Files & Attachments

Files are first-class citizens in MeetLoyd. You can upload documents to conversations, attach files in chat, and let agents generate documents on the fly. Every file is security-scanned before processing.

Supported Formats

Allowed

Format	Extensions	Max Size	Description
PDF	`.pdf`	50 MB	PDF documents
Word	`.docx`	25 MB	Microsoft Word (modern format)
Excel	`.xlsx`	25 MB	Microsoft Excel (modern format)
PowerPoint	`.pptx`	100 MB	Microsoft PowerPoint (modern format)
CSV	`.csv`	10 MB	Comma-separated values
Text	`.txt`	5 MB	Plain text
Markdown	`.md`	5 MB	Markdown files
JSON	`.json`	10 MB	JSON data
Images	`.png`, `.jpg`, `.gif`, `.webp`	20 MB	Common image formats

Blocked (Security)

Legacy Office formats (.doc, .xls, .ppt) are blocked because they use the OLE Compound format which can contain hidden macros, embedded executables, and OLE objects. Convert to modern formats (DOCX, XLSX, PPTX) before uploading.

Uploading Files

Via Chat

Click the paperclip icon in any team or agent chat to attach files:

Click the paperclip button next to the message input
Select one or more files from your device
Files upload immediately and appear as chips below the input
Type an optional message
Click Send -- the message is sent with file download links

Attached files are displayed as artifact cards in the conversation, with format-specific icons and a download button.

Via API

// Upload a file
const file = await client.files.upload(fileBlob, 'reports');

console.log(file);
// {
//   id: 'file_abc123',
//   name: 'quarterly-report.pdf',
//   mimeType: 'application/pdf',
//   size: 245760,
//   hash: 'sha256:...',
//   securityScan: { passed: true, warnings: [] }
// }

Upload and Parse (One Step)

For RAG and knowledge base use cases, upload and extract content in a single call:

const result = await client.files.uploadAndParse(fileBlob);

console.log(result);
// {
//   id: 'file_abc123',
//   name: 'handbook.pdf',
//   parsed: true,
//   content: 'Full extracted text...',
//   pageCount: 42,
//   wordCount: 18500,
//   chunkCount: 95
// }

File Management

List Files

// List all files
const files = await client.files.list();

// Filter by conversation
const files = await client.files.list({
  conversationId: 'conv-123'
});

// Filter by agent
const files = await client.files.list({
  agentId: 'agent-456'
});

Get File Metadata

const file = await client.files.get('file_abc123');

console.log({
  name: file.name,
  type: file.mimeType,
  size: file.size,
  hash: file.hash,
  createdAt: file.createdAt
});

Download a File

const downloadUrl = client.files.download('file_abc123');
// Returns: /api/files/file_abc123/download

Delete a File

await client.files.delete('file_abc123');

Content Parsing

Uploaded files can be parsed to extract text content for agent context, RAG, or knowledge bases.

Parse an Existing File

const parsed = await client.files.parse('file_abc123');

console.log({
  content: parsed.content,     // Full extracted text
  pageCount: parsed.pageCount, // For PDFs
  wordCount: parsed.wordCount,
  metadata: parsed.metadata    // Document properties
});

Get Chunks (for RAG)

Files are automatically chunked for retrieval-augmented generation:

const chunks = await client.files.chunks('file_abc123');

console.log(chunks);
// [
//   { content: 'Chapter 1: Introduction...', index: 0 },
//   { content: 'Chapter 2: Getting Started...', index: 1 },
//   ...
// ]

Security

Every uploaded file goes through a zero-trust security pipeline before it is stored.

Security Checks

Check	What It Does
Magic bytes verification	Verifies file content matches the claimed MIME type
Macro detection	Blocks files containing VBA macros or executable code
Zip bomb detection	Detects compression bombs in Office documents
XXE prevention	Blocks XML External Entity attacks in Office XML
Path traversal blocking	Prevents directory traversal in file names
Embedded executable detection	Finds hidden PE/ELF executables inside documents
Script injection detection	Catches `<script>`, event handlers, and JS protocol URIs

What Happens on Failure

If a file fails the security scan:

The file is quarantined (saved to a secure location, not accessible)
The upload returns an error with details about the threat
The quarantine ID is returned for audit purposes

{
  "error": "File failed security scan",
  "securityError": "Macro code detected: vbaProject.bin",
  "quarantined": true,
  "quarantineId": "quarantine_xyz789"
}

Pre-Upload Scan

You can scan a file without uploading it:

const scan = await client.files.scan(fileBlob);

if (!scan.safe) {
  console.log('Threats:', scan.threats);
  console.log('Warnings:', scan.warnings);
}

Security Policy

Query the current security configuration:

const policy = await client.files.securityPolicy();

console.log(policy);
// {
//   macrosAllowed: false,
//   embeddedObjectsAllowed: false,
//   externalLinksAllowed: false,
//   deepScanEnabled: true,
//   allowedTypes: ['text/plain', 'application/pdf', ...],
//   maxSizes: { pdf: 52428800, docx: 26214400, ... }
// }

Files in Conversations

Files can be attached to specific conversations or agents for context:

// Upload file linked to a conversation
const file = await client.files.upload(fileBlob, {
  conversationId: 'conv-123',
  agentId: 'agent-456'
});

// List files for a conversation
const convFiles = await client.files.list({
  conversationId: 'conv-123'
});

When agents receive messages with file attachments, they can:

Download and read the file content
Use parsed chunks for RAG context
Reference the file in their responses

Agent Document Generation

Agents can create documents programmatically using the generate_document tool. This lets agents produce reports, presentations, spreadsheets, and more during conversations.

See Document Generation for details.

Artifact Cards in Chat

When a message contains a file download URL, it's automatically rendered as an artifact card with:

Format-specific icon (PDF, Word, Excel, PowerPoint, etc.)
File name and format label
One-click download button

This applies to both user-attached files and agent-generated documents.

Cloud Storage Integrations

MeetLoyd's file management is for files uploaded directly to the platform. For files stored in cloud services, use the integration tools instead:

Google Drive

Agents can read, upload, move, rename, share, and delete files in Google Drive and shared drives. Google Workspace native formats (Docs, Sheets, Slides) are automatically exported to standard formats on read.

// List files in a shared drive
const files = await tools.drive_list({ driveId: 'shared-drive-id' });

// Read a Google Doc (auto-exported as text)
const content = await tools.drive_read({ fileId: 'doc-id' });

// Upload to Drive
await tools.drive_upload({
  name: 'report.pdf',
  content: base64Content,
  mimeType: 'application/pdf'
});

See Google Workspace Integration for all 11 Drive tools.

Microsoft OneDrive & SharePoint

Agents can list, search, read, upload, share, and delete files in OneDrive and SharePoint sites.

See Microsoft 365 Integration for OneDrive and SharePoint tools.

Key Differences

Feature	MeetLoyd Files	Google Drive / OneDrive
Storage	MeetLoyd server	Google / Microsoft cloud
Security scanning	Yes (zero-trust pipeline)	No (provider's own scanning)
Content parsing	Yes (text extraction, RAG chunks)	Via `drive_read` export
Chat attachments	Direct upload via paperclip	Link sharing
Tenant isolation	Built-in	Via provider permissions

Best Practices

1. Use Modern Formats

Always use DOCX, XLSX, PPTX instead of legacy DOC, XLS, PPT. Modern formats are:

More secure (no OLE objects)
Better supported for parsing
Easier to scan

2. Link Files to Conversations

When uploading through the API, include conversationId so files are contextually linked:

// ✅ Good - linked to conversation
await client.files.upload(file, { conversationId: 'conv-123' });

// ❌ Bad - orphaned file
await client.files.upload(file);

3. Use Upload-and-Parse for Knowledge

When building knowledge bases, use the combined endpoint to save a round trip:

// One call instead of two
const result = await client.files.uploadAndParse(handbook);
// File is uploaded AND content is extracted

4. Check Security Policy

Before building upload UIs, query the security policy for allowed types and size limits:

const policy = await client.files.securityPolicy();
// Use policy.allowedTypes and policy.maxSizes for client-side validation

Next: Learn about Memory to understand persistent context across conversations.

Supported Formats​

Allowed​

Blocked (Security)​

Uploading Files​

Via Chat​

Via API​

Upload and Parse (One Step)​

File Management​

List Files​

Get File Metadata​

Download a File​

Delete a File​

Content Parsing​

Parse an Existing File​

Get Chunks (for RAG)​

Security​

Security Checks​

What Happens on Failure​

Pre-Upload Scan​

Security Policy​

Files in Conversations​

Agent Document Generation​

Artifact Cards in Chat​

Cloud Storage Integrations​

Google Drive​

Microsoft OneDrive & SharePoint​

Key Differences​

Best Practices​

1. Use Modern Formats​

2. Link Files to Conversations​

3. Use Upload-and-Parse for Knowledge​

4. Check Security Policy​