k-id-skills

Implements the k-ID age gate — entry point for any full sessioned k-ID integration (Shape A), covering every regime (COPPA, GDPR-Kids, UK AADC, UK OSA, Brazil ECA Digital, Australia Online Safety). Two approaches: Pattern A (default) builds a fully custom UI and calls /age-gate/check directly — best-looking, most brand-integrated, works on every platform (web, Unity WebGL, consoles, native); Pattern B is a fast-path fallback using the k-ID widget (/widget/generate-age-gate-url or /widget/generate-e2e-url — iframe handles age collection and auto-initiates consent). Covers null-initial age state, platform signals first, IP-based jurisdiction with timezone fallback, and /age-gate/check response shapes (session, challenge, unverified-adult). Use when adding or debugging the gate. Use EVEN IF the user says COPPA, OSA, ECA, or "age verification" but means the initial claimed-age check. Not for AgeKit+ (k-id-age-verification P1), post-gate / threshold verification (P2–3), or consent (k-id-consent-and-challenges).

Implements k-ID age verification and assurance for all three CDK patterns: (1) standalone AgeKit+ with no session (single age-proof — UK OSA 18+, age-restricted downloads, Australia social-media minimum age), (2) unverified-adult verification after the gate in a sessioned integration, (3) per-permission threshold verification (Brazil ECA Digital loot-boxes / targeted ads, UK OSA 18+, Australia social media, any verifiedAgeThreshold regime). Covers /age-verification/perform-access-age-verification (with or without sessionId), /session/upgrade returning CHALLENGE_SESSION_UPGRADE_BY_AGE_ASSURANCE, iframe modal (never window.open), in-app prompt, new-tab return-path detection (server poll + BroadcastChannel + visibility wake), result via webhook or polling, race-free session update. References AgeKit+ waterfall and ConnectID. Use for AgeKit+, unverified sessions, verifiedAgeThreshold, highly effective age assurance, or "user verified but app never unlocked". Not the initial gate or consent (see sibling skills).

Implements the parental-consent flow for k-ID minors — the GUARDIAN-managed path where a trusted adult grants permissions for a child (COPPA parental consent, EU GDPR-Kids verifiable parental consent, UK AADC equivalent). Supports both approaches: Pattern A (default) builds a fully custom consent screen (QR + OTP + email + direct link) and calls /challenge/send-email and /challenge/generate-otp directly with top-level polling — a brand-fit, inline experience; Pattern B is a fast-path fallback using the end-to-end widget (/widget/generate-e2e-url — iframe handles age gate, consent, data notices, permissions) or the manage-permissions widget (/widget/generate-manage-session-permissions-url — post-gate consent only). Use when building the consent screen, wiring challenge send / status endpoints, handling `challengeId` without a session, or diagnosing why approvals don't reach the app. Not for age assurance or threshold verification (k-id-age-verification), not for the age gate itself (k-id-age-gate).

Router for k-ID integration work. Activates when the user is building, planning, or debugging a k-ID integration, or adding age-appropriate compliance — COPPA (US), GDPR-Kids (EU), UK AADC, UK OSA, Brazil ECA Digital, Australia Online Safety / social-media minimum age, or similar — in an app, game, site, or platform. Also activates on "age assurance", "age verification", "AgeKit+", "parental consent", "age gate", "widget", "custom age gate", and "threshold verification". Handles both full sessioned integrations (CDK — age gate + sessions + permissions + consent + verification) and standalone AgeKit+ (single age-proof, no persistent session). Within CDK, supports both approaches: fully custom UX (call /age-gate/check and /challenge/* directly, render your own UI — default, most brand-integrated) and pre-built k-ID widgets (age-gate, end-to-end, manage-permissions, data-notices iframes — fast-path fallback). Picks the right sibling skill(s). Not for generic age-rating or Compliance Studio configuration.

Companion skill for iOS, Android, and Unity k-ID integrations — collects platform-supplied age signals (iOS Declared Age Range, Google Play Families, Unity user data) before the age gate, passes them on /age-gate/check with correct trust levels, and renders every k-ID widget URL (age gate, end-to-end, consent, age verification, manage-permissions, data notices) in a system browser — Android **Custom Tabs** or iOS **ASWebAuthenticationSession** (SFSafariViewController also OK). Discourages Android `WebView` / iOS `WKWebView`: no WebAuthn means no k-ID **AgeKeys** — a UX downgrade and a compliance limit where AgeKeys back "highly effective age assurance". Uses the universal `redirectUrl` deep-link callback for result delivery; reserves DOM `postMessage` for the WebView fallback. Covers deep-link returns from Family Connect / asktoplay.com and third-party verifier apps. Use for native apps, App Store Accountability Acts, Google Play Families, Unity, AgeKeys, or iOS popup failures. Not for browser-only web.