Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From macos-it-admin
CRUD over Parallel.ai (parallel.ai) API keys covering both Search and Task plans. Use when rotating PARALLEL_API_KEY, listing keys for audit, scoping a new key to a specific plan, or revoking a compromised key. Uses the OSEC3 minter pattern with PARALLEL_TOKEN_MINTER from macOS keychain.
npx claudepluginhub subagentceo/knowledge-engineering --plugin macos-it-adminHow this skill is triggered — by the user, by Claude, or both
Slash command
/macos-it-admin:parallel-ai-crudThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- Quarterly rotation of `PARALLEL_API_KEY` per `docs/operator-runbooks/secret-rotation.md`.
Applies 10 pre-set color/font themes or generates custom ones for slides, documents, reports, and HTML landing pages.
Share bugs, ideas, or general feedback.
PARALLEL_API_KEY per docs/operator-runbooks/secret-rotation.md.PARALLEL_TOKEN_MINTER in macOS keychain. Bootstrap:
# 1. Browser: platform.parallel.ai/settings/api-keys (or equivalent)
# Create new key, name: "parallel-token-minter-YYYY"
# Permission: Admin (to allow this minter to create other keys)
# 2. Terminal:
security add-generic-password -a "$USER" -s PARALLEL_TOKEN_MINTER -w
Note on Parallel.ai's API surface: Parallel.ai's public docs (as of 2026-05-17) focus on the data plane (POST /v1/search, POST /v1/tasks). The admin/key API is documented at https://docs.parallel.ai/api-reference/auth — endpoints likely POST /v1/api-keys and GET /v1/api-keys. The script in scripts/create.ts assumes that shape; if Parallel.ai's API differs, update the script and bump its @cite header. Until verified end-to-end (operator first-run), treat the script as schema-stub.
npx tsx plugins/macos-it-admin/skills/parallel-ai-crud/scripts/create.ts \
--name "knowledge-engineering-$(date +%Y-Q%q)" \
--secret-name PARALLEL_API_KEY \
[--runtime]
Behavior:
PARALLEL_TOKEN_MINTER from keychain.POST https://api.parallel.ai/v1/api-keys with { name: <name> }.key (or value, or api_key — confirm at first run).GET /v1/api-keys.POST https://api.parallel.ai/v1/search { "search_queries": ["test"] } returns 200.curl -sS https://api.parallel.ai/v1/api-keys \
-H "x-api-key: $(security find-generic-password -s PARALLEL_TOKEN_MINTER -w)" \
| jq '.[] | {id, name, created_at, last_used_at}'
(Confirm header name — Parallel.ai uses x-api-key per docs, not Authorization: Bearer. The script wraps this difference.)
Same mint→smoke→delete-old pattern as Cloudflare and Neon.
curl -sS -X DELETE "https://api.parallel.ai/v1/api-keys/<KEY_ID>" \
-H "x-api-key: $(security find-generic-password -s PARALLEL_TOKEN_MINTER -w)"
| ID | Outcome | Verified by |
|---|---|---|
| OIT1-par-1 | Script exists and never logs the response key field | no-leak test |
| OIT1-par-2 | Smoke query in --runtime mode | the script's exit code |
| OIT1-par-3 | First-run operator updates the script if Parallel.ai's actual API differs from the assumed shape | a one-line comment-update commit, cited from confirmed-response shape |
@cite https://docs.parallel.ai/api-reference/auth @cite https://docs.parallel.ai/api-reference/search @cite docs/decisions/2026-05-17-cf-token-mint.md @cite docs/decisions/2026-05-17-secrets-parity.md