fix: pin mistralai to GitHub in dev envs while PyPI is quarantined

[pgrayy]

Description

The mistralai package on PyPI is currently quarantined due to a supply chain compromise in v2.4.6 (mistralai/client-python#523). This blocks all CI/CD pipelines because hatch environments with features = ["all"] cannot resolve mistralai from PyPI.

This PR adds a direct GitHub reference (mistralai @ git+https://github.com/mistralai/client-python.git@v1.12.4) to the dependencies of the three hatch environments used in development and CI:

• hatch-static-analysis (linting)
• hatch-test (unit/integration tests)
• default (local dev shell)

When uv resolves dependencies, the direct URL takes priority and satisfies the mistralai>=1.8.2,<2.0.0 constraint from the mistral extra without querying PyPI. The public [project.optional-dependencies] are unchanged, so end users running pip install strands-agents[mistral] are not affected by this change.

This is a temporary measure. Once PyPI lifts the quarantine, the GitHub pins should be removed.

Related Issues

Fixes #2288

Type of Change

Bug fix

Testing

CI pipelines should now pass since mistralai is resolved from GitHub rather than the quarantined PyPI package.

• I ran hatch run prepare

Checklist

• I have read the CONTRIBUTING document
• I have added any necessary tests that prove my fix is effective or my feature works
• I have updated the documentation accordingly
• I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
• My changes generate no new warnings
• Any dependent changes have been merged and published

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[pgrayy]

Quarantine lifted.