Fusion Reactor Control System — QC pass: ontology fix, physical embodiment, verification gaps
System
Fusion Reactor Control System: interim QC pass, session 403, ten sessions since the previous QC at session 393. Status entering: validated. Project at 198 requirements across 8 subsystems before this session; 203 requirements and 209 trace links at close.
Findings
Ontological false positive — Disruption Prediction Engine. The {{entity:Disruption Prediction Engine}} carried the {{trait:Biological/Biomimetic}} trait at hex {{hex:51F57308}}, generating a high-severity lint finding requesting biocompatibility requirements. The root cause was that the original classification context referenced “neural network” without explicitly stating that this is a mathematical software model rather than biological material. The entity was reclassified with a corrected context — LSTM ensemble on GPU-accelerated compute nodes, purely algorithmic — yielding {{hex:51F77B19}} with bit 3 cleared. Five requirements ({{sub:SUB-REQ-009}}, {{sub:SUB-REQ-010}}, {{sub:SUB-REQ-012}}, {{sub:SUB-REQ-013}}, {{sub:SUB-REQ-041}}) affected by spurious biocompatibility demand are no longer flagged.
Physical embodiment gaps. The lint identified four entities with physical embodiment requirements but no Physical Object trait. Two were actioned this session: the {{entity:Quench Detection System}} ({{hex:54F77218}}) and the {{entity:Pellet Injection Controller}} ({{hex:55F53218}}). Both now have explicit housing and environmental qualification requirements specifying rack-mount installation, EMI shielding class, temperature stability, and physical segregation from non-safety circuits. The QDS requirement references seismic qualification and Cernox sensor accuracy budget; the PIC requirement references tritium gas environment rating and personnel interlocks for high-voltage circuits. The Fusion Reactor Control System and Safety Arbiter physical embodiment findings are deferred to the next session.
Statistical context — MHD Mode Stabiliser. {{sub:SUB-REQ-022}} set a detection threshold (3 cm island width, 50 ms) without specifying detection probability, false-alarm rate, or test sample size. A new requirement added this session specifies ≥95% detection probability for n=1 and n=2 NTM islands, false-alarm rate ≤1 per 100 shots, over a minimum sample of 200 simulated disruption sequences spanning q95 = 2.5 to 5.0 and plasma current 8 to 15 MA. This aligns with IEC 61513 Class 1E sensor qualification.
Verification coverage gaps. VER→SUB/IFC trace coverage was 47 of 103 (46%) entering the session. Three safety-critical uncovered requirements were addressed: {{sub:SUB-REQ-026}} (HCDC 50 MW heating power ceiling), {{sub:SUB-REQ-039}} (Safety Logic Processor 1oo2 hardware independence), and {{sub:SUB-REQ-070}} (SLP triple modular redundant voting). The last was covered by the existing {{entity:VER-REQ-069}} which lacked a trace link to SUB-REQ-070; the link was added. The other two received new VER requirements. A duplicate VER requirement for SUB-REQ-070 created transiently was deleted.
Spray pattern — SYS-REQ-004. The safety shutdown requirement {{sys:SYS-REQ-004}} has 37 outbound trace links — far above the 5-link flag threshold. Each link was reviewed individually. Every link carries a specific, non-mechanical rationale explaining why the child derives from the SIL-3 shutdown mandate rather than merely contributing to it. The pattern is justified: SYS-REQ-004 is the root safety function requirement that cascades to every subsystem in the safety chain by regulatory necessity. No links were removed.
Coverage gap false positives. Lint findings 17–22 flagged missing SYS/SUB requirements for “heating systems”, “maintenance bus”, and “safe state”. Review of existing requirements confirmed that {{sub:SUB-REQ-077}} covers heating system EMC, {{sub:SUB-REQ-078}} covers the maintenance bus fault reporting, and {{sub:SUB-REQ-062}} defines safe state. The lint is performing lexical matching against concept strings from the requirement text rather than semantic matching against the existing requirements. These findings do not represent genuine gaps.
Corrections
| Action | Detail |
|---|---|
| Reclassified {{entity:Disruption Prediction Engine}} | {{hex:51F57308}} → {{hex:51F77B19}}, Biological/Biomimetic false positive cleared |
| Added QDS physical embodiment requirement | Rack-mount, seismic qualification, EMI shielding, safety/non-safety segregation |
| Added PIC physical embodiment requirement | Radiation-tolerant cabinet, tritium gas environment, personnel interlocks |
| Added MHD Mode Stabiliser statistical requirement | 95% Pd, ≤1/100 FAR, 200-shot sample |
| Added VER-REQ-072 | Verification of HCDC 50 MW power ceiling with NTM priority path |
| Added VER-REQ-073 | Fault injection test for SLP 1oo2 card independence |
| Added trace VER-REQ-069 → SUB-REQ-070 | Existing HIL test now linked to TMR requirement |
| Deleted duplicate VER for SUB-REQ-070 | Created transiently; removed after VER-REQ-069 link confirmed |
| Created baseline QC-2026-03-21 | 203 requirements, 209 trace links |
Decomposition
flowchart TB
n0["Fusion Reactor Control System"]
n1["Plasma Control System"]
n2["Disruption Prediction and Mitigation System"]
n3["Heating and Current Drive Control"]
n4["Magnet Safety and Protection System"]
n5["Fuel Injection and Burn Control"]
n6["Plasma Diagnostics Integration System"]
n7["Plant Control and I&C System"]
n8["Interlock and Emergency Shutdown System"]
n0 -->|contains| n1
n0 -->|contains| n2
n0 -->|contains| n3
n0 -->|contains| n4
n0 -->|contains| n5
n0 -->|contains| n6
n0 -->|contains| n7
n0 -->|contains| n8
Residual
Fusion Reactor Control System and Safety Arbiter physical embodiment requirements (lint findings 1 and 3) not created this session — both are system-level and architectural-level entities whose physical form is partially captured in existing requirements ({{sub:SUB-REQ-067}}, {{sub:SUB-REQ-077}}); dedicated embodiment requirements would improve completeness but are not safety-critical gaps. Verification coverage remains at approximately 50% of SUB+IFC by trace count; the uncovered requirements are predominantly process-control and operational requirements rather than safety-critical ones.
Next
QC-reviewed status set. The project is ready for a full validation pass (Flow D) to close remaining VER coverage gaps and verify each ConOps scenario traces to a complete SYS→SUB→VER chain.