@c15t/nextjs 2.0.0-rc.4 → 2.0.0-rc.6

package/docs/iab/use-gvl-data.md

@@ -0,0 +1,208 @@
+---
+title: useGVLData
+description: Hook to access processed Global Vendor List (GVL) data for building custom IAB TCF UI components.
+---
+> ❌ **Error:**
+> c15t is not yet IAB certified. The IAB TCF components are under active development and should not be used in production. APIs and behavior may change before certification is achieved.
+
+`useGVLData()` processes the raw IAB Global Vendor List (GVL) into a UI-friendly format. It handles purpose grouping into stacks, vendor mapping, special purpose/feature extraction, and loading state.
+
+Use this hook when building a custom IAB TCF UI instead of the pre-built `IABConsentDialog`.
+
+```tsx
+import { useGVLData } from '@c15t/react/hooks';
+
+function CustomIABPreferences() {
+  const { purposes, stacks, standalonePurposes, totalVendors, isLoading } = useGVLData();
+
+  if (isLoading) return <p>Loading vendor data...</p>;
+
+  return (
+    <div>
+      <p>{totalVendors} partners</p>
+      {standalonePurposes.map((purpose) => (
+        <div key={purpose.id}>
+          <h3>{purpose.name}</h3>
+          <p>{purpose.description}</p>
+          <p>{purpose.vendors.length} vendors</p>
+        </div>
+      ))}
+    </div>
+  );
+}
+```
+
+> ℹ️ **Info:**
+> Must be used within a ConsentManagerProvider with IAB mode enabled. Returns empty data if IAB is not configured.
+
+## Return Value
+
+The hook returns a `GVLData` object:
+
+### GVLData
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|purposes|ProcessedPurpose|-|-|✅ Required|
+|specialPurposes|ProcessedPurpose|-|-|✅ Required|
+|specialFeatures|ProcessedSpecialFeature|-|-|✅ Required|
+|features|ProcessedFeature|-|-|✅ Required|
+|stacks|ProcessedStack|-|-|✅ Required|
+|standalonePurposes|ProcessedPurpose|-|-|✅ Required|
+|totalVendors|number|-|-|✅ Required|
+|isLoading|boolean|-|-|✅ Required|
+
+#### `purposes` ProcessedPurpose
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|descriptionLegal|string \|undefined|-|-|Optional|
+|illustrations|string\[]|-|-|✅ Required|
+|vendors|ProcessedVendor|-|-|✅ Required|
+|isSpecialPurpose|boolean \|undefined|-|-|Optional|
+
+#### `specialPurposes` ProcessedPurpose
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|descriptionLegal|string \|undefined|-|-|Optional|
+|illustrations|string\[]|-|-|✅ Required|
+|vendors|ProcessedVendor|-|-|✅ Required|
+|isSpecialPurpose|boolean \|undefined|-|-|Optional|
+
+#### `specialFeatures` ProcessedSpecialFeature
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|descriptionLegal|string \|undefined|-|-|Optional|
+|illustrations|string\[]|-|-|✅ Required|
+|vendors|ProcessedVendor|-|-|✅ Required|
+
+#### `features` ProcessedFeature
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|descriptionLegal|string \|undefined|-|-|Optional|
+|illustrations|string\[]|-|-|✅ Required|
+|vendors|ProcessedVendor|-|-|✅ Required|
+
+#### `stacks` ProcessedStack
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|purposes|ProcessedPurpose|-|-|✅ Required|
+
+#### `standalonePurposes` ProcessedPurpose
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|descriptionLegal|string \|undefined|-|-|Optional|
+|illustrations|string\[]|-|-|✅ Required|
+|vendors|ProcessedVendor|-|-|✅ Required|
+|isSpecialPurpose|boolean \|undefined|-|-|Optional|
+
+## Types
+
+### ProcessedPurpose
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|descriptionLegal|string \|undefined|-|-|Optional|
+|illustrations|string\[]|-|-|✅ Required|
+|vendors|ProcessedVendor|-|-|✅ Required|
+|isSpecialPurpose|boolean \|undefined|-|-|Optional|
+
+#### `vendors` ProcessedVendor
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|VendorId|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|policyUrl|string|-|-|✅ Required|
+|usesNonCookieAccess|boolean|-|-|✅ Required|
+|deviceStorageDisclosureUrl|string \|null|-|-|✅ Required|
+|usesCookies|boolean|-|-|✅ Required|
+|cookieMaxAgeSeconds|number \|null|-|-|✅ Required|
+|cookieRefresh|boolean \|undefined|-|-|Optional|
+|specialPurposes|number\[]|-|-|✅ Required|
+|specialFeatures|number\[]|-|-|✅ Required|
+|features|number\[]|-|-|✅ Required|
+|purposes|number\[]|-|-|✅ Required|
+|legIntPurposes|number\[]|-|-|✅ Required|
+|legitimateInterestUrl|string \|null \|undefined|-|-|Optional|
+|isCustom|boolean \|undefined|-|-|Optional|
+|usesLegitimateInterest|boolean \|undefined|-|-|Optional|
+|dataRetention|Object \|undefined|-|-|Optional|
+|dataDeclaration|number\[] \|undefined|-|-|Optional|
+
+### ProcessedVendor
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|VendorId|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|policyUrl|string|-|-|✅ Required|
+|usesNonCookieAccess|boolean|-|-|✅ Required|
+|deviceStorageDisclosureUrl|string \|null|-|-|✅ Required|
+|usesCookies|boolean|-|-|✅ Required|
+|cookieMaxAgeSeconds|number \|null|-|-|✅ Required|
+|cookieRefresh|boolean \|undefined|-|-|Optional|
+|specialPurposes|number\[]|-|-|✅ Required|
+|specialFeatures|number\[]|-|-|✅ Required|
+|features|number\[]|-|-|✅ Required|
+|purposes|number\[]|-|-|✅ Required|
+|legIntPurposes|number\[]|-|-|✅ Required|
+|legitimateInterestUrl|string \|null \|undefined|-|-|Optional|
+|isCustom|boolean \|undefined|-|-|Optional|
+|usesLegitimateInterest|boolean \|undefined|-|-|Optional|
+|dataRetention|Object \|undefined|-|-|Optional|
+|dataDeclaration|number\[] \|undefined|-|-|Optional|
+
+#### `dataRetention`
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|purposes|Record\<number, number> \|undefined|-|-|Optional|
+|specialPurposes|Record\<number, number> \|undefined|-|-|Optional|
+|stdRetention|number \|undefined|-|-|Optional|
+
+### ProcessedStack
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|purposes|ProcessedPurpose|-|-|✅ Required|
+
+### ProcessedSpecialFeature
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|number|-|-|✅ Required|
+|name|string|-|-|✅ Required|
+|description|string|-|-|✅ Required|
+|descriptionLegal|string \|undefined|-|-|Optional|
+|illustrations|string\[]|-|-|✅ Required|
+|vendors|ProcessedVendor|-|-|✅ Required|

package/docs/iframe-blocking.md

@@ -0,0 +1,107 @@
+---
+title: Iframe Blocking
+description: Block embedded content (YouTube, social widgets, maps) until users grant consent for the appropriate category.
+---
+Embedded iframes from third parties (YouTube, Google Maps, social media widgets) can set cookies and track users without their consent. c15t provides two approaches to gate iframes behind consent:
+
+1. **`<Frame>` component** - A React component that conditionally renders children based on consent
+2. **HTML `data-category` attribute** - For raw `<iframe>` elements outside of React
+
+## Frame Component
+
+The `<Frame>` component wraps content that requires consent. Children are only mounted when the specified category has consent. When consent is not granted, a placeholder is shown instead.
+
+```tsx
+import { Frame } from '@c15t/nextjs';
+
+function YouTubeEmbed() {
+  return (
+    <Frame category="marketing">
+      <iframe
+        src="https://www.youtube.com/embed/dQw4w9WgXcQ"
+        width="560"
+        height="315"
+        allowFullScreen
+      />
+    </Frame>
+  );
+}
+```
+
+### Custom Placeholder
+
+Replace the default placeholder with your own UI:
+
+```tsx
+<Frame
+  category="marketing"
+  placeholder={
+    <div className="flex items-center justify-center h-64 bg-gray-100 rounded">
+      <p>Enable marketing cookies to watch this video.</p>
+    </div>
+  }
+>
+  <iframe src="https://www.youtube.com/embed/..." />
+</Frame>
+```
+
+### Compound Components
+
+Build custom placeholder layouts using compound components:
+
+```tsx
+<Frame.Root category="marketing">
+  <Frame.Title category="marketing" />
+  <Frame.Button category="marketing" />
+</Frame.Root>
+```
+
+## HTML Attribute Approach
+
+For iframes outside of React (e.g., CMS content, server-rendered HTML), add `data-category` and use `data-src` instead of `src`:
+
+```html
+<iframe
+  data-src="https://www.youtube.com/embed/dQw4w9WgXcQ"
+  data-category="marketing"
+  width="560"
+  height="315"
+></iframe>
+```
+
+When consent for the specified category is granted, c15t automatically swaps `data-src` to `src`, loading the iframe. When consent is revoked, `src` is moved back to `data-src`.
+
+### Dynamic Iframes
+
+c15t uses a `MutationObserver` to watch for dynamically added iframes. Any iframe with `data-category` added to the DOM after initialization is automatically processed.
+
+## Initializing the Iframe Blocker
+
+The iframe blocker for HTML attributes needs to be initialized separately from the Frame component:
+
+```tsx
+import { useConsentManager } from '@c15t/nextjs';
+import { useEffect } from 'react';
+
+function IframeBlockerInit() {
+  const { initializeIframeBlocker } = useConsentManager();
+
+  useEffect(() => {
+    initializeIframeBlocker();
+  }, [initializeIframeBlocker]);
+
+  return null;
+}
+```
+
+## API Reference
+
+### FrameProps
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|children|ReactNode|Content rendered when consent is granted. Children are not mounted until consent is given, preventing unnecessary network requests.|-|✅ Required|
+|category|AllConsentNames|Consent category required to render children.|-|✅ Required|
+|placeholder|ReactNode|A custom placeholder component to display when consent is not met. If not provided, a default placeholder will be displayed.|-|Optional|
+|noStyle|boolean \|undefined|When true, removes all default styling from the component|false|Optional|
+|theme|any|Custom theme to override default styles while maintaining structure and accessibility. Merges with defaults. Ignored when \`noStyle=\{true}\`.|undefined|Optional|

package/docs/integrations/databuddy.md

@@ -0,0 +1,186 @@
+---
+title: Databuddy
+description: Databuddy is a privacy-focused analytics platform that helps you understand user behavior and track events. It supports cookieless tracking and manages consent automatically through c15t's consent state synchronization.
+lastModified: 2025-10-31
+
+icon: databuddy
+---
+The Databuddy script automatically respects consent preferences by toggling tracking on and off based on the user's consent state.
+
+## Script Implementation
+
+1. **Adding the Databuddy script to c15t**
+
+   > ℹ️ Info:
+   >
+   > See the integration overview for how to pass scripts to your framework (JavaScript, React, or Next.js).
+
+   ```ts
+   import { databuddy } from '@c15t/scripts/databuddy';
+
+   databuddy({
+     clientId: 'your-client-id',
+     scriptUrl: 'https://cdn.databuddy.cc/databuddy.js',
+     apiUrl: 'https://basket.databuddy.cc',
+     options: {
+       trackScreenViews: true,
+       trackOutgoingLinks: true,
+     }
+   })
+   ```
+
+2. **Using Databuddy in your application** Once initialized, Databuddy is available globally via window\.databuddy or window\.db:
+
+   ```ts
+   // Track a custom event
+   window.databuddy?.trackCustomEvent('button_clicked', {
+     button_id: 'signup',
+     page: '/landing'
+   });
+
+   // Or use the shorthand
+   window.db?.track('purchase_completed', {
+     amount: 99.99,
+     currency: 'USD'
+   });
+
+   // Track a screen view manually
+   window.databuddy?.screenView('/dashboard', {
+     user_role: 'admin'
+   });
+
+   // Set global properties for all events
+   window.databuddy?.setGlobalProperties({
+     app_version: '1.2.3',
+     environment: 'production'
+   });
+   ```
+
+## How Consent Management Works
+
+The Databuddy integration automatically handles consent management:
+
+1. **Before Script Load**: Sets `window.databuddyConfig.disabled` based on initial consent state
+2. **On Consent Grant**: Enables tracking by setting `window.databuddy.options.disabled = false`
+3. **On Consent Revoke**: Disables tracking by setting `window.databuddy.options.disabled = true`
+
+This ensures that no tracking occurs without user consent, keeping your analytics privacy-compliant.
+
+## Configuration Options
+
+The `options` parameter allows you to customize Databuddy's behavior:
+
+```ts
+databuddy({
+  clientId: 'your-client-id',
+  scriptUrl: 'https://cdn.databuddy.cc/databuddy.js',
+  apiUrl: 'https://basket.databuddy.cc', // Optional, defaults to basket.databuddy.cc, change if self-hosting
+  options: {
+    // Tracking options
+    trackScreenViews: true,        // Automatically track page views
+    trackOutgoingLinks: true,      // Track clicks on external links
+    trackAttributes: false,        // Track data-track attributes on elements
+    trackErrors: false,            // Track JavaScript errors
+    trackPerformance: true,        // Track performance metrics
+    trackWebVitals: false,         // Track Core Web Vitals
+
+
+    // Network options
+    enableBatching: false,         // Batch events before sending
+    batchSize: 10,                 // Events per batch
+    batchTimeout: 2000,            // Batch timeout in ms
+    samplingRate: 1.0,             // Sample rate (0.0-1.0)
+  }
+})
+```
+
+## Types
+
+### DatabuddyConsentOptions
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|clientId|string|Your Databuddy client ID.|-|✅ Required|
+|apiUrl|string \|undefined|Your Databuddy API URL.|'https\://basket.databuddy.cc'|Optional|
+|scriptUrl|string \|undefined|The Databuddy script URL.|'https\://cdn.databuddy.cc/databuddy.js'|Optional|
+|options|Record\<string, unknown> \|undefined|Additional configuration options for Databuddy.|-|Optional|
+|script|Script \|undefined|Override or extend the default script values. Options: \`id\`: 'databuddy'; \`category\`: 'measurement'|-|Optional|
+
+### Script
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|Unique identifier for the script|-|✅ Required|
+|src|string \|undefined|URL of the script to load|-|Optional|
+|textContent|string \|undefined|Inline JavaScript code to execute|-|Optional|
+|category|HasCondition\<AllConsentNames>|Consent category or condition required to load this script|-|✅ Required|
+|callbackOnly|boolean \|undefined|Whether this is a callback-only script that doesn't need to load an external resource. When true, no script tag will be added to the DOM, only callbacks will be executed.|false|Optional|
+|persistAfterConsentRevoked|boolean \|undefined|Whether the script should persist after consent is revoked.|false|Optional|
+|alwaysLoad|boolean \|undefined|Whether the script should always load regardless of consent state. This is useful for scripts like Google Tag Manager or PostHog that manage their own consent state internally. The script will load immediately and never be unloaded based on consent changes. Note: When using this option, you are responsible for ensuring the script itself respects user consent preferences through its own consent management.|false|Optional|
+|fetchPriority|"high" \|"low" \|"auto" \|undefined|Priority hint for browser resource loading|-|Optional|
+|attributes|Record\<string, string> \|undefined|Additional attributes to add to the script element|-|Optional|
+|async|boolean \|undefined|Whether to use async loading|-|Optional|
+|defer|boolean \|undefined|Whether to defer script loading|-|Optional|
+|nonce|string \|undefined|Content Security Policy nonce|-|Optional|
+|anonymizeId|boolean \|undefined|Whether to use an anonymized ID for the script element, this helps ensure the script is not blocked by ad blockers|true|Optional|
+|target|"head" \|"body" \|undefined|Where to inject the script element in the DOM. Options: \`'head'\`: Scripts are appended to \`\<head>\` (default); \`'body'\`: Scripts are appended to \`\<body>\`|'head'|Optional|
+|onBeforeLoad|Object \|undefined|Callback executed before the script is loaded|-|Optional|
+|onLoad|Object \|undefined|Callback executed when the script loads successfully|-|Optional|
+|onError|Object \|undefined|Callback executed if the script fails to load|-|Optional|
+|onConsentChange|Object \|undefined|Callback executed whenever the consent store is changed. This callback only applies to scripts already loaded.|-|Optional|
+|vendorId|string \|number \|undefined|IAB TCF vendor ID - links script to a registered vendor. When in IAB mode, the script will only load if this vendor has consent. Takes precedence over \`category\` when in IAB mode. Use custom vendor IDs (string or number) to gate non-IAB vendors too.|-|Optional|
+|iabPurposes|number\[] \|undefined|IAB TCF purpose IDs this script requires consent for. When in IAB mode and no vendorId is set, the script will only load if ALL specified purposes have consent.|-|Optional|
+|iabLegIntPurposes|number\[] \|undefined|IAB TCF legitimate interest purpose IDs. These purposes can operate under legitimate interest instead of consent. The script loads if all iabPurposes have consent OR all iabLegIntPurposes have legitimate interest established.|-|Optional|
+|iabSpecialFeatures|number\[] \|undefined|IAB TCF special feature IDs this script requires. Options: 1: Use precise geolocation data; 2: Actively scan device characteristics for identification|-|Optional|
+
+#### `onBeforeLoad`
+
+Callback executed before the script is loaded
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|
+
+#### `onLoad`
+
+Callback executed when the script loads successfully
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|
+
+#### `onError`
+
+Callback executed if the script fails to load
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|
+
+#### `onConsentChange`
+
+Callback executed whenever the consent store is changed. This callback only applies to scripts already loaded.
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|

package/docs/integrations/google-tag-manager.md

@@ -0,0 +1,153 @@
+---
+title: Google Tag Manager
+description: Deploy and manage marketing tags centrally with automatic consent state synchronization.
+lastModified: 2026-02-10
+
+icon: google-tag-manager
+---
+Google Tag Manager (GTM) is Google's tag management system that lets you deploy and manage marketing tags, analytics scripts, and conversion pixels without modifying your codebase. Instead of hardcoding multiple scripts, you configure them through GTM's web interface.
+
+c15t automatically injects the GTM script into your page and syncs consent state with GTM using Consent Mode v2. By default, c15t loads GTM regardless of consent because GTM manages its own internal consent state and only fires tags when appropriate consent is granted.
+
+This prevents GTM-managed scripts from loading without proper consent while giving you centralized control over your marketing stack.
+
+> ℹ️ **Info:**
+> Use GTM if your team manages many tags centrally in the GTM UI. Use gtag.js if you only need GA4/Google Ads directly in code. Don't run both for the same destination unless intentional, or you may duplicate events.
+
+## Implementation
+
+1. **Creating a Tag Manager Container**
+
+   > ℹ️ Info:
+   >
+   > This step is optional if you already have a Tag Manager container. Ensure your container has consent overview enabled.
+
+   After signing into Google Tag Manager, you can create a new container.
+   Continue to Google Tag Manager
+
+   In Tag Manager, click Admin > Container Settings.Under Additional Settings, select "Enable consent overview".
+
+   Enable consent overview
+
+2. **Custom Update Trigger** We now need to create a custom trigger in GTM to trigger the update event, this is the trigger that is fired when the consent state is updated, e.g. user gives consent to a specific purpose.
+
+   In GTM, you can create a new trigger by clicking on the "Triggers" tab and then clicking on "New".
+
+   For the event name, you can use the default "consent-update", this is customizable later so you can change it if you want.
+
+   Create trigger
+
+3. **Adding / Updating tags** Now for your existing tags, you can add the "consent-update" trigger to the tag, this will fire the update event when the consent state is updated & it has the appropriate consent state.
+
+   Update tags
+
+4. **Setting up c15t with Google Tag Manager** After creating your container, you can set up c15t with Google Tag Manager. All you need to do is copy and paste your container ID & begins with "GTM-".
+
+   > ℹ️ Info:
+   >
+   > See the integration overview for how to pass scripts to your framework (JavaScript, React, or Next.js).
+
+   ```ts
+   import { googleTagManager } from '@c15t/scripts/google-tag-manager';
+
+   googleTagManager({
+     id: 'GTM-XXXXXXX',
+   })
+   ```
+
+## Post-setup verification checklist
+
+1. Open GTM Preview mode and confirm your container (`GTM-...`) loads on page load.
+2. Before giving consent, confirm non-essential tags do not fire in GTM Preview.
+3. Accept consent in the c15t banner/dialog and confirm a `consent-update` event appears in the GTM event timeline.
+4. Confirm measurement/marketing tags fire only after the matching consent is granted.
+5. Revoke consent and confirm a new `consent-update` event appears and affected tags stop firing.
