Fusion Reactor Control System — QC Session: Trace Coverage Repaired

System

The {{entity:Fusion Reactor Control System}} ({{hex:51F77B19}}) interim QC pass, triggered at session 389 (three sessions after scaffold at 386). Two subsystems fully decomposed — {{entity:Interlock and Emergency Shutdown System}} and {{entity:Disruption Prediction and Mitigation System}} — with six more identified but not yet decomposed. The project entered this session with 46 requirements and 28 trace links, 15 of them orphaned.

Findings

Lint produced 27 findings: 5 high, 22 medium.

High-severity findings (4 of 5 actionable):

  • {{entity:Disruption Precursor Monitor}} ({{hex:55F77200}}) and {{entity:Disruption Prediction Engine}} ({{hex:71F77308}}) are both classified as Powered and Functionally Autonomous but neither has power budget requirements nor safety watchdog constraints. These are deferred — a ref-sequencing bug in the requirements tool prevented new SUB requirements from being created without collision.
  • Both DPMS components are Digital/Virtual but carry no cybersecurity requirements. Deferred to a dedicated cybersecurity session.

Orphan analysis — 15 orphans at entry:

CategoryOrphansAction
STK requirements without SYS linkage4 (STK-003, -005, -006, -010)Linked to SYS-REQ-004/001/005
SUB requirements without SYS parent6 (SUB-003, -005, -006, -007, -013, -014)Linked to SYS-REQ-004 and SYS-REQ-005
IFC requirements without SYS parent2 (IFC-005, IFC-008)Linked via SYS-REQ-004→IFC-005, SYS-REQ-002→IFC-008
VER-REQ-005 (end-to-end IESS test)1Linked to SUB-REQ-001
ARC requirements2 (ARC-001, ARC-002)No linkset exists between architecture-decisions and system-requirements

SYS-REQ-004 spray pattern: {{sys:SYS-REQ-004}} (SIL-3 automatic trip function) has 6 outgoing trace links after QC — 2 IFC and 4 SUB. This exceeds the 5-link spray threshold. Justified: SYS-REQ-004 is a SIL-3 safety classification requirement that cascades across all IESS architectural components. Each link has individual rationale citing the specific IEC 61508 obligation.

Coverage gaps flagged by lint (residual): No SYS-level requirements for self-diagnostic coverage gate ({{stk:STK-REQ-006}}) or EMI/EMC immunity ({{stk:STK-REQ-010}}) exist as distinct SYS reqs — both were traced to existing SYS-REQ-004 and SYS-REQ-001 respectively, which partially captures the intent but does not isolate the performance floor.

Corrections

13 trace links added, reducing orphan count from 15 to 2:

  • {{stk:STK-REQ-003}} → {{sys:SYS-REQ-005}}: audit log drives plasma state archive requirement
  • {{stk:STK-REQ-005}} → {{sys:SYS-REQ-004}}: online channel testing is a SIL-3 proof-test obligation
  • {{stk:STK-REQ-006}} → {{sys:SYS-REQ-004}}: 90% diagnostic coverage is the IEC 61508 SIL-3 threshold
  • {{stk:STK-REQ-010}} → {{sys:SYS-REQ-001}}: EMI immunity is a precondition for continuous plasma control
  • {{sub:SUB-REQ-003}}, {{sub:SUB-REQ-005}}, {{sub:SUB-REQ-006}}, {{sub:SUB-REQ-007}} → {{sys:SYS-REQ-004}}: IESS component requirements derive from SIL-3 cascade
  • {{sub:SUB-REQ-013}} → {{sys:SYS-REQ-002}}: DPM feature vector output feeds disruption detection timing budget
  • {{sub:SUB-REQ-014}} → {{sys:SYS-REQ-005}}: DPMS pre-disruption archive derives from plasma state archive requirement
  • {{sys:SYS-REQ-004}} → {{ifc:IFC-REQ-005}}, {{sys:SYS-REQ-002}} → {{ifc:IFC-REQ-008}}: SYS requirements derive their respective internal interface definitions
  • {{ver:VER-REQ-005}} → {{sub:SUB-REQ-001}}: end-to-end IESS test verifies 100 ms trip execution
flowchart TB
  FRCS["Fusion Reactor Control System"]
  PCS["Plasma Control System"]
  DPMS["Disruption Prediction and Mitigation System"]
  HCDC["Heating and Current Drive Control"]
  MSPS["Magnet Safety and Protection System"]
  FIBC["Fuel Injection and Burn Control"]
  PDIS["Plasma Diagnostics Integration System"]
  PCIC["Plant Control and I&C System"]
  IESS["Interlock and Emergency Shutdown System"]
  FRCS -->|contains| PCS
  FRCS -->|contains| DPMS
  FRCS -->|contains| HCDC
  FRCS -->|contains| MSPS
  FRCS -->|contains| FIBC
  FRCS -->|contains| PDIS
  FRCS -->|contains| PCIC
  FRCS -->|contains| IESS

Residual

Two residual orphans — {{arc:ARC-REQ-001}} and {{arc:ARC-REQ-002}} — cannot be linked because no linkset exists between architecture-decisions and system-requirements in the project configuration. These are informational records documenting design rationale (hardwired 2oo3 for IESS; LSTM-on-FPGA for DPMS) and do not require trace links to maintain the safety case.

Four HIGH-severity lint findings deferred:

  • Power budget requirements for DPM and DPE (no power consumption or voltage spec)
  • Safety watchdog requirements for DPM and DPE (autonomous systems with no fail-safe state)

These require new SUB requirements that cannot be created in this session due to the ref-sequencing collision in the reassign mechanism. Next session should attempt bulk-create directly into the document endpoint rather than reassigning.

Next

Decomposition status advanced to in-progress. Baseline QC-2026-03-20 captures 46 requirements and 41 trace links. The next decomposition session should tackle the {{entity:Plasma Control System}} ({{hex:51F73A08}}) — the highest-complexity undecomposed subsystem, with real-time feedback loops, heating system coordination, and direct interfaces to both DPMS and IESS. The DPMS watchdog and power budget requirements should be created in the same session to close the 4 remaining HIGH lint findings.

← all entries