Skip to content

Import Mental Health Hub project with full history and structured organisation #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MeharX10 wants to merge 26 commits into
base: main
Choose a base branch
from
Open

Import Mental Health Hub project with full history and structured organisation #148

MeharX10 wants to merge 26 commits into from

Conversation

@MeharX10
Copy link
Contributor

@MeharX10 MeharX10 commented Sep 28, 2025

What are the changes?

This PR imports the Mental Health Hub project into the Redback Senior monorepo.
The import was performed using git subtree to preserve the full commit history.
After import, the files were reorganised into a professional structure with consistent naming and folder organisation.

Who worked on the changes?

  • MeharX10 (Bhanu s222617679) – migrated the complete Mental Health Hub project into the Redback monorepo, restructured files/folders, and prepared this PR.
  • Project Contributors – MeharX10 (Bhanu Pratap Singh Mehar), gituser14d (James Nardella), hxryy7 (Harvardaan Singh Chahal), Gargi2023 (Gargi Sarma)

New Components/Features

  1. apps/chatbot/ – contains conversation script and security demos
  2. apps/chatroom/ – client/server chat demo
  3. apps/dashboard/mental_health_dashboard/ – full dashboard app with components, data, utils
  4. apps/streamlit_hub/ – streamlit modules and entry script
  5. notebooks/ – contains analysis notebooks (dashboard_calculations, mood_prediction_model)
  6. design/ – branding assets and storytelling wireframes
  7. docs/ – project deliverable PDFs/RTF consolidated into one place

Enhanced Components/Features

  1. Normalised folder names (snake_case, no spaces)
  2. Moved stray Python scripts into scripts/, security/, and tests/
  3. Added .gitignore rules for caches (pycache, .ipynb_checkpoints, .DS_Store)

Other Changes/Fixes

  1. Fixed inconsistent filenames (e.g., MoodPredictionModel .ipynb → MoodPredictionModel.ipynb)
  2. Removed redundant nested folders under notebooks and design to simplify navigation

Additional Notes

  1. All original commit history from the team repo is preserved.
  2. README was added to align with other Redback monorepo project cards.
  3. No code logic was modified in this migration — only structure and filenames.

Checklist

  • Existing, relevant documentation has been updated to reflect my changes.

Screenshots or example output

N/A – structural and organisational changes only.
Screenshot 2025-09-28 at 9 35 46 pm

gituser14d and others added 26 commits July 25, 2025 15:25
@gituser14d
first commit
cb1e9fb
@gituser14d
Collaborative Confidence Model summary submission
b891fa0
@gituser14d
Add files via upload
ec821d6
@gituser14d
Delete Downloads directory
eeead28
@gituser14d
Delete Collaborative Confidence Model summary.rtf
5039c01
@gituser14d
Add files via upload
2cfb067
@gituser14d
Add files via upload
c357384
@hxryy7
Add files via upload
770de09
@Gargi2023
Add files via upload
ec5fe0f
@MeharX10
Add Mood Prediction Model Explanation
afbbe8f
@gituser14d
Add files via upload
d310384
@gituser14d
Add files via upload
c2fb3f5
@hxryy7
Add files via upload
d25a85e
@MeharX10
Add files via upload (MoodPredictionModel.ipynb)
a8c5cd6 
• Implements mood logic with expert rules and a DecisionTree pipeline tied to a sample dataset.
• Includes cross-validation metrics, classification report, confusion matrix, and feature importance for interpretability.
@MeharX10
Add files via upload (Dashboard_Calculations.ipynb, mental_health_tre…
f08e885 
…nds.csv)

• Adds mock time-series dataset (2015–2025, by state/age/activity) and matplotlib visuals.
• Includes pandas filtering/sorting examples to mirror dashboard backend logic.
@gituser14d
Add files via upload
84852e5
@gituser14d
Add files via upload
7d67a3c
@gituser14d
Add files via upload
796a889
@MeharX10
Add Chatbot: Conversation Script & Security Measures
6c6f45e 
Add Chatbot/ with two task folders:
  1) Conversation_Script/
     - chatbot_conversation_script.py (deterministic wellness chatbot with branching logic)
     - logic_tree.json (explicit logic tree)
     - sample_transcripts.txt (expected outputs)
     - Screenshots/ (demo & interactive runs)

  2) Security_Measures/
     - chatbot_security.py (sanitization, unsafe detection, rate limiting, response delay)
     - chatbot_security_demo.ipynb (notebook demo)
     - security_demo_output.txt (terminal transcript)
     - ChatbotSecurityMeasures.pdf (short report with rationale & evidence)
     - Screenshots/ (sanitization, rate limiting, delay, full run, code snippet)

- Both tasks are self-contained & reproducible.
- How to run:
    python3 Chatbot/Conversation_Script/chatbot_conversation_script.py --demo
    python3 Chatbot/Security_Measures/chatbot_security.py | tee security_demo_output.txt
@MeharX10
Add Design_Visuals: Branding & Storytelling wireframe deliverables
38bc01c 
Add top-level folder: Design_Visuals/
- Branding_Theme/:
  - Branding-Zentonic.pdf
  - PNG_Exports/ (logo variants, colour palette, inclusivity indicators, typography)

- Storytelling_Wireframe/:
  - Storytelling-Page-UI-Mockup-Wireframe.pdf
  - PNG_Exports/ (wireframe exports)
  - README.md (chatbot alignment pending)
@gituser14d
Add files via upload
d4ad03b
@Gargi2023
the chatroom codes
c58f715
@MeharX10
Add 'projects/mental_health_hub/' from commit 'c58f715d2f7182d4bb820a…
776f542 
…986b7d4f4be6364bc6'

git-subtree-dir: projects/mental_health_hub
git-subtree-mainline: 8d14d9b
git-subtree-split: c58f715
@MeharX10
chore: ignore caches and OS files
3a57583
@MeharX10
chore(mhhub): flatten notebooks/design one level for simpler navigation
6b2343d
@MeharX10
docs(mhhub): add minimal project README aligned with monorepo style
7575c4c
@MeharX10 MeharX10 requested review from a team as code owners September 28, 2025 11:52
@github-actions
Copy link

github-actions bot commented Sep 28, 2025

🔒 Security Scan Results

🔒 Security Scan Results
=========================

Bandit Scan Results:
-------------------
Run started:2025-09-28 11:53:14.337646

Test results:
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./data_science/voice_assistant/generate_response.py:19:10
18	def get_request(query):
19	    req = requests.get(f'https://www.google.com/search?q={query}')
20	

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: ./data_science/voice_assistant/text_to_speech.py:5:0
4	import os
5	import subprocess
6	# Function to generate a response using our NLP model

--------------------------------------------------
>> Issue: [B607:start_process_with_partial_path] Starting a process with a partial executable path
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b607_start_process_with_partial_path.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B603:subprocess_without_shell_equals_true] subprocess call - check for execution of untrusted input.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b603_subprocess_without_shell_equals_true.html
   Location: ./data_science/voice_assistant/text_to_speech.py:15:4
14	    time.sleep(2)
15	    subprocess.run(['say', response], check=True)
16	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./projects/mental_health_hub/apps/chatbot/security_measures/chatbot_security.py:136:9
135	    """
136	    ms = random.randint(min_ms, max_ms)
137	    time.sleep(ms / 1000.0)

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'super-secret-key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./projects/mental_health_hub/apps/streamlit_hub/auth_module.py:8:13
7	# Secret key for signing JWTs
8	SECRET_KEY = "super-secret-key"
9	

--------------------------------------------------
>> Issue: [B311:blacklist] Standard pseudo-random generators are not suitable for security/cryptographic purposes.
   Severity: Low   Confidence: High
   CWE: CWE-330 (https://cwe.mitre.org/data/definitions/330.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/blacklists/blacklist_calls.html#b311-random
   Location: ./projects/mental_health_hub/scripts/activity_logger.py:8:24
7	def generate_ip():
8	    return f"192.168.1.{random.randint(2, 254)}"
9	

--------------------------------------------------
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: 'super-secret-key'
   Severity: Low   Confidence: Medium
   CWE: CWE-259 (https://cwe.mitre.org/data/definitions/259.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b105_hardcoded_password_string.html
   Location: ./projects/mental_health_hub/security/token_auth_jwt.py:7:11
6	app = Flask(__name__) #creates the flask app
7	app.config['SECRET_KEY'] = "super-secret-key"  #
8	

--------------------------------------------------
>> Issue: [B201:flask_debug_true] A Flask app appears to be run with debug=True, which exposes the Werkzeug debugger and allows the execution of arbitrary code.
   Severity: High   Confidence: Medium
   CWE: CWE-94 (https://cwe.mitre.org/data/definitions/94.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b201_flask_debug_true.html
   Location: ./projects/mental_health_hub/security/token_auth_jwt.py:110:4
109	if __name__ == "__main__":
110	    app.run(debug=True)

