NEXO 7.9.28 — Optional LLM endpoint and auth provider overrides

Published 2026-04-26. Patch release over v7.9.27.

v7.9.28 introduces an opt-in extension surface that lets third-party orchestrators — for example an Anthropic-compatible proxy that adds rate limiting, cost accounting, multi-provider failover, or per-team auth — redirect Brain LLM calls and delegate bearer token resolution to a local command, without modifying the source. The pattern is intentionally analogous to git’s core.editor and credential.helper: a generic plug-in surface, not tied to any specific product.

Brain libre standalone is unaffected. If neither override file exists Brain hits https://api.anthropic.com directly using ANTHROPIC_API_KEY from environment or filesystem, exactly as in v7.9.27.

What changed

Two optional JSON files at ~/.nexo/config/ drive the behaviour:

• llm_endpoint.json — {"version":1,"anthropic_base_url":"…"}. Flips override mode on and supplies the base URL.
• auth_provider.json — {"version":1,"command":"/path/to/helper","args":[…],"timeout_sec":5}. Brain runs the helper, captures stdout, and uses the trimmed output as the bearer token (analogous to git’s credential.helper).

Both the SDK direct path (src/call_model_raw.py) and every CLI child Brain spawns (src/agent_runner.py) participate. The SDK path resolves (model, effort) from resonance_tiers.json and translates it into a wire alias the proxy validates (nexo-max | nexo-high | nexo-medium | nexo-low | nexo-mini) just before the request, attaching an opaque Idempotency-Key (UUID4 hex) so the proxy can dedup transparent retries within 24h without double-billing. The CLI spawn path injects ANTHROPIC_BASE_URL and ANTHROPIC_API_KEY into the spawned environment, so headless crons (deep-sleep, evolution, followup-runner, morning-agent, email-monitor) hit the proxy too — LaunchAgent processes do not inherit env from a UI process, so the redirection has to come from inside Brain.

Standalone path is preserved

Without the override files no Idempotency-Key header is sent, no alias translation runs, no ANTHROPIC_BASE_URL is injected into spawned children. The wire request and the spawn environment are bit-for-bit identical to v7.9.27. Existing operators that clone the repo from GitHub, set ANTHROPIC_API_KEY, and run Brain continue to do exactly that.

Forward compatibility

Each override file declares version: 1. Future schema changes can be opted into per file by bumping its version — older Brain installs will log a stderr warning and ignore the file rather than fail. Unsupported versions, malformed JSON, missing keys, command timeouts, missing binaries, and non-zero exit codes all degrade gracefully to the legacy fallbacks (ANTHROPIC_API_KEY env then filesystem). Misconfiguration cannot brick a cron.

Why it matters

Many teams want to run Brain on top of an internal Anthropic-compatible gateway — for cost accounting per team, regional egress control, multi-provider failover, or compliance review of every prompt. Until now they had to fork Brain or wrap the binary. v7.9.28 makes the redirection a two-file configuration, and Brain libre keeps shipping unchanged for everyone else.

Verification

28 dedicated tests across tests/test_call_model_raw_overrides.py (19) and tests/test_agent_runner_override_env.py (9) cover override on/off detection, version gating, malformed-JSON tolerance, env-vs-file precedence, the auth_provider command success path, subprocess timeout fallback, missing-binary fallback, non-zero-exit fallback, empty-stdout fallback, alias translation for every tier, unmapped-pair fail-closed behaviour, missing-bearer error, and standalone parity. Wider regression sweep across resonance, semantic-router, semantic-reasoner, cortex, agent-runner, run-automation-prompt and auto-update-relocate-resonance tests stays green.

Full changelog entry →