fix: validate model ID before passing to spawn() to prevent command injection (CodeQL js/command-line-injection)

chore(deps-dev): bump flatted from 3.4.1 to 3.4.2 (#10)

chore(deps-dev): bump typescript-eslint from 8.57.1 to 8.57.2 (#11)

chore(deps-dev): bump vitest from 4.1.0 to 4.1.1 (#12)

chore(deps-dev): bump eslint from 10.0.3 to 10.1.0 (#14)

chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#15)

docs: sync all version strings to v2.1.3 (README, SKILL.md, STATUS.md, MANIFEST.json)

fix: update ChatGPT model list to current (gpt-4.1, gpt-4.1-mini, o3, o4-mini, gpt-5, gpt-5-mini) + server.unref() for doctor fix (v2.1.2)

fix: server.unref() so proxy does not block openclaw doctor exit (v2.1.1)

feat: register OpenCode and Pi slash commands + update README

feat: workdir isolation, session mgmt enhancements, codex auth auto-import (v2.1.0)

chore(deps-dev): bump typescript-eslint from 8.57.0 to 8.57.1 (#7)

chore(deps-dev): bump @types/node from 25.3.5 to 25.5.0 (#8)

chore(deps-dev): bump vitest from 4.0.18 to 4.1.0 (#9)

fix: add clawhub login step before publish