t4472: clarify critical OPENAI_API_KEY security note in speech-to-speech docs

[marcusquinn]

Summary

• Reworked the --llm open_api security blockquote in .agents/tools/voice/speech-to-speech.md so secure storage preference is clearer (aidevops secret set first, plaintext fallback second).
• Split and strengthened the warning language to explicitly call out compromise handling when keys are committed or exposed in logs/transcripts.
• Preserved the setup reference while making the critical guidance easier to scan.

Verification

• markdown-formatter lint /Users/marcusquinn/Git/aidevops-bugfix-4472-pr4397-review-feedback/.agents/tools/voice/speech-to-speech.md

Closes #4472

Summary by CodeRabbit

• Documentation
  • Updated security guidance with expanded recommendations for secure API key storage, avoiding hardcoded keys, and key rotation procedures when keys are compromised.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 126edbdc-bd0d-4264-a557-d4a67a8bbc38

📥 Commits

Reviewing files that changed from the base of the PR and between 289965e and 4a94c8b.

📒 Files selected for processing (1)

• .agents/tools/voice/speech-to-speech.md

---

Walkthrough

Documentation in the voice speech-to-speech guide was restructured and expanded with improved security guidance. The Security section was reformatted from list format into blockquote-style paragraphs with enhanced wording, emphasizing secure API key storage, the prohibition against hardcoding keys, and key rotation procedures.

Changes

Cohort / File(s)	Summary
Security Documentation Enhancement .agents/tools/voice/speech-to-speech.md	Reformatted security guidance into blockquote-style paragraphs with expanded content emphasizing secure API key storage via gopass or credentials file (600 permissions), explicit warning against hardcoding keys, and key rotation best practices.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• feat: add voice AI integration with HuggingFace speech-to-speech pipeline #403: Added the original voice speech-to-speech documentation that this PR enhances with improved security guidance formatting.

Suggested labels

enhancement

Poem

🔐 Security notes, now crystal clear,
Blockquotes stacked without a fear,
"Never hardcode!" the warning rings,
Best practices taking flight with wings,
Documentation dreams made right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main change: clarifying the OPENAI_API_KEY security note in the speech-to-speech documentation.
Linked Issues check	✅ Passed	The PR fully addresses all coding requirements from issue #4472: separated security blockquote into distinct paragraphs, emphasized secure storage preference over plaintext, added explicit hardcoding warning, and preserved setup reference.
Out of Scope Changes check	✅ Passed	All changes are scoped to the security documentation in speech-to-speech.md as required by issue #4472; no unrelated modifications or scope creep detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bugfix/4472-pr4397-review-feedback

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 414 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Fri Mar 13 23:27:20 UTC 2026: Code review monitoring started
Fri Mar 13 23:27:21 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 414

📈 Current Quality Metrics

• BUGS: 0
• CODE SMELLS: 414
• VULNERABILITIES: 0

Generated on: Fri Mar 13 23:27:23 UTC 2026

---

Generated by AI DevOps Framework Code Review Monitoring

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud