Architecture
Mind Measure System Architecture
Overview
Mind Measure is built on a modern, cloud-native architecture using AWS services to provide a scalable, secure, and compliant mental health monitoring platform for educational institutions.
System Architecture
High-Level Architecture
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────────┐
│ Mobile App │ │ Admin Portal │ │ Documentation │
│ (Capacitor/iOS) │ │ (React/Vercel) │ │ (Static Site) │
└─────────┬───────┘ └─────────┬────────┘ └─────────────────────┘
│ │
└──────────────────────┼─────────────────────────────────────┐
│ │
┌────────────▼─────────────┐ │
│ CloudFront CDN │ │
│ (Global Distribution) │ │
└────────────┬─────────────┘ │
│ │
┌────────────▼─────────────┐ │
│ API Gateway │ │
│ (Request Routing) │ │
└────────────┬─────────────┘ │
│ │
┌────────────▼─────────────┐ │
│ AWS Cognito │ │
│ (Authentication) │ │
└────────────┬─────────────┘ │
│ │
┌────────────▼─────────────┐ │
│ Lambda Functions │ │
│ (Business Logic) │ │
└────────────┬─────────────┘ │
│ │
┌────────────────────────┼─────────────────────────────────────┤
│ │ │
┌───────▼────────┐ ┌─────────▼──────────┐ ┌─────────▼──────────┐
│ Aurora Serverless│ │ S3 Storage │ │ AWS Rekognition │
│ (Database) │ │ (File Storage) │ │ (Visual Analysis) │
└──────────────────┘ └────────────────────┘ └────────────────────┘Core Components
Frontend Applications
Mobile Application
- Technology: React + Capacitor + TypeScript
- Deployment: iOS App Store, Android Play Store
- Domain: mobile.mindmeasure.app
- Features: Student assessments, dashboard, buddy system
Admin Portal
- Technology: React + Vite + TypeScript
- Deployment: Vercel
- Domain: admin.mindmeasure.co.uk
- Features: University management, analytics, CMS
Documentation Site
- Technology: Static site generator
- Deployment: Vercel
- Domain: docs.mindmeasure.co.uk
- Features: Technical documentation, API reference
Authentication & Authorization
AWS Cognito User Pools
- User Pool ID:
eu-west-2_ClAG4fQXR - Client ID:
7vu03ppv6alkpphs1ksopll8us - Region:
eu-west-2(London) - Features:
- Multi-factor authentication
- Password policies
- Email verification
- JWT token generation
Authentication Flow
// Mobile App Authentication
const { signIn } = useAuth();
const result = await signIn(email, password);
// JWT Token for API calls
const session = await fetchAuthSession();
const token = session.tokens?.accessToken?.toString();API Layer
AWS API Gateway
- Base URL:
https://4xg1jsjh7k.execute-api.eu-west-2.amazonaws.com/dev - Authentication: JWT Bearer tokens
- Rate Limiting: 100 requests/minute per user
- CORS: Configured for all domains
Lambda Functions
analyze-audio:
Runtime: Node.js 18.x
Memory: 1024 MB
Timeout: 30 seconds
Purpose: Voice pattern analysis
analyze-visual:
Runtime: Node.js 18.x
Memory: 2048 MB
Timeout: 60 seconds
Purpose: Facial emotion recognition
analyze-text:
Runtime: Node.js 18.x
Memory: 512 MB
Timeout: 15 seconds
Purpose: Natural language processing
calculate-mind-measure:
Runtime: Node.js 18.x
Memory: 1024 MB
Timeout: 45 seconds
Purpose: Multi-modal fusion scoringVercel API Functions
Database Operations:
- POST /api/database/select
- POST /api/database/insert
- POST /api/database/update
- POST /api/database/delete
Storage Operations:
- POST /api/storage/upload
- GET /api/storage/download
- DELETE /api/storage/delete
Authentication:
- POST /api/auth/signin
- POST /api/auth/signup
- POST /api/auth/refreshData Layer
Amazon Aurora Serverless v2
- Engine: PostgreSQL 15.4
- Cluster:
mindmeasure-aurora.cluster-cz8c8wq4k3ak.eu-west-2.rds.amazonaws.com - Region:
eu-west-2(London) - Scaling: 0.5 - 16 ACUs (Auto-scaling)
- Features:
- Automatic scaling
- Point-in-time recovery
- Encrypted at rest
- Multi-AZ deployment
Connection Architecture
// Server-side connection
const pool = new Pool({
