Sync feature/nest-zappa-migration with main

.github/ansible/.ansible-lint.yaml

@@ -0,0 +1 @@
+profile: production

.github/ansible/production/nest.yaml

@@ -1,76 +1,90 @@
-  - name: Deploy Nest to Production
-    hosts: production_nest
-    tasks:
-      - name: Copy docker-compose.yaml
-        ansible.builtin.copy:
-          src: '{{ github_workspace }}/docker-compose/production/compose.yaml'
-          dest: ~/docker-compose.yaml
-          mode: '0644'
+- name: Deploy Nest to Production
+  hosts: production_nest
+  tasks:
+    - name: Copy docker-compose.yaml
+      ansible.builtin.copy:
+        src: '{{ github_workspace }}/docker-compose/production/compose.yaml'
+        dest: ~/docker-compose.yaml
+        mode: '0644'
 
-      - name: Sync Makefile structure
-        ansible.builtin.synchronize:
-          src: '{{ github_workspace }}/'
-          dest: '~/'
-          recursive: yes
-          rsync_opts:
-            - '--include=*/'
-            - '--include=Makefile'
-            - '--include=*/Makefile'
-            - '--include=*/**/Makefile'
-            - '--include=*/**/**/Makefile'
-            - '--exclude=*'
+    - name: Sync Makefile structure
+      ansible.posix.synchronize:
+        src: '{{ github_workspace }}/'
+        dest: '~/'
+        recursive: true
+        rsync_opts:
+          - '--include=*/'
+          - '--include=Makefile'
+          - '--include=*/Makefile'
+          - '--include=*/**/Makefile'
+          - '--include=*/**/**/Makefile'
+          - '--exclude=*'
 
-      - name: Update Makefiles for production environment
-        shell: |
-          sed -i '/e2e-\|fuzz-/! s/\bnest-backend\b/production-nest-backend/g' ~/backend/Makefile
-          sed -i '/e2e-\|fuzz-/! s/\bnest-db\b/production-nest-db/g' ~/backend/Makefile
-          sed -i 's/\bnest-frontend\b/production-nest-frontend/g' ~/frontend/Makefile
+    - name: Update Makefiles for production environment
+      ansible.builtin.command:
+        argv:
+          - sed
+          - -i
+          - "{{ item.sed_expr }}"
+          - "{{ item.path }}"
+      loop:
+        - sed_expr: '/e2e-\|fuzz-/! s/\bnest-backend\b/production-nest-backend/g'
+          path: '{{ ansible_env.HOME }}/backend/Makefile'
+        - sed_expr: '/e2e-\|fuzz-/! s/\bnest-db\b/production-nest-db/g'
+          path: '{{ ansible_env.HOME }}/backend/Makefile'
+        - sed_expr: 's/\bnest-frontend\b/production-nest-frontend/g'
+          path: '{{ ansible_env.HOME }}/frontend/Makefile'
+      changed_when: false
 
-      - name: Copy secrets
-        copy:
-          src: '{{ github_workspace }}/{{ item }}'
-          dest: ~/
-          mode: '0400'
-        loop:
-          - .env.backend
-          - .env.cache
-          - .env.db
-          - .env.frontend
-          - .github.pem
+    - name: Copy secrets
+      ansible.builtin.copy:
+        src: '{{ github_workspace }}/{{ item }}'
+        dest: ~/
+        mode: '0400'
+      loop:
+        - .env.backend
+        - .env.cache
+        - .env.db
+        - .env.frontend
+        - .github.pem
 
-      - name: Clean up secrets
-        delegate_to: localhost
-        file:
-          path: '{{ github_workspace }}/{{ item }}'
-          state: absent
-        loop:
-          - .env.backend
-          - .env.cache
-          - .env.db
-          - .env.frontend
-          - .github.pem
-        run_once: true
+    - name: Clean up secrets
+      delegate_to: localhost
+      ansible.builtin.file:
+        path: '{{ github_workspace }}/{{ item }}'
+        state: absent
+      loop:
+        - .env.backend
+        - .env.cache
+        - .env.db
+        - .env.frontend
+        - .github.pem
 
-      - name: Copy crontab
-        copy:
-          src: '{{ github_workspace }}/cron/production'
-          dest: /tmp/production_crontab
-          mode: '0600'
+    - name: Copy crontab
+      ansible.builtin.copy:
+        src: '{{ github_workspace }}/cron/production'
+        dest: /tmp/production_crontab
+        mode: '0600'
 
-      - name: Install crontab
-        ansible.builtin.command:
-          cmd: crontab /tmp/production_crontab
+    - name: Install crontab
+      ansible.builtin.command:
+        cmd: crontab /tmp/production_crontab
+      changed_when: false
 
-      - name: Restart services
-        shell:
-          cmd: docker compose up -d --pull always
+    - name: Restart services
+      ansible.builtin.command:
+        cmd: docker compose up -d --pull always
+      changed_when: false
 
-      - name: Prune docker images
-        shell:
-          cmd: docker image prune -f
+    - name: Prune docker images
+      ansible.builtin.command:
+        cmd: docker image prune -f
+      changed_when: false
 
-      - name: Index data
-        async: 1800 # 30 minutes
-        poll: 0
-        shell: |
-          make index-data > /var/log/nest/production/index-data.log 2>&1
+    - name: Index data
+      async: 1800  # 30 minutes
+      poll: 0
+      # Shell required for stdout/stderr redirect to log file.
+      ansible.builtin.shell: |
+        make index-data > /var/log/nest/production/index-data.log 2>&1
+      changed_when: false

.github/ansible/production/proxy.yaml

@@ -2,7 +2,7 @@
   hosts: production_nest_proxy
   tasks:
     - name: Copy proxy configuration files
-      copy:
+      ansible.builtin.copy:
         src: '{{ github_workspace }}/proxy/{{ item }}'
         dest: ~/
         mode: '0644'
@@ -15,15 +15,26 @@
         - redirects.conf
 
     - name: Copy docker compose file
-      copy:
+      ansible.builtin.copy:
         src: '{{ github_workspace }}/docker-compose/proxy/compose.yaml'
         dest: ~/docker-compose.yaml
         mode: '0644'
 
+    - name: Pull and start services
+      ansible.builtin.command:
+        cmd: docker compose up -d --pull always
+      args:
+        chdir: "{{ ansible_env.HOME }}"
+      changed_when: false
+
     - name: Restart services
-      shell:
-        cmd: docker compose up -d --pull always && docker compose restart
+      ansible.builtin.command:
+        cmd: docker compose restart
+      args:
+        chdir: "{{ ansible_env.HOME }}"
+      changed_when: false
 
     - name: Prune docker images
-      shell:
+      ansible.builtin.command:
         cmd: docker image prune -f
+      changed_when: false

.github/ansible/requirements.yml

@@ -0,0 +1,2 @@
+collections:
+  - name: ansible.posix

.github/workflows/check-pr-issue-skip-usernames.txt

@@ -172,6 +172,7 @@ edwingozeling
 eivindarvesen
 elarlang
 elvinmollinedo
+emaybu
 emergar07
 emomartin-owasp
 epabloseven

.github/workflows/run-ci-cd.yaml

@@ -1201,9 +1201,13 @@ jobs:
           "$NEST_GITHUB_APP_PRIVATE_KEY"
           EOF
 
-      - name: Run Nest deploy
+      - name: Install Ansible collections
+        run: ansible-galaxy collection install -r requirements.yml
         working-directory: .github/ansible
+
+      - name: Run Nest deploy
         run: ansible-playbook -i inventory.yaml production/nest.yaml -e "github_workspace=$GITHUB_WORKSPACE"
+        working-directory: .github/ansible
     timeout-minutes: 5
 
   deploy-production-nest-proxy:
@@ -1237,9 +1241,13 @@ jobs:
           $PROXY_SSH_PRIVATE_KEY
           EOF
 
-      - name: Run proxy deploy
+      - name: Install Ansible collections
+        run: ansible-galaxy collection install -r requirements.yml
         working-directory: .github/ansible
+
+      - name: Run proxy deploy
         run: ansible-playbook -i inventory.yaml production/proxy.yaml -e "github_workspace=$GITHUB_WORKSPACE"
+        working-directory: .github/ansible
     timeout-minutes: 5
 
   run-production-zap-baseline-scan:

.pre-commit-config.yaml

@@ -9,6 +9,20 @@ repos:
           - --strict
         exclude: (.github|pnpm-lock.yaml)
 
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v26.1.1
+    hooks:
+      - id: ansible-lint
+        additional_dependencies:
+          - ansible-core
+        args:
+          - -c
+          - .github/ansible/.ansible-lint.yaml
+          - .github/ansible
+        files: ^\.github/ansible/.*\.ya?ml$
+        language_version: python3
+        pass_filenames: true
+
   - repo: https://github.com/antonbabenko/pre-commit-terraform
     rev: v1.104.0
     hooks:
@@ -94,6 +108,6 @@ repos:
         exclude: pnpm-lock.yaml
 
   - repo: https://github.com/tox-dev/pyproject-fmt
-    rev: v2.12.1
+    rev: v2.14.2
     hooks:
       - id: pyproject-fmt

MENTORS.md

@@ -20,6 +20,14 @@ Senior DevOps Engineer | OWASP GenAI Data Security Risk and Mitigations Initiati
 
 Illia is a Senior DevOps Engineer with experience building and operating large-scale systems, with a focus on infrastructure, automation, reliability, and security.
 
