**<center><h1>High Level Design</h1></center>** > ## **Introduction** This project builds an AI-powered system to check CMMI compliance. It analyzes business documents, cross-checks development work in Jira and GitLab, and generates clear reports to ensure all tasks meet CMMI standards. > ## **Solution Overview** #### **Problem Statement** Organizations often face challenges in ensuring CMMI compliance and identifying document loopholes during audits or project evaluations. Manual review processes are time-consuming, error-prone, and lack traceability. There’s a need for an intelligent system that automates document analysis, detects non-compliance, and integrates seamlessly with JIRA for issue tracking. #### **Solution Summary ** * Accepts document uploads (Audit, BRD, HLD, LLD, Analysis docs) * Runs automated AI/NLP analysis to extract requirements, identify gaps/loopholes, and suggest fixes * Integrates with JIRA to fetch, map, and update tickets * Provides an interactive review UI (checklists, assign-to-JIRA, status updates) * Exposes dashboards for audit scores, trends, and compliance metrics #### **Project Goals and Objectives** * Automate document analysis using AI/ML for compliance detection. * Ensure CMMI standard compliance through structured audit reports. * Provide a seamless JIRA integration for ticket and project management. * Offer real-time dashboards for compliance trends and project insights. * Maintain 97%+ accuracy through model fallback and feedback learning. #### **Target Users & Roles** * **Organization Owner / Admin:** Create org, configure JIRA, invite users * **Project Manager: **Review analyses, verify tickets, assign tasks * **Quality/Audit Lead (QA/Auditor):** Run audits, validate loopholes. * **Developer / Assignee:** Receive JIRA-linked tasks, update status * **Viewer / Stakeholder:** Read-only access to dashboards and reports #### **Scope** * User authentication and organization creation. * Role-based access control (Admin, Owner, Auditor, User). * Document upload (PDF, DOCX, TXT) and classification. * AI-based analysis of documents for loopholes and compliance. * Integration with multiple AI models (GPT-4o, Gemini, Hugging Face). * JIRA API integration for project tracking. * Real-time dashboard and visual analytics. * Firebase integration for crash tracking and remote config. #### **Critical Success Factors** * Achieve ≥97% accuracy in document classification and analysis. * Seamless integration between backend and AI model services. * Low-latency data processing and scalable architecture. * User-friendly and responsive UI/UX. #### **Assumptions** * Organizations will provide the required JIRA credentials and permissions * The primary language of the documents is English * Users have access to modern web browsers * Reasonable network bandwidth for uploads/downloads #### **Constraints** * Dependent on internet connectivity for AI and JIRA integrations. * Processing large documents may take longer based on file size. * API rate limits for AI models (e.g., OpenAI API limits). > ## **System architecture** #### **Architectural design** #### **Web app backend endpoints interactions** #### **Authorization/authentication** #### **Technology Stack:** * **Frontend:** React.js * **Backend:** Express.js * **Database:** * **Caching: ** * **Deployment:** Gitlab CICD #### **Authorization/authentication** * JWT Tokens for backend route protection. * Role-based Access Control (RBAC) for organization-level roles. > ## **Data Design** > ## **Entity-Relationship Diagram (ERD)**  > ## **Architecture Diagram**  > ## **Component & Module Design** #### **Component Breakdown** * Integration #### **Component Responsibilities** * **Frontend:** User input, visualization, and interaction. * **Backend:** Logic control, routing, and model orchestration. * **AI Layer:** Processing, model selection, and confidence computation. #### **Interaction Model** * Components communicate via secure REST APIs > ## **API Design & Integrations** #### **Public API Design** * RESTful JSON-based API responses. * Secured with JWT tokens #### **Authentication & Authorization** * Token validation middleware for all secured routes. * Role-based endpoint access is defined via backend decorators. #### **Third-Party Integrations** * **GitLab** – Fetch commits and track code changes. * **JIRA API** – Ticket fetch, update, and audit validation. * **AI** - Public models or APIs > ## **Security Considerations ** #### **Authentication & Authorization Flow** * Role-based access per organization and user. #### **Data Security** * HTTPS/TLS for data in transit. * Role-based data visibility.