host: 'mindmeasure-aurora.cluster-cz8c8wq4k3ak.eu-west-2.rds.amazonaws.com',
port: 5432,
database: 'mindmeasure',
user: 'mindmeasure_admin',
password: process.env.RDS_PASSWORD,
ssl: { rejectUnauthorized: false },
max: 20,
idleTimeoutMillis: 30000
});
// Browser-side API calls
const response = await fetch('/api/database/select', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ table: 'profiles', filters: { user_id } })
});Storage Layer
Amazon S3
- Bucket Structure:
mindmeasure-{university-id}-assets - Regions:
eu-west-2(London) - Encryption: AES-256 (SSE-S3)
- Access: Private with signed URLs
File Upload Flow
// Client-side upload
const formData = new FormData();
formData.append('file', file);
formData.append('university_id', universityId);
const response = await fetch('/api/storage/upload', {
method: 'POST',
body: formData
});AI/ML Services
AWS Rekognition
- Purpose: Facial emotion analysis
- Features: Emotion detection, face analysis, pose estimation
- Integration: Vercel API route
/api/rekognition/batch-analyze
AWS Bedrock (Claude 3 Haiku)
- Purpose: Text analysis and conversation understanding
- Model:
anthropic.claude-3-haiku-20240307-v1:0 - Features: Sentiment analysis, theme extraction, risk detection
- Integration: Vercel API route
/api/bedrock/analyze-text
ElevenLabs Integration
- Purpose: Conversational AI for assessments
- SDK:
@elevenlabs/react(useConversation hook) - Agent IDs:
- Baseline Assessment:
agent_9301k22s8e94f7qs5e704ez02npe - Daily Check-in:
agent_7501k3hpgd5gf8ssm3c3530jx8qx
- Baseline Assessment:
- Features: Real-time conversation, voice synthesis, transcript generation
Multimodal Analysis Pipeline
// Parallel feature extraction
const [audioFeatures, visualFeatures, textAnalysis] = await Promise.all([
extractAudioFeatures(audioBlob), // Client-side Web Audio API
analyzeVisualFeatures(videoFrames), // AWS Rekognition
analyzeTextWithBedrock(transcript) // AWS Bedrock (Claude)
]);
// V2 Fusion: 70% text + 15% audio + 15% visual
const finalScore = fuseScores(textAnalysis, audioFeatures, visualFeatures);Data Flow Architecture
Assessment Data Pipeline
Student Assessment → ElevenLabs SDK → Conversation + Transcript
↓
MediaCapture (Audio + Video Frames)
↓
Session Complete
↓
┌────────────────┼────────────────┐
│ │ │
┌─────────▼─────────┐ ┌────▼────────┐ ┌─────▼─────────┐
│ Audio Analysis │ │ Visual │ │ Text Analysis │
│ (Client-side │ │ Analysis │ │ (Bedrock/ │
│ Web Audio API) │ │ (Rekognition│ │ Claude) │
└─────────┬─────────┘ └──────┬──────┘ └───────┬───────┘
│ │ │
└──────────────────┼────────────────┘
│
┌────────▼────────┐
│ V2 Fusion │
│ 70/15/15 weights│
└────────┬────────┘
│
┌────────▼────────┐
│ Aurora Database │
│ (fusion_outputs)│
└─────────────────┘Key Changes from V1:
- ElevenLabs SDK (not widget) for conversations
- Audio features extracted client-side (not Lambda)
- Text analysis via AWS Bedrock (not GPT-4o-mini)
- V2 scoring: 70% text, 15% audio, 15% visual
University Data Flow
University Admin → CMS Interface → API Gateway → Lambda Functions
↓
Aurora Database
↓
Student DashboardSecurity Architecture
Network Security
VPC Configuration
- Private Subnets: Lambda functions, RDS
- Public Subnets: NAT Gateway, Load Balancer
- Security Groups: Restrictive rules
- NACLs: Network-level access control
WAF (Web Application Firewall)
- OWASP Top 10 Protection
- Rate Limiting
- Geographic Restrictions
- SQL Injection Prevention
Data Security
Encryption at Rest
- Database: AES-256 encryption
- S3 Storage: SSE-S3 encryption
- Lambda Environment: KMS encryption
Encryption in Transit
- TLS 1.3: All communications
- Certificate Pinning: Mobile apps
- HTTPS Everywhere: All endpoints
Identity Security
Multi-Factor Authentication
- Available for: Admin users
- Methods: SMS, TOTP, Email
- Enforcement: Configurable per user pool
JWT Token Security
- Expiration: 1 hour access tokens
