Software Guide

Contents

Documentation

Getting involved


Documentation

Licenses

Application front-end and back-end code base

Our application software is accessible as online GitHub repositories (see links below), and is licensed under an extremely permissive, Open Source Initiative-approved open-source license, the Common Public Attribution License (CPAL-1.0). The license requires that attribution be given by including (1) the copyright notice: “Copyright (c) 2017 MATTER Lab at the Child Mind Institute”, (2) the URL: “https://matter.childmind.org”, (3) the Child Mind Institute’s logo, and (4) the attribution phrase: “Child Mind Institute product intended for building applications for good.” We include the attribution phrase to give credit to the developers while also making it clear that while we intend for people to build MindLogger applets that will be benevolent, we have no control over their intent, content, or the data they collect. See an example license file.

Administrative software

The administrator software is licensed under the open-access Delayed Open Source Attribution License (DOSA-1.0). Though it is not itself an open source license, the purpose of this Delayed Open Source Attribution License is to provide open access to software for non-commercial use while giving attribution to its original developer, and after a delay of three years, forcing the software to fall under the terms of the open source CPAL-1.0 license above that preserves the attribution information of this license. This delay is intended to protect the commercial interests of the licensor without compromising on the many benefits of creating open source products. See an example license file.

arrow



Security

The code base is routinely subjected to security audits by a computer security company. The company has conducted extensive cybersecurity penetration tests to ensure that MindLogger follows best practices for privacy and security. These practices can be adapted to the specific regulations and guidelines of different countries, including the General Data Protection Regulations (GDPR) of the European Union that are among the most strict concerning data use, access, and storage. MindLogger has end-to-end encryption, permits administrators to delete an individual’s data, and can be set up on one’s own server (accommodating European regulations concerning the physical location of data processing and storage), so the platform should already meet the security requirements of most use cases.

arrow



Software Architecture

MindLogger’s software architecture consists of a set of end-user-facing front ends (two mobile applications and a web application) and administrator-facing front ends (an admin website with data viewer and applet builder) with a shared RESTful HTTP API using MongoDB for data storage. The mobile front ends, Android and iOS apps, are built using React Native. This allows us to share a single code base across mobile platforms, resulting in increased speed of development and ease and cost-effectiveness of maintenance. The web application is a ReactJS browser-based counterpart to the mobile applications, and currently provides a subset of their functionality. Administrators (managers, coordinators, editors, and reviewers) have access to different single-page applications built using VueJS. The admin website is for managing user roles and applets, and the data viewer is for reviewing respondent data, with custom charts implemented using d3.js.

MindLogger stack architecture diagram


arrow



Back-end

The back-end API is built in Python using Girder’s RESTful API with the CherryPy framework. This software layer provides a set of RESTful endpoints that allow you to manage users, applets, activities, items (such as individual questions), and user responses. All user data is stored in a MongoDB database hosted in an Amazon Web Services cloud instance with password-based encryption. Specifically, user response data is encrypted using their own password on the client side so that only managers or reviewers can view their data using an applet password; other sensitive information (name and email) is encrypted on the server side. We have HIPAA compliance agreements with Amazon Web Services, Google Cloud Platform, and MongoDB Atlas, and the software permits installation on an arbitrary backend server (for example, on a university or hospital server and not on any cloud service provider’s servers). For improved performance, MindLogger uses a Redis instance as a temporary storage for data caching. MindLogger uses Firebase Cloud Messaging for sending notifications from the back-end server to the end user’s mobile device. All additional data is consumed from the back-end API through HTTPS requests.

arrow



Data schema

The applets, activities, and items are described using ReproSchema, an emerging standard to capture and harmonize cognitive, clinical, and behavioral assessments and responses in a provenance-preserving manner. The schema uses JSON-LD as its representation format and captures, as a connected graph of information, the details of the questions, presentation logic based on responses or scheduling, computation of scores, and interface hints for applications such as MindLogger. The schema uses GitHub to maintain versions and provide persistent URIs for applets and activities, supports multilingual applets, and uses W3C-PROV to establish provenance between the response, the responder, and the applet.

arrow



Getting involved

Contributing

The guidelines for contributing to the mobile app codebase are for the most part applicable across all of the MindLogger repositories. See Contributing and Versioning.

arrow



Bug reports and feature requests

MindLogger-bug-reports to keep track of bug reports and feature requests

arrow



Admin client (primarily for user management)

mindlogger-admin repo for the MindLogger admin web app

arrow



User clients

arrow



Back-end APIs

Our servers are managed through MongoDB Atlas with each instance’s API served via AWS Elastic Beanstalk.


Community-maintained repos