@tiquo/dom-package 1.4.1 → 1.5.1

package/README.md

@@ -137,12 +137,24 @@ const result = await auth.updateProfile({
 console.log(result.customer.firstName); // 'John'
 ```
 
+Profile photos can be passed as a URL, a browser `File`/`Blob`, or a `data:image/...`/`blob:...` URI:
+
+```typescript
+const file = fileInput.files?.[0];
+if (file) {
+  await auth.updateProfile({ profilePhoto: file });
+}
+
+// Or upload just the photo:
+await auth.uploadProfilePhoto(file);
+```
+
 **Available fields:**
 - `firstName` - Customer's first name
 - `lastName` - Customer's last name
 - `displayName` - Display name (nickname)
 - `phone` - Primary phone number (E.164 format recommended: `+[country code][number]`)
-- `profilePhoto` - URL to profile photo
+- `profilePhoto` - URL, File/Blob, or `data:image/...`/`blob:...` URI for profile photo
 - `phones` - Full phone list (array of `{ number, isPrimary, order }`)
 
 > **Important:** Phone numbers should include a country code (e.g., `+1` for US, `+44` for UK). Use `TiquoPhone.buildPhone()` to construct properly formatted numbers from a country selector + national number input. See [Phone Number Utilities](#phone-number-utilities) below.

package/dist/index.d.mts

@@ -209,6 +209,18 @@ declare function buildPhone(countryCode: string, nationalNumber: string): string
  * ```
  */
 
+declare class TiquoCMS {
+    private config;
+    constructor(config: TiquoCMSConfig);
+    /**
+     * Fetch a published CMS page for the website attached to this public key.
+     *
+     * This intentionally goes through the Tiquo edge API rather than exposing
+     * Convex connection details to the consuming website.
+     */
+    getPage(request: TiquoCMSPageRequest): Promise<TiquoCMSPage | null>;
+    private log;
+}
 interface TiquoAuthConfig {
     /** Public key from your Tiquo Auth DOM settings */
     publicKey: string;
@@ -225,6 +237,53 @@ interface TiquoAuthConfig {
     /** Pre-authenticated refresh token (for WebView injection from native apps) */
     refreshToken?: string;
 }
+interface TiquoCMSConfig {
+    /** Public key from your Tiquo Auth DOM settings */
+    publicKey: string;
+    /** API endpoint (defaults to production) */
+    apiEndpoint?: string;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+interface TiquoCMSPageRequest {
+    /** CMS website slug */
+    siteSlug: string;
+    /** CMS page slug, defaults to "home" */
+    pageSlug?: string;
+    /** Optional template contract guard */
+    templateId?: string;
+}
+interface TiquoCMSBlock {
+    id: string;
+    type: string;
+    props: Record<string, unknown>;
+    locked?: boolean;
+    lockedBy?: string;
+    required?: boolean;
+}
+interface TiquoCMSPage {
+    id: string;
+    site: {
+        id: string;
+        name: string;
+        slug?: string;
+        templateId?: string;
+        templateVersion?: number;
+        globalConfig?: unknown;
+    };
+    page: {
+        id: string;
+        title: string;
+        slug: string;
+        path: string;
+        blocks: TiquoCMSBlock[];
+        settings?: unknown;
+        metaTitle?: string;
+        metaDescription?: string;
+        publishedAt?: number;
+        updatedAt: number;
+    };
+}
 declare global {
     interface Window {
         __TIQUO_INIT_TOKEN__?: {
@@ -305,7 +364,13 @@ interface ProfileUpdateData {
      * for country+national input, or TiquoPhone.validate() to pre-check.
      */
     phone?: string;
-    profilePhoto?: string;
+    /**
+     * URL to a profile photo, a data/blob URI, or a browser File/Blob.
+     *
+     * File/Blob and data/blob URI values are uploaded to Tiquo storage before the
+     * profile is updated. Remote URLs are stored as-is.
+     */
+    profilePhoto?: string | Blob;
     emails?: TiquoCustomerEmail[];
     /**
      * Full phone list. Each number should be in E.164 format: +[country code][number].
@@ -317,6 +382,10 @@ interface ProfileUpdateResult {
     success: boolean;
     customer: TiquoCustomer;
 }
+interface ProfilePhotoUploadResult extends ProfileUpdateResult {
+    profilePhoto: string;
+    storageId: string;
+}
 interface TiquoOrderItem {
     id: string;
     name: string;
@@ -492,6 +561,80 @@ interface GetEnquiriesResult {
     hasMore: boolean;
     nextCursor?: string;
 }
+type TiquoCompanyRelationship = 'employee' | 'contractor' | 'manager' | 'executive' | 'owner' | 'contact' | 'other';
+/**
+ * The authenticated customer's membership in a company. Each company the
+ * customer belongs to has its own membership record — a customer can be
+ * an admin of one company and a regular employee of another.
+ */
+interface TiquoCompanyMembership {
+    relationship: TiquoCompanyRelationship;
+    title?: string;
+    department?: string;
+    isPrimaryContact: boolean;
+    /** True when this customer can call `getCompanyColleagues(company.id)`. */
+    isCompanyAdmin: boolean;
+    startDate?: number;
+}
+/**
+ * A company the authenticated customer is a member of. Bundles the
+ * company's public-ish details with the caller's own role inside it
+ * (`membership`). CRM/financial fields are intentionally omitted.
+ */
+interface TiquoCompany {
+    id: string;
+    name: string;
+    displayName?: string;
+    companyNumber: string;
+    description?: string;
+    email?: string;
+    phone?: string;
+    website?: string;
+    websites?: string[];
+    logo?: string;
+    addressLine1?: string;
+    addressLine2?: string;
+    city?: string;
+    state?: string;
+    postalCode?: string;
+    country?: string;
+    industry?: string;
+    companySize?: '1-10' | '11-50' | '51-200' | '201-500' | '501-1000' | '1000+';
+    status: 'active' | 'inactive' | 'archived';
+    type?: 'client' | 'prospect' | 'vendor' | 'partner' | 'other';
+    membership: TiquoCompanyMembership;
+}
+interface GetCompaniesResult {
+    companies: TiquoCompany[];
+}
+/**
+ * A colleague — another customer in the same company. Returned only to
+ * Company Admins via `getCompanyColleagues()`. Limited to display-card
+ * info; CRM/financial data is never exposed.
