@c15t/backend 2.0.0-rc.6 → 2.0.0

package/dist-types/routes/legal-document.d.ts

@@ -0,0 +1,7 @@
+import { Hono } from 'hono';
+import type { C15TContext } from '../types';
+export declare const createLegalDocumentRoutes: () => Hono<{
+    Variables: {
+        c15tContext: C15TContext;
+    };
+}, import("hono/types").BlankSchema, "/">;

package/dist-types/types/index.d.ts

@@ -1,19 +1,19 @@
-import type { createLogger, LoggerOptions } from '../../../logger/dist-types/index.d.ts';
-import { type Branding, type GlobalVendorList, type NonIABVendor, type PolicyConfig } from '../../../schema/dist-types/types';
-import type { Translations } from '../../../translations/dist-types/index.d.ts';
+import type { createLogger, LoggerOptions } from '@c15t/logger';
+import { type Branding, type GlobalVendorList, type NonIABVendor, type PolicyConfig } from '@c15t/schema/types';
+import type { Translations } from '@c15t/translations';
 import type { Meter, Tracer } from '@opentelemetry/api';
 import type { FumaDB, InferFumaDB } from 'fumadb';
 import type { CacheAdapter } from '../cache/types';
 import type { createRegistry } from '../db/registry';
 import type { DB, LatestDB } from '../db/schema';
 export * from './api';
-export declare const branding: readonly ["c15t", "consent", "none"];
+export declare const branding: readonly ["c15t", "inth", "consent", "none"];
 export type { Branding };
 export interface DatabaseOptions {
     /**
      * The database adapter to use.
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/database-setup}
+     * @see {@link https://c15t.com/docs/self-host/guides/database-setup}
      */
     adapter: FumaDB<FumaDBSchema>['adapter'];
     /**
@@ -26,7 +26,7 @@ export interface DatabaseOptions {
      * Useful when sharing a database with other applications to avoid naming conflicts.
      *
      * @example 'c15t_' // tables become: c15t_subject, c15t_consent, etc.
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/database-setup}
+     * @see {@link https://c15t.com/docs/self-host/guides/database-setup}
      */
     tablePrefix?: string;
 }
@@ -244,7 +244,7 @@ export interface I18nOptions {
      */
     defaultProfile?: string;
 }
-export type { PolicyConfig, PolicyModel, PolicyPack, PolicyScopeMode, PolicyUiAction, PolicyUiActionDirection, PolicyUiActionGroup, PolicyUiMode, PolicyUiProfile, PolicyUiSurfaceConfig, } from '../../../schema/dist-types/types';
+export type { LegalDocumentPolicyType, PolicyConfig, PolicyModel, PolicyPack, PolicyScopeMode, PolicyUiAction, PolicyUiActionDirection, PolicyUiActionGroup, PolicyUiMode, PolicyUiProfile, PolicyUiSurfaceConfig, } from '@c15t/schema/types';
 export interface PolicySnapshotOptions {
     /**
      * Secret used for signing and verifying policy snapshot tokens.
@@ -271,6 +271,22 @@ export interface PolicySnapshotOptions {
      */
     ttlSeconds?: number;
 }
+export interface LegalDocumentSnapshotOptions {
+    /**
+     * Secret used for signing and verifying legal-document snapshot tokens.
+     */
+    signingKey: string;
+    /**
+     * JWT issuer claim for legal-document snapshot tokens.
+     * @default "c15t"
+     */
+    issuer?: string;
+    /**
+     * JWT audience claim for legal-document snapshot tokens.
+     * When omitted, c15t derives a default audience and scopes it per tenant.
+     */
+    audience?: string;
+}
 export interface BackgroundOptions {
     /**
      * Executes non-critical tasks after the response path has completed.
@@ -281,7 +297,7 @@ export interface C15TOptions {
     /**
      * The database adapter to use.
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/database-setup}
+     * @see {@link https://c15t.com/docs/self-host/guides/database-setup}
      */
     adapter: FumaDB<FumaDBSchema>['adapter'];
     /**
@@ -294,7 +310,7 @@ export interface C15TOptions {
