From e849e125676e5ff8db5a52656ffede153e5ab41d Mon Sep 17 00:00:00 2001
From: Igor Ilic <30923996+dexters1@users.noreply.github.com>
Date: Wed, 17 Sep 2025 10:56:35 +0200
Subject: [PATCH] refactor: make cypher query optional (#1418)

<!-- .github/pull_request_template.md -->

## Description
Make Cypher search optional

## Type of Change
<!-- Please check the relevant option -->
- [ ] Bug fix (non-breaking change that fixes an issue)
- [ ] New feature (non-breaking change that adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Documentation update
- [ ] Code refactoring
- [ ] Performance improvement
- [x] Other (please specify):
Security upgrade

## Changes Made
Made cypher search optional for security reasons

## Testing
Tried running cypher queries with feature turned on and off

## Screenshots/Videos (if applicable)
<!-- Add screenshots or videos to help explain your changes -->

## Pre-submission Checklist
<!-- Please check all boxes that apply before submitting your PR -->
- [ ] **I have tested my changes thoroughly before submitting this PR**
- [ ] **This PR contains minimal changes necessary to address the
issue/feature**
- [ ] My code follows the project's coding standards and style
guidelines
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [ ] I have added necessary documentation (if applicable)
- [ ] All new and existing tests pass
- [ ] I have searched existing PRs to ensure this change hasn't been
submitted already
- [ ] I have linked any relevant issues in the description
- [ ] My commits have clear and descriptive messages

## Related Issues
<!-- Link any related issues using "Fixes #issue_number" or "Relates to
#issue_number" -->

## Additional Notes
<!-- Add any additional notes, concerns, or context for reviewers -->

## DCO Affirmation
I affirm that all code in every commit of this pull request conforms to
the terms of the Topoteretes Developer Certificate of Origin.
---
 .env.template                                          | 3 +++
 cognee/modules/search/methods/get_search_type_tools.py | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/.env.template b/.env.template
index e9e9fb571..916a1ef76 100644
--- a/.env.template
+++ b/.env.template
@@ -121,6 +121,9 @@ ACCEPT_LOCAL_FILE_PATH=True
 # This protects against Server Side Request Forgery when proper infrastructure is not in place.
 ALLOW_HTTP_REQUESTS=True
 
+# When set to false don't allow cypher search to be used in Cognee.
+ALLOW_CYPHER_QUERY=True
+
 # When set to False errors during data processing will be returned as info but not raised to allow handling of faulty documents
 RAISE_INCREMENTAL_LOADING_ERRORS=True
 
diff --git a/cognee/modules/search/methods/get_search_type_tools.py b/cognee/modules/search/methods/get_search_type_tools.py
index e671a7db3..551f77a16 100644
--- a/cognee/modules/search/methods/get_search_type_tools.py
+++ b/cognee/modules/search/methods/get_search_type_tools.py
@@ -1,3 +1,4 @@
+import os
 from typing import Callable, List, Optional, Type
 
 from cognee.modules.engine.models.node_set import NodeSet
@@ -160,6 +161,12 @@ async def get_search_type_tools(
     if query_type is SearchType.FEELING_LUCKY:
         query_type = await select_search_type(query_text)
 
+    if (
+        query_type in [SearchType.CYPHER, SearchType.NATURAL_LANGUAGE]
+        and os.getenv("ALLOW_CYPHER_QUERY", "true").lower() == "false"
+    ):
+        raise UnsupportedSearchTypeError("Cypher query search types are disabled.")
+
     search_type_tools = search_tasks.get(query_type)
 
     if not search_type_tools: