Commit cd81c1
2025-11-10 13:11:19 Melisha Dsouza: HLD updation| /dev/null .. Projects/Audit-matic/HLD.md | |
| @@ 0,0 1,125 @@ | |
| + | # **High-Level Design** |
| + | |
| + | ## **Introduction** |
| + | This project builds an AI-powered system to check CMMI compliance. It analyzes business documents, cross-checks development work in Jira and GitLab, and generates clear reports to ensure all tasks meet CMMI standards. |
| + | |
| + | ## **Solution Overview** |
| + | |
| + | ### **Problem Statement** |
| + | |
| + | Organizations often face challenges in ensuring CMMI compliance and identifying document loopholes during audits or project evaluations. Manual review processes are time-consuming, error-prone, and lack traceability. There’s a need for an intelligent system that automates document analysis, detects non-compliance, and integrates seamlessly with JIRA for issue tracking. |
| + | |
| + | ### **Solution Summary ** |
| + | * Accepts document uploads (Audit, BRD, HLD, LLD, Analysis docs) |
| + | * Runs automated AI/NLP analysis to extract requirements, identify gaps/loopholes, and suggest fixes |
| + | * Integrates with JIRA to fetch, map, and update tickets |
| + | * Provides an interactive review UI (checklists, assign-to-JIRA, status updates) |
| + | * Exposes dashboards for audit scores, trends, and compliance metrics |
| + | |
| + | ### **Project Goals and Objectives** |
| + | |
| + | * Automate document analysis using AI/ML for compliance detection. |
| + | * Ensure CMMI standard compliance through structured audit reports. |
| + | * Provide a seamless JIRA integration for ticket and project management. |
| + | * Offer real-time dashboards for compliance trends and project insights. |
| + | * Maintain 97%+ accuracy through model fallback and feedback learning. |
| + | |
| + | ### **Target Users & Roles** |
| + | |
| + | * Organization Owner / Admin: Create org, configure JIRA, invite users |
| + | * Project Manager: Review analyses, verify tickets, assign tasks |
| + | * Quality/Audit Lead (QA/Auditor): Run audits, validate loopholes. |
| + | * Developer / Assignee: Receive JIRA-linked tasks, update status |
| + | * Viewer / Stakeholder: Read-only access to dashboards and reports |
| + | |
| + | ### **Scope** |
| + | |
| + | * User authentication and organization creation. |
| + | * Role-based access control (Admin, Owner, Auditor, User). |
| + | * Document upload (PDF, DOCX, TXT) and classification. |
| + | * AI-based analysis of documents for loopholes and compliance. |
| + | * Integration with multiple AI models (GPT-4o, Gemini, Hugging Face). |
| + | * JIRA API integration for project tracking. |
| + | * Real-time dashboard and visual analytics. |
| + | * Firebase integration for crash tracking and remote config. |
| + | |
| + | ### **Critical Success Factors** |
| + | |
| + | * Achieve ≥97% accuracy in document classification and analysis. |
| + | * Seamless integration between backend and AI model services. |
| + | * Low-latency data processing and scalable architecture. |
| + | * User-friendly and responsive UI/UX. |
| + | |
| + | ### **Assumptions** |
| + | |
| + | * Organizations will provide the required JIRA credentials and permissions |
| + | * The primary language of the documents is English |
| + | * Users have access to modern web browsers |
| + | * Reasonable network bandwidth for uploads/downloads |
| + | |
| + | ### **Constraints** |
| + | |
| + | * Dependent on internet connectivity for AI and JIRA integrations. |
| + | * Processing large documents may take longer based on file size. |
| + | * API rate limits for AI models (e.g., OpenAI API limits). |
| + | |
| + | ## **System architecture** |
| + | |
| + | ### **Architectural design** |
| + | |
| + | ### **Web app backend endpoints interactions** |
| + | |
| + | ### **Authorization/authentication** |
| + | |
| + | ### **Technology Stack:** |
| + | * Frontend: React.js |
| + | * Backend: Express.js |
| + | * Database: |
| + | * Caching: |
| + | * Deployment: Gitlab CICD |
| + | |
| + | ### **Authorization/authentication** |
| + | * JWT Tokens for backend route protection. |
| + | * Role-based Access Control (RBAC) for organization-level roles. |
| + | |
| + | ## **Data Design** |
| + | |
| + | ## **Entity-Relationship Diagram (ERD)** |
| + | |
| + |  |
| + | |
| + | ## **Architecture Diagram** |
| + | |
| + |  |
| + | |
| + | ## **Component & Module Design** |
| + | ### **Component Breakdown** |
| + | * Integration |
| + | ### **Component Responsibilities** |
| + | * Frontend: User input, visualization, and interaction. |
| + | * Backend: Logic control, routing, and model orchestration. |
| + | * AI Layer: Processing, model selection, and confidence computation. |
| + | |
| + | ### **Interaction Model** |
| + | * Components communicate via secure REST APIs |
| + | |
| + | ## **API Design & Integrations** |
| + | ### **Public API Design** |
| + | * RESTful JSON-based API responses. |
| + | * Secured with JWT tokens |
| + | |
| + | ### **Authentication & Authorization** |
| + | * Token validation middleware for all secured routes. |
| + | * Role-based endpoint access is defined via backend decorators. |
| + | |
| + | ### **Third-Party Integrations** |
| + | * GitLab – Fetch commits and track code changes. |
| + | * JIRA API – Ticket fetch, update, and audit validation. |
| + | * AI - Public models or APIs |
| + | |
| + | ## **Security Considerations ** |
| + | ### **Authentication & Authorization Flow** |
| + | * Role-based access per organization and user. |
| + | ### **Data Security** |
| + | * HTTPS/TLS for data in transit. |
| + | * Role-based data visibility. |