      * Useful when sharing a database with other applications to avoid naming conflicts.
      *
      * @example 'c15t_' // tables become: c15t_subject, c15t_consent, etc.
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/database-setup}
+     * @see {@link https://c15t.com/docs/self-host/guides/database-setup}
      */
     tablePrefix?: string;
     /**
@@ -303,13 +319,13 @@ export interface C15TOptions {
      * and cache key prefixing.
      *
      * @default "c15t"
-     * @see {@link https://v2.c15t.com/docs/self-host/api/configuration}
+     * @see {@link https://c15t.com/docs/self-host/api/configuration}
      */
     appName?: string;
     /**
      * Base path prefix for all API routes (e.g. `/api/self-host`).
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/api/endpoints}
+     * @see {@link https://c15t.com/docs/self-host/api/endpoints}
      */
     basePath?: string;
     /**
@@ -317,7 +333,7 @@ export interface C15TOptions {
      * Protocol is optional; matching is protocol-agnostic and normalized.
      *
      * @example ['example.com', 'app.example.com', 'localhost:3000']
-     * @see {@link https://v2.c15t.com/docs/self-host/api/configuration}
+     * @see {@link https://c15t.com/docs/self-host/api/configuration}
      */
     trustedOrigins: string[];
     /** Logger configuration. */
@@ -357,11 +373,12 @@ export interface C15TOptions {
      * explicit no-banner mode. In production, prefer including a default policy
      * so unmatched traffic still resolves deterministically.
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/policy-packs}
+     * @see {@link https://c15t.com/docs/self-host/guides/policy-packs}
      */
     policyPacks?: PolicyConfig[];
     /**
      * Select which branding to show in the consent banner.
+     * Use "inth" for the INTH brand. "consent" is a deprecated alias for "inth".
      * Use "none" to hide branding.
      * @default "c15t"
      */
@@ -369,7 +386,7 @@ export interface C15TOptions {
     /**
      * OpenAPI spec generation and documentation UI options.
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/api/endpoints}
+     * @see {@link https://c15t.com/docs/self-host/api/endpoints}
      */
     openapi?: OpenAPIOptions;
     /**
@@ -377,20 +394,20 @@ export interface C15TOptions {
      * Telemetry is opt-in and disabled by default.
      * Users must provide their own SDK setup (Node, Bun, edge, etc.).
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/observability}
+     * @see {@link https://c15t.com/docs/self-host/guides/observability}
      */
     telemetry?: TelemetryOptions;
     /**
      * IP address tracking and masking options.
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/api/configuration}
+     * @see {@link https://c15t.com/docs/self-host/api/configuration}
      */
     ipAddress?: IPAddressOptions;
     /**
      * Cache configuration for external persistent storage.
      * Used for caching GVL and other data.
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/caching}
+     * @see {@link https://c15t.com/docs/self-host/guides/caching}
      */
     cache?: CacheOptions;
     /**
@@ -408,13 +425,17 @@ export interface C15TOptions {
      * Disabled by default - most users don't need IAB TCF.
      * Set enabled: true to activate IAB support.
      *
-     * @see {@link https://v2.c15t.com/docs/self-host/guides/iab-tcf}
+     * @see {@link https://c15t.com/docs/self-host/guides/iab-tcf}
      */
     iab?: IABOptions;
     /**
      * Optional signed policy snapshots used to keep /init and /subjects consistent.
      */
     policySnapshot?: PolicySnapshotOptions;
+    /**
+     * Optional signed legal-document snapshots issued by external document renderers.
+     */
+    legalDocumentSnapshot?: LegalDocumentSnapshotOptions;
     /**
      * Optional background task runner for non-critical side effects.
      */