+ */
+interface TiquoCompanyColleague {
+    id: string;
+    firstName?: string;
+    lastName?: string;
+    displayName?: string;
+    profilePhoto?: string;
+    email?: string;
+    phone?: string;
+    relationship: TiquoCompanyRelationship;
+    title?: string;
+    department?: string;
+    isPrimaryContact: boolean;
+    isCompanyAdmin: boolean;
+    /** True when this colleague is the authenticated customer themselves. */
+    isSelf: boolean;
+}
+interface GetCompanyColleaguesResult {
+    company: {
+        id: string;
+        name: string;
+    };
+    colleagues: TiquoCompanyColleague[];
+}
 type AuthStateChangeCallback = (session: TiquoSession | null) => void;
 declare class TiquoAuthError extends Error {
     code: string;
@@ -541,6 +684,14 @@ declare class TiquoAuth {
      * to construct from a country selector and national number.
      */
     updateProfile(updates: ProfileUpdateData): Promise<ProfileUpdateResult>;
+    /**
+     * Upload and save the authenticated customer's profile photo.
+     *
+     * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+     * image is uploaded to Tiquo storage first, and the customer profile is
+     * updated with the URL.
+     */
+    uploadProfilePhoto(photo: Blob | string): Promise<ProfilePhotoUploadResult>;
     /**
      * Log out the current user
      */
@@ -603,6 +754,32 @@ declare class TiquoAuth {
      * Only returns enquiries for the logged-in customer
      */
     getEnquiries(options?: GetEnquiriesOptions): Promise<GetEnquiriesResult>;
+    /**
+     * Get the companies the authenticated customer belongs to.
+     *
+     * Each entry includes the customer's role inside that company via
+     * `membership` — branch on `membership.isCompanyAdmin` to decide whether
+     * to render admin features (e.g. a colleagues list).
+     *
+     * Returns an empty array (not an error) when the customer isn't a
+     * member of any company.
+     */
+    getCompanies(): Promise<GetCompaniesResult>;
+    /**
+     * Get the colleagues (other customers) inside a company the authenticated
+     * customer is a member of.
+     *
+     * Restricted to Company Admins — if the caller isn't flagged as
+     * `isCompanyAdmin` on that company, this throws `TiquoAuthError` with
+     * code `NOT_COMPANY_ADMIN` (status 403). Check `membership.isCompanyAdmin`
+     * from `getCompanies()` before calling this if you want to render the
+     * admin UI conditionally.
+     *
+     * Each colleague includes basic contact info and their relationship to
+     * the company. The authenticated customer is included in the list with
+     * `isSelf: true` so the UI can highlight or skip them.
+     */
+    getCompanyColleagues(companyId: string): Promise<GetCompanyColleaguesResult>;
     /**
      * Generate a short-lived token for customer flow iframe authentication
      */
@@ -647,6 +824,9 @@ declare class TiquoAuth {
      * Check for tokens injected by native apps (WebView integration)
      */
     private checkForInjectedTokens;
+    private extractUploadableProfilePhoto;
+    private isProfilePhotoBlobUrl;
+    private profilePhotoToBlob;
     private request;
     /**
      * Ensure we have a valid access token, refreshing if necessary
@@ -691,11 +871,14 @@ declare function useTiquoAuth(auth: TiquoAuth): {
     verifyOTP: (email: string, otp: string) => Promise<VerifyOTPResult>;
     logout: () => Promise<void>;
     updateProfile: (updates: ProfileUpdateData) => Promise<ProfileUpdateResult>;
+    uploadProfilePhoto: (photo: Blob | string) => Promise<ProfilePhotoUploadResult>;
     getOrders: (options?: GetOrdersOptions) => Promise<GetOrdersResult>;
     getBookings: (options?: GetBookingsOptions) => Promise<GetBookingsResult>;
     getUpcomingBookings: (options?: Omit<GetBookingsOptions, "upcoming">) => Promise<GetBookingsResult>;
     getReceipt: (orderId: string) => Promise<TiquoReceipt>;
     getEnquiries: (options?: GetEnquiriesOptions) => Promise<GetEnquiriesResult>;
+    getCompanies: () => Promise<GetCompaniesResult>;
+    getCompanyColleagues: (companyId: string) => Promise<GetCompanyColleaguesResult>;
     getIframeToken: (flowId?: string) => Promise<IframeTokenResult>;
     embedCustomerFlow: (flowUrl: string, container: HTMLElement | string, options?: {
         width?: string;
@@ -758,4 +941,4 @@ declare class TiquoPhone {
     static buildPhone: typeof buildPhone;
 }
 
-export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };
+export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetCompaniesResult, type GetCompanyColleaguesResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfilePhotoUploadResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, TiquoCMS, type TiquoCMSBlock, type TiquoCMSConfig, type TiquoCMSPage, type TiquoCMSPageRequest, type TiquoCompany, type TiquoCompanyColleague, type TiquoCompanyMembership, type TiquoCompanyRelationship, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };

package/dist/index.d.ts

@@ -209,6 +209,18 @@ declare function buildPhone(countryCode: string, nationalNumber: string): string
  * ```
  */
 
+declare class TiquoCMS {
+    private config;
+    constructor(config: TiquoCMSConfig);
+    /**
+     * Fetch a published CMS page for the website attached to this public key.
+     *
+     * This intentionally goes through the Tiquo edge API rather than exposing
+     * Convex connection details to the consuming website.
+     */
+    getPage(request: TiquoCMSPageRequest): Promise<TiquoCMSPage | null>;
+    private log;
+}
 interface TiquoAuthConfig {
     /** Public key from your Tiquo Auth DOM settings */
     publicKey: string;
@@ -225,6 +237,53 @@ interface TiquoAuthConfig {
     /** Pre-authenticated refresh token (for WebView injection from native apps) */
     refreshToken?: string;
 }
+interface TiquoCMSConfig {
+    /** Public key from your Tiquo Auth DOM settings */
+    publicKey: string;
+    /** API endpoint (defaults to production) */
+    apiEndpoint?: string;
+    /** Enable debug logging */
+    debug?: boolean;
+}
+interface TiquoCMSPageRequest {
+    /** CMS website slug */
+    siteSlug: string;
+    /** CMS page slug, defaults to "home" */
+    pageSlug?: string;
+    /** Optional template contract guard */
+    templateId?: string;
+}
+interface TiquoCMSBlock {
+    id: string;
+    type: string;
+    props: Record<string, unknown>;
+    locked?: boolean;
+    lockedBy?: string;
+    required?: boolean;
+}
+interface TiquoCMSPage {
+    id: string;
+    site: {
+        id: string;
+        name: string;
+        slug?: string;
+        templateId?: string;
+        templateVersion?: number;
+        globalConfig?: unknown;
+    };
+    page: {
+        id: string;
+        title: string;
+        slug: string;
+        path: string;
+        blocks: TiquoCMSBlock[];
+        settings?: unknown;
+        metaTitle?: string;
+        metaDescription?: string;
+        publishedAt?: number;
+        updatedAt: number;
+    };
+}
 declare global {
     interface Window {
         __TIQUO_INIT_TOKEN__?: {
@@ -305,7 +364,13 @@ interface ProfileUpdateData {
      * for country+national input, or TiquoPhone.validate() to pre-check.
      */
     phone?: string;
-    profilePhoto?: string;
+    /**
+     * URL to a profile photo, a data/blob URI, or a browser File/Blob.
+     *
+     * File/Blob and data/blob URI values are uploaded to Tiquo storage before the
+     * profile is updated. Remote URLs are stored as-is.
+     */
+    profilePhoto?: string | Blob;
     emails?: TiquoCustomerEmail[];
     /**
      * Full phone list. Each number should be in E.164 format: +[country code][number].
@@ -317,6 +382,10 @@ interface ProfileUpdateResult {
     success: boolean;
     customer: TiquoCustomer;
 }
+interface ProfilePhotoUploadResult extends ProfileUpdateResult {
+    profilePhoto: string;
+    storageId: string;
+}
 interface TiquoOrderItem {
     id: string;
     name: string;
@@ -492,6 +561,80 @@ interface GetEnquiriesResult {
     hasMore: boolean;
     nextCursor?: string;
 }
+type TiquoCompanyRelationship = 'employee' | 'contractor' | 'manager' | 'executive' | 'owner' | 'contact' | 'other';
+/**
+ * The authenticated customer's membership in a company. Each company the
+ * customer belongs to has its own membership record — a customer can be
+ * an admin of one company and a regular employee of another.
+ */
+interface TiquoCompanyMembership {
+    relationship: TiquoCompanyRelationship;
+    title?: string;
+    department?: string;
+    isPrimaryContact: boolean;
+    /** True when this customer can call `getCompanyColleagues(company.id)`. */
+    isCompanyAdmin: boolean;
+    startDate?: number;
+}
+/**
+ * A company the authenticated customer is a member of. Bundles the
+ * company's public-ish details with the caller's own role inside it
+ * (`membership`). CRM/financial fields are intentionally omitted.
+ */
+interface TiquoCompany {
+    id: string;
+    name: string;
+    displayName?: string;
+    companyNumber: string;
+    description?: string;
+    email?: string;
+    phone?: string;
+    website?: string;
+    websites?: string[];
+    logo?: string;
+    addressLine1?: string;
+    addressLine2?: string;
+    city?: string;
+    state?: string;
+    postalCode?: string;
+    country?: string;
+    industry?: string;
+    companySize?: '1-10' | '11-50' | '51-200' | '201-500' | '501-1000' | '1000+';
+    status: 'active' | 'inactive' | 'archived';
+    type?: 'client' | 'prospect' | 'vendor' | 'partner' | 'other';
+    membership: TiquoCompanyMembership;
+}
+interface GetCompaniesResult {
+    companies: TiquoCompany[];
+}
+/**
+ * A colleague — another customer in the same company. Returned only to
+ * Company Admins via `getCompanyColleagues()`. Limited to display-card
+ * info; CRM/financial data is never exposed.
+ */
+interface TiquoCompanyColleague {
+    id: string;
+    firstName?: string;
+    lastName?: string;
+    displayName?: string;
+    profilePhoto?: string;
+    email?: string;
+    phone?: string;
+    relationship: TiquoCompanyRelationship;
+    title?: string;
+    department?: string;
+    isPrimaryContact: boolean;
+    isCompanyAdmin: boolean;
+    /** True when this colleague is the authenticated customer themselves. */
+    isSelf: boolean;
+}
+interface GetCompanyColleaguesResult {
+    company: {
+        id: string;
+        name: string;
+    };
+    colleagues: TiquoCompanyColleague[];
+}
 type AuthStateChangeCallback = (session: TiquoSession | null) => void;
 declare class TiquoAuthError extends Error {
     code: string;
@@ -541,6 +684,14 @@ declare class TiquoAuth {
      * to construct from a country selector and national number.
      */
     updateProfile(updates: ProfileUpdateData): Promise<ProfileUpdateResult>;
+    /**
+     * Upload and save the authenticated customer's profile photo.
+     *
+     * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+     * image is uploaded to Tiquo storage first, and the customer profile is
+     * updated with the URL.
+     */
+    uploadProfilePhoto(photo: Blob | string): Promise<ProfilePhotoUploadResult>;
     /**
      * Log out the current user
      */
@@ -603,6 +754,32 @@ declare class TiquoAuth {
      * Only returns enquiries for the logged-in customer
      */
     getEnquiries(options?: GetEnquiriesOptions): Promise<GetEnquiriesResult>;
+    /**
+     * Get the companies the authenticated customer belongs to.
+     *
+     * Each entry includes the customer's role inside that company via
+     * `membership` — branch on `membership.isCompanyAdmin` to decide whether
+     * to render admin features (e.g. a colleagues list).
+     *
+     * Returns an empty array (not an error) when the customer isn't a
+     * member of any company.
+     */
+    getCompanies(): Promise<GetCompaniesResult>;
+    /**
+     * Get the colleagues (other customers) inside a company the authenticated
+     * customer is a member of.
+     *
+     * Restricted to Company Admins — if the caller isn't flagged as
+     * `isCompanyAdmin` on that company, this throws `TiquoAuthError` with
+     * code `NOT_COMPANY_ADMIN` (status 403). Check `membership.isCompanyAdmin`
+     * from `getCompanies()` before calling this if you want to render the
+     * admin UI conditionally.
+     *
+     * Each colleague includes basic contact info and their relationship to
+     * the company. The authenticated customer is included in the list with
+     * `isSelf: true` so the UI can highlight or skip them.
+     */
+    getCompanyColleagues(companyId: string): Promise<GetCompanyColleaguesResult>;
     /**
      * Generate a short-lived token for customer flow iframe authentication
      */
@@ -647,6 +824,9 @@ declare class TiquoAuth {
      * Check for tokens injected by native apps (WebView integration)
      */
     private checkForInjectedTokens;
+    private extractUploadableProfilePhoto;
+    private isProfilePhotoBlobUrl;
+    private profilePhotoToBlob;
     private request;
     /**
      * Ensure we have a valid access token, refreshing if necessary
@@ -691,11 +871,14 @@ declare function useTiquoAuth(auth: TiquoAuth): {
     verifyOTP: (email: string, otp: string) => Promise<VerifyOTPResult>;
     logout: () => Promise<void>;
     updateProfile: (updates: ProfileUpdateData) => Promise<ProfileUpdateResult>;
+    uploadProfilePhoto: (photo: Blob | string) => Promise<ProfilePhotoUploadResult>;
     getOrders: (options?: GetOrdersOptions) => Promise<GetOrdersResult>;
     getBookings: (options?: GetBookingsOptions) => Promise<GetBookingsResult>;
     getUpcomingBookings: (options?: Omit<GetBookingsOptions, "upcoming">) => Promise<GetBookingsResult>;
     getReceipt: (orderId: string) => Promise<TiquoReceipt>;
     getEnquiries: (options?: GetEnquiriesOptions) => Promise<GetEnquiriesResult>;
+    getCompanies: () => Promise<GetCompaniesResult>;
+    getCompanyColleagues: (companyId: string) => Promise<GetCompanyColleaguesResult>;
     getIframeToken: (flowId?: string) => Promise<IframeTokenResult>;
     embedCustomerFlow: (flowUrl: string, container: HTMLElement | string, options?: {
         width?: string;
@@ -758,4 +941,4 @@ declare class TiquoPhone {
     static buildPhone: typeof buildPhone;
 }
 
-export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };
+export { type AuthStateChangeCallback, type CountryPhoneInfo, type GetBookingsOptions, type GetBookingsResult, type GetCompaniesResult, type GetCompanyColleaguesResult, type GetEnquiriesOptions, type GetEnquiriesResult, type GetOrdersOptions, type GetOrdersResult, type IframeTokenResult, type PhoneValidationResult, type ProfilePhotoUploadResult, type ProfileUpdateData, type ProfileUpdateResult, type SendOTPResult, TiquoAuth, type TiquoAuthConfig, TiquoAuthError, type TiquoBooking, TiquoCMS, type TiquoCMSBlock, type TiquoCMSConfig, type TiquoCMSPage, type TiquoCMSPageRequest, type TiquoCompany, type TiquoCompanyColleague, type TiquoCompanyMembership, type TiquoCompanyRelationship, type TiquoCustomer, type TiquoCustomerEmail, type TiquoCustomerPhone, type TiquoEnquiry, type TiquoOrder, type TiquoOrderItem, TiquoPhone, type TiquoReceipt, type TiquoReceiptBusiness, type TiquoReceiptCustomer, type TiquoReceiptItem, type TiquoReceiptOrder, type TiquoSession, type TiquoUser, type VerifyOTPResult, addCustomerUserId, clearCachedEmail, TiquoAuth as default, getCustomerUserIds, getPrefilledEmailFromCookie, isDashboardSession, trackCustomerPresence, useTiquoAuth };

package/dist/index.js

@@ -22,6 +22,7 @@ var index_exports = {};
 __export(index_exports, {
   TiquoAuth: () => TiquoAuth,
   TiquoAuthError: () => TiquoAuthError,
+  TiquoCMS: () => TiquoCMS,
   TiquoPhone: () => TiquoPhone,
   addCustomerUserId: () => addCustomerUserId,
   clearCachedEmail: () => clearCachedEmail,
@@ -677,6 +678,68 @@ function printTiquoBranding() {
   }
 }
 printTiquoBranding();
+var TiquoCMS = class {
+  constructor(config) {
+    if (!config.publicKey) {
+      throw new TiquoAuthError("publicKey is required", "MISSING_PUBLIC_KEY");
+    }
+    if (!config.publicKey.startsWith("pk_dom_")) {
+      throw new TiquoAuthError(
+        "Invalid public key format. Expected pk_dom_xxx",
+        "INVALID_PUBLIC_KEY"
+      );
+    }
+    this.config = {
+      publicKey: config.publicKey,
+      apiEndpoint: config.apiEndpoint || "https://edge.tiquo.app",
+      debug: config.debug || false
+    };
+  }
+  /**
+   * Fetch a published CMS page for the website attached to this public key.
+   *
+   * This intentionally goes through the Tiquo edge API rather than exposing
+   * Convex connection details to the consuming website.