- Refresh: 30-day refresh tokens
- Validation: Every API request
- Revocation: Immediate logout capability
Scalability & Performance
Auto-Scaling Components
Aurora Serverless v2
- Scaling Range: 0.5 - 16 ACUs
- Scale Up: Seconds
- Scale Down: Minutes
- Cost: Pay per use
Lambda Functions
- Concurrent Executions: 1000 (configurable)
- Cold Start: <2 seconds
- Auto-scaling: Automatic
- Cost: Pay per invocation
Performance Optimization
Database Optimization
- Connection Pooling: PgBouncer
- Read Replicas: Available
- Indexing: Optimized queries
- Caching: Application-level
CDN & Caching
- CloudFront: Global distribution
- Edge Caching: Static assets
- API Caching: Configurable
- Browser Caching: Optimized headers
Monitoring & Observability
CloudWatch Integration
Metrics Collected
- Database: CPU, connections, queries
- Lambda: Invocations, duration, errors
- API Gateway: Requests, latency, errors
- Application: Custom business metrics
Alerting
- Database: High CPU, connection limits
- Lambda: Error rates, timeouts
- API: High latency, error rates
- Security: Failed authentication attempts
Logging Strategy
Log Aggregation
- Application Logs: CloudWatch Logs
- Database Logs: Aurora logs
- Security Logs: CloudTrail
- Performance Logs: X-Ray tracing
Log Retention
- Operational: 30 days
- Security: 1 year
- Compliance: 7 years
- Debug: 7 days
Disaster Recovery
Backup Strategy
Database Backups
- Automated: Daily backups
- Retention: 35 days
- Point-in-time: 5-minute granularity
- Cross-region: Enabled
Application Backups
- Code: Git repositories
- Infrastructure: CloudFormation templates
- Configuration: Environment variables
- Data: S3 cross-region replication
Recovery Procedures
RTO (Recovery Time Objective)
- Database: < 4 hours
- Application: < 2 hours
- Full Service: < 6 hours
RPO (Recovery Point Objective)
- Database: < 15 minutes
- Files: < 1 hour
- Configuration: < 5 minutes
Deployment Architecture
CI/CD Pipeline
Frontend Deployment
GitHub → Vercel Build → Production Deployment
↓
Automatic Testing → Preview DeploymentsBackend Deployment
GitHub → AWS CodeBuild → Lambda Deployment
↓
Unit Tests → Integration Tests → ProductionEnvironment Management
Environments
- Development: Local development
- Staging: Pre-production testing
- Production: Live system
Configuration Management
- Environment Variables: Vercel/AWS
- Secrets: AWS Secrets Manager
- Feature Flags: Application-level
- Database Migrations: Automated
Cost Optimization
Resource Optimization
Aurora Serverless v2
- Auto-pause: 5 minutes inactivity
- Scaling: Based on demand
- Reserved Capacity: For predictable workloads
Lambda Functions
- Memory Optimization: Right-sized
- Timeout Optimization: Minimal values
- Provisioned Concurrency: Critical functions only
Cost Monitoring
Billing Alerts
- Monthly Budgets: Per service
- Anomaly Detection: Unusual spending
- Cost Allocation: Per university
- Optimization Reports: Monthly reviews
Technology Stack Summary
Frontend
- React 18: UI framework
- TypeScript: Type safety
- Vite: Build tool
- Capacitor: Mobile deployment
- Tailwind CSS: Styling
Backend
- Node.js 18: Runtime
- PostgreSQL 15: Database
- AWS Lambda: Serverless functions
- API Gateway: API management
- Cognito: Authentication
Infrastructure
- AWS: Cloud provider
- Vercel: Frontend hosting
- CloudFormation: Infrastructure as code
- GitHub Actions: CI/CD
- CloudWatch: Monitoring
Security & Compliance
- HIPAA: Healthcare compliance
- GDPR: Privacy compliance
- SOC 2: Security standards
- AWS BAA: Business associate agreement
This architecture provides a robust, scalable, and compliant foundation for the Mind Measure platform, supporting multiple universities while maintaining strict security and privacy standards.
Last Updated: October 28, 2025
Version: 2.0 (AWS Migration)
Next Review: November 28, 2025