GT AI OS Community v2.0.33 - Add NVIDIA NIM and Nemotron agents

- Updated python_coding_microproject.csv to use NVIDIA NIM Kimi K2
- Updated kali_linux_shell_simulator.csv to use NVIDIA NIM Kimi K2
  - Made more general-purpose (flexible targets, expanded tools)
- Added nemotron-mini-agent.csv for fast local inference via Ollama
- Added nemotron-agent.csv for advanced reasoning via Ollama
- Added wiki page: Projects for NVIDIA NIMs and Nemotron

apps/control-panel-backend/alembic/versions/008_add_totp_2fa.py

@@ -0,0 +1,76 @@
+"""add totp 2fa fields
+
+Revision ID: 008_add_totp_2fa
+Revises: 007_add_password_reset_rate_limits
+Create Date: 2025-10-07
+
+Adds TOTP Two-Factor Authentication support with optional and mandatory enforcement.
+"""
+from alembic import op
+import sqlalchemy as sa
+
+# revision identifiers, used by Alembic.
+revision = '008_add_totp_2fa'
+down_revision = '007_add_password_reset_rate_limits'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # Add TFA fields to users table
+    op.add_column('users', sa.Column('tfa_enabled', sa.Boolean(), nullable=False, server_default='false'))
+    op.add_column('users', sa.Column('tfa_secret', sa.Text(), nullable=True))
+    op.add_column('users', sa.Column('tfa_required', sa.Boolean(), nullable=False, server_default='false'))
+
+    # Add indexes for query optimization
+    op.create_index(op.f('ix_users_tfa_enabled'), 'users', ['tfa_enabled'], unique=False)
+    op.create_index(op.f('ix_users_tfa_required'), 'users', ['tfa_required'], unique=False)
+
+    # Create TFA verification rate limits table
+    op.create_table(
+        'tfa_verification_rate_limits',
+        sa.Column('id', sa.Integer(), nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('request_count', sa.Integer(), nullable=False, server_default='1'),
+        sa.Column('window_start', sa.DateTime(timezone=True), nullable=False),
+        sa.Column('window_end', sa.DateTime(timezone=True), nullable=False),
+        sa.Column('created_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_tfa_verification_rate_limits_user_id'), 'tfa_verification_rate_limits', ['user_id'], unique=False)
+    op.create_index(op.f('ix_tfa_verification_rate_limits_window_end'), 'tfa_verification_rate_limits', ['window_end'], unique=False)
+
+    # Create used temp tokens table for replay prevention
+    op.create_table(
+        'used_temp_tokens',
+        sa.Column('id', sa.Integer(), nullable=False),
+        sa.Column('token_id', sa.String(length=255), nullable=False),
+        sa.Column('user_id', sa.Integer(), nullable=False),
+        sa.Column('used_at', sa.DateTime(timezone=True), server_default=sa.text('now()'), nullable=False),
+        sa.Column('expires_at', sa.DateTime(timezone=True), nullable=False),
+        sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+        sa.PrimaryKeyConstraint('id'),
+        sa.UniqueConstraint('token_id')
+    )
+    op.create_index(op.f('ix_used_temp_tokens_token_id'), 'used_temp_tokens', ['token_id'], unique=True)
+    op.create_index(op.f('ix_used_temp_tokens_expires_at'), 'used_temp_tokens', ['expires_at'], unique=False)
+
+
+def downgrade():
+    # Drop used temp tokens table
+    op.drop_index(op.f('ix_used_temp_tokens_expires_at'), table_name='used_temp_tokens')
+    op.drop_index(op.f('ix_used_temp_tokens_token_id'), table_name='used_temp_tokens')
+    op.drop_table('used_temp_tokens')
+
+    # Drop TFA verification rate limits table
+    op.drop_index(op.f('ix_tfa_verification_rate_limits_window_end'), table_name='tfa_verification_rate_limits')
+    op.drop_index(op.f('ix_tfa_verification_rate_limits_user_id'), table_name='tfa_verification_rate_limits')
+    op.drop_table('tfa_verification_rate_limits')
+
+    # Drop TFA fields from users table
+    op.drop_index(op.f('ix_users_tfa_required'), table_name='users')
+    op.drop_index(op.f('ix_users_tfa_enabled'), table_name='users')
+    op.drop_column('users', 'tfa_required')
+    op.drop_column('users', 'tfa_secret')
+    op.drop_column('users', 'tfa_enabled')