+   */
+  async getPage(request) {
+    const response = await fetch(`${this.config.apiEndpoint}/api/dom-cms/page`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "text/plain;charset=UTF-8"
+      },
+      credentials: "include",
+      body: JSON.stringify({
+        publicKey: this.config.publicKey,
+        siteSlug: request.siteSlug,
+        pageSlug: request.pageSlug || "home",
+        templateId: request.templateId
+      })
+    });
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      let message = "Failed to fetch CMS page";
+      try {
+        const error = await response.json();
+        if (typeof error?.error === "string") message = error.error;
+      } catch {
+      }
+      throw new TiquoAuthError(message, "CMS_PAGE_FETCH_FAILED", response.status);
+    }
+    const result = await response.json();
+    if (!result?.success || !result?.data) {
+      return null;
+    }
+    this.log("Fetched CMS page", request.siteSlug, request.pageSlug || "home");
+    return result.data;
+  }
+  log(...args) {
+    if (this.config.debug) {
+      console.log("[TiquoCMS]", ...args);
+    }
+  }
+};
 var TiquoAuthError = class extends Error {
   constructor(message, code, statusCode) {
     super(message);
@@ -843,6 +906,10 @@ var TiquoAuth = class {
   async updateProfile(updates) {
     await this.ensureValidToken();
     const normalizedUpdates = { ...updates };
+    const profilePhotoUpload = this.extractUploadableProfilePhoto(normalizedUpdates.profilePhoto);
+    if (profilePhotoUpload) {
+      delete normalizedUpdates.profilePhoto;
+    }
     if (normalizedUpdates.phone !== void 0 && normalizedUpdates.phone !== "") {
       const normalized = normalizePhone(normalizedUpdates.phone);
       const validation = validatePhone(normalizedUpdates.phone);
@@ -865,26 +932,109 @@ var TiquoAuth = class {
       });
     }
     this.log("Updating customer profile:", normalizedUpdates);
-    const response = await this.request("/api/client/v1/profile", {
-      method: "PATCH",
-      body: JSON.stringify(normalizedUpdates)
+    let customer = this.session?.customer || void 0;
+    if (Object.keys(normalizedUpdates).length > 0) {
+      const response = await this.request("/api/client/v1/profile", {
+        method: "PATCH",
+        body: JSON.stringify(normalizedUpdates)
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
+        throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+      }
+      const result = await response.json();
+      if (this.session && result.data?.customer) {
+        this.session = {
+          ...this.session,
+          customer: result.data.customer
+        };
+        this.notifyListeners();
+        this.broadcastTabSync("SESSION_UPDATE");
+      }
+      customer = result.data?.customer;
+    }
+    if (profilePhotoUpload) {
+      return this.uploadProfilePhoto(profilePhotoUpload);
+    }
+    return {
+      success: true,
+      customer
+    };
+  }
+  /**
+   * Upload and save the authenticated customer's profile photo.
+   *
+   * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+   * image is uploaded to Tiquo storage first, and the customer profile is
+   * updated with the URL.
+   */
+  async uploadProfilePhoto(photo) {
+    await this.ensureValidToken();
+    const blob = await this.profilePhotoToBlob(photo);
+    if (!blob.type.startsWith("image/")) {
+      throw new TiquoAuthError("Profile photo must be an image", "INVALID_PROFILE_PHOTO");
+    }
+    const uploadUrlResponse = await this.request("/api/client/v1/profile/photo-upload-url", {
+      method: "POST",
+      body: JSON.stringify({})
     });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
-      throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+    if (!uploadUrlResponse.ok) {
+      const error = await uploadUrlResponse.json().catch(() => ({ error: "Failed to create profile photo upload URL" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to create profile photo upload URL",
+        "PROFILE_PHOTO_UPLOAD_URL_FAILED",
+        uploadUrlResponse.status
+      );
     }
-    const result = await response.json();
-    if (this.session && result.data?.customer) {
+    const uploadUrlResult = await uploadUrlResponse.json();
+    const uploadUrl = uploadUrlResult.data?.uploadUrl;
+    if (!uploadUrl) {
+      throw new TiquoAuthError("Profile photo upload URL was missing", "PROFILE_PHOTO_UPLOAD_URL_FAILED");
+    }
+    const uploadResponse = await fetch(uploadUrl, {
+      method: "POST",
+      headers: { "Content-Type": blob.type },
+      body: blob
+    });
+    if (!uploadResponse.ok) {
+      throw new TiquoAuthError("Failed to upload profile photo", "PROFILE_PHOTO_UPLOAD_FAILED", uploadResponse.status);
+    }
+    const uploadResult = await uploadResponse.json();
+    const storageId = uploadResult.storageId;
+    if (!storageId) {
+      throw new TiquoAuthError("Profile photo storage ID was missing", "PROFILE_PHOTO_UPLOAD_FAILED");
+    }
+    const finalizeResponse = await this.request("/api/client/v1/profile/photo", {
+      method: "POST",
+      body: JSON.stringify({ storageId })
+    });
+    if (!finalizeResponse.ok) {
+      const error = await finalizeResponse.json().catch(() => ({ error: "Failed to update profile photo" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to update profile photo",
+        "PROFILE_PHOTO_UPDATE_FAILED",
+        finalizeResponse.status
+      );
+    }
+    const finalizeResult = await finalizeResponse.json();
+    const customer = finalizeResult.data?.customer;
+    const profilePhoto = finalizeResult.data?.profilePhoto;
+    if (!customer || !profilePhoto) {
+      throw new TiquoAuthError("Profile photo update response was incomplete", "PROFILE_PHOTO_UPDATE_FAILED");
+    }
+    if (this.session && customer) {
       this.session = {
         ...this.session,
-        customer: result.data.customer
+        customer
       };
       this.notifyListeners();
       this.broadcastTabSync("SESSION_UPDATE");
     }
     return {
       success: true,
-      customer: result.data?.customer
+      customer,
+      profilePhoto,
+      storageId
     };
   }
   /**
@@ -1074,6 +1224,67 @@ var TiquoAuth = class {
     const result = await response.json();
     return result.data || { enquiries: [], hasMore: false };
   }
+  /**
+   * Get the companies the authenticated customer belongs to.
+   *
+   * Each entry includes the customer's role inside that company via
+   * `membership` — branch on `membership.isCompanyAdmin` to decide whether
+   * to render admin features (e.g. a colleagues list).
+   *
+   * Returns an empty array (not an error) when the customer isn't a
+   * member of any company.
+   */
+  async getCompanies() {
+    await this.ensureValidToken();
+    this.log("Fetching customer companies");
+    const response = await fetch(`${this.config.apiEndpoint}/api/client/v1/companies`, {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`
+      },
+      credentials: "include"
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: "Failed to get companies" }));
+      throw new TiquoAuthError(error.error || "Failed to get companies", "GET_COMPANIES_FAILED", response.status);
+    }
+    const result = await response.json();
+    return result.data || { companies: [] };
+  }
+  /**
+   * Get the colleagues (other customers) inside a company the authenticated
+   * customer is a member of.
+   *
+   * Restricted to Company Admins — if the caller isn't flagged as
+   * `isCompanyAdmin` on that company, this throws `TiquoAuthError` with
+   * code `NOT_COMPANY_ADMIN` (status 403). Check `membership.isCompanyAdmin`
+   * from `getCompanies()` before calling this if you want to render the
+   * admin UI conditionally.
+   *
+   * Each colleague includes basic contact info and their relationship to
+   * the company. The authenticated customer is included in the list with
+   * `isSelf: true` so the UI can highlight or skip them.
+   */
+  async getCompanyColleagues(companyId) {
+    await this.ensureValidToken();
+    this.log("Fetching company colleagues for:", companyId);
+    const url = new URL(`${this.config.apiEndpoint}/api/client/v1/companies/colleagues`);
+    url.searchParams.set("companyId", companyId);
+    const response = await fetch(url.toString(), {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`
+      },
+      credentials: "include"
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: "Failed to get colleagues" }));
+      const code = response.status === 403 ? "NOT_COMPANY_ADMIN" : "GET_COLLEAGUES_FAILED";
+      throw new TiquoAuthError(error.error || "Failed to get colleagues", code, response.status);
+    }
+    const result = await response.json();
+    return result.data;
+  }
   /**
    * Generate a short-lived token for customer flow iframe authentication
    */
@@ -1265,6 +1476,37 @@ var TiquoAuth = class {
       }
     }
   }
+  extractUploadableProfilePhoto(profilePhoto) {
+    if (typeof Blob !== "undefined" && profilePhoto instanceof Blob) {
+      return profilePhoto;
+    }
+    if (typeof profilePhoto === "string") {
+      const trimmed = profilePhoto.trim();
+      if (trimmed.startsWith("data:") || trimmed.startsWith("blob:")) {
+        return trimmed;
+      }
+    }
+    return null;
+  }
+  isProfilePhotoBlobUrl(photo) {
+    return photo.trim().startsWith("data:") || photo.trim().startsWith("blob:");
+  }
+  async profilePhotoToBlob(photo) {
+    if (typeof Blob !== "undefined" && photo instanceof Blob) {
+      return photo;
+    }
+    if (typeof photo === "string" && this.isProfilePhotoBlobUrl(photo)) {
+      const response = await fetch(photo);
+      if (!response.ok) {
+        throw new TiquoAuthError("Failed to read profile photo URI", "INVALID_PROFILE_PHOTO");
+      }
+      return response.blob();
+    }
+    throw new TiquoAuthError(
+      "uploadProfilePhoto expects a File, Blob, data URI, or blob URI. Use updateProfile({ profilePhoto: url }) for remote URLs.",
+      "INVALID_PROFILE_PHOTO"
+    );
+  }
   async request(path, options) {
     const url = `${this.config.apiEndpoint}${path}`;
     const headers = {
@@ -1640,11 +1882,14 @@ function useTiquoAuth(auth) {
     verifyOTP: (email, otp) => auth.verifyOTP(email, otp),
     logout: () => auth.logout(),
     updateProfile: (updates) => auth.updateProfile(updates),
+    uploadProfilePhoto: (photo) => auth.uploadProfilePhoto(photo),
     getOrders: (options) => auth.getOrders(options),
     getBookings: (options) => auth.getBookings(options),
     getUpcomingBookings: (options) => auth.getUpcomingBookings(options),
     getReceipt: (orderId) => auth.getReceipt(orderId),
     getEnquiries: (options) => auth.getEnquiries(options),
+    getCompanies: () => auth.getCompanies(),
+    getCompanyColleagues: (companyId) => auth.getCompanyColleagues(companyId),
     getIframeToken: (flowId) => auth.getIframeToken(flowId),
     embedCustomerFlow: auth.embedCustomerFlow.bind(auth),
     onAuthStateChange: (cb) => auth.onAuthStateChange(cb)
@@ -1671,6 +1916,7 @@ var index_default = TiquoAuth;
 0 && (module.exports = {
   TiquoAuth,
   TiquoAuthError,
+  TiquoCMS,
   TiquoPhone,
   addCustomerUserId,
   clearCachedEmail,

package/dist/index.mjs

@@ -641,6 +641,68 @@ function printTiquoBranding() {
   }
 }
 printTiquoBranding();
+var TiquoCMS = class {
+  constructor(config) {
+    if (!config.publicKey) {
+      throw new TiquoAuthError("publicKey is required", "MISSING_PUBLIC_KEY");
+    }
+    if (!config.publicKey.startsWith("pk_dom_")) {
+      throw new TiquoAuthError(
+        "Invalid public key format. Expected pk_dom_xxx",
+        "INVALID_PUBLIC_KEY"
+      );
+    }
+    this.config = {
+      publicKey: config.publicKey,
+      apiEndpoint: config.apiEndpoint || "https://edge.tiquo.app",
+      debug: config.debug || false
+    };
+  }
+  /**
+   * Fetch a published CMS page for the website attached to this public key.
+   *
+   * This intentionally goes through the Tiquo edge API rather than exposing
+   * Convex connection details to the consuming website.
