Merge pull request #719 from transitive-bullshit/feature/rework-api-keys

pull/721/head
Travis Fischer 2025-07-02 15:41:21 -05:00 zatwierdzone przez GitHub
commit dd49abc20a
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: B5690EEEBB952194
20 zmienionych plików z 168 dodań i 114 usunięć

Wyświetl plik

@ -10,18 +10,20 @@ import {
openapiErrorResponses
} from '@/lib/openapi-utils'
import { consumerTokenParamsSchema, populateConsumerSchema } from './schemas'
import { consumerApiKeyParamsSchema, populateConsumerSchema } from './schemas'
import { setAdminCacheControlForConsumer } from './utils'
const route = createRoute({
description: 'Gets a consumer by API token. This route is admin-only.',
description: 'Gets a consumer by API key. This route is admin-only.',
tags: ['admin', 'consumers'],
operationId: 'adminGetConsumerByToken',
operationId: 'adminGetConsumerByApiKey',
method: 'get',
path: 'admin/consumers/tokens/{token}',
// TODO: is it wise to use a path param for the API key? especially wehn it'll
// be cached in cloudflare's shared cache?
path: 'admin/consumers/api-keys/{apiKey}',
security: openapiAuthenticatedSecuritySchemas,
request: {
params: consumerTokenParamsSchema,
params: consumerApiKeyParamsSchema,
query: populateConsumerSchema
},
responses: {
@ -38,21 +40,21 @@ const route = createRoute({
}
})
export function registerV1AdminGetConsumerByToken(
export function registerV1AdminGetConsumerByApiKey(
app: OpenAPIHono<AuthenticatedHonoEnv>
) {
return app.openapi(route, async (c) => {
const { token } = c.req.valid('param')
const { apiKey } = c.req.valid('param')
const { populate = [] } = c.req.valid('query')
await aclAdmin(c)
const consumer = await db.query.consumers.findFirst({
where: eq(schema.consumers.token, token),
where: eq(schema.consumers.token, apiKey),
with: {
...Object.fromEntries(populate.map((field) => [field, true]))
}
})
assert(consumer, 404, `API token not found "${token}"`)
assert(consumer, 404, `API key not found "${apiKey}"`)
setAdminCacheControlForConsumer(c, consumer)
return c.json(parseZodSchema(schema.consumerAdminSelectSchema, consumer))

Wyświetl plik

@ -4,7 +4,7 @@ import { createRoute, type OpenAPIHono } from '@hono/zod-openapi'
import type { AuthenticatedHonoEnv } from '@/lib/types'
import { db, eq, schema } from '@/db'
import { acl } from '@/lib/acl'
import { createConsumerToken } from '@/lib/create-consumer-token'
import { createConsumerApiKey } from '@/lib/create-consumer-api-key'
import {
openapiAuthenticatedSecuritySchemas,
openapiErrorResponse404,
@ -14,11 +14,11 @@ import {
import { consumerIdParamsSchema } from './schemas'
const route = createRoute({
description: "Refreshes a consumer's API token.",
description: "Refreshes a consumer's API key.",
tags: ['consumers'],
operationId: 'refreshConsumerToken',
operationId: 'refreshConsumerApiKey',
method: 'post',
path: 'consumers/{consumerId}/refresh-token',
path: 'consumers/{consumerId}/refresh-api-key',
security: openapiAuthenticatedSecuritySchemas,
request: {
params: consumerIdParamsSchema
@ -37,7 +37,7 @@ const route = createRoute({
}
})
export function registerV1RefreshConsumerToken(
export function registerV1RefreshConsumerApiKey(
app: OpenAPIHono<AuthenticatedHonoEnv>
) {
return app.openapi(route, async (c) => {
@ -53,7 +53,7 @@ export function registerV1RefreshConsumerToken(
;[consumer] = await db
.update(schema.consumers)
.set({
token: await createConsumerToken()
token: await createConsumerApiKey()
})
.where(eq(schema.consumers.id, consumer.id))
.returning()

