> ## Documentation Index
> Fetch the complete documentation index at: https://docs.phosra.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SDK Overview

> Official Phosra SDKs and integration libraries

# SDKs

Phosra provides official SDKs to accelerate your integration. All SDKs wrap the REST API and provide typed interfaces, automatic retries, and token management.

## Available SDKs

<CardGroup cols={2}>
  <Card title="TypeScript SDK" icon="js" href="/sdks/typescript">
    Full-featured SDK for Node.js and browser applications. Typed interfaces for all 80 endpoints.

    ```bash theme={null}
    npm install @phosra/sdk
    ```
  </Card>

  <Card title="MCP Server" icon="robot" href="/sdks/mcp-server">
    Model Context Protocol server for AI agent integration. Works with Claude, GPT, and other MCP-compatible agents.

    ```bash theme={null}
    npx @phosra/mcp --api-key=KEY
    ```
  </Card>

  <Card title="iOS SDK" icon="apple" href="/sdks/ios">
    On-device child safety enforcement using FamilyControls, ManagedSettings, and DeviceActivity.

    ```swift theme={null}
    // iOS SDK — contact developers@phosra.com for the private repo URL
    ```
  </Card>

  <Card title="Android SDK" icon="android" href="/sdks/android">
    On-device enforcement using UsageStatsManager, VpnService, DevicePolicyManager, and AccessibilityService.

    ```kotlin theme={null}
    // Android SDK — distributed privately (not on Maven Central yet).
    // Email developers@phosra.com for the repo/AAR.
    ```
  </Card>
</CardGroup>

## Published packages

These are the packages actually on the public npm registry today. Versions verified against `npm view` — pin the ones you use.

| Package                                                                        | Version | What it does                                                                                               | Page                                        |
| ------------------------------------------------------------------------------ | ------- | ---------------------------------------------------------------------------------------------------------- | ------------------------------------------- |
| [`@phosra/sdk`](https://www.npmjs.com/package/@phosra/sdk)                     | `0.1.0` | Typed control-plane client (`PhosraClient`) — families, children, policies, rules, enforcement             | [TypeScript SDK](/sdks/typescript)          |
| [`@openchildsafety/ocss`](https://www.npmjs.com/package/@openchildsafety/ocss) | `0.1.3` | The vendor-neutral OCSS reference library — sign/verify receipts, sealed envelopes, trust list, vocabulary | [Developer SDK](/sdks/phosra-developer-sdk) |
| [`@phosra/link`](https://www.npmjs.com/package/@phosra/link)                   | `0.1.2` | Writer-plane SDK — the consent ceremony + signed rule-write directives (`directive`, `convergeFamily`)     | [Link](/sdks/link)                          |
| [`@phosra/gatekeeper`](https://www.npmjs.com/package/@phosra/gatekeeper)       | `0.2.2` | Platform-side SDK — verify signed profiles, run the local decision engine, send §8.3.8 receipts            | —                                           |
| [`@phosra/connect`](https://www.npmjs.com/package/@phosra/connect)             | `0.1.1` | Embeddable Connect component (the "Plaid Link" for parental-controls apps) — web + React Native            | —                                           |
| [`@phosra/mcp`](https://www.npmjs.com/package/@phosra/mcp)                     | `0.4.0` | MCP server exposing Phosra tools to AI agents (`npx @phosra/mcp`)                                          | [MCP Server](/sdks/mcp-server)              |
| [`@phosra/cli`](https://www.npmjs.com/package/@phosra/cli)                     | `0.2.0` | Partner CLI — scaffold configs, verify OCSS setup, sandbox round-trip checks (`npx @phosra/cli`)           | —                                           |
| [`@phosra/provider`](https://www.npmjs.com/package/@phosra/provider)           | `0.1.0` | Provider-side helpers over `@openchildsafety/ocss`                                                         | —                                           |
| [`@phosra/classify`](https://www.npmjs.com/package/@phosra/classify)           | `0.1.1` | Rule-category classification helpers                                                                       | —                                           |

<Note>
  The native **iOS** and **Android** enforcement SDKs are distributed privately (not on npm/Maven Central yet) — see [iOS SDK](/sdks/ios) and [Android SDK](/sdks/android), or email `developers@phosra.com` for repo access. There is no published `@ocss/*` npm scope; the open standard's library ships under **`@openchildsafety/*`**.
</Note>

## Language coverage

Phosra ships a first-party **TypeScript SDK** today. Every other language talks to the same plain-JSON REST API directly — no SDK required, and the [Quickstart](/quickstart) proves the curl / Python / Go paths run copy-paste against the live sandbox.

| Language                | How you call Phosra                                  | Status        |
| ----------------------- | ---------------------------------------------------- | ------------- |
| TypeScript / JavaScript | `@phosra/sdk` — typed `PhosraClient`                 | **Published** |
| Shell                   | `curl` against the REST API                          | Works today   |
| Python                  | `requests` (or stdlib `urllib`) against the REST API | Works today   |
| Go                      | `net/http` against the REST API                      | Works today   |
| Python SDK              | first-party typed client                             | Planned       |

### Generate a typed client in any language

Need Python, Go, Java, Rust, or C#? The [OpenAPI spec](/openapi.yaml) drives standard
code generators to produce a fully-typed client in about a minute. The
[**Generate a client in your language**](/sdks/code-generation) guide runs the real
commands (`openapi-generator-cli` for Python/Go/Java, `openapi-typescript` for TS)
against the live sandbox and pastes the actual output — including a generated-client
call that returns `201`.

<Card title="Generate a client in your language" icon="wand-magic-sparkles" href="/sdks/code-generation">
  Worked TypeScript, Python, and Go clients from the hosted spec — verified copy-paste,
  plus which-spec guidance and the RFC 9421 data-plane caveat.
</Card>

## SDK Comparison

| Feature                   | TypeScript                  | MCP       | iOS                       | Android                   |
| ------------------------- | --------------------------- | --------- | ------------------------- | ------------------------- |
| **Platform**              | Node.js / Browser           | AI Agents | iOS 16+                   | Android 8.0+              |
| **Auth methods**          | API key, Bearer, Device key | API key   | Parent JWT, Device key    | Parent JWT, Device key    |
| **Install**               | npm                         | npx       | SPM                       | Gradle                    |
| **On-device enforcement** | --                          | --        | FamilyControls            | UsageStats + VPN          |
| **Policy sync**           | --                          | --        | APNs + polling            | FCM + WorkManager         |
| **Reporting**             | --                          | --        | Enforcement + screen time | Enforcement + screen time |

## Direct API Access

All SDKs are optional. The REST API is plain JSON over HTTPS — call it from any language. **Every tab leads with the open sandbox** (`https://phosra-api-sandbox-production.up.railway.app`) so your **first copy-paste returns `201` with no API key**. The same one-call setup in four languages:

<CodeGroup>
  ```bash cURL theme={null}
  # Sandbox-first — no Authorization header needed.
  curl -X POST https://phosra-api-sandbox-production.up.railway.app/api/v1/setup/quick \
    -H "Content-Type: application/json" \
    -d '{"child_name":"Emma","birth_date":"2016-03-15","strictness":"recommended"}'
  ```

  ```typescript TypeScript theme={null}
  import { PhosraClient } from "@phosra/sdk";

  // Sandbox-first — no API key. Point baseUrl at the open sandbox.
  const phosra = new PhosraClient({
    baseUrl: "https://phosra-api-sandbox-production.up.railway.app/api/v1",
  });
  const setup = await phosra.setup.quick({
    child_name: "Emma", birth_date: "2016-03-15", strictness: "recommended",
  });
  console.log(setup.family.name, setup.age_group); // Emma's Family preteen
  ```

  ```python Python theme={null}
  import requests

  # Sandbox-first — no Authorization header needed.
  BASE = "https://phosra-api-sandbox-production.up.railway.app/api/v1"
  r = requests.post(
      f"{BASE}/setup/quick",
      json={"child_name": "Emma", "birth_date": "2016-03-15", "strictness": "recommended"},
      timeout=30,
  )
  r.raise_for_status()
  print(r.json()["family"]["name"])  # Emma's Family
  ```

  ```go Go theme={null}
  // Full program — `go run .` prints: Emma's Family
  package main

  import (
  	"bytes"
  	"encoding/json"
  	"fmt"
  	"net/http"
  )

  func main() {
  	// Sandbox-first — no Authorization header needed.
  	const base = "https://phosra-api-sandbox-production.up.railway.app/api/v1"

  	payload, _ := json.Marshal(map[string]string{
  		"child_name": "Emma", "birth_date": "2016-03-15", "strictness": "recommended",
  	})
  	req, _ := http.NewRequest("POST", base+"/setup/quick", bytes.NewReader(payload))
  	req.Header.Set("Content-Type", "application/json")

  	resp, err := http.DefaultClient.Do(req)
  	if err != nil {
  		panic(err)
  	}
  	defer resp.Body.Close()

  	var setup struct {
  		Family struct {
  			Name string `json:"name"`
  		} `json:"family"`
  	}
  	json.NewDecoder(resp.Body).Decode(&setup)

  	fmt.Println(setup.Family.Name)
  }
  ```
</CodeGroup>

<Note>
  **Going to production.** Swap the sandbox `baseUrl` for the production host (`https://prodapi.phosra.com/api/v1`) and add a `phosra_` API key. The raw HTTP tabs send the key as `Authorization: Bearer` (the canonical header) against the `/developer/*` prefix; the TypeScript `PhosraClient` sends the same key as the `X-Api-Key` header internally — both are accepted. See [Authentication](/authentication).
</Note>

<Card title="Get your API key" icon="key" href="https://dashboard.phosra.com/dashboard/developers/keys">
  Sign up at [dashboard.phosra.com/signup](https://dashboard.phosra.com/signup) and mint a key on the **Keys** page — `phosra_test_…` for the sandbox, `phosra_live_…` for production.
</Card>

<Tip>
  Want the full zero-to-enforcement walkthrough? The [Quickstart](/quickstart) runs the same calls against the open sandbox — no auth needed.
</Tip>

See the [API Reference](/api-reference/overview) for complete endpoint documentation, and the [Errors reference](/errors) for every status code, error class, and its fix.