+   */
+  async getPage(request) {
+    const response = await fetch(`${this.config.apiEndpoint}/api/dom-cms/page`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "text/plain;charset=UTF-8"
+      },
+      credentials: "include",
+      body: JSON.stringify({
+        publicKey: this.config.publicKey,
+        siteSlug: request.siteSlug,
+        pageSlug: request.pageSlug || "home",
+        templateId: request.templateId
+      })
+    });
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      let message = "Failed to fetch CMS page";
+      try {
+        const error = await response.json();
+        if (typeof error?.error === "string") message = error.error;
+      } catch {
+      }
+      throw new TiquoAuthError(message, "CMS_PAGE_FETCH_FAILED", response.status);
+    }
+    const result = await response.json();
+    if (!result?.success || !result?.data) {
+      return null;
+    }
+    this.log("Fetched CMS page", request.siteSlug, request.pageSlug || "home");
+    return result.data;
+  }
+  log(...args) {
+    if (this.config.debug) {
+      console.log("[TiquoCMS]", ...args);
+    }
+  }
+};
 var TiquoAuthError = class extends Error {
   constructor(message, code, statusCode) {
     super(message);
@@ -807,6 +869,10 @@ var TiquoAuth = class {
   async updateProfile(updates) {
     await this.ensureValidToken();
     const normalizedUpdates = { ...updates };
+    const profilePhotoUpload = this.extractUploadableProfilePhoto(normalizedUpdates.profilePhoto);
+    if (profilePhotoUpload) {
+      delete normalizedUpdates.profilePhoto;
+    }
     if (normalizedUpdates.phone !== void 0 && normalizedUpdates.phone !== "") {
       const normalized = normalizePhone(normalizedUpdates.phone);
       const validation = validatePhone(normalizedUpdates.phone);
@@ -829,26 +895,109 @@ var TiquoAuth = class {
       });
     }
     this.log("Updating customer profile:", normalizedUpdates);
-    const response = await this.request("/api/client/v1/profile", {
-      method: "PATCH",
-      body: JSON.stringify(normalizedUpdates)
+    let customer = this.session?.customer || void 0;
+    if (Object.keys(normalizedUpdates).length > 0) {
+      const response = await this.request("/api/client/v1/profile", {
+        method: "PATCH",
+        body: JSON.stringify(normalizedUpdates)
+      });
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
+        throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+      }
+      const result = await response.json();
+      if (this.session && result.data?.customer) {
+        this.session = {
+          ...this.session,
+          customer: result.data.customer
+        };
+        this.notifyListeners();
+        this.broadcastTabSync("SESSION_UPDATE");
+      }
+      customer = result.data?.customer;
+    }
+    if (profilePhotoUpload) {
+      return this.uploadProfilePhoto(profilePhotoUpload);
+    }
+    return {
+      success: true,
+      customer
+    };
+  }
+  /**
+   * Upload and save the authenticated customer's profile photo.
+   *
+   * Accepts a browser File/Blob, `data:image/...` URI, or `blob:...` URI. The
+   * image is uploaded to Tiquo storage first, and the customer profile is
+   * updated with the URL.
+   */
+  async uploadProfilePhoto(photo) {
+    await this.ensureValidToken();
+    const blob = await this.profilePhotoToBlob(photo);
+    if (!blob.type.startsWith("image/")) {
+      throw new TiquoAuthError("Profile photo must be an image", "INVALID_PROFILE_PHOTO");
+    }
+    const uploadUrlResponse = await this.request("/api/client/v1/profile/photo-upload-url", {
+      method: "POST",
+      body: JSON.stringify({})
     });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ error: "Failed to update profile" }));
-      throw new TiquoAuthError(error.error || "Failed to update profile", "PROFILE_UPDATE_FAILED", response.status);
+    if (!uploadUrlResponse.ok) {
+      const error = await uploadUrlResponse.json().catch(() => ({ error: "Failed to create profile photo upload URL" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to create profile photo upload URL",
+        "PROFILE_PHOTO_UPLOAD_URL_FAILED",
+        uploadUrlResponse.status
+      );
     }
-    const result = await response.json();
-    if (this.session && result.data?.customer) {
+    const uploadUrlResult = await uploadUrlResponse.json();
+    const uploadUrl = uploadUrlResult.data?.uploadUrl;
+    if (!uploadUrl) {
+      throw new TiquoAuthError("Profile photo upload URL was missing", "PROFILE_PHOTO_UPLOAD_URL_FAILED");
+    }
+    const uploadResponse = await fetch(uploadUrl, {
+      method: "POST",
+      headers: { "Content-Type": blob.type },
+      body: blob
+    });
+    if (!uploadResponse.ok) {
+      throw new TiquoAuthError("Failed to upload profile photo", "PROFILE_PHOTO_UPLOAD_FAILED", uploadResponse.status);
+    }
+    const uploadResult = await uploadResponse.json();
+    const storageId = uploadResult.storageId;
+    if (!storageId) {
+      throw new TiquoAuthError("Profile photo storage ID was missing", "PROFILE_PHOTO_UPLOAD_FAILED");
+    }
+    const finalizeResponse = await this.request("/api/client/v1/profile/photo", {
+      method: "POST",
+      body: JSON.stringify({ storageId })
+    });
+    if (!finalizeResponse.ok) {
+      const error = await finalizeResponse.json().catch(() => ({ error: "Failed to update profile photo" }));
+      throw new TiquoAuthError(
+        error.error || "Failed to update profile photo",
+        "PROFILE_PHOTO_UPDATE_FAILED",
+        finalizeResponse.status
+      );
+    }
+    const finalizeResult = await finalizeResponse.json();
+    const customer = finalizeResult.data?.customer;
+    const profilePhoto = finalizeResult.data?.profilePhoto;
+    if (!customer || !profilePhoto) {
+      throw new TiquoAuthError("Profile photo update response was incomplete", "PROFILE_PHOTO_UPDATE_FAILED");
+    }
+    if (this.session && customer) {
       this.session = {
         ...this.session,
-        customer: result.data.customer
+        customer
       };
       this.notifyListeners();
       this.broadcastTabSync("SESSION_UPDATE");
     }
     return {
       success: true,
-      customer: result.data?.customer
+      customer,
+      profilePhoto,
+      storageId
     };
   }
   /**
@@ -1038,6 +1187,67 @@ var TiquoAuth = class {
     const result = await response.json();
     return result.data || { enquiries: [], hasMore: false };
   }
+  /**
+   * Get the companies the authenticated customer belongs to.