Wyświetl plik

@ -17,14 +17,14 @@ export const consumerIdParamsSchema = z.object({
})
})
export const consumerTokenParamsSchema = z.object({
token: z
export const consumerApiKeyParamsSchema = z.object({
apiKey: z
.string()
.nonempty()
.openapi({
param: {
description: 'Consumer token',
name: 'token',
description: 'Consumer API key',
name: 'apiKey',
in: 'path'
}
})

Wyświetl plik

@ -11,7 +11,7 @@ import { registerV1GitHubOAuthInitFlow } from './auth/github-init'
import { registerV1SignInWithPassword } from './auth/sign-in-with-password'
import { registerV1SignUpWithPassword } from './auth/sign-up-with-password'
import { registerV1AdminActivateConsumer } from './consumers/admin-activate-consumer'
import { registerV1AdminGetConsumerByToken } from './consumers/admin-get-consumer-by-token'
import { registerV1AdminGetConsumerByApiKey } from './consumers/admin-get-consumer-by-api-key'
import { registerV1CreateBillingPortalSession } from './consumers/create-billing-portal-session'
import { registerV1CreateConsumer } from './consumers/create-consumer'
import { registerV1CreateConsumerBillingPortalSession } from './consumers/create-consumer-billing-portal-session'
@ -20,7 +20,7 @@ import { registerV1GetConsumer } from './consumers/get-consumer'
import { registerV1GetConsumerByProjectIdentifier } from './consumers/get-consumer-by-project-identifier'
import { registerV1ListConsumers } from './consumers/list-consumers'
import { registerV1ListConsumersForProject } from './consumers/list-project-consumers'
import { registerV1RefreshConsumerToken } from './consumers/refresh-consumer-token'
import { registerV1RefreshConsumerApiKey } from './consumers/refresh-consumer-api-key'
import { registerV1UpdateConsumer } from './consumers/update-consumer'
import { registerV1AdminGetDeploymentByIdentifier } from './deployments/admin-get-deployment-by-identifier'
import { registerV1CreateDeployment } from './deployments/create-deployment'
@ -119,7 +119,7 @@ registerV1CreateConsumer(privateRouter)
registerV1CreateConsumerCheckoutSession(privateRouter)
registerV1CreateConsumerBillingPortalSession(privateRouter)
registerV1UpdateConsumer(privateRouter)
registerV1RefreshConsumerToken(privateRouter)
registerV1RefreshConsumerApiKey(privateRouter)
registerV1ListConsumers(privateRouter)
registerV1ListConsumersForProject(privateRouter)
@ -133,7 +133,7 @@ registerV1ListDeployments(privateRouter)
registerV1PublishDeployment(privateRouter)
// Internal admin routes
registerV1AdminGetConsumerByToken(privateRouter)
registerV1AdminGetConsumerByApiKey(privateRouter)
registerV1AdminActivateConsumer(privateRouter)
registerV1AdminGetDeploymentByIdentifier(privateRouter)

Wyświetl plik

@ -54,7 +54,8 @@ export const consumers = pgTable(
...consumerPrimaryId,
...timestamps,
// API token for this consumer
// API key for this consumer
// (called "token" for backwards compatibility)
token: text().notNull(),
// The slug of the PricingPlan in the target deployment that this consumer

Wyświetl plik

@ -14,7 +14,7 @@ import { acl } from '@/lib/acl'
import { upsertStripeConnectCustomer } from '@/lib/billing/upsert-stripe-connect-customer'
import { upsertStripeCustomer } from '@/lib/billing/upsert-stripe-customer'
import { upsertStripePricingResources } from '@/lib/billing/upsert-stripe-pricing-resources'
import { createConsumerToken } from '@/lib/create-consumer-token'
import { createConsumerApiKey } from '@/lib/create-consumer-api-key'
import { aclPublicProject } from '../acl-public-project'
import { createStripeCheckoutSession } from '../billing/create-stripe-checkout-session'
@ -174,7 +174,7 @@ export async function upsertConsumerStripeCheckout(
userId,
projectId,
deploymentId,
token: await createConsumerToken(),
token: await createConsumerApiKey(),
_stripeCustomerId: stripeCustomer.id
})
.returning()

