Fuz is a Svelte UI library that builds on my CSS framework Moss. It's in early alpha and there will be many breaking changes. I'm making it to support Zzz and my other projects that focus on end-users, so it'll continue to grow slowly as I find the time and usecases.

The goal is to make a fully-featured Svelte UI library, but it'll take extra time to get there. That lets us prioritize patterns like APIs above features, making it an interesting project for learning and experimentation. If you're interested in using Fuz, helping out, or just following along, see contributing.md.

These docs are a work in progress - for an overview see the readme.

Fuz bases its theme support on my CSS framework Moss, which is based on CSS custom properties. For more see Themed.

Fuz supports SvelteKit's config for Content Security Policies with the create_csp_directives helper. Fuz also provides related helpers, types, and CSP data.

The goal is to provide a simple trust modeling system that balances safety+security+privacy with ergonomics in the hopes of finding a better global maximum, helping users maintain secure policies without unhelpful burden or restriction.

Auditability and transparency are key concerns for the API, but we trade away some of this for ergonomics, with the idea that we make it easy for users to safely configure basic scenarios, and advanced users can opt into using the API with full declarative transparency (and more verbosity and information load).

Fuz defines three levels of trust/risk/sensitivity (low/medium/high, Csp_Trust_Level) that can be configured for each trusted source to give blanket permissions at a specified tier, and then granular overrides are straightforward and declarative.

I'm trying to design for clear, intuitive boundaries with escalating security and privacy implications. Fuz includes a debatable set of defaults, and input is appreciated to help tune the tradeoffs.

import {create_csp_directives, type Csp_Source_Spec} from '@ryanatkn/fuz/csp.js';

export const my_csp_trusted_sources: Array<Csp_Source_Spec> = [
	{source: 'https://*.me.com/', trust: 'high'},
	{source: 'https://*.my.domain/', trust: 'medium'}, // no scripting allowed
	{source: 'https://me.github.io/', trust: 'low', directives: ['script-src-elem']}, // low but allow script
];

const csp = create_csp_directives({
  trusted_sources: my_csp_trusted_sources,
});

// Or get the default with no trusted sources except 'self':
const csp = create_csp_directives();

// You can also override or transform directives:
const custom_csp = create_csp_directives({
  trusted_sources: my_csp_trusted_sources,
  directives: {
    // Add additional domains to existing values:
    'img-src': (v) => [...v, 'trusted.domain'], // extend trusted sources

     // Or completely replace values:
    'connect-src': ['self', 'trusted.domain'], // no base trusted sources!
    'connect-src': () => ['self', 'trusted.domain'], // equivalent

    // Example opt-in to eval:
    'script-src-elem': (v) => [...v, 'unsafe-eval', 'wasm-unsafe-eval'], // alert alert
  },
});

Trust

Fuz's CSP abstraction provides three trust levels (Csp_Trust_Level) with escalating risk.

• null - No trust. This is used for directives that don't support sources.
• 'low' - Passive resources only - no script execution, no styling or UI control
• 'medium' - Content that may affect layout, styling, or embed external browsing contexts, but cannot directly run code in the page's JS execution environment or perform other high-risk actions
• 'high' - Sources that can execute code in the page's context

Default directive trust levels

Directive specs

Fuz includes a number of logos available as data that can be mounted with the Svg component. Only the ones you use are included in your bundle.

• <Svg data={zzz_logo} />

• <Svg data={moss_logo} />

• <Svg data={belt_logo} />

• <Svg data={gro_logo} />

• <Svg data={fuz_logo} />

• <Svg data={webdevladder_logo} />

• <Svg data={fuz_blog_logo} />

• <Svg data={fuz_mastodon_logo} />

• <Svg data={fuz_code_logo} />

• <Svg data={fuz_gitops_logo} />

• <Svg data={fuz_template_logo} />

• <Svg data={earbetter_logo} />

• <Svg data={spiderspace_logo} />

• <Svg data={github_logo} />

• <Svg data={mdn_logo} />

• <Svg data={chatgpt_logo} />

• <Svg data={claude_logo} />

• <Svg data={gemini_logo} />

• <Svg data={ollama_logo} />

import Alert from '@ryanatkn/fuz/Alert.svelte';

<Alert>info</Alert>

icon can be a string prop or snippet:

<Alert icon="▷">
	icon as a string prop
</Alert>

<Alert>
	{#snippet icon(t)}{t}◡{t}{/snippet}
	icon as a snippet
</Alert>

Alerts can be buttons by including an onclick prop. This API may change because it's a bit of a mess - a separate Alert_Button may be better.

<Alert onclick={() => clicks++}>
	alerts can be buttons{'.'.repeat(clicks)}
</Alert>

clicks: 0

The status prop, which defaults to 'inform', changes the default icon and color.

// @ryanatkn/fuz/alert.js
export type Alert_Status = 'inform' | 'help' | 'error';

<Alert status="error">
	the computer is mistaken
</Alert>

<Alert status="help">
	here's how to fix it
</Alert>

<Alert status="help" color="var(--color_d_5)">
	the <code>color</code> prop overrides the status color
</Alert>

import Breadcrumb from '@ryanatkn/fuz/Breadcrumb.svelte';

<Breadcrumb />

<Breadcrumb>🏠</Breadcrumb>

<Breadcrumb>
	{#snippet separator()}.{/snippet}
</Breadcrumb>

<Breadcrumb
	path="/a/b/c/d"
	selected_path="/a/b"
	base_path="{base}/docs/breadcrumb"	
>
	<span class="size_xl">🔡</span>
	{#snippet separator()}.{/snippet}
</Breadcrumb>

import Card from '@ryanatkn/fuz/Card.svelte';

<Card>
  just<br />
  a card
</Card>

<Card>
  custom<br />
  icon
  {#snippet icon()}📖{/snippet}
</Card>

<Card href="/">
  a<br />
  link
</Card>

<Card href="/docs/card">
  href is<br />
  selected
</Card>

<Card tag="button">
  custom<br />
  tag
</Card>

<Card align="right">
  align<br />
  icon right
</Card>

<Card align="above">
  align<br />
  icon above
</Card>

<Card align="below">
  align<br />
  icon below
</Card>

The Contextmenu overrides the system contextmenu to provide capabilities specific to your app. The motivation docs explain why Fuz breaks web platform expectations.

On touch devices, we detect tap-and-hold (aka longpress) instead of simply overriding the web's contextmenu event because iOS does not support this web standard as of July 2023 as described in this WebKit bug report. The Fuz implementation therefore has hacks that may cause corner case bugs on various devices and browsers, and it breaks navigator.vibrate on all mobile browsers that I've tested because it triggers the gesture on a timeout, not a user action.

When you rightclick or longpress inside a Contextmenu_Root, it searches for behaviors defined with Contextmenu starting from the target element up to the root. If any behaviors are found, the Fuz contextmenu opens, with the caveats below. The contextmenu displays the available behaviors which you can then activate. If no behaviors are found, the system contextmenu opens.

Devices with a mouse

• rightclick opens the Fuz contextmenu and not the system contextmenu except on input/textarea/contenteditable
• rightclick on the Fuz contextmenu opens the system contextmenu
• rightclick while holding Shift opens the system contextmenu
• keyboard navigation and activation should work similarly to the W3C APG menubar pattern

Touch devices

• longpress opens the Fuz contextmenu and not the system contextmenu
• longpress on the Fuz contextmenu (two longpresses) opens the system contextmenu
• double-tap-and-hold (aka tap-then-longpress) opens the system contextmenu or performs other default behavior like selecting text - does not work for cases where the first tap performs some action on an element, like links - use two longpresses for those cases (this may need more design work, possibly adding a different gesture or a contextmenu entry for touch devices that triggers the system conextmenu on the next longpress)
• a longpress is canceled if you move the touch past a threshold before it triggers
• the contextmenu closes if you move past a threshold without lifting the longpress touch that opened it
• gives haptic feedback on open with navigator.vibrate (currently broken, may remain so due to the iOS longpress workaround)

Fuz takes two things very seriously, in no particular order:

1. giving users a powerful and customizable UX
2. aligning with the web platform and not breaking its standard behaviors

For #1, Fuz includes a custom contextmenu. Like Google Docs, when you right-click or tap-and-hold (aka longpress) on an element inside Fuz's Contextmenu, you'll see app-specific options and actions for your current context.

This is a powerful UX pattern, but it violates #2. The Fuz contextmenu breaks the normal browser behavior of showing the system contextmenu and device-specific behaviors like selecting text on a longpress.

Balancing these two concerns is going to be an ongoing challenge, and my current belief is that the contextmenu is too useful and powerful to ignore. I'm open to critical feedback, and I'll do what I can to minimize the harmful effects of choices like this.

Mitigations:

• The Fuz contextmenu does not open on elements that allow clipboard pasting like inputs, textareas, and contenteditables.
• To bypass the Fuz contextmenu on a device with a keyboard, hold the Shift key.
• To bypass the Fuz contextmenu on a touch device, like to select text, tap one extra time before your longpress. This means double-tap-and-hold should behave the same as tap-and-hold on standard web pages.
• Triggering the contextmenu inside of the Fuz contextmenu shows your system contextmenu. This means you can either double-right-click or longpress twice to access your system contextmenu as an alternative to holding Shift or double-tap-and-hold, However a caveat is that the target of your action will be some element inside the Fuz contextmenu, so to select text or access a link's system contextmenu on a touch device, you must use double-tap-and-hold. When you open the Fuz contextmenu on a link, you'll see the link again in the menu under your pointer by default, so to access your system's functionality on links, tap-and-hold twice.

The Details component is an alternative to the details element. By default it's lazy, and you can pass eager to render the children immediately like the base element.

Benefits of lazy children:

• children are transitioned in/out with an animation (TODO this may be doable with eager children, if so it would probably be the better default, and then the prop should be swapped to lazy)
• improved performance, can significantly improve UX in some cases

Tradeoffs:

• ctrl+f does not work to find text and auto-open the details
• you may desire some behavior caused by mounting the children

<Details>
  {#snippet summary()}summary content{/snippet}
  lazy children content
</Details>

<Details eager>
  {#snippet summary()}summary content{/snippet}
  eager children content
</Details>

<details>
  <summary>a summary element instead of a snippet</summary>
  the plain details
</details>

A modal that overlays the entire page. Uses Teleport to allow usage from any component without inheriting styles.

<button onclick={() => (opened = true)}>
	open a dialog
</button>
{#if opened}
	<Dialog onclose={() => (opened = false)}>
		{#snippet children(close)}
			<div class="box">
				<div class="pane p_xl box">
					<h1>attention</h1>
					<p>this is a dialog</p>
					<button onclick={close}>ok</button>
				</div>
			</div>
		{/snippet}
	</Dialog>
{/if}

import Hue_Input from '@ryanatkn/fuz/Hue_Input.svelte';

<Hue_Input bind:value />

<Hue_Input
	oninput={(v) => (value_from_oninput = v)}
/>

<Hue_Input>
	Some colorful hue input
</Hue_Input>

This is a component related to Gro's public packages features.

import Package_Detail from '@ryanatkn/fuz/Package_Detail.svelte';

<Package_Detail {pkg} />

This is a component related to Gro's public packages features.

import Package_Summary from '@ryanatkn/fuz/Package_Summary.svelte';

<Package_Summary {pkg} />

import Pending_Animation from '@ryanatkn/fuz/Pending_Animation.svelte';

<Pending_Animation />

The default animation has text children, so they scale with font-size.

Set size with custom properties:

<Pending_Animation --size="var(--size_xl5)" />

Set size with classes:

<Pending_Animation attrs={{class: 'size_xl3'}} />

Size is inherited by default:

<div class="size_xl4"><Pending_Animation /></div>

<Pending_Animation inline />

with inline={true} •••

<Pending_Animation --size="var(--size_xl6)">
	{🐢}
</Pending_Animation>

with children 🐢🐢🐢 * 2

<Pending_Animation>
	{#snippet children(index)}
		<div class="box">
			{🐸}
			{index}
			<span class="size_xl5">
				{⏳}
			</span>}
		</div>
	{/snippet}
</Pending_Animation>

with running={true}

and children

<Pending_Animation --animation_duration="var(--duration_6)" --size="var(--size_xl4)" />

Preserves a button's normal width while animating.

import Pending_Button from '@ryanatkn/fuz/Pending_Button.svelte';

toggle the pending status of the buttons below

<Pending_Button
	pending={false}
	onclick={() => (pending_1 = !pending_1)}
>
	do something async
</Pending_Button>

do something async

<Pending_Button
	pending={true}
	onclick={() => (pending_2 = !pending_2)}
>
	do another
</Pending_Button>

Adds a redirect for a page using a meta tag with the refresh header. Includes a rendered link and JS navigation fallback.

import Redirect from '@ryanatkn/fuz/Redirect.svelte';

<Redirect auto={false} />

redirect to /docs

<Redirect
	host="https://www.felt.dev"
	path="/docs"
	let:url
	auto={false}
>
	the redirect url is {url}
</Redirect>

import Svg from '@ryanatkn/fuz/Svg.svelte';

<Svg data={fuz_logo} />

Fills available space by default:

Set size: (see the Moss typography docs)

<Svg data={fuz_logo} size="var(--icon_size_xl)" />

<Svg data={fuz_logo} size="var(--icon_size_sm)" />

Set --size on the component or a parent:

<span style:--size="var(--icon_size_xl)"><Svg data={fuz_logo} /></span>

Set fill: (see the Moss colors docs)

<Svg data={fuz_logo} fill="var(--color_d_5)" />

<Svg data={fuz_logo} fill="var(--color_b_5)" />

Set --text_color on the component or a parent, for svgs that have no default fill:

<span style:--text_color="var(--color_i_5)"><Svg data={github_logo} /></span>

Relocates elements in the DOM, in the rare cases that's useful and the best solution. The Dialog uses this to mount dialogs from any component without inheriting styles.

import Teleport from '@ryanatkn/fuz/Teleport.svelte';

<Teleport to={swap ? teleport_1 : teleport_2}>
	🐰
</Teleport>
<div class="teleports">
	<div class="panel" bind:this={teleport_1} />
	<div class="panel" bind:this={teleport_2} />
</div>
<button onclick={() => (swap = !swap)}>
	teleport the bunny
</button>

Themed defaults to automatic color-scheme detection with prefers-color-scheme, and users can also set it directly:

import Color_Scheme_Input from '@ryanatkn/fuz/Color_Scheme_Input.svelte';

<Color_Scheme_Input />

Pass props to override the default:

<Color_Scheme_Input
	value={{color_scheme: 'auto'}}
	onchange={...}
/>

The builtin themes support both dark and light color schemes. Custom themes may support one or both color schemes.

A theme is a simple JSON collection of Moss style variables that can be transformed into CSS that set custom properties. Each variable can have values for light and/or dark color schemes. In other words, "dark" isn't a theme, it's a mode that any theme can implement.

Themes are plain CSS that can be sourced in a variety of ways.

To use Fuz's base theme:

<!-- +layout.svelte -->
<script>
	import '@ryanatkn/moss/style.css';
	import '@ryanatkn/moss/theme.css';
	import Themed from '@ryanatkn/fuz/Themed.svelte';
	import type {Snippet} from 'svelte';

	interface Props {
		children: Snippet;
	}
	
	const {children}: Props = $props();
</script>

<!-- enable theme and color-scheme support -->
<Themed>
	{@render children()}
</Themed>

Themed can be customized with the the nonreactive prop themer:

import {Themer} from '@ryanatkn/fuz/themer.svelte.js';
const themer = new Themer(...);

<Themed {themer}>
	{@render children()}
</Themed>

Themed sets the themer in the Svelte context:

// get values from the Svelte context provided by
// the nearest `Themed` ancestor:
import {themer_context} from '@ryanatkn/fuz/themer.svelte.js';
const themer = themer_context.get();
themer.theme.name; // 'base'
themer.color_scheme; // 'auto'

For a more complete example, see fuz_template.

Themed initializes the system's theme support. Without it, the page will not reflect the user's system color-scheme. By default, Themed applies the base theme to the root of the page via create_theme_setup_script. It uses JS to add the .dark CSS class to the :root element.

This strategy enables color scheme and theme support with minimal CSS and optimal performance for most use cases. The system supports plain CSS usage that can be static or dynamic, or imported at buildtime or runtime. It also allows runtime access to the underlying data like the style variables if you want to pay the performance costs. Scoped theming to one part of the page is planned.

The theme setup script interacts with sync_color_scheme to save the user's preference to localStorage. See also Color_Scheme_Input.

The setup script avoids flash-on-load due to color scheme, but currently themes flash in after loading. We'll try to fix this when the system stabilizes.