package/dist-types/utils/instrumentation.d.ts

@@ -3,8 +3,8 @@ import type { C15TOptions } from '../types';
  * Span attributes for database operations
  */
 export interface DatabaseSpanAttributes {
-    /** The database operation type (find, create, update, delete) */
-    operation: 'find' | 'create' | 'update' | 'delete' | 'findOrCreate';
+    /** The database operation type */
+    operation: 'find' | 'create' | 'update' | 'delete' | 'findOrCreate' | 'findLatest' | 'findByHash' | 'syncCurrent' | 'findOrCreateLegalDocument';
     /** The entity type being operated on */
     entity: string;
     /** Optional additional attributes */

package/dist-types/utils/logger.d.ts

@@ -1,4 +1,4 @@
-import { createLogger, type LoggerOptions } from '../../../logger/dist-types/index.d.ts';
+import { createLogger, type LoggerOptions } from '@c15t/logger';
 /**
  * Gets or creates a global logger instance
  *

package/dist-types/version.d.ts

@@ -1 +1 @@
-export declare const version = "2.0.0-rc.6";
+export declare const version = "2.0.0";

package/docs/api/configuration.md

@@ -10,25 +10,26 @@ All options are passed to `c15tInstance()`. Only `adapter` and `trustedOrigins`
 
 |Property|Type|Description|Default|Required|
 |:--|:--|:--|:--|:--:|
-|adapter|[FumaDBAdapter](https://v2.c15t.com/docs/self-host/guides/database-setup)|The database adapter to use.|-|✅ Required|
+|adapter|[FumaDBAdapter](https://c15t.com/docs/self-host/guides/database-setup)|The database adapter to use.|-|✅ Required|
 |tenantId|string \|undefined|Tenant ID for multi-tenant deployments. When set, all database queries are automatically scoped to this tenant.|-|Optional|
-|tablePrefix|[string \|undefined](https://v2.c15t.com/docs/self-host/guides/database-setup)|Optional prefix for all database table names. Useful when sharing a database with other applications to avoid naming conflicts.|-|Optional|
-|appName|[string \|undefined](https://v2.c15t.com/docs/self-host/api/configuration)|Application name used as backend metadata and identity. Returned by \`/init\` (\`appName\`), used in logs, telemetry defaults (\`service.name\`), and cache key prefixing.|"c15t"|Optional|
-|basePath|[string \|undefined](https://v2.c15t.com/docs/self-host/api/endpoints)|Base path prefix for all API routes (e.g. \`/api/self-host\`).|-|Optional|
-|trustedOrigins|[string\[\]](https://v2.c15t.com/docs/self-host/api/configuration)|Allowed origins for CORS. Required for browser-based consent collection. Protocol is optional; matching is protocol-agnostic and normalized.|-|✅ Required|
+|tablePrefix|[string \|undefined](https://c15t.com/docs/self-host/guides/database-setup)|Optional prefix for all database table names. Useful when sharing a database with other applications to avoid naming conflicts.|-|Optional|
+|appName|[string \|undefined](https://c15t.com/docs/self-host/api/configuration)|Application name used as backend metadata and identity. Returned by \`/init\` (\`appName\`), used in logs, telemetry defaults (\`service.name\`), and cache key prefixing.|"c15t"|Optional|
+|basePath|[string \|undefined](https://c15t.com/docs/self-host/api/endpoints)|Base path prefix for all API routes (e.g. \`/api/self-host\`).|-|Optional|
+|trustedOrigins|[string\[\]](https://c15t.com/docs/self-host/api/configuration)|Allowed origins for CORS. Required for browser-based consent collection. Protocol is optional; matching is protocol-agnostic and normalized.|-|✅ Required|
 |logger|LoggerOptions \|undefined|Logger configuration.|-|Optional|
 |disableGeoLocation|boolean \|undefined|Disables the use of Geo Location to determine the jurisdiction. When enabled, the jurisdiction will be set to "GDPR" to show the strictest version of the banner as we don't know the jurisdiction in this case.|false|Optional|
 |customTranslations|Record\<string, Partial\<Translations>> \|undefined|Override base translations.|-|Optional|
 |i18n|I18nOptions \|undefined|Internationalization message profiles used by runtime policies.|-|Optional|
-|policyPacks|[PolicyConfig \|undefined](https://v2.c15t.com/docs/self-host/guides/policy-packs)|Runtime regional policy pack resolved per request.|-|Optional|
-|branding|"c15t" \|"consent" \|"none" \|undefined|Select which branding to show in the consent banner. Use "none" to hide branding.|"c15t"|Optional|
-|openapi|[OpenAPIOptions \|undefined](https://v2.c15t.com/docs/self-host/api/endpoints)|OpenAPI spec generation and documentation UI options.|-|Optional|
-|telemetry|[TelemetryOptions \|undefined](https://v2.c15t.com/docs/self-host/guides/observability)|OpenTelemetry configuration for tracing and metrics. Telemetry is opt-in and disabled by default. Users must provide their own SDK setup (Node, Bun, edge, etc.).|-|Optional|
-|ipAddress|[IPAddressOptions \|undefined](https://v2.c15t.com/docs/self-host/api/configuration)|IP address tracking and masking options.|-|Optional|
-|cache|[CacheOptions \|undefined](https://v2.c15t.com/docs/self-host/guides/caching)|Cache configuration for external persistent storage. Used for caching GVL and other data.|-|Optional|
+|policyPacks|[PolicyConfig \|undefined](https://c15t.com/docs/self-host/guides/policy-packs)|Runtime regional policy pack resolved per request.|-|Optional|
+|branding|"c15t" \|"consent" \|"none" \|"inth" \|undefined|Select which branding to show in the consent banner. Use "inth" for the INTH brand. "consent" is a deprecated alias for "inth". Use "none" to hide branding.|"c15t"|Optional|
+|openapi|[OpenAPIOptions \|undefined](https://c15t.com/docs/self-host/api/endpoints)|OpenAPI spec generation and documentation UI options.|-|Optional|
+|telemetry|[TelemetryOptions \|undefined](https://c15t.com/docs/self-host/guides/observability)|OpenTelemetry configuration for tracing and metrics. Telemetry is opt-in and disabled by default. Users must provide their own SDK setup (Node, Bun, edge, etc.).|-|Optional|
+|ipAddress|[IPAddressOptions \|undefined](https://c15t.com/docs/self-host/api/configuration)|IP address tracking and masking options.|-|Optional|
+|cache|[CacheOptions \|undefined](https://c15t.com/docs/self-host/guides/caching)|Cache configuration for external persistent storage. Used for caching GVL and other data.|-|Optional|
 |apiKeys|string\[] \|undefined|API keys for authenticated endpoints. Used for server-side endpoints like GET /subjects.|-|Optional|
-|iab|[IABOptions \|undefined](https://v2.c15t.com/docs/self-host/guides/iab-tcf)|IAB TCF configuration including GVL, CMP registration, and custom vendors. Disabled by default - most users don't need IAB TCF. Set enabled: true to activate IAB support.|-|Optional|
+|iab|[IABOptions \|undefined](https://c15t.com/docs/self-host/guides/iab-tcf)|IAB TCF configuration including GVL, CMP registration, and custom vendors. Disabled by default - most users don't need IAB TCF. Set enabled: true to activate IAB support.|-|Optional|
 |policySnapshot|PolicySnapshotOptions \|undefined|Optional signed policy snapshots used to keep /init and /subjects consistent.|-|Optional|
+|legalDocumentSnapshot|LegalDocumentSnapshotOptions \|undefined|Optional signed legal-document snapshots issued by external document renderers.|-|Optional|
 |background|BackgroundOptions \|undefined|Optional background task runner for non-critical side effects.|-|Optional|
 
