Add file count, total size, and per-file size validation

Max 50 files, 50MB total, 10MB per file. Clear error messages
for each validation failure. Warnings returned for skipped
files when some files are still valid.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

app.py

@@ -186,21 +186,57 @@ def upload_trace(result: dict) -> None:
 
 
 ALLOWED_EXTENSIONS = {".txt", ".csv", ".md", ".json", ".pdf"}
-MAX_FILE_SIZE = 10 * 1024 * 1024  # 10 MB
+MAX_FILE_SIZE = 10 * 1024 * 1024  # 10 MB per file
+MAX_TOTAL_SIZE = 50 * 1024 * 1024  # 50 MB total
+MAX_FILE_COUNT = 50
 
 
-def save_uploaded_files(file_paths: list[str]) -> Path:
-    workspace = Path(tempfile.mkdtemp(prefix="lh-workspace-"))
+def validate_and_save_files(file_paths: list[str]) -> tuple[Path | None, list[str]]:
+    """Validate and save uploaded files. Returns (workspace, errors)."""
+    errors = []
+
+    if len(file_paths) > MAX_FILE_COUNT:
+        errors.append(f"Too many files ({len(file_paths)}). Maximum is {MAX_FILE_COUNT}.")
+        return None, errors
+
+    valid_files = []
+    total_size = 0
+
     for file_path in file_paths:
         src = Path(file_path)
+
+        if not src.is_file():
+            continue
+
         if src.suffix.lower() not in ALLOWED_EXTENSIONS:
-            print(f"WARNING: skipping file with disallowed extension: {src.name}")
+            allowed = ", ".join(sorted(ALLOWED_EXTENSIONS))
+            errors.append(f"'{src.name}' has an unsupported file type. Allowed: {allowed}")
             continue
-        if src.stat().st_size > MAX_FILE_SIZE:
-            print(f"WARNING: skipping file exceeding size limit: {src.name}")
+
+        size = src.stat().st_size
+        if size > MAX_FILE_SIZE:
+            limit_mb = MAX_FILE_SIZE // (1024 * 1024)
+            errors.append(f"'{src.name}' is too large ({size // (1024 * 1024)}MB). Maximum is {limit_mb}MB per file.")
             continue
+
+        total_size += size
+        if total_size > MAX_TOTAL_SIZE:
+            limit_mb = MAX_TOTAL_SIZE // (1024 * 1024)
+            errors.append(f"Total upload size exceeds {limit_mb}MB. Remove some files and try again.")
+            return None, errors
+
+        valid_files.append(src)
+
+    if not valid_files:
+        if not errors:
+            errors.append("No valid files to upload.")
+        return None, errors
+
+    workspace = Path(tempfile.mkdtemp(prefix="lh-workspace-"))
+    for src in valid_files:
         (workspace / src.name).write_bytes(src.read_bytes())
-    return workspace
+
+    return workspace, errors
 
 
 def format_stats(trace) -> str:
@@ -368,14 +404,22 @@ def build_app() -> gr.Blocks:
                 token = data.get("token", "")
                 file_paths = data.get("paths", [])
             except (json.JSONDecodeError, AttributeError):
-                return json.dumps({"error": "Invalid payload."})
+                return json.dumps({"error": "Invalid upload request."})
             if token and not _has_valid_token(token):
                 return json.dumps({"error": "Invalid access token."})
             if not file_paths:
-                return json.dumps({"error": "No files provided."})
-            workspace = save_uploaded_files(file_paths)
+                return json.dumps({"error": "No files selected. Please upload at least one document."})
+
+            workspace, errors = validate_and_save_files(file_paths)
+            if not workspace:
+                return json.dumps({"error": " ".join(errors)})
+
             session_id = _create_session(str(workspace))
-            return json.dumps({"session_id": session_id, "file_count": len(file_paths)})
+            saved = sum(1 for f in workspace.iterdir() if f.is_file())
+            result = {"session_id": session_id, "file_count": saved}
+            if errors:
+                result["warnings"] = errors
+            return json.dumps(result)
 
         upload_btn = gr.Button(visible=False)
         upload_btn.click(api_upload, inputs=upload_input, outputs=upload_output, api_name="upload")