How to read this page. We are explicit about what each sample is, because a dead link or a
404 on npm install costs a developer all their trust:- Runnable starter — a copy-paste snippet (not a repo) you can paste into a terminal right now.
It runs against
https://phosra-api-sandbox-production.up.railway.appwith no credential. Every response shown is verbatim from that live sandbox. - Clonable repo — a public GitHub repository you can
git clone. We link only repos that actually exist (verified against the GitHub API while writing this page). - Published package — on the public npm registry. Versions are verified against
npm view; pin the one you use. - Private / on-request — the native iOS & Android enforcement SDKs are distributed privately. We say so plainly and give you the contact, rather than show an install line that would 404.
The 60-second starter
This is the smallest complete integration: mint nothing, create a protected child, enforce the policy, and read the result — the same four moves every Phosra integration makes. It is a snippet, not a clonable repo. It needs no API key because it targets the open sandbox.setup/quick returns 200, the
enforce job flips to completed in well under a second):
What the starter builds, in a real app
The four API calls above are exactly what a parental-control app runs behind its UI. Every screen below is a real screenshot captured from Propagate — a reference app built on this same sandbox API — following one child (Ruby) end to end. Nothing is mocked or drawn.


Want the full ten-phase lifecycle — link, unlink, per-service isolation, relink — with every request
and response run live? See the End-to-end walkthrough.
The catalog
Real, published integrations you can clone or install today. The two GitHub repositories below are public in thePhosra-Inc org:

Clonable repos
Provider conformance harness
Phosra-Inc/touchstone (TypeScript, MIT). The independent OCSS conformance harness — probe a
provider enclave and print a signed report. Zero runtime dependencies.iOS Link kit (Connect sheet)
Phosra-Inc/phosra-link-kit-ios (Swift). The native-iOS Phosra Link — a branded Connect sheet
your app presents in ~10 lines, with onSuccess / onExit callbacks. The Plaid-LinkKit analog.Run without cloning — one-command samples
Each of these runs a real integration from a single command against the sandbox.MCP server for AI agents
Expose Phosra tools to Claude, GPT, and any MCP client. One command, no clone:Full client config (Claude Desktop, Cursor) on the MCP Server page.
Partner CLI — sandbox round-trip
Scaffold configs and run a sandbox round-trip check without writing code:See the CLI guide for every subcommand.
Embeddable Connect component
The “Plaid Link” for parental-controls apps — web + React Native. Drives the consent ceremony end
to end:
OCSS protocol reference lib
Sign/verify receipts, sealed envelopes, the Trust List — the vendor-neutral OCSS surface, no
Phosra account:
Every published package
All verified against the public npm registry while writing this page — pin the version you use.| Package | Version | Sample it powers | Docs |
|---|---|---|---|
@phosra/sdk | 0.1.0 | Typed control-plane client — the 60-second starter, but typed | TypeScript SDK |
@phosra/mcp | 0.4.0 | MCP server for AI agents (npx @phosra/mcp) | MCP Server |
@phosra/cli | 0.2.0 | Sandbox round-trip + scaffolding (npx @phosra/cli) | CLI |
@phosra/link | 0.1.2 | The consent ceremony + signed rule-write directives | Link |
@phosra/connect | 0.1.1 | Embeddable Connect component (web + React Native) | Link |
@phosra/gatekeeper | 0.2.2 | Platform-side: verify signed profiles, local decision engine | Platform |
@openchildsafety/ocss | 0.1.3 | The OCSS reference library (receipts, envelopes, trust list) | Developer SDK |
@openchildsafety/provider-harness | 0.1.3 | The touchstone conformance harness above | Provider |
No
@ocss/* scope exists. The open standard’s library ships under @openchildsafety/*, and
the Phosra client libraries under @phosra/*. If you see an @ocss/… install line anywhere, it
is wrong — it will 404 on npm.Private / on-request
The native on-device enforcement SDKs are not on a public registry yet — we distribute them privately rather than show an install line that would fail.| SDK | Status | How to get it |
|---|---|---|
| iOS enforcement SDK | Private repo | iOS SDK · email developers@phosra.com |
| Android enforcement SDK | Private (not on Maven Central) | Android SDK · email developers@phosra.com |
The iOS Link kit (
phosra-link-kit-ios) —
the Connect sheet — is public and in the catalog above. The separate iOS enforcement SDK (the
one that drives FamilyControls / ManagedSettings on-device) is the private one.Reference provider integrations
The sandbox ships a built-in reference provider that powers the live OAuth consent page you meet in the Connect a platform guide and the end-to-end walkthrough. It exposes real/oauth/authorize,
/oauth/token, and /oauth/profiles endpoints with fixed demo child profiles (Mia, Leo, Ava), so
you can drive a complete connect ceremony against the sandbox without standing up your own provider.
Next steps
Quickstart
The same first calls, with more explanation of each field and response.
End-to-end walkthrough
The full family lifecycle — link, unlink, isolation, relink — run live.
Webhook events
Finish the starter: verified signature-checking handlers in four languages.
Get your API key
Move from the sandbox to production — same request shapes, one new header.