High Level Design
Introduction
This project builds an AI-powered system to check CMMI compliance. It analyzes business documents, cross-checks development work in Jira and GitLab, and generates clear reports to ensure all tasks meet CMMI standards.
Solution Overview
Problem Statement
Organizations often face challenges in ensuring CMMI compliance and identifying document loopholes during audits or project evaluations. Manual review processes are time-consuming, error-prone, and lack traceability. There’s a need for an intelligent system that automates document analysis, detects non-compliance, and integrates seamlessly with JIRA for issue tracking.
Solution Summary
- Accepts document uploads (Audit, BRD, HLD, LLD, Analysis docs)
- Runs automated AI/NLP analysis to extract requirements, identify gaps/loopholes, and suggest fixes
- Integrates with JIRA to fetch, map, and update tickets
- Provides an interactive review UI (checklists, assign-to-JIRA, status updates)
- Exposes dashboards for audit scores, trends, and compliance metrics
Project Goals and Objectives
- Automate document analysis using AI/ML for compliance detection.
- Ensure CMMI standard compliance through structured audit reports.
- Provide a seamless JIRA integration for ticket and project management.
- Offer real-time dashboards for compliance trends and project insights.
- Maintain 97%+ accuracy through model fallback and feedback learning.
Target Users & Roles
- Organization Owner / Admin: Create org, configure JIRA, invite users
- Project Manager: Review analyses, verify tickets, assign tasks
- Quality/Audit Lead (QA/Auditor): Run audits, validate loopholes.
- Developer / Assignee: Receive JIRA-linked tasks, update status
- Viewer / Stakeholder: Read-only access to dashboards and reports
Scope
- User authentication and organization creation.
- Role-based access control (Admin, Owner, Auditor, User).
- Document upload (PDF, DOCX, TXT) and classification.
- AI-based analysis of documents for loopholes and compliance.
- Integration with multiple AI models (GPT-4o, Gemini, Hugging Face).
- JIRA API integration for project tracking.
- Real-time dashboard and visual analytics.
- Firebase integration for crash tracking and remote config.
Critical Success Factors
- Achieve ≥97% accuracy in document classification and analysis.
- Seamless integration between backend and AI model services.
- Low-latency data processing and scalable architecture.
- User-friendly and responsive UI/UX.
Assumptions
- Organizations will provide the required JIRA credentials and permissions
- The primary language of the documents is English
- Users have access to modern web browsers
- Reasonable network bandwidth for uploads/downloads
Constraints
- Dependent on internet connectivity for AI and JIRA integrations.
- Processing large documents may take longer based on file size.
- API rate limits for AI models (e.g., OpenAI API limits).
System architecture
Architectural design
Web app backend endpoints interactions
Authorization/authentication
Technology Stack:
- Frontend: React.js
- Backend: Express.js
- Database:
- Caching:
- Deployment: Gitlab CICD
Authorization/authentication
- JWT Tokens for backend route protection.
- Role-based Access Control (RBAC) for organization-level roles.
Data Design
Entity-Relationship Diagram (ERD)

Architecture Diagram

Component & Module Design
Component Breakdown
- Integration
Component Responsibilities
- Frontend: User input, visualization, and interaction.
- Backend: Logic control, routing, and model orchestration.
- AI Layer: Processing, model selection, and confidence computation.
Interaction Model
- Components communicate via secure REST APIs
API Design & Integrations
Public API Design
- RESTful JSON-based API responses.
- Secured with JWT tokens
Authentication & Authorization
- Token validation middleware for all secured routes.
- Role-based endpoint access is defined via backend decorators.
Third-Party Integrations
- GitLab – Fetch commits and track code changes.
- JIRA API – Ticket fetch, update, and audit validation.
- AI - Public models or APIs
Security Considerations
Authentication & Authorization Flow
- Role-based access per organization and user.
Data Security
- HTTPS/TLS for data in transit.
- Role-based data visibility.