No functional or library changes. First release published automatically
via GitHub Actions Trusted Publishing (OIDC) — verifies the pipeline
introduced in commit ceaab8a works end to end. Future releases now
happen by tagging v* on main.

Library-readiness pass. No CLI behavior changes; the public API surface
is now stable and importable.

Added

• Top-level package exports: from cupt import ClickUpClient, TaskService, TimeService, NoteService, APIError, AuthError, ConfigError, CuptError.
• TaskService.filter_by_tags(tasks, required=, excluded=) — pure,
  reusable tag filter, promoted from a private CLI helper.
• TaskService.list_tasks(..., tags=[...]) parameter — pushes tag
  filtering to the ClickUp API as tags[] (server-side OR). Replaces
  the silently-truncated client-side-only path: previously the 100-task
  pagination cap could hide matches on --all queries with rare tags.
• Regression tests guarding (a) the per-request Content-Type
  placement that prevents upload corruption and (b) the top-level
  library imports.

Changed

• ConfigManager is lazy: constructing one no longer creates
  ~/.cupt/ or writes a default config file. Directories are
  materialized on the first write. Reads of a missing config return
  empty defaults. Library users get no surprise filesystem side
  effects from import cupt.
• Error/success messages now go to stderr, so piping
  cupt list --json no longer risks decorative output mixing into
  JSON consumers.
• Emojis are TTY-only in error/warning output; piped output gets
  plain ERROR: / WARN: prefixes.
• Content-Type: application/json is now set per-request inside
  _make_request instead of on the shared requests session. Removes
  the footgun that made attachment uploads fragile.
• 429 rate limits are retried with exponential backoff honoring
  the Retry-After header (previously treated as a hard error).

Fixed

• Silent Exception swallowing in cache writes now logs a warning.