NeuroSploit/.env.example

# NeuroSploit v3 Environment Variables
# =====================================
# Copy this file to .env and configure your API keys
#
# IMPORTANT: You MUST set at least one LLM API key for the AI agent to work!
#

# =============================================================================
# LLM API Keys (REQUIRED - at least one must be set)
# =============================================================================
# Get your Claude API key at: https://console.anthropic.com/
ANTHROPIC_API_KEY=

# OpenAI: https://platform.openai.com/api-keys
OPENAI_API_KEY=

# Google Gemini: https://aistudio.google.com/app/apikey
GEMINI_API_KEY=

# OpenRouter (multi-model): https://openrouter.ai/keys
OPENROUTER_API_KEY=

# Together AI: https://api.together.xyz/settings/api-keys
TOGETHER_API_KEY=

# Fireworks AI: https://fireworks.ai/account/api-keys
FIREWORKS_API_KEY=

# Azure OpenAI: https://portal.azure.com/
#AZURE_OPENAI_API_KEY=
#AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com/
#AZURE_OPENAI_API_VERSION=2024-02-01
#AZURE_OPENAI_DEPLOYMENT=gpt-4o

# =============================================================================
# Local LLM (optional - no API key needed)
# =============================================================================
# Ollama: https://ollama.ai
#OLLAMA_BASE_URL=http://localhost:11434

# LM Studio: https://lmstudio.ai
#LMSTUDIO_BASE_URL=http://localhost:1234

# =============================================================================
# LLM Configuration
# =============================================================================
# Max output tokens (up to 64000 for Claude). Comment out for profile defaults.
#MAX_OUTPUT_TOKENS=64000

# Select specific model name (e.g., claude-sonnet-4-20250514, gpt-4o, llama3.2, qwen2.5)
# Leave empty for provider default
#DEFAULT_LLM_MODEL=

# Enable task-type model routing (routes to different LLM profiles per task)
ENABLE_MODEL_ROUTING=false

# =============================================================================
# Feature Flags
# =============================================================================
# Bug bounty dataset cognitive augmentation
ENABLE_KNOWLEDGE_AUGMENTATION=false

# Playwright browser-based validation + screenshot capture
ENABLE_BROWSER_VALIDATION=false

# =============================================================================
# Agent Autonomy (Phase 1-5 modules)
# =============================================================================
# Token budget per scan (limits total LLM tokens). Comment out for unlimited.
#TOKEN_BUDGET=100000

# Enable AI reasoning engine (think/plan/reflect at checkpoints)
ENABLE_REASONING=true

# Enable CVE/exploit search (NVD API + GitHub)
ENABLE_CVE_HUNT=true

# NVD API key for higher rate limits: https://nvd.nist.gov/developers/request-an-api-key
#NVD_API_KEY=

# GitHub token for exploit search (optional, increases rate limit)
#GITHUB_TOKEN=

# Enable multi-agent orchestration (replaces default 3-stream architecture)
# WARNING: Experimental - uses specialist agents instead of parallel streams
ENABLE_MULTI_AGENT=false

# Enable AI Researcher agent (0-day discovery with Kali sandbox)
# Requires enable_kali_sandbox=true per scan (frontend checkbox)
ENABLE_RESEARCHER_AI=true

# CLI Agent (AI CLI tools inside Kali sandbox)
# Runs Claude Code / Gemini CLI / Codex CLI inside Kali container as pentest engine
#ENABLE_CLI_AGENT=true
#CLI_AGENT_MAX_RUNTIME=1800
#CLI_AGENT_DEFAULT_PROVIDER=claude_code

# Kali sandbox Docker image name
#KALI_SANDBOX_IMAGE=neurosploit-kali:latest

# =============================================================================
# Smart Router (OAuth + API provider routing)
# =============================================================================
# Enable Smart Router for automatic provider failover and CLI OAuth token reuse
#ENABLE_SMART_ROUTER=true

# =============================================================================
# RAG System (Retrieval-Augmented Generation)
# =============================================================================
# Enable RAG for semantic search over vuln knowledge, bug bounty data, etc.
ENABLE_RAG=true

# RAG backend: auto (best available), chromadb, tfidf, bm25
RAG_BACKEND=auto

# =============================================================================
# Methodology File (deep injection into agent prompts)
# =============================================================================
# Path to .md methodology file (FASE-based pentest methodology)
#METHODOLOGY_FILE=/opt/Prompts-PenTest/pentestcompleto_en.md

# =============================================================================
# Vuln Type Agents (per-vuln parallel orchestration)
# =============================================================================
# Enable parallel per-vuln-type specialist agents
ENABLE_VULN_AGENTS=false

# =============================================================================
# Notifications (multi-channel scan alerts)
# =============================================================================
#ENABLE_NOTIFICATIONS=false
#NOTIFICATION_SEVERITY_FILTER=critical,high

# Discord webhook for scan alerts
#DISCORD_WEBHOOK_URL=

# Telegram bot alerts
#TELEGRAM_BOT_TOKEN=
#TELEGRAM_CHAT_ID=

# WhatsApp/Twilio alerts
#TWILIO_ACCOUNT_SID=
#TWILIO_AUTH_TOKEN=
#TWILIO_FROM_NUMBER=
#TWILIO_TO_NUMBER=

# =============================================================================
# Database (default is SQLite - no config needed)
# =============================================================================
DATABASE_URL=sqlite+aiosqlite:///./data/neurosploit.db

# =============================================================================
# Server Configuration
# =============================================================================
HOST=0.0.0.0
PORT=8000
DEBUG=false