+   *
+   * Each entry includes the customer's role inside that company via
+   * `membership` — branch on `membership.isCompanyAdmin` to decide whether
+   * to render admin features (e.g. a colleagues list).
+   *
+   * Returns an empty array (not an error) when the customer isn't a
+   * member of any company.
+   */
+  async getCompanies() {
+    await this.ensureValidToken();
+    this.log("Fetching customer companies");
+    const response = await fetch(`${this.config.apiEndpoint}/api/client/v1/companies`, {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`
+      },
+      credentials: "include"
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: "Failed to get companies" }));
+      throw new TiquoAuthError(error.error || "Failed to get companies", "GET_COMPANIES_FAILED", response.status);
+    }
+    const result = await response.json();
+    return result.data || { companies: [] };
+  }
+  /**
+   * Get the colleagues (other customers) inside a company the authenticated
+   * customer is a member of.
+   *
+   * Restricted to Company Admins — if the caller isn't flagged as
+   * `isCompanyAdmin` on that company, this throws `TiquoAuthError` with
+   * code `NOT_COMPANY_ADMIN` (status 403). Check `membership.isCompanyAdmin`
+   * from `getCompanies()` before calling this if you want to render the
+   * admin UI conditionally.
+   *
+   * Each colleague includes basic contact info and their relationship to
+   * the company. The authenticated customer is included in the list with
+   * `isSelf: true` so the UI can highlight or skip them.
+   */
+  async getCompanyColleagues(companyId) {
+    await this.ensureValidToken();
+    this.log("Fetching company colleagues for:", companyId);
+    const url = new URL(`${this.config.apiEndpoint}/api/client/v1/companies/colleagues`);
+    url.searchParams.set("companyId", companyId);
+    const response = await fetch(url.toString(), {
+      method: "GET",
+      headers: {
+        "Authorization": `Bearer ${this.accessToken}`
+      },
+      credentials: "include"
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: "Failed to get colleagues" }));
+      const code = response.status === 403 ? "NOT_COMPANY_ADMIN" : "GET_COLLEAGUES_FAILED";
+      throw new TiquoAuthError(error.error || "Failed to get colleagues", code, response.status);
+    }
+    const result = await response.json();
+    return result.data;
+  }
   /**
    * Generate a short-lived token for customer flow iframe authentication
    */
@@ -1229,6 +1439,37 @@ var TiquoAuth = class {
       }
     }
   }
+  extractUploadableProfilePhoto(profilePhoto) {
+    if (typeof Blob !== "undefined" && profilePhoto instanceof Blob) {
+      return profilePhoto;
+    }
+    if (typeof profilePhoto === "string") {
+      const trimmed = profilePhoto.trim();
+      if (trimmed.startsWith("data:") || trimmed.startsWith("blob:")) {
+        return trimmed;
+      }
+    }
+    return null;
+  }
+  isProfilePhotoBlobUrl(photo) {
+    return photo.trim().startsWith("data:") || photo.trim().startsWith("blob:");
+  }
+  async profilePhotoToBlob(photo) {
+    if (typeof Blob !== "undefined" && photo instanceof Blob) {
+      return photo;
+    }
+    if (typeof photo === "string" && this.isProfilePhotoBlobUrl(photo)) {
+      const response = await fetch(photo);
+      if (!response.ok) {
+        throw new TiquoAuthError("Failed to read profile photo URI", "INVALID_PROFILE_PHOTO");
+      }
+      return response.blob();
+    }
+    throw new TiquoAuthError(
+      "uploadProfilePhoto expects a File, Blob, data URI, or blob URI. Use updateProfile({ profilePhoto: url }) for remote URLs.",
+      "INVALID_PROFILE_PHOTO"
+    );
+  }
   async request(path, options) {
     const url = `${this.config.apiEndpoint}${path}`;
     const headers = {
@@ -1604,11 +1845,14 @@ function useTiquoAuth(auth) {
     verifyOTP: (email, otp) => auth.verifyOTP(email, otp),
     logout: () => auth.logout(),
     updateProfile: (updates) => auth.updateProfile(updates),
+    uploadProfilePhoto: (photo) => auth.uploadProfilePhoto(photo),
     getOrders: (options) => auth.getOrders(options),
     getBookings: (options) => auth.getBookings(options),
     getUpcomingBookings: (options) => auth.getUpcomingBookings(options),
     getReceipt: (orderId) => auth.getReceipt(orderId),
     getEnquiries: (options) => auth.getEnquiries(options),
+    getCompanies: () => auth.getCompanies(),
+    getCompanyColleagues: (companyId) => auth.getCompanyColleagues(companyId),
     getIframeToken: (flowId) => auth.getIframeToken(flowId),
     embedCustomerFlow: auth.embedCustomerFlow.bind(auth),
     onAuthStateChange: (cb) => auth.onAuthStateChange(cb)
@@ -1634,6 +1878,7 @@ var index_default = TiquoAuth;
 export {
   TiquoAuth,
   TiquoAuthError,
+  TiquoCMS,
   TiquoPhone,
   addCustomerUserId,
   clearCachedEmail,

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@tiquo/dom-package",
-  "version": "1.4.1",
-  "description": "Tiquo SDK for third-party websites - authentication, customer profiles, orders, bookings, and enquiries",
+  "version": "1.5.1",
+  "description": "Tiquo SDK for third-party websites - authentication, customer profiles, orders, bookings, enquiries, receipts, and companies",
   "sideEffects": true,
   "publishConfig": {
     "access": "restricted"