 #### `adapter` FumaDBAdapter
@@ -87,6 +88,16 @@ Optional signed policy snapshots used to keep /init and /subjects consistent.
 |audience|string \|undefined|JWT audience claim for snapshot tokens. When omitted, c15t derives a default snapshot audience and scopes it per tenant.|-|Optional|
 |ttlSeconds|number \|undefined|Snapshot token lifetime in seconds.|-|Optional|
 
+#### `legalDocumentSnapshot` LegalDocumentSnapshotOptions
+
+Optional signed legal-document snapshots issued by external document renderers.
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|signingKey|string|Secret used for signing and verifying legal-document snapshot tokens.|-|✅ Required|
+|issuer|string \|undefined|JWT issuer claim for legal-document snapshot tokens.|-|Optional|
+|audience|string \|undefined|JWT audience claim for legal-document snapshot tokens. When omitted, c15t derives a default audience and scopes it per tenant.|-|Optional|
+
 #### `background` BackgroundOptions
 
 Optional background task runner for non-critical side effects.
@@ -174,7 +185,7 @@ interface C15TInstance {
 
 ## Edge Init Options
 
-`c15tEdgeInit()` from `@c15t/backend/edge` accepts a subset of `C15TOptions` — only the fields needed for consent policy resolution without a database. See the [Edge Deployment guide](/docs/self-host/guides/edge-deployment) for usage.
+`unstable_c15tEdgeInit()` from `@c15t/backend/edge` accepts a subset of `C15TOptions` — only the fields needed for consent policy resolution without a database. This edge runtime API is unstable in `2.0`. See the [Edge Deployment guide](/docs/self-host/guides/edge-deployment) for usage.
 
 ### C15TEdgeOptions
 

package/docs/guides/database-setup.md

@@ -95,10 +95,10 @@ To create & update the database you can use the migrator which is included in th
 
 |Package manager|Command|
 |:--|:--|
-|npm|`npx @c15t/cli@rc`|
-|pnpm|`pnpm dlx @c15t/cli@rc`|
-|yarn|`yarn dlx @c15t/cli@rc`|
-|bun|`bunx @c15t/cli@rc`|
+|npm|`npx @c15t/cli`|
+|pnpm|`pnpm dlx @c15t/cli`|
+|yarn|`yarn dlx @c15t/cli`|
+|bun|`bunx @c15t/cli`|
 
 ## Table Prefix
 

package/docs/guides/edge-deployment.md

@@ -5,10 +5,13 @@ description: Run consent policy resolution at the edge for faster initial banner
 The `/init` endpoint determines consent policy from geo headers, resolves translations, and optionally fetches the GVL. None of this requires a database. The `@c15t/backend/edge` export lets you run this logic in edge runtimes (Vercel Middleware, Cloudflare Workers, Deno Deploy) so the consent banner resolves from the nearest PoP instead of round-tripping to your origin.
 
 ```
-Standard:  Browser → Origin (single region)  → c15tInstance(/init) → Response
-Edge:      Browser → Edge   (nearest PoP)    → c15tEdgeInit        → Response
+Standard:  Browser → Origin (single region)  → c15tInstance(/init)         → Response
+Edge:      Browser → Edge   (nearest PoP)    → unstable_c15tEdgeInit       → Response
 ```
 
+> ℹ️ **Info:**
+> The edge runtime exports in @c15t/backend/edge are unstable in 2.0. Use the unstable\_-prefixed callables and expect API changes or removal in a future release.
+
 ## When to use this
 
