Start with one question
What are you doing with child-safety rules?Writing rules for a family
You build a parental-controls or safety app. A parent grants consent; you write age-appropriate rules on the family’s behalf. → Provider path (
@phosra/link)Enforcing rules in an app
You run an app, OS, router, or school network. You receive signed rule profiles and enforce them locally. → Platform path (
@phosra/gatekeeper)Just calling the API
You want raw HTTP from any language — no SDK, no framework. → Direct REST
Wiring an AI agent
You want Claude, GPT, or another MCP-compatible agent to create families, set policies, and read enforcement state through tools. → MCP server (
@phosra/mcp)Building on the open protocol
You need the vendor-neutral OCSS crypto primitives — sign/verify receipts, sealed envelopes, the Trust List — with no Phosra account and no lock-in. → OCSS protocol SDK (
@openchildsafety/ocss)The five paths at a glance
| Path | Package | Best for | You write | First call effort | Start here |
|---|---|---|---|---|---|
| Provider | @phosra/link 0.1.2 | Parental-control vendors that issue rules & consent | TypeScript | ~15 min | Provider quickstart → |
| Platform | @phosra/gatekeeper 0.2.2 | Apps, OSes, routers, schools that enforce rules | TypeScript | ~15 min | Platform quickstart → |
| Direct REST | none — plain JSON over HTTPS | Any language, quick scripts, backends | curl / Python / Go / any | 5 min | Quickstart → |
| MCP server | @phosra/mcp 0.4.0 | AI agents & assistants (Claude, GPT, MCP clients) | agent config | ~5 min | MCP Server → |
| OCSS protocol SDK | @openchildsafety/ocss 0.1.3 | Anyone who wants the open crypto primitives, provider-neutral | TypeScript | varies | Protocol SDK → |
Every version above is verified against the public npm registry.
@phosra/link, @phosra/gatekeeper, @phosra/mcp, and @openchildsafety/ocss are all live and installable today. The native iOS and Android enforcement SDKs are distributed privately (not on npm/Maven yet) — see iOS SDK / Android SDK.How the paths relate
Most of the paths are complementary, not alternatives. A real deployment usually combines two:- A Provider app (
@phosra/link) writes rules → the hosted census distributes them → a Platform (@phosra/gatekeeper) enforces them. Two halves of the same flow. - Direct REST and the MCP server are two different front doors to the same control-plane API. Pick REST for code, MCP for agents.
- The OCSS protocol SDK sits underneath both
@phosra/linkand@phosra/gatekeeper— they re-export its signing and verification primitives. Use it directly only if you want the raw protocol with no Phosra-specific helpers.
Not sure yet? Try the fastest path first
The Direct REST path returns a real201 in one call with no account and no key. Run this against the live sandbox to see a family, child, policy, and rules materialize — then decide which SDK you want on top:
Decision checklist
Still torn between two paths? Match the strongest statement below:- “A parent needs to authorize me before I can act.” → Provider (
@phosra/link) — it runs the consent ceremony and signs your rule-write directives. - “I need to block or allow content on a device, in real time, offline-safe.” → Platform (
@phosra/gatekeeper) — it verifies the signed profile once and decides locally withisAllowed(), fail-closed, zero per-decision network calls. - “I just need to script family/policy setup from my backend.” → Direct REST — no SDK, any language.
- “An LLM agent should drive this.” → MCP server.
- “I want the open standard’s crypto, and I might swap providers later.” → OCSS protocol SDK — identical across every OCSS-conformant implementation.
Next steps
Quickstart — first call in 5 min
Zero to an enforced policy against the live sandbox, no key.
Architecture overview
The control plane vs the data plane vs the open OCSS protocol — one mental model.
Partner Integration Overview
Provider and Platform roles in depth, plus the pricing boundary.
Example apps & starters
Runnable end-to-end starters and every clonable example repo.