.json|service-account.*\.json/i,
+    pattern: /(?:read|open|cat|load|access|show|get|display|查看|读取|打开|获取|显示).+\.env\b|credentials\.json|service-account.*\.json/i,
     category: "credential_theft",
     reason: "Secret file access",
   },

package/src/task-runner.ts

@@ -1,11 +1,29 @@
 import type { AgentRankClient, TaskInfo, SubmitResult } from "./agentrank-client.js";
 import type { PluginRuntime } from "openclaw/plugin-sdk/core";
 import { mkdir, writeFile, readdir, readFile, rm } from "node:fs/promises";
-import { join, extname } from "node:path";
+import { join, extname, resolve } from "node:path";
 import { homedir } from "node:os";
 import { checkTask as guardCheckTask } from "./task-guard.js";
 import { scanFileContent } from "./output-guard.js";
 
+/** Maximum total upload size per task (500MB) */
+const MAX_TOTAL_UPLOAD_SIZE = 500 * 1024 * 1024;
+/** Single file upload limit */
+const MAX_FILE_SIZE = 100 * 1024 * 1024;
+
+/** taskId must be alphanumeric with dashes/underscores only */
+const SAFE_TASK_ID = /^[a-zA-Z0-9_-]{1,128}$/;
+
+/** Safely remove a task workspace directory. Only deletes paths under workspaceRoot. */
+async function safeCleanup(workspaceDir: string, workspaceRoot: string): Promise<void> {
+  const resolvedDir = resolve(workspaceDir);
+  const resolvedRoot = resolve(workspaceRoot);
+  if (!resolvedDir.startsWith(resolvedRoot + "/") || resolvedDir === resolvedRoot) {
+    return; // Refuse to delete anything outside workspaceRoot or workspaceRoot itself
+  }
+  await rm(resolvedDir, { recursive: true, force: true });
+}
+
 export interface TaskRunnerOptions {
   workspaceRoot: string;
   taskTimeoutSeconds: number;
@@ -59,6 +77,15 @@ export class TaskRunner {
 
   /** Handle a new task assignment */
   async handleTask(task: TaskInfo): Promise<boolean> {
+    // Validate taskId format to prevent path traversal
+    if (!SAFE_TASK_ID.test(task.taskId)) {
+      this.options.logger.warn(
+        `[agentrank] Task ${task.taskId} rejected: invalid taskId format`,
+      );
+      this.client.rejectTask(task.taskId, "Invalid task ID format");
+      return false;
+    }
+
     if (!this.canAcceptMore) {
       this.options.logger.warn(
         `[agentrank] Task ${task.taskId} rejected: max concurrent tasks reached (${this.maxConcurrent})`,
@@ -77,14 +104,29 @@ export class TaskRunner {
       return false;
     }
 
+    // Reserve the slot immediately to prevent race condition
+    const controller = new AbortController();
+    this.activeTasks.set(task.taskId, {
+      taskId: task.taskId,
+      startTime: Date.now(),
+      controller,
+    });
+
     // Accept the task
     this.client.acceptTask(task.taskId);
 
-    // Set up workspace
-    const workspaceDir = join(
-      this.options.workspaceRoot.replace("~", homedir()),
-      task.taskId,
-    );
+    // Set up workspace — verify resolved path stays under workspaceRoot
+    const resolvedRoot = resolve(this.options.workspaceRoot.replace("~", homedir()));
+    const workspaceDir = join(resolvedRoot, task.taskId);
+    const resolvedDir = resolve(workspaceDir);
+    if (!resolvedDir.startsWith(resolvedRoot + "/")) {
+      this.options.logger.error(
+        `[agentrank] Task ${task.taskId} workspace escapes root: ${resolvedDir}`,
+      );
+      this.client.failTask(task.taskId, "Workspace path violation", false);
+      this.activeTasks.delete(task.taskId);
+      return false;
+    }
     await mkdir(workspaceDir, { recursive: true });
 
     // Write task context to workspace
@@ -103,14 +145,6 @@ export class TaskRunner {
       JSON.stringify(taskContext, null, 2),
     );
 
-    // Track the task
-    const controller = new AbortController();
-    this.activeTasks.set(task.taskId, {
-      taskId: task.taskId,
-      startTime: Date.now(),
-      controller,
-    });
-
     // Report status busy
     this.client.updateStatus("busy", `Working on task: ${task.title}`);
 
@@ -195,7 +229,7 @@ export class TaskRunner {
       const summary = this.extractSummary(messages);
 
       // Check if subagent refused the task (safety rules)
-      if (summary.startsWith("[REFUSED]")) {
+      if (summary.trim().startsWith("[REFUSED]")) {
         this.options.logger.warn(
           `[agentrank] Task ${task.taskId} refused by subagent: ${summary}`,
         );
@@ -224,25 +258,31 @@ export class TaskRunner {
         stage: "uploading",
       });
 