 * Your origin server is in a single region and users are globally distributed
@@ -56,10 +59,10 @@ export const consentConfig = {
 **Vercel Middleware**
 
 ```ts title="middleware.ts"
-import { c15tEdgeInit } from '@c15t/backend/edge';
+import { unstable_c15tEdgeInit } from '@c15t/backend/edge';
 import { consentConfig } from './lib/consent-config';
 
-const initHandler = c15tEdgeInit(consentConfig);
+const initHandler = unstable_c15tEdgeInit(consentConfig);
 
 export async function middleware(request: Request) {
   const url = new URL(request.url);
@@ -76,10 +79,10 @@ export const config = {
 **Cloudflare Workers**
 
 ```ts title="worker.ts"
-import { c15tEdgeInit } from '@c15t/backend/edge';
+import { unstable_c15tEdgeInit } from '@c15t/backend/edge';
 import { consentConfig } from './lib/consent-config';
 
-const initHandler = c15tEdgeInit(consentConfig);
+const initHandler = unstable_c15tEdgeInit(consentConfig);
 
 export default {
   async fetch(request: Request) {
@@ -96,10 +99,10 @@ export default {
 **Deno Deploy**
 
 ```ts title="main.ts"
-import { c15tEdgeInit } from '@c15t/backend/edge';
+import { unstable_c15tEdgeInit } from '@c15t/backend/edge';
 import { consentConfig } from './lib/consent-config.ts';
 
-const initHandler = c15tEdgeInit(consentConfig);
+const initHandler = unstable_c15tEdgeInit(consentConfig);
 
 Deno.serve(async (request) => {
   const url = new URL(request.url);
@@ -128,7 +131,7 @@ export const { GET, POST } = c15t;
 
 ## Configuration
 
-`c15tEdgeInit` accepts `C15TEdgeOptions` — the same fields as `c15tInstance` minus the database-related options (`adapter`, `tablePrefix`, `basePath`, `openapi`, `ipAddress`, `apiKeys`, `background`).
+`unstable_c15tEdgeInit` accepts `C15TEdgeOptions` — the same fields as `c15tInstance` minus the database-related options (`adapter`, `tablePrefix`, `basePath`, `openapi`, `ipAddress`, `apiKeys`, `background`).
 
 |Option|Required|Description|
 |--|--|--|
@@ -168,15 +171,15 @@ Edge isolates have short-lived memory. The in-memory GVL cache resets on each co
 * **Bundle GVL translations** using `iab.bundled` to avoid fetch latency entirely
 * **Use an external cache** (Upstash Redis, Cloudflare KV) via the `cache.adapter` option to share cached data across isolates — see the [Caching guide](/docs/self-host/guides/caching) for setup
 
-## Custom consent cookie — resolveConsent
+## Custom consent cookie — unstable\_resolveConsent
 
 > ℹ️ **Info:**
 > Experimental — this API may change in future versions.
 
-If you manage your own consent cookie and just need to know **which categories to load** for a given visitor, use `resolveConsent` instead of `c15tEdgeInit`. It's a lightweight, fully synchronous function that returns the matched policy and default consent state — no translations, GVL, branding, or snapshot tokens.
+If you manage your own consent cookie and just need to know **which categories to load** for a given visitor, use `unstable_resolveConsent` instead of `unstable_c15tEdgeInit`. It's a lightweight, fully synchronous function that returns the matched policy and default consent state — no translations, GVL, branding, or snapshot tokens.
 
 ```ts title="middleware.ts"
-import { resolveConsent } from '@c15t/backend/edge';
+import { unstable_resolveConsent } from '@c15t/backend/edge';
 
 const policyPacks = [
   {
@@ -201,7 +204,7 @@ const policyPacks = [
 ];
 
 export function middleware(request: Request) {
-  const consent = resolveConsent(request, { policyPacks });
+  const consent = unstable_resolveConsent(request, { policyPacks });
 
   // consent.model       → "opt-in" | "opt-out" | "none" | "iab"
   // consent.showBanner  → true
@@ -226,9 +229,9 @@ export function middleware(request: Request) {
 |`opt-out`|granted, required|**granted**|GPC signal can override `marketing`/`measurement` to not granted|
 |`none`|granted, required|**granted**|No banner shown|
 
