chore: slim .env.example to the v3.5.1 Rust providers

Drop the legacy Python-stack settings (DATABASE_URL, HOST/PORT, RAG,
Kali sandbox, Discord/Telegram/Twilio, feature flags) that no longer
exist in the Rust harness. Keep only the provider API-key env vars the
model pool actually reads, plus the Ollama/LiteLLM base-URL overrides.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

.env.example

@@ -1,188 +1,52 @@
-# NeuroSploit v3 Environment Variables
-# =====================================
-# Copy this file to .env and configure your API keys
+# NeuroSploit v3.5.1 — environment / API keys (optional)
+# ------------------------------------------------------------------
+# You only need this for the API-key auth path. If you log in with a
+# local subscription CLI instead (--subscription with Claude / Codex /
+# Gemini / Grok), you don't need any key here.
 #
-# IMPORTANT: You MUST set at least one LLM API key for the AI agent to work!
+# Set the key(s) for the providers you use, then load and run:
+#   set -a; . ./.env; set +a
+#   neurosploit run http://target --model anthropic:claude-opus-4-8 -v
 #
+# Provider prefix -> env var (use as `--model <prefix>:<model>`).
 
-# =============================================================================
-# LLM API Keys (REQUIRED - at least one must be set)
-# =============================================================================
-# Get your Claude API key at: https://console.anthropic.com/
+# anthropic:   https://console.anthropic.com/
 ANTHROPIC_API_KEY=
 
-# OpenAI: https://platform.openai.com/api-keys
+# openai:      https://platform.openai.com/api-keys
 OPENAI_API_KEY=
 
-# Google Gemini: https://aistudio.google.com/app/apikey
+# gemini:      https://aistudio.google.com/app/apikey
 GEMINI_API_KEY=
 
-# OpenRouter (multi-model): https://openrouter.ai/keys
-OPENROUTER_API_KEY=
-
-# xAI Grok: https://console.x.ai/  (used by the Grok CLI backend)
+# xai:         https://console.x.ai/
 XAI_API_KEY=
 
-# NVIDIA NIM (PR #28): https://build.nvidia.com/  — keys look like `nvapi-...`
-# OpenAI-compatible endpoint at https://integrate.api.nvidia.com/v1
+# nvidia_nim:  https://build.nvidia.com/   (keys look like nvapi-...)
 NVIDIA_NIM_API_KEY=
 
-# Together AI: https://api.together.xyz/settings/api-keys
+# deepseek:    https://platform.deepseek.com/
+DEEPSEEK_API_KEY=
+
+# mistral:     https://console.mistral.ai/
+MISTRAL_API_KEY=
+
+# qwen:        https://dashscope-intl.aliyuncs.com/  (Alibaba DashScope)
+DASHSCOPE_API_KEY=
+
+# groq:        https://console.groq.com/keys
+GROQ_API_KEY=
+
+# together:    https://api.together.xyz/settings/api-keys
 TOGETHER_API_KEY=
 
-# Fireworks AI: https://fireworks.ai/account/api-keys
-FIREWORKS_API_KEY=
+# openrouter:  https://openrouter.ai/keys
+OPENROUTER_API_KEY=
 
-# Azure OpenAI: https://portal.azure.com/
-#AZURE_OPENAI_API_KEY=
-#AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com/
-#AZURE_OPENAI_API_VERSION=2024-02-01
-#AZURE_OPENAI_DEPLOYMENT=gpt-4o
+# ollama:      local, no key needed. Override the endpoint if not default:
+#OLLAMA_BASE_URL=http://localhost:11434/v1
 