Wyświetl plik

@ -7,7 +7,7 @@ import { upsertStripeConnectCustomer } from '@/lib/billing/upsert-stripe-connect
import { upsertStripeCustomer } from '@/lib/billing/upsert-stripe-customer'
import { upsertStripePricingResources } from '@/lib/billing/upsert-stripe-pricing-resources'
import { upsertStripeSubscription } from '@/lib/billing/upsert-stripe-subscription'
import { createConsumerToken } from '@/lib/create-consumer-token'
import { createConsumerApiKey } from '@/lib/create-consumer-api-key'
import { aclPublicProject } from '../acl-public-project'
@ -164,7 +164,7 @@ export async function upsertConsumer(
userId,
projectId,
deploymentId,
token: await createConsumerToken(),
token: await createConsumerApiKey(),
_stripeCustomerId: stripeCustomer.id
})
.returning()

Wyświetl plik

@ -0,0 +1,5 @@
import { sha256 } from '@agentic/platform-core'
export async function createConsumerApiKey(): Promise<string> {
return `sk-${sha256()}`
}

Wyświetl plik

@ -1,5 +0,0 @@
import { sha256 } from '@agentic/platform-core'
export async function createConsumerToken(): Promise<string> {
return sha256()
}

Wyświetl plik

@ -1,17 +1,32 @@
import { assert } from '@agentic/platform-core'
import { assert, HttpError } from '@agentic/platform-core'
import type { AdminConsumer, GatewayHonoContext } from './types'
export async function getAdminConsumer(
ctx: GatewayHonoContext,
token: string
apiKey: string
): Promise<AdminConsumer> {
const client = ctx.get('client')
const consumer = await client.adminGetConsumerByToken({
token,
populate: ['user']
})
assert(consumer, 404, `API token not found "${token}"`)
let consumer: AdminConsumer | undefined
try {
consumer = await client.adminGetConsumerByApiKey({
apiKey,
populate: ['user']
})
} catch (err: any) {
if (err.response?.status === 404) {
// Hide the underlying error message from the client
throw new HttpError({
statusCode: 404,
message: `API key not found "${apiKey}"`,
cause: err
})
}
throw err
}
assert(consumer, 404, `API key not found "${apiKey}"`)
return consumer
}

Wyświetl plik

@ -35,11 +35,13 @@ export function ExampleUsage({
projectIdentifier,
project: initialProject,
tool,
apiKey,
initialCodeBlock
}: {
projectIdentifier: string
project?: Project
tool?: string
apiKey?: string
initialCodeBlock?: JSX.Element
}) {
const ctx = useAgentic()
@ -105,6 +107,7 @@ export function ExampleUsage({
<ExampleUsageContent
projectIdentifier={projectIdentifier}
tool={tool}
apiKey={apiKey}
initialCodeBlock={initialCodeBlock}
isLoading={isLoading}
isError={isError}
@ -119,6 +122,7 @@ export function ExampleUsage({
function ExampleUsageContent({
projectIdentifier,
tool,
apiKey,
initialCodeBlock,
isLoading,
isError,
@ -128,6 +132,7 @@ function ExampleUsageContent({
}: {
projectIdentifier: string
tool?: string
apiKey?: string
initialCodeBlock?: JSX.Element
isLoading: boolean
isError: boolean
@ -156,7 +161,8 @@ function ExampleUsageContent({
project,
deployment,
identifier: projectIdentifier,
tool
tool,
apiKey
})
return (

Wyświetl plik

@ -10,12 +10,12 @@ export function PublicProject({ project }: { project: Project }) {
return (
<Link
key={project.id}
className='p-2 border rounded-lg hover:border-gray-400
divide-y divide-gray-200 overflow-hidden bg-white shadow-sm max-w-md flex flex-col gap-2
className='p-3 border rounded-lg hover:border-gray-400
divide-y divide-gray-200 overflow-hidden bg-white shadow-sm max-w-md flex flex-col gap-3
'
href={`/marketplace/projects/${project.identifier}`}
>
<div className='p-2 flex gap-2.5 items-center'>
<div className='pb-3 flex gap-2.5 items-center'>
<img
src={
deployment.iconUrl ||
@ -35,13 +35,15 @@ export function PublicProject({ project }: { project: Project }) {
</div>
</div>
<div className='flex-1 flex flex-col gap-2 justify-between'>
<div className='flex-1 flex flex-col gap-3 justify-between'>
{deployment.description && (
<p className='text-sm text-gray-700'>{deployment.description}</p>
<p className='text-sm text-gray-700 line-clamp-4'>
{deployment.description}
</p>
)}
{project.lastPublishedDeployment && (
<div className='text-xs text-gray-500 flex items-center justify-between'>
<div className='text-xs text-gray-500 flex gap-3 items-center justify-between'>
<div>{deployment.version}</div>
<div>