-### `resolveConsent` vs `c15tEdgeInit`
+### `unstable_resolveConsent` vs `unstable_c15tEdgeInit`
 
-||`resolveConsent`|`c15tEdgeInit`|
+||`unstable_resolveConsent`|`unstable_c15tEdgeInit`|
 |--|--|--|
 |**Use case**|Custom consent cookie|Drop-in `/init` replacement|
 |**Sync**|Yes|No (async — signs JWT, fetches GVL)|

package/docs/guides/iab-tcf.md

@@ -6,7 +6,7 @@ The c15t backend optionally supports [IAB TCF v2.3](https://iabeurope.eu/transpa
 
 ## CMP Registration
 
-[consent.io](https://consent.io) is pending validation as an IAB Europe-registered CMP for c15t. Once approved, when using consent.io as your hosted backend, the CMP ID will be automatically provided to clients — no additional configuration needed.
+[inth.com](https://inth.com) is pending validation as an IAB Europe-registered CMP for c15t. Once approved, when using inth.com as your hosted backend, the CMP ID will be automatically provided to clients — no additional configuration needed.
 
 If you self-host and have your own CMP registration with IAB Europe, configure your CMP ID via `iab.cmpId`. This value is returned to clients in the `/init` response so they use the correct CMP identity in TC Strings.
 
@@ -14,7 +14,7 @@ If you self-host and have your own CMP registration with IAB Europe, configure y
 > A valid (non-zero) CMP ID is required for IAB TCF compliance. If neither the backend nor the client provides a CMP ID, IAB initialization will fail with an error.
 >
 > ℹ️ **Info:**
-> If you heavily customize or build your own IAB banner or dialog (rather than using the default IABConsentBanner and IABConsentDialog components provided by c15t), you cannot use consent.io's CMP ID. You must register your own CMP with IAB Europe and configure your CMP ID via iab.cmpId.
+> If you heavily customize or build your own IAB banner or dialog (rather than using the default IABConsentBanner and IABConsentDialog components provided by c15t), you cannot use inth.com's CMP ID. You must register your own CMP with IAB Europe and configure your CMP ID via iab.cmpId.
 
