docs: add git history recovery summary to KV audit, gitignore kv.txt seed file

.gitignore

@@ -12,3 +12,4 @@ coverage/
 *.p12
 *.pfx
 *.key
+kv.txt

docs/devops/ENVIRONMENT_VARIABLES_AND_KEYVAULT_AUDIT.md

@@ -488,6 +488,40 @@ node -e "process.env.AZURE_KEYVAULT_URL && console.log('✅ KV enabled') || cons
 
 ---
 
+## 🔍 Git History Recovery (2026-02-14)
+
+Scanned git history across `learning_voice_ai_agent` to recover actual secret values for the 13 missing `lysnr-*` secrets.
+
+| # | KV Secret Name | Source | Status |
+|---|----------------|--------|--------|
+| 1 | `lysnr-cosmos-endpoint` | `.env` commits | ✅ Recovered |
+| 2 | `lysnr-cosmos-key` | `.env` commits | ✅ Recovered |
+| 3 | `lysnr-jwt-secret` | `.env` commits | ✅ Recovered |
+| 4 | `lysnr-stripe-secret-key` | `.env` commits | ✅ Recovered (sk_test_*) |
+| 5 | `lysnr-stripe-webhook-secret` | `.env` commits | ✅ Recovered (whsec_*) |
+| 6 | `lysnr-billing-internal-key` | `.env` commits | ✅ Recovered |
+| 7 | `lysnr-blob-connection-string` | `.env` commits | ✅ Recovered |
+| 8 | `lysnr-blob-account-key` | `.env` commits | ✅ Recovered |
+| 9 | `lysnr-gemini-api-key` | — | ❌ Not found (only placeholder in history) |
+| 10 | `lysnr-seed-secret` | `.env` commits | ✅ Recovered |
+| 11 | `lysnr-azure-speech-key` | `.env` commits | ✅ Recovered |
+| 12 | `lysnr-azure-openai-key` | `.env` commits | ✅ Recovered |
+| 13 | `lysnr-azure-openai-endpoint` | `.env` commits | ✅ Recovered |
+
+**Result:** 12/13 recovered. Seed script written to `kv.txt` (gitignored, temporary).
+
+**To seed:**
+```bash
+az login
+bash kv.txt
+# Then manually add: lysnr-gemini-api-key (get from https://aistudio.google.com/apikey)
+rm kv.txt
+```
+
+> ⚠️ **Post-seed:** These keys were exposed in git history. Schedule rotation after seeding (see `AZURE_KEY_VAULT_AND_SECRETS_ROTATION.md`).
+
+---
+
 **Generated by:** Environment audit automation  
 **Maintained by:** ByteLyst DevOps Team  
 **Next Audit:** After LysnrAI `lysnr-*` secrets are seeded into `kv-mywisprai`