System

{{entity:Fusion Reactor Control System}} (se-fusion-reactor-control-system), interim QC session 402 — nine sessions since last QC at session 393. Project state at entry: 191 requirements, 198 trace links, 10 diagrams, 16 baselines. Decomposition status: validated. Scope is requirements and trace coverage added since session 393.

Findings

Rationale and verification coverage: All 191 requirements carry both verification and rationale fields. No deficiencies in this category.

Lint audit: 22 findings (5 high, 17 medium). Four high-severity findings are ontological mismatches: the {{entity:Fusion Reactor Control System}} ({{hex:51F77B19}}), {{entity:Quench Detection System}} ({{hex:54F77218}}), and {{entity:Pellet Injection Controller}} ({{hex:55F53218}}) lack the Physical Object trait despite requirements imposing physical embodiment constraints; {{entity:Disruption Prediction Engine}} ({{hex:51F57308}}) carries the {{trait:Biological/Biomimetic}} trait (correctly flagging LSTM-based inference) but had no ML model validation requirement. Seventeen medium findings cover: EMC environment flow-down gaps, maintenance management system reporting gaps, coverage gaps where SYS-level concepts (“safe state”, “ion cyclotron and neutral beam heating systems”, “maintenance bus”) had no SUB-level decomposition, and trait mismatches on {{entity:Safety Arbiter}} ({{hex:002008B1}}) {{trait:Ethically Significant}} without associated requirements.

VER coverage gate: {{sub:SUB-REQ-001}}–{{sub:SUB-REQ-076}} showed 51/100 SUB+IFC requirements linked to VER entries (51%), just above the 50% gate. However, safety-critical redundancy requirements {{sub:SUB-REQ-069}} (2-of-3 ESS), {{sub:SUB-REQ-070}} (TMR SLP), {{sub:SUB-REQ-074}} (safe state actuator hold), and {{sub:SUB-REQ-062}} (safe state definition) all lacked verification procedures — a significant gap given SIL-3 classification.

Spray patterns: {{sys:SYS-REQ-004}} carries 30+ SUB/IFC trace links. All reviewed; each has specific derivation rationale. The spray is genuine: the SIL-3 SCRAM requirement cascades to every component that contributes to hardware fault tolerance, power-fail-safe behaviour, and independence enforcement.

Trace link rationale: 0 links without rationale. No deficiency.

Coverage gaps (lint findings 16–22): STK-REQ-006 referenced a maintenance management system reporting interface with no SUB decomposition. SYS-REQ-010 referenced ion cyclotron and neutral beam heating systems in EMC context with no corresponding HCDC EMC qualification requirement. SYS-REQ-011 specified a maintenance bus reporting protocol with no SUB requirement defining message format or delivery SLA.

Corrections

Three new SUB requirements created:

• {{sub:SUB-REQ-077}}: HCDC Supervisory and heating actuator controllers (NBI, ECRH, ICRH) qualified to IEC 61000-4-3 Level IV and IEC 61000-4-8 Level 5. Closes SYS-REQ-010 EMC flow-down to the heating subsystem. Traced to {{sys:SYS-REQ-010}}.
• {{sub:SUB-REQ-078}}: Plant Control and I&C System reports faults via IEC 61850 maintenance bus within 10 s, with IEC 61360 equipment ID, ±1 ms UTC timestamp, IEC 60812 severity classification, and ≥99.9% message delivery reliability over 30 days. Closes SYS-REQ-011 flow-down. Traced to {{sys:SYS-REQ-011}}.
• {{sub:SUB-REQ-079}}: {{entity:Disruption Prediction Engine}} ML model validated against ≥500 disruption precursor sequences / 2000 non-disruption shots, achieving ≥95% sensitivity, ≤2% false positive rate, ≥30 ms prediction horizon. Model weights frozen at commissioning; revalidation required on ≥15% parameter drift. Closes the Biological/Biomimetic trait gap and decomposes {{sys:SYS-REQ-002}} prediction performance requirement.

Four new VER requirements created:

• {{sys:VER-REQ-068}}: 12-scenario fault injection test for {{sub:SUB-REQ-069}} 2-of-3 ESS voted architecture.
• {{sys:VER-REQ-069}}: HIL two-channel failure test for {{sub:SUB-REQ-070}} TMR Safety Logic Processor.
• {{sys:VER-REQ-070}}: 300 s integrated safe state hold test with override rejection for {{sub:SUB-REQ-074}}.
• {{sys:VER-REQ-071}}: Logic inspection of each safe state criterion against monitored process variable for {{sub:SUB-REQ-062}}.

VER coverage after corrections: 55/103 SUB+IFC requirements (53%). Baseline QC-2026-03-21 created.

Residual

22 lint findings remain. The five high-severity physical embodiment findings for {{entity:Fusion Reactor Control System}}, {{entity:Quench Detection System}}, and {{entity:Pellet Injection Controller}} are classification mismatches: requirements for their physical housing already exist ({{sub:SUB-REQ-067}}, {{sub:SUB-REQ-066}}). Reclassification is warranted but deferred — reclassifying would add Physical Object trait to entities currently without it, which may affect cross-domain analog searches. The Ethically Significant findings on {{entity:Emergency Shutdown System}} and {{entity:Safety Arbiter}} are ontologically accurate (these systems make safety-critical decisions) but there is no standard “ethical” requirement type in nuclear I&C; the safety case and SIL-3 certification requirements effectively address this. SUB VER coverage at 29/75 (39%) — 46 SUB requirements still lack individual verification procedures. Most of these are covered implicitly by system-level HIL and end-to-end chain tests, but individual traceability should be added in a subsequent session.

Next

Subsequent QC session should address the residual 46 uncovered SUB requirements — priority on the plasma control, disruption prediction, and fuel injection subsystems. The three heating and fuel subsystem internal diagrams (Heating and Current Drive Control, Magnet Safety and Protection, Fuel Injection and Burn Control) have zero connectors; a decomposition session on these internal architectures would also close remaining interface gaps.

flowchart TB
  n0["Fusion Reactor Control System"]
  n1["Plasma Control System"]
  n2["Disruption Prediction and Mitigation System"]
  n3["Heating and Current Drive Control"]
  n4["Magnet Safety and Protection System"]
  n5["Fuel Injection and Burn Control"]
  n6["Plasma Diagnostics Integration System"]
  n7["Plant Control and I&C System"]
  n8["Interlock and Emergency Shutdown System"]
  n0 --> n1
  n0 --> n2
  n0 --> n3
  n0 --> n4
  n0 --> n5
  n0 --> n6
  n0 --> n7
  n0 --> n8