fix: run_cypher guard now correctly allows CALL db.* read-only procedures

Bug: query was uppercased but regex exemption checked lowercase db. —
CALL db.* was still blocked despite the intended allowlist.

Fix:
- Use case-insensitive regex (Pattern.CASE_INSENSITIVE) instead of
  uppercasing the query — preserves original casing for Neo4j execution
- CALL db.* explicitly allowed (fulltext search, indexes, schema)
- All other CALL forms blocked (apoc.create, custom procedures)

Tests updated:
- Removed test expecting CALL db.indexes() to be blocked
- Added: runCypherShouldAllowCallDbIndexes (positive)
- Added: runCypherShouldAllowCallDbFulltextSearch (positive)
- Added: runCypherShouldBlockNonDbCall (negative - apoc.create)
- Added: runCypherShouldBlockCallCustomProcedure (negative - custom.mutate)
- Existing mutation keyword tests still pass (CREATE, DELETE, SET, etc.)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: aksOps

src/main/java/io/github/randomcodespace/iq/mcp/McpTools.java

@@ -268,16 +268,26 @@ public String generateFlow(
     @McpTool(name = "run_cypher", description = "Execute a read-only Cypher query against the Neo4j graph database.")
     public String runCypher(
             @McpToolParam(description = "Cypher query string") String query) {
-        // Block any mutation keywords anywhere in the query (defense-in-depth)
-        String upper = query.trim().toUpperCase();
-        List<String> BLOCKED_PATTERNS = List.of(
-                "\\bCREATE\\b", "\\bDELETE\\b", "\\bDETACH\\b", "\\bSET\\b",
-                "\\bREMOVE\\b", "\\bMERGE\\b", "\\bDROP\\b", "\\bFOREACH\\b",
-                "\\bLOAD\\s+CSV\\b", "\\bCALL\\s+(?!db\\.)\\b");
-        for (String pattern : BLOCKED_PATTERNS) {
-            if (java.util.regex.Pattern.compile(pattern).matcher(upper).find()) {
-                String keyword = pattern.replace("\\b", "").replace("\\s+", " ");
-                return toJson(Map.of(PROP_ERROR, "Read-only queries only. Mutation keyword found: " + keyword));
+        // Block mutation keywords (defense-in-depth). Uses case-insensitive matching
+        // so the original query casing is preserved for Neo4j execution.
+        // CALL db.* is explicitly allowed (read-only: fulltext search, schema, indexes).
+        String trimmed = query.trim();
+        List<java.util.regex.Pattern> BLOCKED_PATTERNS = List.of(
+                java.util.regex.Pattern.compile("\\bCREATE\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bDELETE\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bDETACH\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bSET\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bREMOVE\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bMERGE\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bDROP\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bFOREACH\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                java.util.regex.Pattern.compile("\\bLOAD\\s+CSV\\b", java.util.regex.Pattern.CASE_INSENSITIVE),
+                // Allow CALL db.* (read-only procedures: indexes, schema, fulltext search)
+                // Block all other CALL forms (mutation procedures like apoc.create, apoc.merge)
+                java.util.regex.Pattern.compile("\\bCALL\\s+(?!db\\.)", java.util.regex.Pattern.CASE_INSENSITIVE));
+        for (var pattern : BLOCKED_PATTERNS) {
+            if (pattern.matcher(trimmed).find()) {
+                return toJson(Map.of(PROP_ERROR, "Read-only queries only. Mutation keyword found: " + pattern.pattern()));
             }
         }
         try {

src/test/java/io/github/randomcodespace/iq/mcp/McpToolsExpandedTest.java

@@ -183,10 +183,47 @@ void runCypherShouldBlockForeach() throws IOException {
     }
 
     @Test
-    void runCypherShouldBlockCall() throws IOException {
+    void runCypherShouldBlockNonDbCall() throws IOException {
+        // Non-db CALL statements (mutation procedures) must be blocked
+        String result = mcpTools.runCypher("CALL apoc.create.node(['Label'], {name: 'test'})");
+        Map<String, Object> parsed = parseJson(result);
+        assertNotNull(parsed.get("error"), "Non-db CALL should be blocked");
+    }
+
+    @Test
+    void runCypherShouldBlockCallCustomProcedure() throws IOException {
+        String result = mcpTools.runCypher("CALL custom.mutate()");
+        Map<String, Object> parsed = parseJson(result);
+        assertNotNull(parsed.get("error"), "Custom CALL should be blocked");
+    }
+
+    @Test
+    void runCypherShouldAllowCallDbIndexes() throws IOException {
+        // CALL db.* is read-only (indexes, schema, fulltext search)
+        Transaction tx = mock(Transaction.class);
+        Result queryResult = mock(Result.class);
+        when(graphDb.beginTx()).thenReturn(tx);
+        when(tx.execute("CALL db.indexes()")).thenReturn(queryResult);
+        when(queryResult.columns()).thenReturn(List.of("name"));
+        when(queryResult.hasNext()).thenReturn(false);
+
         String result = mcpTools.runCypher("CALL db.indexes()");
         Map<String, Object> parsed = parseJson(result);
-        assertNotNull(parsed.get("error"));
+        assertNotNull(parsed.get("rows"), "CALL db.indexes() should be allowed");
+    }
+
+    @Test
+    void runCypherShouldAllowCallDbFulltextSearch() throws IOException {
+        Transaction tx = mock(Transaction.class);
+        Result queryResult = mock(Result.class);
+        when(graphDb.beginTx()).thenReturn(tx);
+        when(tx.execute("CALL db.index.fulltext.queryNodes('lexical_index', 'search')")).thenReturn(queryResult);
+        when(queryResult.columns()).thenReturn(List.of("node"));
+        when(queryResult.hasNext()).thenReturn(false);
+
+        String result = mcpTools.runCypher("CALL db.index.fulltext.queryNodes('lexical_index', 'search')");
+        Map<String, Object> parsed = parseJson(result);
+        assertNotNull(parsed.get("rows"), "CALL db.index.fulltext should be allowed");
     }
 
     @Test