Skip to content

Error related to Pydantic "extra inputs" when starting the program #20

New issue
New issue
Open
Open
Error related to Pydantic "extra inputs" when starting the program#20
@elliecolorado

Description

@elliecolorado
elliecolorado
opened on Feb 25, 2026

Pydantic throws an error for "extra inputs" when starting the program. This happened already with a previous release, but just with Ollama and Gemini being added on the .env, now it happens with several options in the .env. Here is the error:

Traceback (most recent call last):
  File "/usr/bin/uvicorn", line 8, in <module>
    sys.exit(main())
             ~~~~^^
  File "/usr/lib/python3/dist-packages/click/core.py", line 1161, in __call__
    return self.main(*args, **kwargs)
           ~~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/click/core.py", line 1082, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1443, in invoke
    return ctx.invoke(self.callback, **ctx.params)
           ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/click/core.py", line 788, in invoke
    return __callback(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/uvicorn/main.py", line 423, in main
    run(
    ~~~^
        app,
        ^^^^
    ...<46 lines>...
        h11_max_incomplete_event_size=h11_max_incomplete_event_size,
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    )
    ^
  File "/usr/lib/python3/dist-packages/uvicorn/main.py", line 593, in run
    server.run()
    ~~~~~~~~~~^^
  File "/usr/lib/python3/dist-packages/uvicorn/server.py", line 67, in run
    return asyncio_run(self.serve(sockets=sockets), loop_factory=self.config.get_loop_factory())
  File "/usr/lib/python3.13/asyncio/runners.py", line 195, in run
    return runner.run(main)
           ~~~~~~~~~~^^^^^^
  File "/usr/lib/python3.13/asyncio/runners.py", line 118, in run
    return self._loop.run_until_complete(task)
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^
  File "uvloop/loop.pyx", line 1518, in uvloop.loop.Loop.run_until_complete
  File "/usr/lib/python3/dist-packages/uvicorn/server.py", line 71, in serve
    await self._serve(sockets)
  File "/usr/lib/python3/dist-packages/uvicorn/server.py", line 78, in _serve
    config.load()
    ~~~~~~~~~~~^^
  File "/usr/lib/python3/dist-packages/uvicorn/config.py", line 439, in load
    self.loaded_app = import_from_string(self.app)
                      ~~~~~~~~~~~~~~~~~~^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/uvicorn/importer.py", line 19, in import_from_string
    module = importlib.import_module(module_str)
  File "/usr/lib/python3.13/importlib/__init__.py", line 88, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
           ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 1023, in exec_module
  File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
  File "/home/alumno/Escritorio/NeuroSploit/backend/main.py", line 12, in <module>
    from backend.config import settings
  File "/home/alumno/Escritorio/NeuroSploit/backend/config.py", line 78, in <module>
    settings = Settings()
  File "/usr/lib/python3/dist-packages/pydantic_settings/main.py", line 194, in __init__
    super().__init__(
    ~~~~~~~~~~~~~~~~^
        **__pydantic_self__._settings_build_values(
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    ...<27 lines>...
        )
        ^
    )
    ^
  File "/usr/lib/python3/dist-packages/pydantic/main.py", line 250, in __init__
    validated_self = self.__pydantic_validator__.validate_python(data, self_instance=self)
pydantic_core._pydantic_core.ValidationError: 5 validation errors for Settings
OLLAMA_BASE_URL                                                                                                    
  Extra inputs are not permitted [type=extra_forbidden, input_value='http://localhost:11434', input_type=str]      
    For further information visit https://errors.pydantic.dev/2.12/v/extra_forbidden                               
ENABLE_REASONING                                                                                                   
  Extra inputs are not permitted [type=extra_forbidden, input_value='true', input_type=str]                        
    For further information visit https://errors.pydantic.dev/2.12/v/extra_forbidden                               
ENABLE_CVE_HUNT                                                                                                    
  Extra inputs are not permitted [type=extra_forbidden, input_value='true', input_type=str]                        
    For further information visit https://errors.pydantic.dev/2.12/v/extra_forbidden                               
ENABLE_MULTI_AGENT                                                                                                 
  Extra inputs are not permitted [type=extra_forbidden, input_value='false', input_type=str]                       
    For further information visit https://errors.pydantic.dev/2.12/v/extra_forbidden                               
ENABLE_RESEARCHER_AI                                                                                               
  Extra inputs are not permitted [type=extra_forbidden, input_value='true', input_type=str]                        
    For further information visit https://errors.pydantic.dev/2.12/v/extra_forbidden

This is my .env

# NeuroSploit v3 Environment Variables
# =====================================
# Copy this file to .env and configure your API keys
#
# IMPORTANT: You MUST set at least one LLM API key for the AI agent to work!
#

# =============================================================================
# LLM API Keys (REQUIRED - at least one must be set)
# =============================================================================
# Get your Claude API key at: https://console.anthropic.com/
ANTHROPIC_API_KEY=API-KEY

