Include all credentials and runtime config

Remove secret exclusions from .gitignore (local-only repo).
Add openclaw runtime state: credentials, identity, devices,
hooks, telegram, secrets, agent configs.
Exclude noisy/binary data: sessions, sqlite, media, temp files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.gitignore

@@ -1,53 +1,21 @@
-# ── Secrets & credentials ──────────────────────────────────────────────────
-.env
-*.env
-*.key
-*.pass
-*.token
-*.pem
-*.p12
-
-# LiteLLM tokens (API keys, access tokens)
-litellm-copilot-tokens/
-
-# Kubeconfig (cluster credentials)
-swarm-kubeconfig.yaml
-ansible/host_vars/*/kubeconfig*
-
-# ── OpenClaw runtime data ──────────────────────────────────────────────────
-# Secrets and credentials — never commit
-openclaw/secrets.json
-openclaw/credentials/
-openclaw/identity/
-openclaw/devices/
-openclaw/telegram/
-openclaw/delivery-queue/
-openclaw/exec-approvals.json
-
-# Large ephemeral data — not useful in git
-openclaw/workspace/
-openclaw/workspace-*/
-openclaw/memory/
-openclaw/agents/
-openclaw/logs/
-openclaw/extensions-quarantine/
-openclaw/sandboxes/
-openclaw/sandbox/
-openclaw/canvas/
-openclaw/media/
-openclaw/completions/
-openclaw/cron/
-openclaw/hooks/
-openclaw/subagents/
-openclaw/data/
-openclaw/extensions/
-openclaw/update-check.json
-
-# Keep only the main config file for reference
-# (secrets are excluded above; openclaw.json itself has no keys)
-
 # ── OS / editor noise ─────────────────────────────────────────────────────
 .DS_Store
 *.swp
 *.swo
 *~
+
+# ── OpenClaw ephemeral / binary / noisy data ──────────────────────────────
+openclaw/workspace/
+openclaw/workspace-*/
+openclaw/logs/
+openclaw/extensions-quarantine/
+openclaw/sandboxes/
+openclaw/media/
+openclaw/memory/*.sqlite
+openclaw/memory/*.tmp*
+openclaw/agents/*/sessions/
+openclaw/cron/runs/
+
+# Temp files
+*.tmp
+*.tmp-*