1.3.0

Highlights

New subcommands and publish workflow improvements, several security and
correctness fixes, and a full documentation overhaul.

Features

• collider check: detect drift between collider.json and the actual Meson scan (untracked and stale dependencies), with CI-friendly exit codes.
• collider publish --dry-run: preview a publish without writing.
• collider publish: clear, actionable error when publishing a version that already exists.
• collider init: warns when meson.build has no license: field, before it bites you at collider setup.

Security

• Strip the Authorization header on cross-origin HTTP redirects, so credentials are not leaked to a different host.
• Reject path traversal from untrusted repository metadata (package name / version / hash can no longer escape the cache or subproject directories).
• Write files atomically to prevent corruption on partial writes.

Fixes

• Resolver: keep candidates from different repositories distinct, and resolve prerelease-only packages.
• pkg add: no longer leaves a stray collider.json when an install fails.
• patch: handle renames deterministically (--no-renames) and diff against the requested base.
• publish: exclude nested build artifacts and packagecache from the source archive.
• Repositories: key the wrap releases cache on the full URL, not just the host.
• Report a missing or outdated Meson as a clean error instead of a crash.

Behavior change (heads-up)

• init and setup now return EX_NOINPUT (66) instead of EX_DATAERR (65) for a missing meson.build, collider.json, or source directory, matching check/status/lock/patch and the documented exit-code legend. If you script on these exact codes for init/setup error paths, update accordingly.

Documentation and tests

• Full, code-verified documentation pass on the site (collider.ee); README trimmed to a landing page that links to the docs.
• New exit-code contract test suite pinning every command's documented exit codes.