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./projects/mental_health_hub/tests/test_api.py:4:4
3	#register
4	r = requests.post("http://127.0.0.1:5000/register", json={
5	    "username": "alice",
6	    "password": "mypassword"
7	})
8	print(r.json())

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./projects/mental_health_hub/tests/test_api.py:11:4
10	#login
11	r = requests.post("http://127.0.0.1:5000/login", json={
12	    "username": "alice",
13	    "password": "mypassword"
14	})
15	data = r.json()

--------------------------------------------------
>> Issue: [B113:request_without_timeout] Call to requests without timeout
   Severity: Medium   Confidence: Low
   CWE: CWE-400 (https://cwe.mitre.org/data/definitions/400.html)
   More Info: https://bandit.readthedocs.io/en/1.8.6/plugins/b113_request_without_timeout.html
   Location: ./projects/mental_health_hub/tests/test_api.py:21:4
20	#access protected route
21	r = requests.get("http://127.0.0.1:5000/protected", headers={
22	    "Authorization": f"Bearer {token}"
23	})
24	print(r.json())

--------------------------------------------------

Code scanned:
	Total lines of code: 2266
	Total lines skipped (#nosec): 0
	Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0
		Low: 7
		Medium: 4
		High: 1
	Total issues (by confidence):
		Undefined: 0
		Low: 4
		Medium: 3
		High: 5
Files skipped (0):

⛔️ Critical vulnerabilities detected. Please review and address these security issues before merging.

Next Steps:

  1. Review each critical finding above and fix them according to OWASP top 10 mitigations.

@MeharX10
Copy link
Contributor Author

MeharX10 commented Sep 28, 2025

Hi Dylan,
I’ve completed the migration of the Mental Health Hub project into the Redback Senior Tech monorepo.

  • Migration was done using git subtree to preserve full commit history.
  • After import, I restructured and normalised the folders/files into a professional structure (snake_case, no spaces, consistent naming).
  • Added .gitignore rules to exclude caches (pycache, .ipynb_checkpoints, .DS_Store).
  • Consolidated deliverables into docs/ and reorganised notebooks, design, scripts, apps, etc.

Here is the updated tree after migration (for reference):
Screenshot 2025-09-28 at 10 22 58 pm
My role was purely migration and restructuring — no logic/code changes were made.
However, when the PR checks ran, the security scan flagged issues across the repo:

  • Some are from older code already in the repo (data_science/voice_assistant).
  • Others are from the hub code (mainly other team members' components, e.g. token_auth_jwt.py with hardcoded secret key & debug=True, auth_module.py hardcoded secret, etc).
    These weren’t introduced by me — I only migrated and renamed to fit monorepo standards.

This PR now requires your approval to proceed. The flagged issues will need to be triaged by the respective authors/owners of those files.

Appendix – Security Scan Findings
Older repo files (not part of migration)

  1. data_science/voice_assistant/generate_response.py
  • requests.get() without a timeout (B113)
  1. data_science/voice_assistant/text_to_speech.py
  • Use of subprocess flagged (B404, B603, B607)
  • Standard random flagged (B311)

Hub files (migrated)

  1. projects/mental_health_hub/apps/streamlit_hub/auth_module.py
  • Hardcoded secret key "super-secret-key" (B105)
  1. projects/mental_health_hub/security/token_auth_jwt.py
  • Hardcoded secret key "super-secret-key" (B105)
  • Flask app running with debug=True (B201 – High severity)
  1. projects/mental_health_hub/scripts/activity_logger.py
  • random.randint() used for IP generation (B311)
  1. projects/mental_health_hub/tests/test_api.py
  • requests.post() and requests.get() without timeouts (B113)
  1. projects/mental_health_hub/apps/chatbot/security_measures/chatbot_security.py
  • Use of random.randint() for timing delay (B311)

ben-AI-cybersec
ben-AI-cybersec requested changes Nov 18, 2025
View reviewed changes
Copy link
Member

@ben-AI-cybersec ben-AI-cybersec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoded credentials on line 48 of activity_logger. Please remove these

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ben-AI-cybersec ben-AI-cybersec ben-AI-cybersec requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@MeharX10 @ben-AI-cybersec @gituser14d @hxryy7 @Gargi2023