Commit cd81c1

2025-11-10 13:11:19 Melisha Dsouza: HLD updation
/dev/null .. Projects/Audit-matic/HLD.md
@@ 0,0 1,125 @@
+ # **High-Level Design**
+
+ ## **Introduction**
+ This project builds an AI-powered system to check CMMI compliance. It analyzes business documents, cross-checks development work in Jira and GitLab, and generates clear reports to ensure all tasks meet CMMI standards.
+
+ ## **Solution Overview**
+
+ ### **Problem Statement**
+
+ Organizations often face challenges in ensuring CMMI compliance and identifying document loopholes during audits or project evaluations. Manual review processes are time-consuming, error-prone, and lack traceability. There’s a need for an intelligent system that automates document analysis, detects non-compliance, and integrates seamlessly with JIRA for issue tracking.
+
+ ### **Solution Summary **
+ * Accepts document uploads (Audit, BRD, HLD, LLD, Analysis docs)
+ * Runs automated AI/NLP analysis to extract requirements, identify gaps/loopholes, and suggest fixes
+ * Integrates with JIRA to fetch, map, and update tickets
+ * Provides an interactive review UI (checklists, assign-to-JIRA, status updates)
+ * Exposes dashboards for audit scores, trends, and compliance metrics
+
+ ### **Project Goals and Objectives**
+
+ * Automate document analysis using AI/ML for compliance detection.
+ * Ensure CMMI standard compliance through structured audit reports.
+ * Provide a seamless JIRA integration for ticket and project management.
+ * Offer real-time dashboards for compliance trends and project insights.
+ * Maintain 97%+ accuracy through model fallback and feedback learning.
+
+ ### **Target Users & Roles**
+
+ * Organization Owner / Admin: Create org, configure JIRA, invite users
+ * Project Manager: Review analyses, verify tickets, assign tasks
+ * Quality/Audit Lead (QA/Auditor): Run audits, validate loopholes.
+ * Developer / Assignee: Receive JIRA-linked tasks, update status
+ * Viewer / Stakeholder: Read-only access to dashboards and reports
+
+ ### **Scope**
+
+ * User authentication and organization creation.
+ * Role-based access control (Admin, Owner, Auditor, User).
+ * Document upload (PDF, DOCX, TXT) and classification.
+ * AI-based analysis of documents for loopholes and compliance.
+ * Integration with multiple AI models (GPT-4o, Gemini, Hugging Face).
+ * JIRA API integration for project tracking.
+ * Real-time dashboard and visual analytics.
+ * Firebase integration for crash tracking and remote config.
+
+ ### **Critical Success Factors**
+
+ * Achieve ≥97% accuracy in document classification and analysis.
+ * Seamless integration between backend and AI model services.
+ * Low-latency data processing and scalable architecture.
+ * User-friendly and responsive UI/UX.
+
+ ### **Assumptions**
+
+ * Organizations will provide the required JIRA credentials and permissions
+ * The primary language of the documents is English
+ * Users have access to modern web browsers
+ * Reasonable network bandwidth for uploads/downloads
+
+ ### **Constraints**
+
+ * Dependent on internet connectivity for AI and JIRA integrations.
+ * Processing large documents may take longer based on file size.
+ * API rate limits for AI models (e.g., OpenAI API limits).
+
+ ## **System architecture**
+
+ ### **Architectural design**
+
+ ### **Web app backend endpoints interactions**
+
+ ### **Authorization/authentication**
+
+ ### **Technology Stack:**
+ * Frontend: React.js
+ * Backend: Express.js
+ * Database:
+ * Caching:
+ * Deployment: Gitlab CICD
+
+ ### **Authorization/authentication**
+ * JWT Tokens for backend route protection.
+ * Role-based Access Control (RBAC) for organization-level roles.
+
+ ## **Data Design**
+
+ ## **Entity-Relationship Diagram (ERD)**
+
+ ![](./image-1762779857811.png)
+
+ ## **Architecture Diagram**
+
+ ![](./image-1762779905513.png)
+
+ ## **Component & Module Design**
+ ### **Component Breakdown**
+ * Integration
+ ### **Component Responsibilities**
+ * Frontend: User input, visualization, and interaction.
+ * Backend: Logic control, routing, and model orchestration.
+ * AI Layer: Processing, model selection, and confidence computation.
+
+ ### **Interaction Model**
+ * Components communicate via secure REST APIs
+
+ ## **API Design & Integrations**
+ ### **Public API Design**
+ * RESTful JSON-based API responses.
+ * Secured with JWT tokens
+
+ ### **Authentication & Authorization**
+ * Token validation middleware for all secured routes.
+ * Role-based endpoint access is defined via backend decorators.
+
+ ### **Third-Party Integrations**
+ * GitLab – Fetch commits and track code changes.
+ * JIRA API – Ticket fetch, update, and audit validation.
+ * AI - Public models or APIs
+
+ ## **Security Considerations **
+ ### **Authentication & Authorization Flow**
+ * Role-based access per organization and user.
+ ### **Data Security**
+ * HTTPS/TLS for data in transit.
+ * Role-based data visibility.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9