-# =============================================================================
-# Local LLM (optional - no API key needed)
-# =============================================================================
-# Ollama: https://ollama.ai
-#OLLAMA_BASE_URL=http://localhost:11434
-
-# LM Studio: https://lmstudio.ai
-#LMSTUDIO_BASE_URL=http://localhost:1234
-
-# =============================================================================
-# LLM Configuration
-# =============================================================================
-# Max output tokens (up to 64000 for Claude). Comment out for profile defaults.
-#MAX_OUTPUT_TOKENS=64000
-
-# Select specific model name (e.g., claude-sonnet-4-20250514, gpt-4o, llama3.2, qwen2.5)
-# Leave empty for provider default
-#DEFAULT_LLM_MODEL=
-
-# Enable task-type model routing (routes to different LLM profiles per task)
-ENABLE_MODEL_ROUTING=false
-
-# =============================================================================
-# Feature Flags
-# =============================================================================
-# Bug bounty dataset cognitive augmentation
-ENABLE_KNOWLEDGE_AUGMENTATION=false
-
-# Playwright browser-based validation + screenshot capture
-ENABLE_BROWSER_VALIDATION=false
-
-# =============================================================================
-# Agent Autonomy (Phase 1-5 modules)
-# =============================================================================
-# Token budget per scan (limits total LLM tokens). Comment out for unlimited.
-#TOKEN_BUDGET=100000
-
-# Enable AI reasoning engine (think/plan/reflect at checkpoints)
-ENABLE_REASONING=true
-
-# Enable CVE/exploit search (NVD API + GitHub)
-ENABLE_CVE_HUNT=true
-
-# NVD API key for higher rate limits: https://nvd.nist.gov/developers/request-an-api-key
-#NVD_API_KEY=
-
-# NVIDIA NIM API key for free 40 RPM endpoint
-NIM_API_KEY=
-
-# NVIDIA NIM Model (optional - defaults to openai/gpt-oss-120b)
-#NIM_MODEL=
-
-# GitHub token for exploit search (optional, increases rate limit)
-#GITHUB_TOKEN=
-
-# Enable multi-agent orchestration (replaces default 3-stream architecture)
-# WARNING: Experimental - uses specialist agents instead of parallel streams
-ENABLE_MULTI_AGENT=false
-
-# Enable AI Researcher agent (0-day discovery with Kali sandbox)
-# Requires enable_kali_sandbox=true per scan (frontend checkbox)
-ENABLE_RESEARCHER_AI=true
-
-# CLI Agent (AI CLI tools inside Kali sandbox)
-# Runs Claude Code / Gemini CLI / Codex CLI inside Kali container as pentest engine
-#ENABLE_CLI_AGENT=true
-#CLI_AGENT_MAX_RUNTIME=1800
-#CLI_AGENT_DEFAULT_PROVIDER=claude_code
-
-# Kali sandbox Docker image name
-#KALI_SANDBOX_IMAGE=neurosploit-kali:latest
-
-# =============================================================================
-# Smart Router (OAuth + API provider routing)
-# =============================================================================
-# Enable Smart Router for automatic provider failover and CLI OAuth token reuse
-#ENABLE_SMART_ROUTER=true
-
-# =============================================================================
-# RAG System (Retrieval-Augmented Generation)
-# =============================================================================
-# Enable RAG for semantic search over vuln knowledge, bug bounty data, etc.
-ENABLE_RAG=true
-
-# RAG backend: auto (best available), chromadb, tfidf, bm25
-RAG_BACKEND=auto
-
-# =============================================================================
-# Methodology File (deep injection into agent prompts)
-# =============================================================================
-# Path to .md methodology file (FASE-based pentest methodology)
-#METHODOLOGY_FILE=/opt/Prompts-PenTest/pentestcompleto_en.md
-
-# =============================================================================
-# Vuln Type Agents (per-vuln parallel orchestration)
-# =============================================================================
-# Enable parallel per-vuln-type specialist agents
-ENABLE_VULN_AGENTS=false
-
-# =============================================================================
-# Notifications (multi-channel scan alerts)
-# =============================================================================
-#ENABLE_NOTIFICATIONS=false
-#NOTIFICATION_SEVERITY_FILTER=critical,high
-
-# Discord webhook for scan alerts
-#DISCORD_WEBHOOK_URL=
-
-# Telegram bot alerts
-#TELEGRAM_BOT_TOKEN=
-#TELEGRAM_CHAT_ID=
-
-# WhatsApp/Twilio alerts
-#TWILIO_ACCOUNT_SID=
-#TWILIO_AUTH_TOKEN=
-#TWILIO_FROM_NUMBER=
-#TWILIO_TO_NUMBER=
-
-# =============================================================================
-# Database (default is SQLite - no config needed)
-# =============================================================================
-DATABASE_URL=sqlite+aiosqlite:///./data/neurosploit.db
-
-# =============================================================================
-# Server Configuration
-# =============================================================================
-HOST=0.0.0.0
-PORT=8000
-DEBUG=false
-
-# =============================================================================
-# NeuroSploit v3.3.0 — Autonomous MD-Agent Engine
-# =============================================================================
-# The engine delegates execution to a locally-installed agentic CLI backend.
-# Default backend (claude | codex | grok). First installed is used if unset.
-NEUROSPLOIT_BACKEND=claude
-# Default provider/model (see neurosploit_agent/models.py)
-NEUROSPLOIT_PROVIDER=anthropic
-NEUROSPLOIT_MODEL=claude-opus-4-8
-# OOB collaborator host for blind/SSRF/XXE proof (optional)
-NEUROSPLOIT_COLLABORATOR=
-# Reinforcement-learning loop (1=on). State persists to data/rl_state.json
-NEUROSPLOIT_RL=1
-# Playwright MCP for browser-based proof of execution (1=on; needs npx)
-NEUROSPLOIT_MCP=1
-# OpenAI-compatible base URL override (set automatically per provider)
-#OPENAI_BASE_URL=
+# litellm:     point at your LiteLLM proxy (OpenAI-compatible). Route any
+#              model through it as `--model litellm:<model>`.
+#LITELLM_BASE_URL=http://localhost:4000/v1
+LITELLM_API_KEY=