mistral-multi-env-setup
Configure Mistral AI across development, staging, and production environments. Use when setting up multi-environment deployments, configuring per-environment secrets, or implementing environment-specific Mistral AI configurations. Trigger with phrases like "mistral environments", "mistral staging", "mistral dev prod", "mistral environment setup".
What this skill does
# Mistral AI Multi-Environment Setup
## Overview
Configure Mistral AI across development, staging, and production with per-environment API keys, model selection, rate limits, and secret management via GCP Secret Manager, AWS Secrets Manager, or Vault.
## Prerequisites
- Separate Mistral API keys per environment (from [console.mistral.ai](https://console.mistral.ai/))
- Secret management solution configured
- CI/CD pipeline with environment variables
## Environment Strategy
| Environment | API Key | Default Model | Rate Limit | Cache |
|-------------|---------|---------------|------------|-------|
| Development | Dev key (low quota) | mistral-small-latest | 10 RPM | Off |
| Staging | Staging key | Same as prod | 60 RPM | On |
| Production | Prod key (full quota) | Optimized per task | Full RPM | On |
## Instructions
### Step 1: Configuration Structure
```typescript
// config/mistral/base.ts
export interface MistralEnvConfig {
apiKey: string;
defaultModel: string;
timeoutMs: number;
maxRetries: number;
debug: boolean;
cache: { enabled: boolean; ttlMs: number };
rateLimits: { rpm: number; tpm: number };
}
export const baseConfig: Omit<MistralEnvConfig, 'apiKey'> = {
defaultModel: 'mistral-small-latest',
timeoutMs: 30_000,
maxRetries: 3,
debug: false,
cache: { enabled: true, ttlMs: 300_000 },
rateLimits: { rpm: 60, tpm: 500_000 },
};
```
### Step 2: Per-Environment Configs
```typescript
// config/mistral/environments.ts
import { baseConfig, type MistralEnvConfig } from './base.js';
const configs: Record<string, Partial<MistralEnvConfig>> = {
development: {
debug: true,
cache: { enabled: false, ttlMs: 60_000 },
rateLimits: { rpm: 10, tpm: 100_000 },
},
staging: {
cache: { enabled: true, ttlMs: 300_000 },
},
production: {
timeoutMs: 60_000,
maxRetries: 5,
cache: { enabled: true, ttlMs: 600_000 },
},
};
export function getMistralConfig(): MistralEnvConfig {
const env = detectEnvironment();
const envConfig = configs[env] ?? {};
// API key sourced from environment
const apiKeyVar = {
development: 'MISTRAL_API_KEY_DEV',
staging: 'MISTRAL_API_KEY_STAGING',
production: 'MISTRAL_API_KEY',
}[env] ?? 'MISTRAL_API_KEY';
const apiKey = process.env[apiKeyVar] ?? process.env.MISTRAL_API_KEY;
if (!apiKey) throw new Error(`Mistral API key not set for ${env} (expected ${apiKeyVar})`);
return { ...baseConfig, ...envConfig, apiKey } as MistralEnvConfig;
}
```
### Step 3: Environment Detection
```typescript
type Environment = 'development' | 'staging' | 'production';
function detectEnvironment(): Environment {
// Explicit override
if (process.env.APP_ENV) return process.env.APP_ENV as Environment;
// Platform-specific detection
if (process.env.VERCEL_ENV === 'production') return 'production';
if (process.env.VERCEL_ENV === 'preview') return 'staging';
if (process.env.CLOUD_RUN_JOB) return 'production';
if (process.env.K_SERVICE) return 'production'; // Cloud Run
// NODE_ENV fallback
if (process.env.NODE_ENV === 'production') return 'production';
if (process.env.NODE_ENV === 'staging') return 'staging';
return 'development';
}
```
### Step 4: Secret Management
**GCP Secret Manager**
```typescript
import { SecretManagerServiceClient } from '@google-cloud/secret-manager';
const sm = new SecretManagerServiceClient();
async function getMistralApiKey(env: string): Promise<string> {
const [version] = await sm.accessSecretVersion({
name: `projects/my-project/secrets/mistral-api-key-${env}/versions/latest`,
});
return version.payload?.data?.toString() ?? '';
}
```
**AWS Secrets Manager**
```typescript
import { SecretsManager } from '@aws-sdk/client-secrets-manager';
const sm = new SecretsManager({ region: 'us-east-1' });
async function getMistralApiKey(env: string): Promise<string> {
const { SecretString } = await sm.getSecretValue({
SecretId: `mistral/${env}/api-key`,
});
return SecretString!;
}
```
**GitHub Actions**
```yaml
jobs:
deploy-staging:
environment: staging
env:
MISTRAL_API_KEY_STAGING: ${{ secrets.MISTRAL_API_KEY_STAGING }}
deploy-production:
environment: production
env:
MISTRAL_API_KEY: ${{ secrets.MISTRAL_API_KEY_PROD }}
```
### Step 5: Environment Isolation Guards
```typescript
function requireEnvironment(required: Environment, operation: string): void {
const current = detectEnvironment();
if (current !== required) {
throw new Error(`"${operation}" requires ${required} but running in ${current}`);
}
}
// Protect dangerous operations
async function createFineTuningJob(params: any) {
requireEnvironment('production', 'createFineTuningJob');
// ... fine-tuning logic
}
// Prevent production data in dev
async function processUserData(userId: string) {
const env = detectEnvironment();
if (env === 'development') {
console.warn('Using test data in development');
userId = 'test-user-001';
}
// ... processing logic
}
```
### Step 6: Feature Flags by Environment
```typescript
interface FeatureFlags {
useAgentsAPI: boolean;
enableBatchProcessing: boolean;
enableVisionModels: boolean;
maxConcurrentRequests: number;
}
const FLAGS: Record<Environment, FeatureFlags> = {
development: {
useAgentsAPI: true,
enableBatchProcessing: true,
enableVisionModels: true,
maxConcurrentRequests: 2,
},
staging: {
useAgentsAPI: true,
enableBatchProcessing: true,
enableVisionModels: true,
maxConcurrentRequests: 5,
},
production: {
useAgentsAPI: false, // Gradual rollout
enableBatchProcessing: true,
enableVisionModels: true,
maxConcurrentRequests: 10,
},
};
export function getFlags(): FeatureFlags {
return FLAGS[detectEnvironment()];
}
```
## Error Handling
| Issue | Cause | Solution |
|-------|-------|----------|
| Wrong environment | Missing `APP_ENV` | Set explicitly in deployment config |
| Secret not found | Wrong secret path | Verify secret manager and IAM permissions |
| Cross-env data leak | Missing guards | Add `requireEnvironment()` checks |
| Config mismatch | Env var naming | Use consistent naming convention |
## Resources
- [GCP Secret Manager](https://cloud.google.com/secret-manager)
- [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/)
- [12-Factor App Config](https://12factor.net/config)
## Output
- Multi-environment config with type-safe overrides
- Environment detection for Vercel, Cloud Run, and K8s
- Secret management integration (GCP, AWS, GitHub Actions)
- Environment isolation guards
- Feature flags per environment
Related in General
modeling-omnistudio-epc-catalog
IncludedSalesforce Industries CME EPC product-modeling skill for Product2-based catalog creation. Use when creating EPC products, configuring product attributes, building offer bundles with Product Child Items, or reviewing EPC DataPack JSON metadata for product catalog changes. TRIGGER when: user creates or updates Product2 EPC records, AttributeAssignment payloads, AttributeMetadata/AttributeDefaultValues, Offer bundles, or ProductChildItem relationships. DO NOT TRIGGER when: designing OmniScripts/FlexCards/Integration Procedures (use building-omnistudio-omniscript, building-omnistudio-flexcard, or building-omnistudio-integration-procedure), implementing Apex business logic (use generating-apex), or troubleshooting deployment pipelines (use deploying-metadata).
relationship-science-coach
IncludedUse this skill for direct, practical adult relationship coaching: couples conflict, repair, trust, marriage, dating, flirting, attachment patterns, emotional connection, sex, desire differences, eroticism, kink negotiation, affection, love languages, breakups, and long-term passion. Draw on Gottman, EFT and Hold Me Tight, attachment science, modern sex research, Perel, Nagoski, Kerner, Schnarch, Love and Stosny, and flexible love-language tools. Be concrete and low-hedge. Redirect only for imminent danger, abuse, coercive control, minors, non-consent, self-harm, stalking, or medical/legal/psychiatric decisions.
building-sf-integrations
IncludedSalesforce integration architecture and runtime plumbing with 120-point scoring. Use this skill to set up Named Credentials, External Credentials, External Services, REST/SOAP callout patterns, Platform Events, and Change Data Capture. TRIGGER when: user sets up Named Credentials, External Services, REST/SOAP callouts, Platform Events, CDC, or touches .namedCredential-meta.xml files. DO NOT TRIGGER when: Connected App/OAuth config (use configuring-connected-apps), Apex-only logic (use generating-apex), or data import/export (use handling-sf-data).
venue-templates
IncludedAccess comprehensive LaTeX templates, formatting requirements, and submission guidelines for major scientific publication venues (Nature, Science, PLOS, IEEE, ACM), academic conferences (NeurIPS, ICML, CVPR, CHI), research posters, and grant proposals (NSF, NIH, DOE, DARPA). This skill should be used when preparing manuscripts for journal submission, conference papers, research posters, or grant proposals and need venue-specific formatting requirements and templates.
let-fate-decide
IncludedDraws the 12 Houses of the Zodiac Tarot spread to inject entropy into planning when prompts are vague, ambiguous, or casually delegated. Interprets the spread to guide next steps. Use when the user says 'let fate decide', 'YOLO', 'whatever', 'idk', or other nonchalant phrases, makes Yu-Gi-Oh references, or when you are about to arbitrarily pick between multiple reasonable approaches. Prefer over ask-questions-if-underspecified when the user's tone is casual or playful rather than precision-seeking.
net-ops
IncludedCross-platform network troubleshooting (Windows, macOS, Linux) via local or remote shell. Use for: DNS broken, can't resolve hostnames, nslookup/dig works but apps fail, NRPT, WFP, scutil, /etc/resolver, systemd-resolved, /etc/resolv.conf, NetworkManager, VPN DNS leak residue (ProtonVPN/Mullvad/WireGuard/AnyConnect), AV/firewall blocking DNS or DoH, Tailscale DNS interaction, intermittent connectivity, remote diagnostics over SSH.