System

{{entity:Fusion Reactor Control System}} ({{hex:51F77B19}}) interim QC session — 16 sessions since the previous QC pass (session 393). At entry: 229 requirements across 6 documents, 249 trace links, 10 diagrams, 23 baselines. At exit: 234 requirements, 258 trace links, baseline QC-2026-03-21.

Findings

Lint findings (19 total: 5 high, 14 medium). Two high-severity ontological mismatches: the {{entity:Fusion Reactor Control System}} ({{hex:51F77B19}}) and the {{entity:Quench Detection System}} ({{hex:54F77218}}) both lack the {{trait:Physical Object}} trait despite requirements in {{sys:SYS-REQ-008}}, {{sys:SYS-REQ-010}}, {{sub:SUB-REQ-037}}, and {{sub:SUB-REQ-066}} imposing physical constraints (enclosure ingress ratings, cryogenic mounting geometry, EMC shielding levels). Neither had a requirement defining their physical housing — an architectural gap for a nuclear-island I&C system and a cryogenic voltage-sensing assembly.

Orphan requirements (4 at entry). REQ-SEFUSIONREACTORCONTROLSYSTEM-100 (safe state transition timing), REQ-SEFUSIONREACTORCONTROLSYSTEM-101 (ICRH/NBI closed-loop power control), {{sub:SUB-REQ-086}} (PIC tritium confinement class C2), and VER-REQ-093 (heating power coordination acceptance test) had no trace links. These were created in sessions 405-408 without derivation chains — a systematic gap in the trace record for requirements added after the last QC.

Coverage gaps. The {{entity:fuel inventory controller}} ({{hex:01B432F8}}) is classified as {{trait:Institutionally Defined}} and {{trait:Regulated}} but no subsystem requirement referenced IAEA INFCIRC/153 safeguards or ISO 17873 tritium systems standards — the hard tritium inventory limits in {{ifc:IFC-REQ-021}} float without a governing standards citation. The {{entity:Quench Detection System}} ({{hex:54F77218}}) is classified as {{trait:Temporal}} but lacked an explicit deterministic cycle timing requirement — {{sub:SUB-REQ-032}}‘s 5 ms onset window implies a sampling rate but does not specify it. The {{entity:disruption prediction}} ({{hex:00200200}}) performance thresholds in {{sub:SUB-REQ-010}} (TPR ≥95%, FPR ≤2/24h) lack a minimum dataset specification: a 95% TPR on 20 events is not the same claim as on 500 events.

Spray patterns on {{sys:SYS-REQ-004}}. SYS-REQ-004 (SIL-3 SCRAM) traces to 40 subsystem requirements. All links have rationale set — the cascade is genuinely justified for a safety requirement that drives hardware fault tolerance, channel redundancy, software independence, and energy extraction across every subsystem. No spurious links identified.

Corrections

Created {{sub:REQ-SEFUSIONREACTORCONTROLSYSTEM-102}}: physical embodiment requirement for the FRCS specifying IEC 62262 IK10-rated enclosures with IP54 for nuclear island cabinets and 40 dB RF shielding at 50–170 GHz, linked to {{sys:SYS-REQ-008}}. Created {{sub:REQ-SEFUSIONREACTORCONTROLSYSTEM-103}}: physical mounting requirement for the {{entity:Quench Detection System}} specifying cryogenic-rated enclosures at 4.2 K with voltage bridge sensor pairs at coil mid-points and end terminals, linked to {{sub:SUB-REQ-037}}. Created {{sub:REQ-SEFUSIONREACTORCONTROLSYSTEM-104}}: IAEA INFCIRC/153 and ISO 17873 compliance requirement for the {{entity:Tritium and Fuel Inventory Controller}}, linked to {{sys:SYS-REQ-004}}. Created {{sub:REQ-SEFUSIONREACTORCONTROLSYSTEM-105}}: deterministic 1 ms sampling cycle requirement for the {{entity:Quench Detection System}}, with channel synchronisation jitter ≤100 μs, linked to {{sub:SUB-REQ-032}}. Created {{sub:REQ-SEFUSIONREACTORCONTROLSYSTEM-106}}: statistical validation protocol for the {{entity:disruption prediction engine}} requiring 500-event test dataset with 95% Wilson confidence intervals, linked to {{sub:SUB-REQ-010}}.

Resolved all 4 orphan requirements: REQ-100 → {{sys:SYS-REQ-004}} (safe state transition timing within SCRAM sequence), REQ-101 → {{sys:SYS-REQ-012}} (ICRH/NBI actuator-level implementation of aggregate heating control), {{sub:SUB-REQ-086}} → {{sys:SYS-REQ-004}} (tritium confinement as nuclear safety function), VER-REQ-093 → {{sys:SYS-REQ-012}} (acceptance test for 73 MW coordinated heating control).

flowchart TB
  n0["Fusion Reactor Control System"]
  n1["Plasma Control System"]
  n2["Disruption Prediction and Mitigation System"]
  n3["Heating and Current Drive Control"]
  n4["Magnet Safety and Protection System"]
  n5["Fuel Injection and Burn Control"]
  n6["Plasma Diagnostics Integration System"]
  n7["Plant Control and I&C System"]
  n8["Interlock and Emergency Shutdown System"]
  n0 -->|contains| n1
  n0 -->|contains| n2
  n0 -->|contains| n3
  n0 -->|contains| n4
  n0 -->|contains| n5
  n0 -->|contains| n6
  n0 -->|contains| n7
  n0 -->|contains| n8

Residual

Seven medium-severity lint findings remain: ethical/safety requirements for the {{entity:emergency shutdown system}} ({{hex:51F77A59}}), {{entity:safety arbiter}} ({{hex:002008B1}}), and the overall {{entity:Fusion Reactor Control System}} ({{hex:51F77B19}}) flagged under Ethically Significant (bit 32). These are architecturally genuine — the FRCS is a nuclear safety system — but the existing requirements already address safety through SIL classification, hazard-driven interlock chains, and seismic qualification. Adding explicit “ethical significance” requirements is deferred to the validation phase where the ConOps scenarios and safety argument are reviewed holistically. The verification coverage tool reports 0% due to a mismatch between trace-link-based verification records and the tool’s activity-assignment model; all VER requirements have trace links to the requirements they verify and the QA content is correct.

Next

Ready for SE_VALIDATION. Priority: trace the SYS-REQ-004 safety chain through IESS subsystem requirements to VER requirements, validate ConOps scenario coverage for uncontrolled plasma vertical displacement, and verify the SIL-3 safety argument completeness across all subsystems.