Wyświetl plik

@ -97,6 +97,7 @@ export type GetCodeForDeveloperConfigOpts = {
deployment: Deployment
identifier: string
tool?: string
apiKey?: string
}
type GetCodeForDeveloperConfigInnerOpts = Simplify<
@ -169,7 +170,8 @@ export function getCodeForTSFrameworkConfig({
config,
identifier,
prompt,
systemPrompt
systemPrompt,
apiKey
}: GetCodeForDeveloperConfigInnerOpts): CodeSnippet {
switch (config.tsFrameworkTarget) {
case 'ai':
@ -180,7 +182,13 @@ import { AgenticToolClient } from '@agentic/platform-tool-client'
import { openai } from '@ai-sdk/openai'
import { generateText } from 'ai'
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}'${
apiKey
? `, {
apiKey: '${apiKey}'
}`
: ''
})
const result = await generateText({
model: openai('gpt-4o-mini'),
@ -201,7 +209,13 @@ import { AgenticToolClient } from '@agentic/platform-tool-client'
import OpenAI from 'openai'
const openai = new OpenAI()
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}'${
apiKey
? `, {
apiKey: '${apiKey}'
}`
: ''
})
// This example uses OpenAI's Chat Completions API
const res = await openai.chat.completions.create({
@ -232,7 +246,13 @@ import { AgenticToolClient } from '@agentic/platform-tool-client'
import OpenAI from 'openai'
const openai = new OpenAI()
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}'${
apiKey
? `, {
apiKey: '${apiKey}'
}`
: ''
})
// This example uses OpenAI's newer Responses API
const res = await openai.responses.create({
@ -265,7 +285,13 @@ import { ChatPromptTemplate } from '@langchain/core/prompts'
import { ChatOpenAI } from '@langchain/openai'
import { AgentExecutor, createToolCallingAgent } from 'langchain/agents'
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}'${
apiKey
? `, {
apiKey: '${apiKey}'
}`
: ''
})
const agent = createToolCallingAgent({
llm: new ChatOpenAI({ model: 'gpt-4o-mini' }),
@ -296,7 +322,13 @@ import { AgenticToolClient } from '@agentic/platform-tool-client'
import { openai } from '@llamaindex/openai'
import { agent } from '@llamaindex/workflow'
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}'${
apiKey
? `, {
apiKey: '${apiKey}'
}`
: ''
})
const exampleAgent = agent({
llm: openai({ model: 'gpt-4o-mini', temperature: 0 }),
@ -320,7 +352,13 @@ import { AgenticToolClient } from '@agentic/platform-tool-client'
import { openai } from '@ai-sdk/openai'
import { Agent } from '@mastra/core/agent'
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}'${
apiKey
? `, {
apiKey: '${apiKey}'
}`
: ''
})
const exampleAgent = new Agent({
name: 'Example Agent',
@ -345,7 +383,13 @@ import { AgenticToolClient } from '@agentic/platform-tool-client'
import { genkit } from 'genkit'
import { gpt4oMini, openAI } from 'genkitx-openai'
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
const searchTool = await AgenticToolClient.fromIdentifier('${identifier}'${
apiKey
? `, {
apiKey: '${apiKey}'
}`
: ''
})
const ai = genkit({
plugins: [openAI()]
@ -360,42 +404,18 @@ const result = await ai.generate({
console.log(result)`.trim(),
lang: 'ts'
}
// case 'xsai':
// return {
// code: `
// import { AgenticToolClient } from '@agentic/platform-tool-client'
// import { createXSAITools } from '@agentic/xsai'
// import { generateText } from 'xsai'
// const searchTool = await AgenticToolClient.fromIdentifier('${identifier}')
// const result = await generateText({
// apiKey: process.env.OPENAI_API_KEY!,
// baseURL: 'https://api.openai.com/v1/',
// model: 'gpt-4o-mini',
// tools: await createXSAITools(searchTool),
// toolChoice: 'required',
// messages: [
// {
// role: 'user',
// content: '${prompt}'
// }
// ]
// })
// console.log(JSON.stringify(result, null, 2))`.trim(),
// lang: 'ts'
// }
}
}
export function getCodeForPythonFrameworkConfig({
config,
identifier,
prompt
prompt,
apiKey
}: GetCodeForDeveloperConfigInnerOpts): CodeSnippet {
const mcpUrl = `${gatewayBaseUrl}/${identifier}/mcp`
const mcpUrl = `${gatewayBaseUrl}/${identifier}/mcp${
apiKey ? `?apiKey=${apiKey}` : ''
}`
switch (config.pyFrameworkTarget) {
case 'openai':
@ -479,7 +499,8 @@ export function getCodeForHTTPConfig({
identifier,
deployment,
tool,
args
args,
apiKey
}: GetCodeForDeveloperConfigInnerOpts): CodeSnippet {
tool ??= deployment.tools[0]?.name
assert(tool, 'tool is required')
@ -493,7 +514,9 @@ export function getCodeForHTTPConfig({
// TODO: better formatting for the curl command
return {
code: `curl -X POST -H "Content-Type: application/json" -d '${formattedArgs}' ${url}`,
code: `curl -X POST -H "Content-Type: application/json"${
apiKey ? ` -H "Authorization: Bearer ${apiKey}"` : ''
} -d '${formattedArgs}' ${url}`,
lang: 'bash'
}
}
@ -504,7 +527,9 @@ export function getCodeForHTTPConfig({
.join(' ')
return {
code: `http ${url} ${formattedArgs}`,
code: `http ${url}${apiKey ? ` Authorization:"Bearer ${apiKey}"` : ''}${
formattedArgs ? ` ${formattedArgs}` : ''
}`,
lang: 'bash'
}
}

