SRA (Smart Requirements Analyzer)

SRA is an enterprise-grade, AI-orchestrated ecosystem designed to formalize the software requirements engineering lifecycle. By combining Large Language Model (LLM) reasoning with rigorous architectural standards, SRA transforms fragmented project visions into high-fidelity, production-ready technical specifications (IEEE-830).

---

🔗 Quick Links

| Resource | URL | Description | |----------|-----|-------------| | Live Application | sra-xi.vercel.app | Production frontend deployment | | Architecture Guide | ARCHITECTURE.md | System architecture & design | | Operations Manual | OPERATIONS.md | Deployment, backup & DR procedures | | Contributing | CONTRIBUTING.md | Development setup & guidelines |

---

🏛️ Executive Summary

In contemporary software development, 43% of project failures are attributed to poor requirements gathering. SRA mitigates this risk by providing an automated, multi-layered validation and synthesis engine. It serves as the bridge between business objectives and technical execution, ensuring that every project starts with a cohesive, logical, and architecturally sound foundation.

Core Value Propositions

• Zero-Ambiguity Intake: Standardizes raw stakeholder descriptions into structured architectural models.
• AI-Driven Governance: Real-time logic checking to identify contradictions, missing logic, and technical gaps.
• High-Fidelity Visuals: Automated generation of multi-level Data Flow Diagrams (DFD) and system-level Mermaid diagrams.
• Semantic Intelligence: Leverages vector-based knowledge retrieval (RAG) and Graph-Hybrid Search to ensure consistency across complex project portfolios.
• Intelligent Requirement Recycling: Proactively suggests high-quality requirement fragments from past "Gold Standard" projects to accelerate new SRS drafting.
• Objective Quality Auditing: Real-time scoring against the 6Cs of Requirements Quality (Clarity, Completeness, etc.).
• Industry Benchmarking: Integrated RAG evaluation for Faithfulness and Answer Relevancy.

---

🔄 The 5-Layer Analysis Pipeline

SRA operates on a proprietary 5-layer pipeline that ensures every requirement is processed through a rigid quality-control sequence.

graph TD
    subgraph "Cloud Analysis Layer (SRA Platform)"
        L1[<b>Layer 1: Strategic Intake</b><br/>Unstructured Input Mapping]
        L2[<b>Layer 2: MAS Analysis</b><br/>PO, Architect, & Dev Agents]
        L3[<b>Layer 3: Objective Review</b><br/>6Cs Audit & RAG Evaluation]
        L4[<b>Layer 4: Refinement Hub</b><br/>Live Workspace & Diff Tracking]
        L5[<b>Layer 5: Knowledge Persistence</b><br/>Semantic Indexing & Hybrid Search]
        
        Reliability[(<b>Reliability Layer</b><br/>360s Timeout & Jittered Retries)]
        L2 & L3 -.-> Reliability
    end

    subgraph "Local Execution Layer (CLI Toolkit)"
        CLI["SRA CLI (@sra-srs/sra-cli)"] -->|Auth/Sync| L1
        CLI -->|Verify| Code[(Local Source Code)]
        Code -->|Verification Data| CLI
        CLI -->|Push Audit Trail| L4
    end

    Stakeholder((Stakeholder)) -->|Raw Vision| L1
    L1 --> L2
    L2 --> L3
    L3 -->|FAIL: Poor Score| L2
    L3 -->|PASS| L4
    L4 -->|Export| Artifacts[IEEE SRS, PDF, DFD, API Spec]
    L4 --> L5

<details> <summary><strong>📐 Click to Expand Layer Details</strong></summary>

1. Strategic Intake: Translates free-text into a mapped JSON model aligned with IEEE section hierarchies.
2. Multi-Agent Analysis: Orchestrates specialized AI agents (Product Owner, Architect, Developer) using the v1.1.0 Gold Standard prompt registry.
3. Objective Review: Automated auditing of SRS content against the 6Cs and RAG evaluation for contextual faithfulness.
4. Iterative Refinement: A modular Workspace UI for manual adjustments, version branching, and intelligent diagram repair.
5. Knowledge Persistence: Finalized requirements are "shredded" and indexed into a PostgreSQL + pgvector graph for cross-project intelligence.

</details>

---

✨ Enterprise Feature Modules

📊 Professional Requirements Engineering

• IEEE-830 v1.1.0 Compliance: Automated generation with strict identifier governance and academic prose discipline.
• 6Cs Quality Audit: Automated scoring for Clarity, Completeness, Conciseness, Consistency, Correctness, and Context.
• RAG Benchmarking: Real-time evaluation of LLM Faithfulness and Answer Relevancy.
• User Story Evolution: Generates "Jira-Ready" user stories with granular acceptance criteria.

🎨 Advanced Architectural Visualization

• Multi-Level DFDs: Generates Level 0 (Context) and Level 1 (Functional Decomposition) Gane-Sarson diagrams.

• Interactive Explorer: Powered by @xyflow/react with support for high-fidelity PNG Export.

• Self-Healing Diagrams: Integrated Mermaid Repair Engine that identifies and fixes syntax errors in generated UML.

🔒 Security, Privacy & Governance

• Proactive PII Redaction: Automated sanitization of user intent (Emails, Phone, CC) before processing by external AI providers.
• RBAC Architecture: Secure access control with JWT integration and social OAuth (Google/GitHub).
• Revision History: Complete versioning system with visual diff tracking between requirement updates.
• Audit-Ready Exports: One-click professional PDF generation with table of contents and revision logs.

🛠️ SRA CLI Toolkit (v4.0)

• Spec-to-Code Traceability: Direct link between cloud requirements and local source code implementations.
• Local Compliance Engine: Run sra check locally to verify that your code matches the official specification.
• Automated Sync: One-command synchronization of requirements into your developer workspace.
• System Diagnostics: Professional sra doctor utility for environment validation and connectivity troubleshooting.
• Reverse Engineering: Beta support for generating requirements directly from existing codebases.

---

🛡️ Production Hardening

SRA is engineered for stability, security, and enterprise-grade performance.

🧩 Infrastructure Security

• Multi-Stage Docker Builds: Minimized production images using separate build/runtime environments.
• Non-Root Execution: Containers run as unprivileged users (nodejs/nextjs) to mitigate security risks.
• Dependency Pinning: Strict versioning of core dependencies (e.g., Next.js 16.1.6) to ensure environment parity.

🌐 Network & Content Security

• Hardened CSP: Strict Content Security Policy injected via Next.js and Express security headers.
• HSTS & Frame Protection: Production-grade Strict-Transport-Security and X-Frame-Options (DENY/SAMEORIGIN) enforcement.
• Secure Session Management: JWT-based authentication with secure cookie handling.
• Privacy Sanitization: Integrated sanitizer.js layer to prevent data leakage to LLM providers.
• Distributed Rate Limiting: Redis-backed throttling ensures global protection across all server instances.

🔍 AI Reliability & Performance optimization

• AI Reliability Layer: Implemented a standardized BaseAgent with a 6-minute timeout, jittered retries, and high-fidelity JSON parsing logs for stable long-form document generation.
• **