# OpenAI: https://platform.openai.com/api-keys
OPENAI_API_KEY=API-KEY

# Google Gemini: https://aistudio.google.com/app/apikey
GEMINI_API_KEY=API-KEY

# OpenRouter (multi-model): https://openrouter.ai/keys
OPENROUTER_API_KEY=API-KEY

# Together AI: https://api.together.xyz/settings/api-keys
TOGETHER_API_KEY=

# Fireworks AI: https://fireworks.ai/account/api-keys
FIREWORKS_API_KEY=

# =============================================================================
# Local LLM (optional - no API key needed)
# =============================================================================
# Ollama: https://ollama.ai
OLLAMA_BASE_URL=http://localhost:11434

# LM Studio: https://lmstudio.ai
#LMSTUDIO_BASE_URL=http://localhost:1234

# =============================================================================
# LLM Configuration
# =============================================================================
# Max output tokens (up to 64000 for Claude). Comment out for profile defaults.
#MAX_OUTPUT_TOKENS=64000

# Select specific model name (e.g., claude-sonnet-4-20250514, gpt-4o, llama3.2, qwen2.5)
# Leave empty for provider default
#DEFAULT_LLM_MODEL=

# Enable task-type model routing (routes to different LLM profiles per task)
ENABLE_MODEL_ROUTING=false

# =============================================================================
# Feature Flags
# =============================================================================
# Bug bounty dataset cognitive augmentation
ENABLE_KNOWLEDGE_AUGMENTATION=false

# Playwright browser-based validation + screenshot capture
ENABLE_BROWSER_VALIDATION=false

# =============================================================================
# Agent Autonomy (Phase 1-5 modules)
# =============================================================================
# Token budget per scan (limits total LLM tokens). Comment out for unlimited.
#TOKEN_BUDGET=100000

# Enable AI reasoning engine (think/plan/reflect at checkpoints)
ENABLE_REASONING=true

# Enable CVE/exploit search (NVD API + GitHub)
ENABLE_CVE_HUNT=true

# NVD API key for higher rate limits: https://nvd.nist.gov/developers/request-an-api-key
#NVD_API_KEY=

# GitHub token for exploit search (optional, increases rate limit)
#GITHUB_TOKEN=

# Enable multi-agent orchestration (replaces default 3-stream architecture)
# WARNING: Experimental - uses specialist agents instead of parallel streams
ENABLE_MULTI_AGENT=false

# Enable AI Researcher agent (0-day discovery with Kali sandbox)
# Requires enable_kali_sandbox=true per scan (frontend checkbox)
ENABLE_RESEARCHER_AI=true

# CLI Agent (AI CLI tools inside Kali sandbox)
# Runs Claude Code / Gemini CLI / Codex CLI inside Kali container as pentest engine
#ENABLE_CLI_AGENT=true
#CLI_AGENT_MAX_RUNTIME=1800
#CLI_AGENT_DEFAULT_PROVIDER=claude_code

# Kali sandbox Docker image name
#KALI_SANDBOX_IMAGE=neurosploit-kali:latest

# =============================================================================
# Smart Router (OAuth + API provider routing)
# =============================================================================
# Enable Smart Router for automatic provider failover and CLI OAuth token reuse
#ENABLE_SMART_ROUTER=true

# =============================================================================
# RAG System (Retrieval-Augmented Generation)
# =============================================================================
# Enable RAG for semantic search over vuln knowledge, bug bounty data, etc.
ENABLE_RAG=true

# RAG backend: auto (best available), chromadb, tfidf, bm25
RAG_BACKEND=auto

# =============================================================================
# Methodology File (deep injection into agent prompts)
# =============================================================================
# Path to .md methodology file (FASE-based pentest methodology)
#METHODOLOGY_FILE=/opt/Prompts-PenTest/pentestcompleto_en.md

# =============================================================================
# Vuln Type Agents (per-vuln parallel orchestration)
# =============================================================================
# Enable parallel per-vuln-type specialist agents
ENABLE_VULN_AGENTS=false

# =============================================================================
# Notifications (multi-channel scan alerts)
# =============================================================================
#ENABLE_NOTIFICATIONS=false
#NOTIFICATION_SEVERITY_FILTER=critical,high

# Discord webhook for scan alerts
#DISCORD_WEBHOOK_URL=

# Telegram bot alerts
#TELEGRAM_BOT_TOKEN=
#TELEGRAM_CHAT_ID=

# WhatsApp/Twilio alerts
#TWILIO_ACCOUNT_SID=
#TWILIO_AUTH_TOKEN=
#TWILIO_FROM_NUMBER=
#TWILIO_TO_NUMBER=

# =============================================================================
# Database (default is SQLite - no config needed)
# =============================================================================
DATABASE_URL=sqlite+aiosqlite:///./data/neurosploit.db

# =============================================================================
# Server Configuration
# =============================================================================
HOST=0.0.0.0
PORT=8000
DEBUG=false

I could "fix" it by going to Neurosploit/backend/config.py and modifying this

    class Config:
        env_file = ".env"
        case_sensitive = True
        extra = "ignore" <----- Added this line (per someone else's issue "fix")

After which it let me start the program with the given .env

I would fix it and make a PR, but I don't know enough Python to check whether it's just the fix I found, or would have to change more code.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions