Skip to content
reaatech

Files · Mistral AI Code Sandbox with Approval Gates for SMB Data Teams

85 (1 binary, 737.4 kB total)attempt 1

Download example (zip)Back to tutorial
README.md·3853 B·markdown
markdown
# Mistral AI Code Sandbox with Approval Gates for SMB Data Teams
 
Let business analysts run analytical Python scripts generated by an LLM, with mandatory human approval before execution and full audit trails.
 
## Problem
 
Small businesses want to let non-engineers use natural language to run data analyses, but fear untrusted code execution, runaway costs, and compliance risks. No off-the-shelf tool offers human-in-the-loop gating with fine-grained spend controls.
 
## Architecture
 
```
User Query → Mistral LLM (code generation) → Approval Queue (tool-use-firewall-core) → Human Review → E2B Sandbox (execution) → Results
                  ↓                              ↓                              ↓
           Session Continuity              Cost Telemetry               Langfuse Tracing
                  ↓                              ↓
           Budget Engine                  Audit Log (Supabase)
```
 
## Setup
 
1. **Environment variables** — Copy `.env.example` to `.env.local` and fill in:
   - `MISTRAL_API_KEY` — from https://console.mistral.ai
   - `E2B_API_KEY` — from https://e2b.dev/dashboard
   - `SUPABASE_URL` + `SUPABASE_SECRET_KEY` — from your Supabase project
   - `LANGFUSE_SECRET_KEY` + `LANGFUSE_PUBLIC_KEY` + `LANGFUSE_BASE_URL` — from Langfuse
 
2. **Supabase tables** — Create the following tables:
   - `sessions` (id UUID, user_id text, status text, metadata jsonb, created_at timestamptz, last_activity_at timestamptz)
   - `messages` (id UUID, session_id UUID, role text, content text, created_at timestamptz)
   - `approval_requests` (id UUID, code text, user_id text, team_id text, session_id UUID, budget_estimate float, approval_status text, reviewer_id text, rejection_reason text, created_at timestamptz)
   - `cost_spans` (id UUID, provider text, model text, input_tokens int, output_tokens int, cost_usd float, tenant text, feature text, timestamp timestamptz)
   - `audit_logs` (id UUID, action text, actor_id text, details jsonb, created_at timestamptz)
 
3. **Install dependencies**`pnpm install`
 
4. **Run**`pnpm dev` (starts on http://localhost:3000)
 
## API
 
### POST /api/analyze
Submit a natural language query for code generation.
```json
{ "query": "Load sales.csv and plot monthly revenue by region", "userId": "user-123", "teamId": "team-abc" }
```
```bash
curl -X POST http://localhost:3000/api/analyze \
  -H "Content-Type: application/json" \
  -H "x-user-id: user-123" \
  -H "x-team-id: team-abc" \
  -d '{ "query": "Load sales.csv and plot monthly revenue by region" }'
```
 
### POST /api/approve
Approve or reject a code execution request.
```json
{ "requestId": "<uuid>", "approved": true, "reviewerId": "reviewer-456" }
```
```bash
curl -X POST http://localhost:3000/api/approve \
  -H "Content-Type: application/json" \
  -d '{ "requestId": "<uuid>", "approved": true, "reviewerId": "reviewer-456" }'
```
 
### POST /api/execute
Execute approved code in the E2B sandbox.
```json
{ "requestId": "<uuid>", "sessionId": "<uuid>", "userId": "user-123" }
```
```bash
curl -X POST http://localhost:3000/api/execute \
  -H "Content-Type: application/json" \
  -d '{ "requestId": "<uuid>", "sessionId": "<uuid>", "userId": "user-123" }'
```
 
## Tech Stack
 
- **Next.js 16** (App Router) with tRPC v11
- **Mistral AI** (mistral-large-latest via MISTRAL_MODEL env var) for code generation
- **@e2b/code-interpreter** for sandboxed Python execution
- **@reaatech/tool-use-firewall-core** for approval workflow
- **@reaatech/agent-budget-engine** for per-user cost caps
- **@reaatech/llm-cost-telemetry** for spend tracking
- **@reaatech/session-continuity** for conversation state
- **@reaatech/agent-handoff** for generation → execution transitions
- **Langfuse** for LLM observability
- **Supabase** for storage (sessions, approvals, costs, audit logs)