-      const outputRefs = await this.uploadWorkspaceFiles(task.taskId, workspaceDir);
+      const outputRefs = await this.uploadWorkspaceFiles(task.taskId, workspaceDir, task.allowedFileTypes);
+
+      // Scan summary text for sensitive data before submitting
+      const summaryText = String(summary).slice(0, 5000);
+      const summaryScan = scanFileContent("summary.txt", Buffer.from(summaryText));
+      if (!summaryScan.safe) {
+        for (const finding of summaryScan.findings) {
+          this.options.logger.warn(
+            `[agentrank][guard] Summary BLOCKED: ${finding.label}`,
+          );
+        }
+        this.client.failTask(task.taskId, "Summary contains sensitive data, blocked by output guard", false);
+        return;
+      }
 
       // Submit result to AgentRank
       const submitResult: SubmitResult = {
-        summary: String(summary).slice(0, 5000),
+        summary: summaryText,
         outputRefs,
       };
 
       this.client.submitTask(task.taskId, submitResult);
 
-      // Clean up local workspace to protect task sender privacy
-      try {
-        await rm(workspaceDir, { recursive: true, force: true });
-      } catch {
-        // Non-critical: best-effort cleanup
-      }
-
       this.options.logger.info(
-        `[agentrank] Task ${task.taskId} completed and workspace cleaned`,
+        `[agentrank] Task ${task.taskId} completed successfully`,
       );
     } catch (err) {
       if (signal.aborted) return;
@@ -260,7 +300,7 @@ export class TaskRunner {
 
       // Always clean up workspace on failure too
       try {
-        await rm(workspaceDir, { recursive: true, force: true });
+        await safeCleanup(workspaceDir, this.options.workspaceRoot.replace("~", homedir()));
       } catch {
         // Non-critical
       }
@@ -317,6 +357,7 @@ export class TaskRunner {
   private async uploadWorkspaceFiles(
     taskId: string,
     workspaceDir: string,
+    allowedFileTypes?: string[],
   ): Promise<SubmitResult["outputRefs"]> {
     const MIME_MAP: Record<string, string> = {
       ".md": "text/markdown",
@@ -333,19 +374,55 @@ export class TaskRunner {
       ".pdf": "application/pdf",
     };
 
-    const entries = await readdir(workspaceDir);
-    // Skip task.json and result.json (internal metadata)
-    const outputFiles = entries.filter((f) => f !== "task.json" && f !== "result.json");
+    // Recursively collect output files (skip task.json and result.json)
+    const outputFiles: string[] = [];
+    const collectFiles = async (dir: string, prefix: string = "") => {
+      const entries = await readdir(dir);
+      for (const entry of entries) {
+        const fullPath = join(dir, entry);
+        const relativePath = prefix ? `${prefix}/${entry}` : entry;
+        // Skip internal metadata files
+        if (relativePath === "task.json" || relativePath === "result.json") continue;
+        const entryStat = await lstat(fullPath);
+        if (entryStat.isDirectory()) {
+          await collectFiles(fullPath, relativePath);
+        } else {
+          outputFiles.push(relativePath);
+        }
+      }
+    };
+    await collectFiles(workspaceDir);
 
     if (outputFiles.length === 0) return [];
 
     const refs: SubmitResult["outputRefs"] = [];
 
-    for (const fileName of outputFiles) {
-      const filePath = join(workspaceDir, fileName);
+    for (const relativePath of outputFiles) {
+      const filePath = join(workspaceDir, relativePath);
       try {
+        // Prevent symlink attacks: skip symlinks pointing outside workspace
+        const fileStat = await lstat(filePath);
+        if (fileStat.isSymbolicLink()) {
+          this.options.logger.warn(
+            `[agentrank] Skipping symlink: ${relativePath}`,
+          );
+          continue;
+        }
+
         const content = await readFile(filePath);
 
+        // Single file upload limit: 100MB
+        const MAX_FILE_SIZE = 100 * 1024 * 1024;
+        if (content.length > MAX_FILE_SIZE) {
+          this.options.logger.warn(
+            `[agentrank] File skipped (too large: ${(content.length / 1024 / 1024).toFixed(1)}MB): ${relativePath}`,
+          );
+          continue;
+        }
+
+        // Use just the filename portion (after last /) for extension check
+        const fileName = relativePath.split("/").pop()!;
+
         // Security scan: check for sensitive data before uploading
         const scan = scanFileContent(fileName, content);
         if (!scan.safe) {
@@ -358,6 +435,18 @@ export class TaskRunner {
         }
 
         const ext = extname(fileName).toLowerCase();
+
+        // Filter by allowed file types (from platform registration)
+        if (allowedFileTypes && allowedFileTypes.length > 0) {
+          const extNoDot = ext.slice(1); // ".md" → "md"
+          if (!allowedFileTypes.includes(extNoDot)) {
+            this.options.logger.warn(
+              `[agentrank] File skipped (not in allowed types): ${fileName}`,
+            );
+            continue;
+          }
+        }
+
         const mimeType = MIME_MAP[ext] || "application/octet-stream";
 
         this.options.logger.info(
@@ -378,7 +467,7 @@ export class TaskRunner {
         );
       } catch (err) {
         this.options.logger.error(
-          `[agentrank] Failed to upload ${fileName}: ${err instanceof Error ? err.message : String(err)}`,
+          `[agentrank] Failed to upload ${relativePath}: ${err instanceof Error ? err.message : String(err)}`,
         );
       }
     }