+
+## Types
+
+### GoogleTagManagerOptions
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|Your Google Tag Manager container ID. Begins with 'GTM-'.|-|✅ Required|
+|updateEventName|string \|undefined|Update Event Name A custom event name used as a trigger to load your script once the consent has been updated.|'consent-update'|Optional|
+|script|Script \|undefined|Override or extend the default script values.|-|Optional|
+
+### Script
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|Unique identifier for the script|-|✅ Required|
+|src|string \|undefined|URL of the script to load|-|Optional|
+|textContent|string \|undefined|Inline JavaScript code to execute|-|Optional|
+|category|HasCondition\<AllConsentNames>|Consent category or condition required to load this script|-|✅ Required|
+|callbackOnly|boolean \|undefined|Whether this is a callback-only script that doesn't need to load an external resource. When true, no script tag will be added to the DOM, only callbacks will be executed.|false|Optional|
+|persistAfterConsentRevoked|boolean \|undefined|Whether the script should persist after consent is revoked.|false|Optional|
+|alwaysLoad|boolean \|undefined|Whether the script should always load regardless of consent state. This is useful for scripts like Google Tag Manager or PostHog that manage their own consent state internally. The script will load immediately and never be unloaded based on consent changes. Note: When using this option, you are responsible for ensuring the script itself respects user consent preferences through its own consent management.|false|Optional|
+|fetchPriority|"high" \|"low" \|"auto" \|undefined|Priority hint for browser resource loading|-|Optional|
+|attributes|Record\<string, string> \|undefined|Additional attributes to add to the script element|-|Optional|
+|async|boolean \|undefined|Whether to use async loading|-|Optional|
+|defer|boolean \|undefined|Whether to defer script loading|-|Optional|
+|nonce|string \|undefined|Content Security Policy nonce|-|Optional|
+|anonymizeId|boolean \|undefined|Whether to use an anonymized ID for the script element, this helps ensure the script is not blocked by ad blockers|true|Optional|
+|target|"head" \|"body" \|undefined|Where to inject the script element in the DOM. Options: \`'head'\`: Scripts are appended to \`\<head>\` (default); \`'body'\`: Scripts are appended to \`\<body>\`|'head'|Optional|
+|onBeforeLoad|Object \|undefined|Callback executed before the script is loaded|-|Optional|
+|onLoad|Object \|undefined|Callback executed when the script loads successfully|-|Optional|
+|onError|Object \|undefined|Callback executed if the script fails to load|-|Optional|
+|onConsentChange|Object \|undefined|Callback executed whenever the consent store is changed. This callback only applies to scripts already loaded.|-|Optional|
+|vendorId|string \|number \|undefined|IAB TCF vendor ID - links script to a registered vendor. When in IAB mode, the script will only load if this vendor has consent. Takes precedence over \`category\` when in IAB mode. Use custom vendor IDs (string or number) to gate non-IAB vendors too.|-|Optional|
+|iabPurposes|number\[] \|undefined|IAB TCF purpose IDs this script requires consent for. When in IAB mode and no vendorId is set, the script will only load if ALL specified purposes have consent.|-|Optional|
+|iabLegIntPurposes|number\[] \|undefined|IAB TCF legitimate interest purpose IDs. These purposes can operate under legitimate interest instead of consent. The script loads if all iabPurposes have consent OR all iabLegIntPurposes have legitimate interest established.|-|Optional|
+|iabSpecialFeatures|number\[] \|undefined|IAB TCF special feature IDs this script requires. Options: 1: Use precise geolocation data; 2: Actively scan device characteristics for identification|-|Optional|
+
+#### `onBeforeLoad`
+
+Callback executed before the script is loaded
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|
+
+#### `onLoad`
+
+Callback executed when the script loads successfully
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|
+
+#### `onError`
+
+Callback executed if the script fails to load
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|
+
+#### `onConsentChange`
+
+Callback executed whenever the consent store is changed. This callback only applies to scripts already loaded.
+
+|Property|Type|Description|Default|Required|
+|:--|:--|:--|:--|:--:|
+|id|string|The original script ID|-|✅ Required|
+|elementId|string|The actual DOM element ID used (anonymized if enabled)|-|✅ Required|
+|hasConsent|boolean|Has consent|-|✅ Required|
+|consents|ConsentState|The current consent state|-|✅ Required|
+|element|HTMLScriptElement \|undefined|The script element (for load/error callbacks) Will be undefined for callback-only scripts|-|Optional|
+|error|Error \|undefined|Error information (for error callbacks)|-|Optional|