+### Ime Iyonsi
+
+Software Engineer | Application Security (in transition)
+
+[GitHub](https://github.com/emaybu/) • [LinkedIn](https://linkedin.com/in/imeiyonsi/) • [Slack](https://owasp.slack.com/team/U06H942K9UY) • [United States (Eastern Time)](https://time-time.net/times/time-zones/usa-canada/current-eastern-time-est.php)
+
+Ime (Emay) is a software engineer with experience building and supporting production applications. She is currently focusing more on application security, with interests in secure coding and application security fundamentals. She enjoys supporting and sharing knowledge with folks as they navigate real-world open-source projects.
+
 ### Kate Golovanova
 
 Senior Software Engineer at Skill Struck, CC | OWASP Nest Project Leader
@@ -60,14 +68,6 @@ Senior GRC & Technology Risk Leader, CISSP
 
 Marie is a cybersecurity professional focused on Governance, Risk, and Compliance. She enjoys helping people navigate the sometimes confusing world of GRC, whether they are just starting out, prepping for their CISSP, or tackling real-world risk management challenges. She is happy to share what she has learned, answer questions, and help others build practical skills. She welcomes outreach on LinkedIn or Slack and is always happy to chat about security, risk, or career paths in this field.
 
-### Muhammad Salman
-
-Software Developer | GSoC'25 contributor at FOSSology
-
-[GitHub](https://github.com/SalmanDeveloperz/) • [LinkedIn](https://www.linkedin.com/in/msalman199/) • [Slack](https://owasp.slack.com/team/U0A7YV0SPNE) • [Pakistan (Pakistan Standard Time)](https://time-time.net/time/islamabad-pakistan.php)
-
-Muhammad Salman is a Linux-focused software engineer and GSoC'25 contributor at FOSSology (Linux Foundation). He works on infrastructure, backend reliability, and production debugging in cloud-native systems. For GSoC 2026, his focus is infrastructure reliability, observability, and operational best practices.
-
 ### Noland Crane
 
 Application Security Analyst at Bloomreach, CISSP

backend/apps/api/rest/v0/committee.py

@@ -78,11 +78,11 @@ def list_committees(
     summary="Get committee",
 )
 @decorate_view(cache_response())
-def get_chapter(
+def get_committee(
     request: HttpRequest,
     committee_id: str = Path(example="project"),
 ) -> CommitteeDetail | CommitteeError:
-    """Get chapter."""
+    """Get committee."""
     if committee := CommitteeModel.active_committees.filter(
         is_active=True,
         key__iexact=(

backend/apps/api/rest/v0/structured_search.py

@@ -59,7 +59,7 @@ def apply_structured_search(
     }
 
     try:
-        parser = QueryParser(field_schema=parser_schema, strict=False)
+        parser = QueryParser(case_sensitive=True, field_schema=parser_schema, strict=False)
         conditions = parser.parse(query)
     except QueryParserError:
         # Fail safely

backend/apps/common/eleven_labs.py

@@ -23,10 +23,10 @@ def __init__(
         model_id: str = "eleven_multilingual_v2",
         output_format: str = "mp3_44100_128",
         similarity_boost: float = 0.75,
-        speed: float = 1.0,
+        speed: float = 0.85,
         stability: float = 0.5,
         style: float = 0.0,
-        voice_id: str = "1SM7GgM6IMuvQlz2BwM3",  # cspell:disable-line
+        voice_id: str = "TX3LPaxmHKxFdv7VOQHJ",  # Liam # cspell:disable-line
         *,
         use_speaker_boost: bool = True,
     ) -> None:
@@ -36,7 +36,7 @@ def __init__(
             model_id (str): The model to use.
             output_format (str): Audio output format.
             similarity_boost (float): Voice consistency (0.0-1.0).
-            speed (float): Speech speed (0.25-4.0, default 1.0).
+            speed (float): Speech speed (0.25-4.0).
             stability (float): Voice stability (0.0-1.0).
             style (float): Style exaggeration (0.0-1.0).
             use_speaker_boost (bool): Enable speaker clarity boost.

backend/apps/core/api/internal/algolia.py

@@ -53,6 +53,9 @@ def algolia_search(request: HttpRequest) -> JsonResponse | HttpResponseNotAllowe
         query = data.get("query", "")
 
         cache_key = f"{CACHE_PREFIX}:{index_name}:{query}:{page}:{limit}"
+        if facet_filters:
+            cache_key = f"{cache_key}:{json.dumps(facet_filters, sort_keys=True)}"
+
         if index_name == "chapters":
             cache_key = f"{cache_key}:{ip_address}"