From 99d6a9a428ea4cb00f853fa03e232ce897f2546d Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Sun, 7 Jun 2026 15:47:40 +0200
Subject: [PATCH] feat(nlp-service): cap /parse query at 500 chars via
 Field(max_length=500)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 nlp-service/models.py    | 4 ++--
 nlp-service/test_main.py | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/nlp-service/models.py b/nlp-service/models.py
index e36fb89e..7015d36a 100644
--- a/nlp-service/models.py
+++ b/nlp-service/models.py
@@ -1,10 +1,10 @@
 from __future__ import annotations
 from typing import Literal
-from pydantic import BaseModel
+from pydantic import BaseModel, Field
 
 
 class ParseRequest(BaseModel):
-    query: str
+    query: str = Field(max_length=500)
     lang: Literal["de", "en", "es"]
 
 
diff --git a/nlp-service/test_main.py b/nlp-service/test_main.py
index f02f3c03..31ec4766 100644
--- a/nlp-service/test_main.py
+++ b/nlp-service/test_main.py
@@ -81,6 +81,11 @@ def test_parse_all_languages(client):
         assert r.json()["dateTo"] == "1920-12-31", f"Wrong dateTo for lang={lang}"
 
 
+def test_parse_exceeds_max_length_returns_422(client):
+    r = client.post("/parse", json={"query": "a" * 501, "lang": "de"})
+    assert r.status_code == 422
+
+
 def test_parse_internal_exception_does_not_leak_detail(client, monkeypatch):
     """500 errors must return generic message — never expose internal details."""
     import main as main_module