Configure environment via mise [env] SSoT. TRIGGERS - mise env, mise.toml, environment variables, centralize config, Python venv, mise templates.
/plugin marketplace add terrylica/cc-skills/plugin install terrylica-itp-plugins-itp@terrylica/cc-skillsThis skill is limited to using the following tools:
references/github-tokens.mdreferences/patterns.mdUse mise [env] as centralized configuration with backward-compatible defaults.
Define all configurable values in .mise.toml [env] section. Scripts read via environment variables with fallback defaults. Same code path works WITH or WITHOUT mise installed.
Key insight: mise auto-loads [env] values when shell has mise activate configured. Scripts using os.environ.get("VAR", "default") pattern work identically whether mise is present or not.
| Language | Pattern | Notes |
|---|---|---|
| Python | os.environ.get("VAR", "default") | Returns string, cast if int |
| Bash | ${VAR:-default} | Standard POSIX expansion |
| JavaScript | process.env.VAR || "default" | Falsy check, watch for "0" |
| Go | os.Getenv("VAR") with default | Empty string if unset |
| Rust | std::env::var("VAR").unwrap_or() | Returns Result<String> |
| Directive | Purpose | Example |
|---|---|---|
_.file | Load from .env files | _.file = ".env" |
_.path | Extend PATH | _.path = ["bin", "node_modules/.bin"] |
_.source | Execute bash scripts | _.source = "./scripts/env.sh" |
_.python.venv | Auto-create Python venv | _.python.venv = { path = ".venv", create = true } |
Auto-create and activate Python virtual environments:
[env]
_.python.venv = { path = ".venv", create = true }
This pattern is used in ALL projects. When entering the directory with mise activated:
.venv if it doesn't existuv for fast venv creationAlternative via [settings]:
[settings]
python.uv_venv_auto = true
_.file)[env]
# Single file
_.file = ".env"
# Multiple files with options
_.file = [
".env",
{ path = ".env.secrets", redact = true }
]
_.path)[env]
_.path = [
"{{config_root}}/bin",
"{{config_root}}/node_modules/.bin",
"scripts"
]
_.source)[env]
_.source = "./scripts/env.sh"
_.source = { path = ".secrets.sh", redact = true }
tools = true)By default, env vars resolve BEFORE tools install. Use tools = true to access tool-generated paths:
[env]
# Access PATH after tools are set up
GEM_BIN = { value = "{{env.GEM_HOME}}/bin", tools = true }
# Load .env files after tool setup
_.file = { path = ".env", tools = true }
mise uses Tera templating. Delimiters: {{ }} expressions, {% %} statements, {# #} comments.
| Variable | Description |
|---|---|
{{config_root}} | Directory containing .mise.toml |
{{cwd}} | Current working directory |
{{env.VAR}} | Environment variable |
{{mise_bin}} | Path to mise binary |
{{mise_pid}} | mise process ID |
{{xdg_cache_home}} | XDG cache directory |
{{xdg_config_home}} | XDG config directory |
{{xdg_data_home}} | XDG data directory |
[env]
# Get env var with fallback
NODE_VER = "{{ get_env(name='NODE_VERSION', default='20') }}"
# Execute shell command
TIMESTAMP = "{{ exec(command='date +%Y-%m-%d') }}"
# System info
ARCH = "{{ arch() }}" # x64, arm64
OS = "{{ os() }}" # linux, macos, windows
CPUS = "{{ num_cpus() }}"
# File operations
VERSION = "{{ read_file(path='VERSION') | trim }}"
HASH = "{{ hash_file(path='config.json', len=8) }}"
[env]
# Case conversion
SNAKE = "{{ name | snakecase }}"
KEBAB = "{{ name | kebabcase }}"
CAMEL = "{{ name | lowercamelcase }}"
# String manipulation
TRIMMED = "{{ text | trim }}"
UPPER = "{{ text | upper }}"
REPLACED = "{{ text | replace(from='old', to='new') }}"
# Path operations
ABSOLUTE = "{{ path | absolute }}"
BASENAME = "{{ path | basename }}"
DIRNAME = "{{ path | dirname }}"
[env]
{% if env.DEBUG %}
LOG_LEVEL = "debug"
{% else %}
LOG_LEVEL = "info"
{% endif %}
Enforce variable definition with helpful messages:
[env]
DATABASE_URL = { required = true }
API_KEY = { required = "Get from https://example.com/api-keys" }
Hide sensitive values from output:
[env]
SECRET = { value = "my_secret", redact = true }
_.file = { path = ".env.secrets", redact = true }
# Pattern-based redactions
redactions = ["*_TOKEN", "*_KEY", "PASSWORD"]
[settings]
experimental = true # Enable experimental features
python.uv_venv_auto = true # Auto-create venv with uv
Pin tool versions for reproducibility:
[tools]
python = "3.11" # minimum baseline; use 3.12, 3.13 as needed
node = "latest"
uv = "latest"
# With options
rust = { version = "1.75", profile = "minimal" }
min_version: Enforce mise version compatibility:
min_version = "2024.9.5"
.mise.toml - add [env] section with documented variables_.python.venv = { path = ".venv", create = true }# ADR: 2025-12-08-mise-env-centralized-config.mise.toml valuesFor multi-account GitHub setups, mise [env] provides per-directory token configuration that overrides gh CLI's global authentication.