 ## Enable IAB
 
@@ -25,13 +25,13 @@ export const c15t = c15tInstance({
   // ...
   iab: {
     enabled: true,
-    cmpId: 10,                  // your registered CMP ID (consent.io provides this automatically)
+    cmpId: 10,                  // your registered CMP ID (inth.com provides this automatically)
     vendorIds: [755, 52, 69],   // only include vendors you use
   },
 });
 ```
 
-The backend fetches the GVL from `https://gvl.consent.io` by default and caches it. The `/init` endpoint returns the filtered GVL and your CMP ID to the frontend.
+The backend fetches the GVL from `https://gvl.inth.com` by default and caches it. The `/init` endpoint returns the filtered GVL and your CMP ID to the frontend.
 
 ## Custom GVL Endpoint
 

package/docs/quickstart.md

@@ -6,7 +6,7 @@ The `@c15t/backend` package gives you a fully self-hosted consent management API
 
 The backend exposes a standard `(request: Request) => Promise<Response>` handler, so it works with any JavaScript runtime (Node.js, Bun, Deno, Cloudflare Workers) and any HTTP framework.
 
-If you want a fully managed experience we recommend using [consent.io](https://consent.io).
+If you want a fully managed experience we recommend using [inth.com](https://inth.com).
 
 ## Installation
 
@@ -76,10 +76,10 @@ If you want a fully managed experience we recommend using [consent.io](https://c
 
    |Package manager|Command|
    |:--|:--|
-   |npm|`npx @c15t/cli@rc`|
-   |pnpm|`pnpm dlx @c15t/cli@rc`|
-   |yarn|`yarn dlx @c15t/cli@rc`|
-   |bun|`bunx @c15t/cli@rc`|
+   |npm|`npx @c15t/cli`|
+   |pnpm|`pnpm dlx @c15t/cli`|
+   |yarn|`yarn dlx @c15t/cli`|
+   |bun|`bunx @c15t/cli`|
 
    See Database Setup for adapter-specific migration guides. If you plan to use policy packs with runtime audit storage, also apply the runtime policy decision migration from the Policy Packs guide.
 
@@ -119,10 +119,10 @@ Install c15t agent skills to let AI agents help with styling, i18n, scripts & ot
 
 |Package manager|Command|
 |:--|:--|
-|npm|`npx @c15t/cli@rc skills`|
-|pnpm|`pnpm dlx @c15t/cli@rc skills`|
-|yarn|`yarn dlx @c15t/cli@rc skills`|
-|bun|`bunx @c15t/cli@rc skills`|
+|npm|`npx @c15t/cli skills`|
+|pnpm|`pnpm dlx @c15t/cli skills`|
+|yarn|`yarn dlx @c15t/cli skills`|
+|bun|`bunx @c15t/cli skills`|
 
 See [AI Agents](/docs/ai-agents) for bundled package docs and agent skills.
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@c15t/backend",
-	"version": "2.0.0-rc.6",
+	"version": "2.0.0",
 	"description": "Consent policy engine and API for c15t. Powers the cookie banner, consent manager, and preferences centre. Webhooks, audit logs, storage adapters. Self host or use consent.io",
 	"keywords": [
 		"consent",
@@ -25,7 +25,7 @@
 		"url": "https://github.com/c15t/c15t.git",
 		"directory": "packages/backend"
 	},
-	"license": "GPL-3.0-only",
+	"license": "Apache-2.0",
 	"type": "module",
 	"exports": {
 		".": {
@@ -110,10 +110,10 @@
 	],
 	"scripts": {
 		"prebuild": "genversion --esm --semi src/version.ts",
-		"build": "bun prebuild && rslib build && bun ../../scripts/agent-docs/generate-package-docs.ts @c15t/backend",
+		"build": "bun prebuild && rslib build && bun ../../scripts/normalize-dist-types.mjs && bun ../../scripts/agent-docs/generate-package-docs.ts @c15t/backend",
 		"build:agent-docs": "bun ../../scripts/agent-docs/generate-package-docs.ts @c15t/backend",
 		"check-types": "bun prebuild && tsc --noEmit",
-		"dev": "bun prebuild && rslib build",
+		"dev": "bun prebuild && rslib build && bun ../../scripts/normalize-dist-types.mjs",
 		"fmt": "bun biome format --write . && bun biome check --formatter-enabled=false --linter-enabled=false --write",
 		"knip": "knip",
 		"lint": "bun biome lint ./src",
@@ -123,9 +123,9 @@
 		"test:watch": "bun prebuild && vitest"
 	},
 	"dependencies": {
-		"@c15t/logger": "1.0.2-rc.0",
-		"@c15t/schema": "2.0.0-rc.4",
-		"@c15t/translations": "2.0.0-rc.5",
+		"@c15t/logger": "2.0.0",
+		"@c15t/schema": "2.0.0",
+		"@c15t/translations": "2.0.0",
 		"@hono/standard-validator": "^0.2.2",
 		"@hono/valibot-validator": "0.6.1",
 		"@opentelemetry/api": "1.9.1",
@@ -141,7 +141,7 @@
 		"valibot": "1.3.1"
 	},
 	"devDependencies": {
-		"@c15t/typescript-config": "0.0.1-beta.1",
+		"@c15t/typescript-config": "0.0.1",
 		"@c15t/vitest-config": "1.0.0",
 		"@opentelemetry/sdk-trace-base": "^2.6.1",
 		"@types/node": "25.5.0",