Commit 217a36

2025-11-10 14:30:48 Melisha Dsouza: Update
Projects/Audit-matic/HLD.md ..
@@ 1,22 1,23 @@
- # **High-Level Design**
+ **<center><h1>High Level Design</h1></center>**
+
+ > ## **Introduction**
- ## **Introduction**
This project builds an AI-powered system to check CMMI compliance. It analyzes business documents, cross-checks development work in Jira and GitLab, and generates clear reports to ensure all tasks meet CMMI standards.
- ## **Solution Overview**
+ > ## **Solution Overview**
- ### **Problem Statement**
+ #### **Problem Statement**
Organizations often face challenges in ensuring CMMI compliance and identifying document loopholes during audits or project evaluations. Manual review processes are time-consuming, error-prone, and lack traceability. There’s a need for an intelligent system that automates document analysis, detects non-compliance, and integrates seamlessly with JIRA for issue tracking.
- ### **Solution Summary **
+ #### **Solution Summary **
* Accepts document uploads (Audit, BRD, HLD, LLD, Analysis docs)
* Runs automated AI/NLP analysis to extract requirements, identify gaps/loopholes, and suggest fixes
* Integrates with JIRA to fetch, map, and update tickets
* Provides an interactive review UI (checklists, assign-to-JIRA, status updates)
* Exposes dashboards for audit scores, trends, and compliance metrics
- ### **Project Goals and Objectives**
+ #### **Project Goals and Objectives**
* Automate document analysis using AI/ML for compliance detection.
* Ensure CMMI standard compliance through structured audit reports.
@@ 24,15 25,15 @@
* Offer real-time dashboards for compliance trends and project insights.
* Maintain 97%+ accuracy through model fallback and feedback learning.
- ### **Target Users & Roles**
+ #### **Target Users & Roles**
- * Organization Owner / Admin: Create org, configure JIRA, invite users
- * Project Manager: Review analyses, verify tickets, assign tasks
- * Quality/Audit Lead (QA/Auditor): Run audits, validate loopholes.
- * Developer / Assignee: Receive JIRA-linked tasks, update status
- * Viewer / Stakeholder: Read-only access to dashboards and reports
+ * **Organization Owner / Admin:** Create org, configure JIRA, invite users
+ * **Project Manager: **Review analyses, verify tickets, assign tasks
+ * **Quality/Audit Lead (QA/Auditor):** Run audits, validate loopholes.
+ * **Developer / Assignee:** Receive JIRA-linked tasks, update status
+ * **Viewer / Stakeholder:** Read-only access to dashboards and reports
- ### **Scope**
+ #### **Scope**
* User authentication and organization creation.
* Role-based access control (Admin, Owner, Auditor, User).
@@ 43,83 44,85 @@
* Real-time dashboard and visual analytics.
* Firebase integration for crash tracking and remote config.
- ### **Critical Success Factors**
+ #### **Critical Success Factors**
* Achieve ≥97% accuracy in document classification and analysis.
* Seamless integration between backend and AI model services.
* Low-latency data processing and scalable architecture.
* User-friendly and responsive UI/UX.
- ### **Assumptions**
+ #### **Assumptions**
* Organizations will provide the required JIRA credentials and permissions
* The primary language of the documents is English
* Users have access to modern web browsers
* Reasonable network bandwidth for uploads/downloads
- ### **Constraints**
+ #### **Constraints**
* Dependent on internet connectivity for AI and JIRA integrations.
* Processing large documents may take longer based on file size.
* API rate limits for AI models (e.g., OpenAI API limits).
- ## **System architecture**
+ > ## **System architecture**
- ### **Architectural design**
+ #### **Architectural design**
- ### **Web app backend endpoints interactions**
+ #### **Web app backend endpoints interactions**
- ### **Authorization/authentication**
+ #### **Authorization/authentication**
- ### **Technology Stack:**
- * Frontend: React.js
- * Backend: Express.js
- * Database:
- * Caching:
- * Deployment: Gitlab CICD
+ #### **Technology Stack:**
+ * **Frontend:** React.js
+ * **Backend:** Express.js
+ * **Database:**
+ * **Caching: **
+ * **Deployment:** Gitlab CICD
- ### **Authorization/authentication**
+ #### **Authorization/authentication**
* JWT Tokens for backend route protection.
* Role-based Access Control (RBAC) for organization-level roles.
- ## **Data Design**
+ > ## **Data Design**
- ## **Entity-Relationship Diagram (ERD)**
+ > ## **Entity-Relationship Diagram (ERD)**
![](./image-1762779857811.png)
- ## **Architecture Diagram**
+ > ## **Architecture Diagram**
![](./image-1762779905513.png)
- ## **Component & Module Design**
- ### **Component Breakdown**
+ > ## **Component & Module Design**
+ #### **Component Breakdown**
* Integration
- ### **Component Responsibilities**
- * Frontend: User input, visualization, and interaction.
- * Backend: Logic control, routing, and model orchestration.
- * AI Layer: Processing, model selection, and confidence computation.
- ### **Interaction Model**
+ #### **Component Responsibilities**
+ * **Frontend:** User input, visualization, and interaction.
+ * **Backend:** Logic control, routing, and model orchestration.
+ * **AI Layer:** Processing, model selection, and confidence computation.
+
+ #### **Interaction Model**
* Components communicate via secure REST APIs
- ## **API Design & Integrations**
- ### **Public API Design**
+ > ## **API Design & Integrations**
+ #### **Public API Design**
* RESTful JSON-based API responses.
* Secured with JWT tokens
- ### **Authentication & Authorization**
+ #### **Authentication & Authorization**
* Token validation middleware for all secured routes.
* Role-based endpoint access is defined via backend decorators.
- ### **Third-Party Integrations**
- * GitLab – Fetch commits and track code changes.
- * JIRA API – Ticket fetch, update, and audit validation.
- * AI - Public models or APIs
+ #### **Third-Party Integrations**
+ * **GitLab** – Fetch commits and track code changes.
+ * **JIRA API** – Ticket fetch, update, and audit validation.
+ * **AI** - Public models or APIs
- ## **Security Considerations **
- ### **Authentication & Authorization Flow**
+ > ## **Security Considerations **
+ #### **Authentication & Authorization Flow**
* Role-based access per organization and user.
- ### **Data Security**
+
+ #### **Data Security**
* HTTPS/TLS for data in transit.
* Role-based data visibility.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9