Store tokens in a centralized, secure location:
mkdir -p ~/.claude/.secrets
chmod 700 ~/.claude/.secrets
# Create token files (one per account)
gh auth login # authenticate as account
gh auth token > ~/.claude/.secrets/gh-token-accountname
chmod 600 ~/.claude/.secrets/gh-token-*
# ~/.claude/.mise.toml (terrylica account)
[env]
GH_TOKEN = "{{ read_file(path=config_root ~ '/.secrets/gh-token-terrylica') | trim }}"
GITHUB_TOKEN = "{{ read_file(path=config_root ~ '/.secrets/gh-token-terrylica') | trim }}"
GH_ACCOUNT = "terrylica" # For human reference only
# ~/eon/.mise.toml (terrylica account - different directory)
[env]
GH_TOKEN = "{{ read_file(path=env.HOME ~ '/.claude/.secrets/gh-token-terrylica') | trim }}"
GITHUB_TOKEN = "{{ read_file(path=env.HOME ~ '/.claude/.secrets/gh-token-terrylica') | trim }}"
GH_ACCOUNT = "terrylica"
| Variable | Usage Context | Example |
|---|---|---|
GH_TOKEN | mise [env], Doppler, verification tasks | .mise.toml, shell scripts |
GITHUB_TOKEN | npm scripts, GitHub Actions, semantic-release | package.json, workflows |
Rule: Always set BOTH variables in mise [env] pointing to the same token file. Different tools check different variable names.
For enhanced security with automatic token rotation:
[env]
GH_TOKEN = "{{ op_read('op://Engineering/GitHub Token/credential') }}"
With caching for performance:
[env]
GH_TOKEN = "{{ cache(key='gh_token', duration='1h', run='op read op://Engineering/GitHub Token/credential') }}"
/usr/bin/env bash << 'MISE_EOF'
for dir in ~/.claude ~/eon ~/own ~/scripts ~/459ecs; do
cd "$dir" && eval "$(mise hook-env -s bash)" && echo "$dir → $GH_ACCOUNT"
done
MISE_EOF
ADR Reference: GitHub Multi-Account Authentication
SSH ControlMaster Warning: If using multi-account SSH, ensure
ControlMaster nois set for GitHub hosts in~/.ssh/config. Cached connections can authenticate with the wrong account. See semantic-release authentication for troubleshooting.
| Anti-Pattern | Why | Instead |
|---|---|---|
mise exec -- script.py | Forces mise dependency | Use env vars with defaults |
Secrets in .mise.toml | Visible in repo | Use Doppler or redact = true |
| No defaults in scripts | Breaks without mise | Always provide fallback |
| Mixing env/tools resolution | Order matters | Use tools = true for tool-dependent vars |
When you detect workflow opportunities during mise configuration, prescriptively invoke the mise-tasks skill.
PRESCRIPTIVE: When detecting multi-step project workflows, invoke
mise-tasksskill to generate appropriate[tasks]definitions with dependency management.
Step 1: Configure environment (this skill):
[env]
DATABASE_URL = "postgresql://localhost/mydb"
_.python.venv = { path = ".venv", create = true }
Step 2: Define tasks (mise-tasks skill):
[tasks.test]
depends = ["lint"]
run = "pytest tests/"
[tasks.deploy]
depends = ["test", "build"]
run = "deploy.sh"
Tasks automatically inherit [env] values.
For complete code patterns and examples, see: references/patterns.md
For task orchestration, see: mise-tasks skill - Dependencies, arguments, file tracking, watch mode
ADR Reference: When implementing mise configuration, create an ADR at docs/adr/YYYY-MM-DD-mise-env-centralized-config.md in your project.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.