diff --git a/pkg/core/vfs.go b/pkg/core/vfs.go
index a30d893..0acd0c5 100644
--- a/pkg/core/vfs.go
+++ b/pkg/core/vfs.go
@@ -15,7 +15,9 @@ type PageVFS struct {
 	commitID string
 }
 
-// todo: 限制最大文件加载大小
+// MaxFileLoadSize limits the maximum size of file loaded into memory (10MB)
+const MaxFileLoadSize = 10 * 1024 * 1024
+
 func NewPageVFS(
 	backend Backend,
 	org string,
@@ -69,7 +71,19 @@ func (p *PageVFS) Read(ctx context.Context, path string) ([]byte, error) {
 		return nil, err
 	}
 	defer open.Close()
-	return io.ReadAll(open)
+
+	// Use LimitReader to prevent reading too much data
+	limitReader := io.LimitReader(open, MaxFileLoadSize+1)
+	data, err := io.ReadAll(limitReader)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(data) > MaxFileLoadSize {
+		return nil, &os.PathError{Op: "read", Path: path, Err: os.ErrInvalid} // Or a specific "file too large" error
+	}
+
+	return data, nil
 }
 
 func (p *PageVFS) ReadString(ctx context.Context, path string) (string, error) {
diff --git a/pkg/server.go b/pkg/server.go
index bde641c..7067666 100644
--- a/pkg/server.go
+++ b/pkg/server.go
@@ -218,6 +218,7 @@ func (s *Server) Serve(writer *utils.WrittenResponseWriter, request *http.Reques
 		if !ok {
 			value, err = glob.Compile(filter.Path)
 			if err != nil {
+				zap.L().Warn("invalid glob pattern", zap.String("pattern", filter.Path), zap.Error(err))
 				continue
 			}
 			s.globCache.Add(filter.Path, value)
@@ -239,9 +240,12 @@ func (s *Server) Serve(writer *utils.WrittenResponseWriter, request *http.Reques
 	slices.Reverse(activeFiltersCall)
 	slices.Reverse(activeFilters)
 
+	// Build the visual call stack for logging (e.g., A -> B -> C -> B -> A)
 	l := len(filtersRoute)
-	for i := l - 2; i >= 0; i-- {
-		filtersRoute = append(filtersRoute, filtersRoute[i])
+	if l > 1 {
+		for i := l - 2; i >= 0; i-- {
+			filtersRoute = append(filtersRoute, filtersRoute[i])
+		}
 	}
 	zap.L().Debug("active filters", zap.String("filters", strings.Join(filtersRoute, " -> ")))