System

{{entity:Air Traffic Control System}} ({{hex:51F57BD9}}), project se-air-traffic-control. Session continues from the scaffolded baseline: 9 subsystems registered in namespace SE:air-traffic-control, 42 requirements on entry. This session deepens coverage across all 9 subsystems, adds CPDLC and AMAN as two additional subsystems, builds the STK→SYS→SUB trace chain for the highest-risk subsystems, and addresses the orphaned requirement problem left by the previous session.

Decomposition

Eleven subsystems now carry requirements in the project. The {{entity:Surveillance Data Processing}} ({{hex:50F73319}}) and {{entity:Safety Net System}} ({{hex:51F77B59}}) received the most attention — both are safety-instrumented functions at the top of the SIL hierarchy and drive the architecturally significant decisions.

Multi-sensor fusion architecture for {{entity:Surveillance Data Processing}}: Kalman-weighted fusion biased towards highest-accuracy source (ADS-B > MLAT > SSR > PSR). Track identity continuity requirement added with 60-second sensor-gap tolerance derived from ICAO Doc 4444 handoff procedures. Degraded-mode requirement specifies 60% track retention when 2 of 4 sensor inputs are lost — this is the binding floor for the system-level degraded service envelope.

{{entity:Safety Net System}} received STCA 3-second delivery at 120-second look-ahead, MSAW within 8 seconds of terrain-closure detection, and a nuisance alert rate ceiling of 2% verified by 6-month operational trial. The 91% Jaccard similarity between ATC and SNS confirms both operate in the same trait space (Synthetic, Powered, Active, Intentionally Designed, Outputs Effect) — this is consistent with the SNS being a nearly-co-functional backup to the ATC surveillance function.

{{entity:Controller Pilot Data Link Communications}} ({{hex:50E57B58}}) and {{entity:Approach Sequencing and Metering}} ({{hex:40B73B18}}) classified and added to the namespace with PART_OF facts. CPDLC fills the data-link gap alongside voice communications; AMAN provides the 250nm arrival planning horizon needed for high-density operations.

flowchart TB
  ATCS["Air Traffic Control System"]
  SDP["Surveillance Data Processing"]
  SNS["Safety Net System"]
  FDP["Flight Data Processing"]
  CWP["Controller Working Position"]
  VCS["Voice Communication System"]
  CPDLC["Controller-Pilot Data Link"]
  AIM["Aeronautical Information Mgmt"]
  DDN["Data Distribution Network"]
  SMC["System Monitoring and Control"]
  RRS["Recording and Replay System"]
  AMAN["Approach Sequencing and Metering"]
  ATCS --> SDP
  ATCS --> SNS
  ATCS --> FDP
  ATCS --> CWP
  ATCS --> VCS
  ATCS --> CPDLC
  ATCS --> AIM
  ATCS --> DDN
  ATCS --> SMC
  ATCS --> RRS
  ATCS --> AMAN
  SDP -->|Fused tracks| SNS
  SDP -->|Correlated tracks| FDP
  SNS -->|STCA/MSAW alerts| CWP
  FDP -->|Flight strip data| CWP
  VCS -->|Voice channels| CWP
  AIM -->|Terrain and airspace data| SNS
  DDN -->|Sensor feeds| SDP
  SMC -->|Health telemetry| DDN

Analysis

The lint baseline shows 61 findings (11 high) on entry — high-severity findings concentrated on orphaned requirements with no trace links and requirements lacking measurable criteria. The orphaned requirement problem (14 of 42 with doc:null) stems from the prior session creating requirements without section IDs; reassign cannot recover these because ref collisions prevent the tool from disambiguating. These orphans will be flagged as a QC task in the next session.

{{entity:Naval Combat Management System}} shares 75% trait overlap with the ATC system at a semantic level — both are Synthetic, Powered, Active, Intentionally Designed, System-Integrated functions with Outputs Effect and Processes Signals/Logic traits. This is architecturally coherent: both domains share real-time multi-sensor data fusion, conflict prediction, and operator workstation display problems. The NCMS experience with degraded-mode track management in a contested environment is directly applicable to the ATC degraded sensor scenario.

The {{trait:Powered}}, {{trait:Active}}, and {{trait:Outputs Effect}} trait intersection across Safety Net, Surveillance Data Processing, and the system itself (all above 70% Jaccard) confirms these three subsystems are architecturally co-dependent — any latency or accuracy degradation in SDP propagates directly through SNS alerting to the CWP.

Requirements

Added 34 requirements this session: 15 SUB (across SDP, SNS, FDP, CWP, VCS, AIM, DDN, SMC, RRS, CPDLC, AMAN), 5 IFC (AIM→SDP terrain, FDP→CWP strips, VCS→CWP frequency, SMC→subsystems SNMP, RRS→DDN capture), 4 STK (ANSP capacity, CAA audit, maintenance LRU, adjacent ATC ASTERIX), 4 VER, 3 SYS, 1 SYS recording mandate.

Key requirements:

• {{sub:SUB-REQ-023}} — SDP degraded-mode: 60% track continuity when 2 of 4 sensors lost, verified by {{ver:VER-REQ-017}} failure injection test.
• {{sub:SUB-REQ-012}} — SNS STCA delivery: alert within 3 seconds at 120-second look-ahead, traces from {{sys:SYS-REQ-004}}.
• {{sub:SUB-REQ-014}} — SNS nuisance rate ≤2%, verified by 6-month operational trial {{ver:VER-REQ-015}}.
• {{sys:SYS-REQ-011}} — System recording mandate traces to {{stk:STK-REQ-007}} (CAA audit access) and derives {{sub:SUB-REQ-022}} (RRS 30-day cryptographic retention).
• {{sub:SUB-REQ-025}} — AMAN 250nm planning horizon, deriving from {{sys:SYS-REQ-008}} (MTCD conflict probe).

15 new trace links added. STK→SYS chain now covers STK-001→SYS-004, STK-002→SYS-009, STK-003→SYS-003, STK-005→SYS-010, STK-006→SYS-008, STK-007→SYS-011.

Next

Orphaned requirements (14 with doc:null, ref collisions) require QC deletion and recreation with correct section assignments — cannot be fixed by reassign. Subsystems with thin coverage: VCS (1 sectioned req), FDP (2), CWP (3). ARC decisions section is sparse (2 reqs). A full first-pass sweep is needed — approximately 30 more SUB requirements to bring all 11 subsystems to 3–5 requirements each before the project is ready for QC flow.