Arize Annotation

Name: Arize Annotation
Author: arize-ai

arize-ai/arize-skills

Fix Arize `ax` CLI profile and API-key authentication so annotation and observability workflows can connect without leaking secrets in commands.

Overview

arize-annotation is an agent skill for the Operate phase that troubleshoots and configures Arize `ax` CLI profiles and API-key auth for observability and annotation workflows.

Install

npx skills add https://github.com/arize-ai/arize-skills --skill arize-annotation

What is this skill?

Consult only when authentication fails (401, missing profile, missing API key)—not proactive checks
`ax profiles show` inspection flow for missing key, wrong region, or no profiles
`ax profiles update` patches only broken fields; preserves other settings
Never pass raw API keys on CLI flags—use `ARIZE_API_KEY` environment variable
Region correction example: `--region us-east-1b` without secret flags
Three-step flow: inspect with `ax profiles show`, patch with `ax profiles update`, create profile if none exists

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 778 installs on skills.sh; 31 GitHub stars; 3/3 security scanners passed (skills.sh audits).

What problem does it solve?

Your Arize AX commands fail with 401s, missing profiles, or wrong region because API keys and profile settings were never set correctly.

Who is it for?

Indie teams already on Arize who hit auth errors while setting up traces, evals, or annotation jobs from the terminal.

Skip if: Builders not using Arize, or greenfield projects that still need application instrumentation before any profile exists.

When should I use this skill?

Authentication fails for Arize AX (401, missing profile, missing API key) or profile has wrong API key/region—do not run proactively.

What do I get? / Deliverables

You get a verified `ax` profile with API key and region fixed via env-based key updates so annotation and monitoring commands can authenticate.

Diagnosis from `ax profiles show` output
Corrected or newly created `ax` profile with region and API key via env reference

Recommended Skills

Microsoft Foundrymicrosoft/azure-skills

Microsoft Foundry skill guides agents through the full Azure AI Foundry lifecycle—containerizing agents, pushing to ACR,…377k installs·1.2k stars

Azure Aimicrosoft/azure-skills

azure-ai is a Prism-oriented quick reference for Microsoft Azure AI work, with the published body centered on the Azure …375k installs·1.2k stars

Azure Hosted Copilot Sdkmicrosoft/azure-skills

Azure Hosted Copilot SDK is Microsoft's entry skill for repos using @github/copilot-sdk—it detects CopilotClient usage, …346k installs·1.2k stars

Lark Eventlarksuite/cli

Lark real-time subscription skill via lark-cli event consume for building bots and streaming webhook-style agent workers…208k installs·13.7k stars

Running Claude Code Via Litellm Copilotxixu-me/skills

Running Claude Code via LiteLLM Copilot walks through pointing Claude Code at a local LiteLLM proxy that forwards Anthro…200k installs·61 stars

Setup Matt Pocock Skillsmattpocock/skills

One-time per-repo setup so Matt Pocock engineering skills share correct issue tracker, triage strings, and domain docume…180k installs·121k stars

Journey fit

Primary fit

OperateMonitoring & observability

Profile and auth setup for Arize is operational glue once LLM apps run in production and need tracing, evaluation, or annotation in Arize. monitoring matches Arize’s observability/annotation platform role even though the bundled steps focus on `ax profiles` troubleshooting.

Also useful

ShipCI/CD & deploy

How it compares

Operational CLI auth fix for Arize—not a general-purpose LLM evaluation methodology skill.

Common Questions / FAQ

Who is arize-annotation for?

Solo developers and small ML/LLM teams using Arize who need secure `ax` profile setup when authentication breaks.

When should I use arize-annotation?

During Operate monitoring setup when `ax` returns 401, reports no profiles, missing API keys, or incorrect region—not for routine daily deploys.

Is arize-annotation safe to install?

It instructs shell use and secret handling via `ARIZE_API_KEY`; review the Security Audits panel on this Prism page and never commit keys to the repo.

SKILL.md

READMESKILL.md - Arize Annotation

# ax Profile Setup

Consult this when authentication fails (401, missing profile, missing API key). Do NOT run these checks proactively.

Use this when there is no profile, or a profile has incorrect settings (wrong API key, wrong region, etc.).