Wyświetl plik

@ -122,10 +122,9 @@ export class ArXivClient extends AIFunctionsProvider {
apiBaseUrl = arxiv.API_BASE_URL,
ky = defaultKy
}: {
apiKey?: string
apiBaseUrl?: string
ky?: KyInstance
}) {
} = {}) {
super()
this.apiBaseUrl = apiBaseUrl

Wyświetl plik

@ -55,7 +55,8 @@ export class OpenMeteoClient extends AIFunctionsProvider {
}
/**
* Gets the 7-day weather variables in hourly and daily resolution for given WGS84 latitude and longitude coordinates. Available worldwide.
* Gets the 7-day weather variables in hourly and daily resolution for given
* WGS84 latitude and longitude coordinates. Available worldwide.
*/
@aiFunction({
name: 'open_meteo_get_forecast',

Wyświetl plik

@ -347,7 +347,7 @@ export class RedditClient extends AIFunctionsProvider {
* @see https://old.reddit.com/dev/api/#GET_hot
*/
@aiFunction({
name: 'reddit_get_subreddit_posts',
name: 'get_subreddit_posts',
description: 'Fetches posts from a subreddit.',
inputSchema: z.object({
subreddit: z.string().describe('The subreddit to fetch posts from.'),

Wyświetl plik

@ -146,7 +146,7 @@ export class TavilyClient extends AIFunctionsProvider {
* Searches the web for pages relevant to the given query and summarizes the results.
*/
@aiFunction({
name: 'tavily_web_search',
name: 'search',
description:
'Searches the web to find the most relevant pages for a given query and summarizes the results. Very useful for finding up-to-date news and information about any topic.',
inputSchema: z.object({

