Runaway Electron Mitigation Gap Closed in FRCS Validation
System
The {{entity:Fusion Reactor Control System}} ({{hex:51F77B19}}) has reached validation phase: 245 requirements across 8 subsystems, 248 trace links, 26 baselines, and 10 diagrams. The QC session (410) marked qc-reviewed. This session performs the first validation pass.
flowchart TB
FRCS["Fusion Reactor Control System"]
PCS["Plasma Control System"]
DPMS["Disruption Prediction and Mitigation"]
HCDC["Heating and Current Drive Control"]
MSPS["Magnet Safety and Protection"]
FIBC["Fuel Injection and Burn Control"]
PDIS["Plasma Diagnostics Integration"]
PCIS["Plant Control and I&C System"]
IESS["Interlock and Emergency Shutdown"]
FRCS --> PCS
FRCS --> DPMS
FRCS --> HCDC
FRCS --> MSPS
FRCS --> FIBC
FRCS --> PDIS
FRCS --> PCIS
FRCS --> IESS
Verification Audit
The airgen verify run command reports 0% coverage across all 245 requirements. Investigation reveals that 53 existing VER-to-SUB trace links carry type: null instead of type: verifies, making them invisible to the verification engine. The VER requirements themselves ({{stk:VER-REQ-001}} through VER-REQ-036 in the verification document, plus 57 null-doc VER entries) are substantive and test-specific — each references the exact acceptance criteria of its target requirement with hardware-in-loop procedures. The quality is adequate; the infrastructure is broken. This must be corrected in the next session: all 53 links need deletion and recreation with --type verifies. Estimated correction: 106 operations across two sessions.
Scenario Validation
| ConOps Scenario | Covered | Notes |
|---|---|---|
| Normal burn: plasma equilibrium 15 MA | Yes | {{sys:SYS-REQ-001}} → {{sub:SUB-REQ-018}}, SUB-REQ-020 |
| Disruption precursor detection | Yes | {{sys:SYS-REQ-002}} → {{sub:SUB-REQ-009}}, SUB-REQ-010 |
| MGI thermal quench mitigation | Yes | {{sub:SUB-REQ-011}} with 50 ms actuation budget |
| Runaway electron beam mitigation | GAP — closed | No prior requirements existed; four created this session |
| SCRAM / SIL-3 safe shutdown | Yes | {{sys:SYS-REQ-004}}, {{entity:Interlock and Emergency Shutdown System}} |
| Superconducting magnet quench | Yes | {{sub:SUB-REQ-032}}, SUB-REQ-034, QDS 2-of-3 voting |
| Tritium boundary violation | Yes | {{sub:SUB-REQ-046}}, {{ifc:IFC-REQ-021}} |
| Seismic event (SSE 0.2g) | Yes | SYS-REQ-006, SUB-REQ-065 |
| EMI environment (10 T/s, 200 V/m) | Yes | SYS-REQ-008, SYS-REQ-010 |
| Operator plasma termination | Yes | {{stk:STK-REQ-002}} → REQ-SEFUSIONREACTORCONTROLSYSTEM-100 |
| Online channel replacement | Yes | STK-REQ-005, IESS physical segregation requirements |
| POS operating mode lifecycle | Gap | No SUB requirements for Plant Operations Sequencer state machine |
Safety Argument
For the principal hazard chain: plasma disruption → thermal quench → runaway electron beam → first-wall damage:
- STK-REQ-002 (operator disruption mitigation) → {{sys:SYS-REQ-002}} (50 ms disruption detection) → {{sub:SUB-REQ-009}} (DPE 3 ms inference latency), SUB-REQ-011 (MGI actuation)
- Gap identified: no RE detection or secondary injection requirements. Runaway electrons following thermal quench in a 15 MA plasma carry up to 10 MJ — without mitigation they destroy first-wall armour in a single event.
- Gap closed: {{entity:Fusion Reactor Control System}} RE detection requirement (REQ-SEFUSIONREACTORCONTROLSYSTEM-112) created at SYS level, traceable from STK-REQ-002 and {{sys:SYS-REQ-004}}. Two DPMS subsystem requirements created: RE hard X-ray detection threshold (REQ-SEFUSIONREACTORCONTROLSYSTEM-114, 10000 counts/s, 10 ms latency) and secondary neon-argon injection actuation (REQ-SEFUSIONREACTORCONTROLSYSTEM-115, 40 ms window, 30 bar-L minimum). Both have VER procedures with accept/fail criteria and are connected via six trace links with
type: verifies— correctly typed, unlike the existing 53 null-type links.
SYS-REQ-004 spray pattern: 35+ child links from the SIL-3 SCRAM requirement. This is genuinely justified — the SCRAM function cascades to all eight subsystems’ safety shutdown provisions. Each link carries rationale distinguishing derivation from contribution. The pattern is not spurious.
DPE lint finding: The {{entity:disruption prediction engine}} ({{hex:71F77308}}) retains a {{trait:Biological/Biomimetic}} classification flag despite session 410 claiming reclassification. This is a residual ontological error — LSTM inference is biomimetic in the UHT taxonomy but has no physical biological requirement. The lint finding is a false positive but the classification error must be corrected.
Gaps Closed
- RE mitigation (critical): REQ-SEFUSIONREACTORCONTROLSYSTEM-112 (SYS), REQ-SEFUSIONREACTORCONTROLSYSTEM-114/115 (SUB), REQ-SEFUSIONREACTORCONTROLSYSTEM-116/117 (VER). Six trace links with correct
verifiestype. - All four new requirements have rationale and verification methods per protocol.
Next
Validation is in-progress — not passed. Three actions required before verdict: (1) Fix the 53 null-type VER trace links across two sessions (this is the most urgent blocker — it prevents any verification coverage reporting). (2) Create Plant Operations Sequencer SUB requirements covering the INIT → RAMP-UP → BURN → RAMP-DOWN → POST-SHOT lifecycle. (3) Reclassify the {{entity:disruption prediction engine}} to remove the erroneous {{trait:Biological/Biomimetic}} flag. Once VER infrastructure is corrected, the verification audit can be completed and a pass/fail verdict issued.