diff --git a/.env.template b/.env.template
index 48fe88a..5bb2c22 100644
--- a/.env.template
+++ b/.env.template
@@ -28,3 +28,6 @@ ELASTIC_PASSWORD=
 PAGE_SIZE=1000
 GCS_BUCKET=
 GCS_PREFIX=
+
+# Query length guard (optional, default: 2000 chars)
+# MAX_QUERY_LENGTH=2000          # max allowed query length in characters
diff --git a/backend/agents.py b/backend/agents.py
index ecba861..7b76ef5 100644
--- a/backend/agents.py
+++ b/backend/agents.py
@@ -83,6 +83,11 @@ def _get_genai_client():
 FLASH_MODEL = os.getenv("GEMINI_FLASH_MODEL", "gemini-2.5-flash")
 FLASH_LITE_MODEL = os.getenv("GEMINI_FLASH_LITE_MODEL", "gemini-2.5-flash-lite")
 
+try:
+    MAX_QUERY_LENGTH = int(os.getenv("MAX_QUERY_LENGTH", "2000"))
+except ValueError:
+    MAX_QUERY_LENGTH = 2000
+
 
 # Query intent/types 
 class QueryIntent(Enum):
@@ -507,6 +512,13 @@ def reset_session(self, session_id: str):
 
     async def handle_chat(self, session_id: str, query: str, reset: bool = False) -> str:
         try:
+            query = query.strip()
+            if len(query) > MAX_QUERY_LENGTH:
+                return (
+                    f"Query too long ({len(query)} chars). "
+                    f"Please keep it under {MAX_QUERY_LENGTH} characters."
+                )
+
             if reset:
                 self.reset_session(session_id)
             if session_id not in self.chat_history: