Step 6 of 10

Phase 5 — Embed the UI

Time: ~25 minutes
Prerequisites: Phase 4 complete (routes and policies configured, resolve works with route IDs)
You'll need: Your app's frontend codebase, @restormel/keys-elements installed in Phase 1

This phase puts Restormel Web Components into your app so end-users can select models and (optionally) manage provider credentials. Use @restormel/keys-elements for every framework — deprecated Svelte/React npm adapters are not part of the public path.

Step 5.1 — Decide what to embed

Not every app needs every component. Use this decision matrix:

If your app…	Embed	Skip
Lets users choose which AI model to use	ModelSelector	—
Lets users bring their own provider API keys (BYOK)	KeyManager	—
Shows cost estimates before running a request	CostEstimator	—
Only uses platform keys with no user choice	—	All UI components (server-side resolve is enough)

Most apps that reached this phase want ModelSelector. KeyManager is for apps where users supply their own OpenAI/Anthropic/Google keys. CostEstimator is a nice-to-have.

Step 5.2 — Embed ModelSelector (Web Components)

Import @restormel/keys-elements, render <rk-model-selector>, set keys and providers via JavaScript properties, and listen for rk-model-selected to persist selection to your backend.

Pitfall — Set object props via JavaScript, not HTML attributes. See Framework compatibility.

You'll see

A model selection UI grouped by provider. Users click a model to select it.

How to test

Navigate to your settings page, confirm the selector renders, click a model, and verify your backend receives the selection.

Step 5.3 — Filter the model list by policies

The ModelSelector shows all models from the configured providers by default. If you have policies (Phase 4) that restrict which models are allowed, filter the model list so users only see valid choices.

Server-side filtering (recommended): Add an API route (e.g. GET /api/allowed-models) that calls the Restormel evaluate endpoint for each candidate model, using your project Gateway Key from server-side environment variables. Return only the allowed model IDs to the client and configure the component with that list.

Security — Never call the policies API from the browser. Keep RESTORMEL_GATEWAY_KEY server-side only. Use a server proxy like /api/allowed-models and return only the filtered model IDs to the client.

Client-side filtering: If you use local resolve (Phase 2, Step 2.6), you can use keys.entitlements.getAvailableModels(allModelIds) to filter.

You'll see

The ModelSelector shows only models that pass your policies. Blocked models are either hidden or shown as unavailable.

How to test

Add a model_allowlist policy that excludes one model. Refresh the settings page; that model should not appear (or should appear greyed out with "Not allowed").

Step 5.4 — Embed KeyManager (optional — for BYOK apps)

If your app lets end-users bring their own API keys, embed the KeyManager component. It provides a settings panel for users to add, validate, list, and remove their provider credentials. KeyManager sits on top of your own storage and validation endpoints — you implement and own the key storage API (e.g. POST /api/keys, DELETE /api/keys/:id) and any server-side validation; KeyManager is the UI layer that calls them via onKeyAdded and onKeyRemoved.

Security — Treat provider credentials as builder-managed. Raw key material should never be logged or persisted in plaintext. Restormel does not need to custody raw provider secrets by default: store credentials in your own backend/secret store (or use a gateway-backed scheme) and return only masked identifiers and metadata to the UI.

You'll see

A settings panel with an empty state, a form to select a provider and add a credential, feedback, a list of saved credentials (masked), and remove buttons.

How to test

Navigate to settings, add a key (test/invalid is fine to confirm validation), confirm onKeyAdded fires and your API receives the request. With a valid key, confirm validation passes. Delete the key and confirm onKeyRemoved fires.

Step 5.5 — Theme the components

Restormel UI components use --rk-* CSS custom properties for theming. Override them to match your app:

css

rk-model-selector,
.rk-model-selector {
  --rk-bg: #1a1a1e;
  --rk-text: #e8e8ec;
  --rk-accent: #3b82f6;
  --rk-border: #2a2a2e;
  --rk-error: #ef4444;
  --rk-success: #22c55e;
}

The components ship with dark (`.rk-dark`) and light (`.rk-light`) presets.

You'll see

Components render with your app's colour scheme.

How to test

Change a token (e.g. --rk-accent) to something distinct; confirm the accent colour updates on buttons and highlights.

Checkpoint checklist: mark each step complete as you finish it.

Checklist

Decide what to embed
Embed ModelSelector (Web Components)
Filter the model list by policies
Embed KeyManager (optional — for BYOK apps)
Theme the components

Prompts for this phase

These are optional and collapsed by default. Use them if you're implementing Phase 5 with a coding agent.

Checkpoint

You now have: ModelSelector embedded and filtered by your policies; (optional) KeyManager for BYOK with callbacks wired to your backend; components themed via --rk-*; callbacks saving user selections. The UI components work alongside your resolve integration from Phases 2–4. When a user selects a model, your backend can pass that to resolveProvider({ model: userSelectedModel }) and Restormel evaluates it against routes and policies.