Audit-matic

Project: AuditMatic

Tagline: Automating CMMI compliance by bridging the gap between business requirements and development artifacts.

Team: Fusion

Project Status: Planning

Overview This project aims to develop a custom AI solution, AuditMatic, that automates the CMMI compliance auditing process. For many development teams, ensuring that engineering work aligns with business requirements is a manual, time-consuming, and error-prone task. This system solves that problem by serving as an intelligent bridge between business documents and development tools like Jira and GitLab.

The core of our solution is an AI-powered pipeline that ingests unstructured business requirements documents, uses Natural Language Processing (NLP) to extract key identifiers (like ticket numbers and commit hashes), and then pulls live data from development tools via their APIs. By programmatically cross-validating this information against a set of CMMI rules, the system can generate an instant, detailed compliance report, flagging discrepancies that would otherwise require hours of manual auditing.

The Problem CMMI compliance auditing is a critical but highly inefficient process for software development organizations. It requires auditors to manually read through complex business requirements documents and then painstakingly cross-reference every stated requirement with tickets in Jira and commits in GitLab. This manual process is not only slow and costly but also susceptible to human error, potentially leading to failed audits and non-compliance.

Our AI Solution What does it do? AuditMatic is a web application that ingests business requirements documents and automatically checks for CMMI compliance by cross-validating them against live data from Jira and GitLab.

How does it work? The architecture consists of three main components.

A React web app provides the user interface for document upload.

An Express.js backend acts as an API gateway, receiving the file and orchestrating the AI process.

A Python AI core is triggered by the backend. It uses libraries like PyMuPDF to extract text, spaCy for NLP to identify Jira IDs and commit hashes, and then connects to the Jira and GitLab APIs to fetch corresponding data. Finally, its rule-based "expert system" runs compliance checks (Traceability, Accountability, Completeness) and returns a JSON report to the web app.

What makes it innovative? It replaces a manual, human-driven audit process with an automated, AI-driven pipeline. It is a practical application of AI engineering, combining off-the-shelf NLP models with a custom rule-based expert system to solve a specific, high-value business problem efficiently.

Technology Stack AI/ML Models: spaCy (for NLP/NER), Custom Rule-Based Expert System

Frameworks & Libraries: PyMuPDF, python-docx, jira, python-gitlab, multer

Backend: Express.js (Node.js), Python

Frontend: React

Databases: N/A for the pilot phase

Deployment & Tools: Git, GitHub, Docker

APIs Used: Jira API, GitLab API

Project Architecture The system follows a three-tier architecture where the frontend, backend, and AI core work in sequence to process a request.

Code snippet

graph TD A[React Web App in Browser] -->|1. Upload Document| B[Express.js Backend]; B -->|2. Trigger Python Script| C[Python AI Core]; C -->|3. Extract Text from File| D[business-requirements.docx]; C -->|4. Run NLP (spaCy) to find IDs/Hashes| C; C -->|5. Fetch Ticket Data| E[Jira API]; C -->|6. Fetch Commit Data| F[GitLab API]; C -->|7. Run CMMI Compliance Logic| C; C -->|8. Return JSON Report| B; B -->|9. Forward JSON Report| A; A -->|10. Display Formatted Report| G[User]; Challenges & Learnings Anticipated Challenges: The primary challenges will be creating robust NLP patterns to handle variations in document formats and ensuring seamless orchestration between the three different technology stacks (React, Node.js, Python). Handling API rate limits and errors from Jira and GitLab will also be critical.

Anticipated Learnings: This project will provide significant learnings in practical AI engineering, specifically in combining pre-built NLP models with custom rule-based systems. The team will gain experience in building polyglot microservices and the importance of clean data extraction from unstructured sources.

Future Roadmap Short-term Goal: Successfully build the pilot with the core compliance checks (Traceability, Accountability, Completeness) using regex-based entity recognition.

Medium-term Goal: Train a custom NLP model using spaCy to recognize more complex or non-standard internal project identifiers, improving the system's accuracy and flexibility.

Long-term Goal: Expand the system by training a machine learning classifier to automatically categorize different types of requirement documents (e.g., "Test Plan," "Risk Plan," "Functional Spec") to apply different rule sets.

Repository & Live Demo GitHub Repository: [Link to your code repo here]

Live Demo: [Link to your live demo or video walkthrough here]

Screenshots / Demo Video (Embed screenshots or a video of the working web application here)

On this page
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9