## 1. Inspect the current state

```bash
ax profiles show
```

Look at the output to understand what's configured:
- `API Key: (not set)` or missing → key needs to be created/updated
- No profile output or "No profiles found" → no profile exists yet
- Connected but getting `401 Unauthorized` → key is wrong or expired
- Connected but wrong endpoint/region → region needs to be updated

## 2. Fix a misconfigured profile

If a profile exists but one or more settings are wrong, patch only what's broken.

**Never pass a raw API key value as a flag.** Always reference it via the `ARIZE_API_KEY` environment variable. If the variable is not already set in the shell, instruct the user to set it first, then run the command:

```bash
# If ARIZE_API_KEY is already exported in the shell:
ax profiles update --api-key $ARIZE_API_KEY

# Fix the region (no secret involved — safe to run directly)
ax profiles update --region us-east-1b

# Fix both at once
ax profiles update --api-key $ARIZE_API_KEY --region us-east-1b
```

`update` only changes the fields you specify — all other settings are preserved. If no profile name is given, the active profile is updated.

## 3. Create a new profile

If no profile exists, or if the existing profile needs to point to a completely different setup (different org, different region):

**Always reference the key via `$ARIZE_API_KEY`, never inline a raw value.**

```bash
# Requires ARIZE_API_KEY to be exported in the shell first
ax profiles create --api-key $ARIZE_API_KEY

# Create with a region
ax profiles create --api-key $ARIZE_API_KEY --region us-east-1b

# Create a named profile
ax profiles create work --api-key $ARIZE_API_KEY --region us-east-1b
```

To use a named profile with any `ax` command, add `-p NAME`:
```bash
ax spans export PROJECT -p work
```

## 4. Getting the API key

**Never ask the user to paste their API key into the chat. Never log, echo, or display an API key value.**

If `ARIZE_API_KEY` is not already set, instruct the user to export it in their shell:

```bash
export ARIZE_API_KEY="..."   # user pastes their key here in their own terminal
```

They can find their key at https://app.arize.com/admin > API Keys. Recommend they create a **scoped service key** (not a personal user key) — service keys are not tied to an individual account and are safer for programmatic use. Keys are space-scoped — make sure they copy the key for the correct space.

Once the user confirms the variable is set, proceed with `ax profiles create --api-key $ARIZE_API_KEY` or `ax profiles update --api-key $ARIZE_API_KEY` as described above.

## 5. Verify

After any create or update:

```bash
ax profiles show
```

Confirm the API key and region are correct, then retry the original command.

## Space

There is no profile flag for space. Save it as an environment variable — accepts a space **name** (e.g., `my-workspace`) or a base64 space **ID** (e.g., `U3BhY2U6...`). Find yours with `ax spaces list -o json`.

**macOS/Linux** — add to `~/.zshrc` or `~/.bashrc`:
```bash
export ARIZE_SPACE="my-workspace"    # name or base64 ID
```
Then `source ~/.zshrc` (or restart terminal).

**Windows (PowerShell):**
```powershell
[System.Environment]::SetEnvironmentVariable('ARIZE_SPACE', 'my-workspace', 'User')
```
Restart terminal for it to take effect.

## Save Credentials for Future Use

At the **end of the session**, if the user manually provided any credentials during this conversation **and** those values were NOT already loaded from a saved profile or environment variable, offer to save them.

**Skip this entirely if:**
- The API key was already loaded from an existing profile or `ARIZE_API_KEY` env var
- The space was already set via `ARIZE_SPACE` env var
- The user only used base64 pr

What is this skill?

Consult only when authentication fails (401, missing profile, missing API key)—not proactive checks

`ax profiles show` inspection flow for missing key, wrong region, or no profiles

`ax profiles update` patches only broken fields; preserves other settings

Never pass raw API keys on CLI flags—use `ARIZE_API_KEY` environment variable

Region correction example: `--region us-east-1b` without secret flags

Three-step flow: inspect with `ax profiles show`, patch with `ax profiles update`, create profile if none exists

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Adoption & trust: 778 installs on skills.sh; 31 GitHub stars; 3/3 security scanners passed (skills.sh audits).

Journey fit

Primary fit

OperateMonitoring & observability

Also useful

ShipCI/CD & deploy

SKILL.md

READMESKILL.md - Arize Annotation

# ax Profile Setup

Consult this when authentication fails (401, missing profile, missing API key). Do NOT run these checks proactively.

Use this when there is no profile, or a profile has incorrect settings (wrong API key, wrong region, etc.).

## 1. Inspect the current state

```bash
ax profiles show
```

Look at the output to understand what's configured:
- `API Key: (not set)` or missing → key needs to be created/updated
- No profile output or "No profiles found" → no profile exists yet
- Connected but getting `401 Unauthorized` → key is wrong or expired
- Connected but wrong endpoint/region → region needs to be updated

## 2. Fix a misconfigured profile

If a profile exists but one or more settings are wrong, patch only what's broken.

**Never pass a raw API key value as a flag.** Always reference it via the `ARIZE_API_KEY` environment variable. If the variable is not already set in the shell, instruct the user to set it first, then run the command:

```bash
# If ARIZE_API_KEY is already exported in the shell:
ax profiles update --api-key $ARIZE_API_KEY

# Fix the region (no secret involved — safe to run directly)
ax profiles update --region us-east-1b

# Fix both at once
ax profiles update --api-key $ARIZE_API_KEY --region us-east-1b
```

`update` only changes the fields you specify — all other settings are preserved. If no profile name is given, the active profile is updated.

## 3. Create a new profile

If no profile exists, or if the existing profile needs to point to a completely different setup (different org, different region):

**Always reference the key via `$ARIZE_API_KEY`, never inline a raw value.**

```bash
# Requires ARIZE_API_KEY to be exported in the shell first
ax profiles create --api-key $ARIZE_API_KEY

# Create with a region
ax profiles create --api-key $ARIZE_API_KEY --region us-east-1b

# Create a named profile
ax profiles create work --api-key $ARIZE_API_KEY --region us-east-1b
```

To use a named profile with any `ax` command, add `-p NAME`:
```bash
ax spans export PROJECT -p work
```

## 4. Getting the API key

**Never ask the user to paste their API key into the chat. Never log, echo, or display an API key value.**

If `ARIZE_API_KEY` is not already set, instruct the user to export it in their shell:

```bash
export ARIZE_API_KEY="..."   # user pastes their key here in their own terminal
```

They can find their key at https://app.arize.com/admin > API Keys. Recommend they create a **scoped service key** (not a personal user key) — service keys are not tied to an individual account and are safer for programmatic use. Keys are space-scoped — make sure they copy the key for the correct space.

Once the user confirms the variable is set, proceed with `ax profiles create --api-key $ARIZE_API_KEY` or `ax profiles update --api-key $ARIZE_API_KEY` as described above.

## 5. Verify

After any create or update:

```bash
ax profiles show
```

Confirm the API key and region are correct, then retry the original command.

## Space

There is no profile flag for space. Save it as an environment variable — accepts a space **name** (e.g., `my-workspace`) or a base64 space **ID** (e.g., `U3BhY2U6...`). Find yours with `ax spaces list -o json`.

**macOS/Linux** — add to `~/.zshrc` or `~/.bashrc`:
```bash
export ARIZE_SPACE="my-workspace"    # name or base64 ID
```
Then `source ~/.zshrc` (or restart terminal).

**Windows (PowerShell):**
```powershell
[System.Environment]::SetEnvironmentVariable('ARIZE_SPACE', 'my-workspace', 'User')
```
Restart terminal for it to take effect.

## Save Credentials for Future Use

At the **end of the session**, if the user manually provided any credentials during this conversation **and** those values were NOT already loaded from a saved profile or environment variable, offer to save them.

**Skip this entirely if:**
- The API key was already loaded from an existing profile or `ARIZE_API_KEY` env var
- The space was already set via `ARIZE_SPACE` env var
- The user only used base64 pr

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is arize-annotation for?

When should I use arize-annotation?

Is arize-annotation safe to install?

SKILL.md

This week for builders

Overview

Install

What is this skill?

What problem does it solve?

Who is it for?

When should I use this skill?

What do I get? / Deliverables

Recommended Skills

Journey fit

Who is arize-annotation for?

When should I use arize-annotation?

Is arize-annotation safe to install?

SKILL.md