Fusion Reactor Control System: Eight-Subsystem Scaffold with SIL-4 Control Architecture
System
{{entity:Fusion Reactor Control System}} — scaffold session for a new tokamak-class fusion reactor control system. This session initialises the AIRGen project, classifies the system and all eight top-level subsystems in Substrate, produces stakeholder and system requirements, and establishes external interface definitions. The system carries hex code {{hex:51F77B19}} and occupies an unusual classification space: it is simultaneously {{trait:Functionally Autonomous}}, {{trait:Rule-governed}}, {{trait:Regulated}}, and {{trait:Ethically Significant}} — a combination seen in the Nuclear Reactor Protection System {{hex:55B77859}} and the Engineered Safety Features Actuation System {{hex:51F77A51}}, both cross-domain analogs identified during this session.
Decomposition
The {{entity:Fusion Reactor Control System}} decomposes into eight subsystems reflecting the actual functional architecture of a tokamak:
flowchart TB
FRCS["Fusion Reactor Control System"]
PCS["Plasma Control System"]
DPMS["Disruption Prediction and Mitigation System"]
HCDC["Heating and Current Drive Control"]
MSPS["Magnet Safety and Protection System"]
FIBC["Fuel Injection and Burn Control"]
PDIS["Plasma Diagnostics Integration System"]
PCIC["Plant Control and I&C System"]
IESS["Interlock and Emergency Shutdown System"]
FRCS -->|contains| PCS
FRCS -->|contains| DPMS
FRCS -->|contains| HCDC
FRCS -->|contains| MSPS
FRCS -->|contains| FIBC
FRCS -->|contains| PDIS
FRCS -->|contains| PCIC
FRCS -->|contains| IESS
The {{entity:Plasma Control System}} ({{hex:51F73A08}}) sits at the apex of criticality — it closes the real-time equilibrium loop at 1 kHz, processing ~200 Mirnov coil signals and controlling 18 poloidal field coils to maintain ±2 cm radial position and ±1% current accuracy at up to 15 MA. The {{entity:Disruption Prediction and Mitigation System}} ({{hex:51F77B19}}) shares the system hex — a notable trait match indicating near-identical ontological profile to the top-level system, reflecting how central disruption management is to the system’s identity. The {{entity:Magnet Safety and Protection System}} ({{hex:55F73010}}) acquires a {{trait:Physical Object}} trait not present in the control system — a correct classification signal reflecting the physical hardware-enforced nature of the quench protection heater circuits.
Analysis
Two cross-domain analogs surfaced with meaningful structural similarity. The {{entity:Fault Detection and Isolation Module}} {{hex:41B77B19}} in the Factory corpus closely matches the disruption prediction subsystem — a signal that disruption detection shares deep structural traits with industrial fault isolation modules, suggesting that fault-tree methods from process safety (IEC 61511) could supplement the machine-learning classifier approach. The {{entity:Nuclear Reactor Protection System}} {{hex:55B77859}} is the closest corpus match for the {{entity:Interlock and Emergency Shutdown System}} {{hex:51B77A59}}, with 20+ shared traits — providing a well-documented design archetype for the hardware interlock logic.
The electromagnetic environment constraint surfaced a requirement that distinguishes fusion from other nuclear systems: 200 V/m RF fields at 50–170 GHz from ICRH and ECRH systems create an EMC environment comparable to radar installations, requiring I&C hardware tested to IEC 61000-4-3 and IEC 61000-4-8 — standards rarely cited together in nuclear instrumentation specifications.
Requirements
Four stakeholder categories were elicited: {{entity:Fusion Plant Operator}} ({{hex:002D7AF9}}), {{entity:Nuclear Regulatory Authority}} ({{hex:008578FD}}), {{entity:I&C Maintenance Engineer}} ({{hex:00851278}}), and {{entity:Fusion Physics Research Team}} ({{hex:00857AB9}}). Ten STK requirements and five SYS requirements were generated, along with three IFC requirements for the most consequential external interfaces.
Key requirements:
- {{sys:SYS-REQ-002}}: 50 ms disruption detection-to-mitigation actuation with ≥80% energy mitigation — derived from thermal quench energy budget (>100 MJ in <1 ms without mitigation)
- {{sys:SYS-REQ-004}}: SIL-3 SCRAM in ≤5 seconds with hardware independence from the control system — nuclear licensing requirement
- {{ifc:IFC-REQ-003}}: Hardwired normally-energised SCRAM interlock to Site Protection System, ≤50 ms actuation, no software in signal path
Twelve trace links established: nine STK→SYS derivation links and three SYS→IFC links. The STK→SYS→IFC chain is fully traceable for the safety shutdown and disruption mitigation paths.
Next
Subsystem requirements and per-subsystem decomposition remain. Priority order by risk: (1) {{entity:Plasma Control System}} — control architecture and vertical stability sub-loop; (2) {{entity:Disruption Prediction and Mitigation System}} — sensor fusion and ML classifier specification; (3) {{entity:Magnet Safety and Protection System}} — quench detection hardware requirements. Plant I&C and Diagnostics Integration can follow. ARC decisions needed for: safety class boundary between PCS and IESS, data network architecture (real-time vs supervisory separation), and the ML classifier qualification approach for a SIL-adjacent function.