**<center><h1>High Level Design</h1></center>**

> ## **Introduction**

This project builds an AI-powered system to check CMMI compliance. It analyzes business documents, cross-checks development work in Jira and GitLab, and generates clear reports to ensure all tasks meet CMMI standards.

> ## **Solution Overview**	

#### **Problem Statement**	

Organizations often face challenges in ensuring CMMI compliance and identifying document loopholes during audits or project evaluations. Manual review processes are time-consuming, error-prone, and lack traceability. There’s a need for an intelligent system that automates document analysis, detects non-compliance, and integrates seamlessly with JIRA for issue tracking.

#### **Solution Summary	**
* Accepts document uploads (Audit, BRD, HLD, LLD, Analysis docs)
* Runs automated AI/NLP analysis to extract requirements, identify gaps/loopholes, and suggest fixes
* Integrates with JIRA to fetch, map, and update tickets
* Provides an interactive review UI (checklists, assign-to-JIRA, status updates)
* Exposes dashboards for audit scores, trends, and compliance metrics

#### **Project Goals and Objectives**

* Automate document analysis using AI/ML for compliance detection.
* Ensure CMMI standard compliance through structured audit reports.
* Provide a seamless JIRA integration for ticket and project management.
* Offer real-time dashboards for compliance trends and project insights.
* Maintain 97%+ accuracy through model fallback and feedback learning.

#### **Target Users & Roles**

* **Organization Owner / Admin:** Create org, configure JIRA, invite users
* **Project Manager: **Review analyses, verify tickets, assign tasks
* **Quality/Audit Lead (QA/Auditor):** Run audits, validate loopholes.
* **Developer / Assignee:** Receive JIRA-linked tasks, update status
* **Viewer / Stakeholder:** Read-only access to dashboards and reports

#### **Scope**	

* User authentication and organization creation.
* Role-based access control (Admin, Owner, Auditor, User).
* Document upload (PDF, DOCX, TXT) and classification.
* AI-based analysis of documents for loopholes and compliance.
* Integration with multiple AI models (GPT-4o, Gemini, Hugging Face).
* JIRA API integration for project tracking.
* Real-time dashboard and visual analytics.
* Firebase integration for crash tracking and remote config.

#### **Critical Success Factors**

* Achieve ≥97% accuracy in document classification and analysis.
* Seamless integration between backend and AI model services.
* Low-latency data processing and scalable architecture.
* User-friendly and responsive UI/UX.	

#### **Assumptions**

* Organizations will provide the required JIRA credentials and permissions
* The primary language of the documents is English
* Users have access to modern web browsers
* Reasonable network bandwidth for uploads/downloads

#### **Constraints**

* Dependent on internet connectivity for AI and JIRA integrations.
* Processing large documents may take longer based on file size.
* API rate limits for AI models (e.g., OpenAI API limits).

> ## **System architecture**

#### **Architectural design**

#### **Web app backend endpoints interactions**

#### **Authorization/authentication**

#### **Technology Stack:**
* **Frontend:** React.js 
* **Backend:** Express.js
* **Database:** 
* **Caching: **
* **Deployment:** Gitlab CICD

#### **Authorization/authentication**
* JWT Tokens for backend route protection.
* Role-based Access Control (RBAC) for organization-level roles.

> ## **Data Design**

> ## **Entity-Relationship Diagram (ERD)**

![](./image-1762779857811.png)

> ## **Architecture Diagram**

![](./image-1762779905513.png)

> ## **Component & Module Design** 
#### **Component Breakdown**
* Integration

#### **Component Responsibilities**
* **Frontend:** User input, visualization, and interaction.
* **Backend:** Logic control, routing, and model orchestration.
* **AI Layer:** Processing, model selection, and confidence computation.

#### **Interaction Model**
* Components communicate via secure REST APIs

> ## **API Design & Integrations**
#### **Public API Design**
* RESTful JSON-based API responses.
* Secured with JWT tokens

#### **Authentication & Authorization**
* Token validation middleware for all secured routes.
* Role-based endpoint access is defined via backend decorators.

#### **Third-Party Integrations**
* **GitLab** – Fetch commits and track code changes.
* **JIRA API** – Ticket fetch, update, and audit validation.
* **AI** - Public models or APIs

> ## **Security Considerations **
#### **Authentication & Authorization Flow**
* Role-based access per organization and user.

#### **Data Security**
* HTTPS/TLS for data in transit.
* Role-based data visibility.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9