Wyświetl plik

@ -695,13 +695,13 @@ export class AgenticApiClient {
.json()
}
/** Refreshes a consumer's API token. */
async refreshConsumerToken({
/** Refreshes a consumer's API key. */
async refreshConsumerApiKey({
consumerId,
...searchParams
}: OperationParameters<'refreshConsumerToken'>): Promise<Consumer> {
}: OperationParameters<'refreshConsumerApiKey'>): Promise<Consumer> {
return this.ky
.post(`v1/consumers/${consumerId}/refresh-token`, { searchParams })
.post(`v1/consumers/${consumerId}/refresh-api-key`, { searchParams })
.json()
}
@ -849,22 +849,22 @@ export class AgenticApiClient {
}
/**
* Gets a consumer by API token. This method is admin-only.
* Gets a consumer by API key. This method is admin-only.
*
* @internal
*/
async adminGetConsumerByToken<
async adminGetConsumerByApiKey<
TPopulate extends NonNullable<
OperationParameters<'adminGetConsumerByToken'>['populate']
OperationParameters<'adminGetConsumerByApiKey'>['populate']
>[number]
>({
token,
apiKey,
...searchParams
}: OperationParameters<'adminGetConsumerByToken'> & {
}: OperationParameters<'adminGetConsumerByApiKey'> & {
populate?: TPopulate[]
}): Promise<PopulateConsumer<TPopulate, AdminConsumer>> {
return this.ky
.get(`v1/admin/consumers/tokens/${token}`, {
.get(`v1/admin/consumers/api-keys/${apiKey}`, {
searchParams: sanitizeSearchParams(searchParams)
})
.json()
@ -872,7 +872,7 @@ export class AgenticApiClient {
/**
* Activates a consumer signifying that at least one API call has been made
* using the consumer's API token. This method is idempotent and admin-only.
* using the consumer's API key. This method is idempotent and admin-only.
*
* @internal
*/

Wyświetl plik

@ -421,7 +421,7 @@ export interface paths {
patch?: never;
trace?: never;
};
"/v1/consumers/{consumerId}/refresh-token": {
"/v1/consumers/{consumerId}/refresh-api-key": {
parameters: {
query?: never;
header?: never;
@ -430,8 +430,8 @@ export interface paths {
};
get?: never;
put?: never;
/** @description Refreshes a consumer's API token. */
post: operations["refreshConsumerToken"];
/** @description Refreshes a consumer's API key. */
post: operations["refreshConsumerApiKey"];
delete?: never;
options?: never;
head?: never;
@ -525,15 +525,15 @@ export interface paths {
patch?: never;
trace?: never;
};
"/v1/admin/consumers/tokens/{token}": {
"/v1/admin/consumers/api-keys/{apiKey}": {
parameters: {
query?: never;
header?: never;
path?: never;
cookie?: never;
};
/** @description Gets a consumer by API token. This route is admin-only. */
get: operations["adminGetConsumerByToken"];
/** @description Gets a consumer by API key. This route is admin-only. */
get: operations["adminGetConsumerByApiKey"];
put?: never;
post?: never;
delete?: never;
@ -2275,7 +2275,7 @@ export interface operations {
410: components["responses"]["410"];
};
};
refreshConsumerToken: {
refreshConsumerApiKey: {
parameters: {
query?: never;
header?: never;
@ -2584,15 +2584,15 @@ export interface operations {
404: components["responses"]["404"];
};
};
adminGetConsumerByToken: {
adminGetConsumerByApiKey: {
parameters: {
query?: {
populate?: ("user" | "project" | "deployment") | ("user" | "project" | "deployment")[];
};
header?: never;
path: {
/** @description Consumer token */
token: string;
/** @description Consumer API key */
apiKey: string;
};
cookie?: never;
};

Wyświetl plik

@ -38,7 +38,8 @@
- add disclaimer about public beta
- add search / sorting
- add admin-based tags for main page layout (featured, etc)
- replace render for api and/or add turbo for caching
- replace render for api and/or add turbo for caching (too slow to deploy)
- public-project limit `description` to max 5 lines and show ellipsis
## TODO: Post-MVP
@ -135,3 +136,5 @@
- basic account page on website
- edit name, profile photo, etc
- **public project detail page metadata**
- fix readme css <img height="..."> not taking effect because of tailwind css preflight which sets `img, video { height: auto }`
- we still want this for every other scenario; just want to sandbox the github-style readme markdown css...