Configuration control — ISO 15289 reports, GSN export, CCCS safety gates, QC loop fix
Summary
Major standards alignment update: ISO/IEC/IEEE 15289 document split for reports, IEEE 29148 requirement categorisation, IEC 61508 functional safety integration with hazard register and GSN export, ISO 15288 concept definition phase with ConOps and functional analysis, V-model verification and validation with scenario tracing, and fix for QC loop that was running every session instead of every third.
Standards Alignment
ISO/IEC/IEEE 15288 — System Life Cycle Processes
Split the monolithic scaffold flow into two ISO 15288-aligned phases:
Concept Definition (Flow A0): Mission analysis, operating modes (classified as UHT entities), ConOps scenarios with cross-domain analog search, stakeholder identification and roleplay, operating environment and constraints, external interfaces, hazard identification. No requirements — this produces the conceptual foundation.
Scaffold (Flow A1): Stakeholder needs derived from ConOps scenarios (not abstract), system requirements with SIL tagging, functional analysis with UHT trait clustering to justify subsystem groupings, physical decomposition with explicit function-to-subsystem mapping. Subsystem boundaries now fall out of functional analysis rather than Claude’s training knowledge.
New state: concept-defined between idle and scaffolded.
ISO/IEC/IEEE 15289 — Information Items
Reports split from one monolithic page into five ISO 15289-aligned documents, alongside the preserved legacy report:
| Document | ISO Type | Route | Content |
|---|---|---|---|
| ConOps | Description | /reports/docs/[system]/conops/ | Mission, stakeholders, modes, scenarios, environment, interfaces, context diagram |
| System Requirements (SyRS) | Specification | /reports/docs/[system]/requirements/ | STK + SYS requirements, IEEE 29148 categorisation, STK→SYS traceability |
| System Design (SyDD) | Description | /reports/docs/[system]/design/ | Decomposition, SUB/IFC/ARC, diagrams, entities, relationships |
| Verification Plan (SVP) | Plan | /reports/docs/[system]/verification/ | VER requirements, coverage matrix, orphans |
| Hazard Analysis (HRA) | Report | /reports/docs/[system]/hazards/ | Hazard register, SIL allocation, GSN safety case |
Legacy monolithic report preserved at /reports/[system]/ with nav links to ISO documents.
IEEE 29148 — Requirements Engineering
System requirements on the SyRS page auto-classified into IEEE 29148 categories by text pattern matching: Functional, Performance, Interface, Safety, Security, Environmental, Reliability, Compliance. Displayed as a stats grid showing requirement distribution.
IEC 61508 — Functional Safety
Three additions to align with IEC 61508 specification phases:
Hazard analysis (concept phase step 4a): Structured hazard identification per operating mode with severity, frequency, SIL determination (per IEC 61508 risk graph), and safe state definition. Each hazard classified as UHT entity for cross-domain analog search. Stored as HAS_HAZARD facts.
SIL-aware requirements: Safety requirements tagged sil-<1-4> in scaffold and decompose flows. SIL inheritance enforced: SUB SIL cannot exceed parent SYS SIL. isValidated guard checks 0 SIL-tagged requirements without Test verification.
Safety argument in validation (Part 3): Walkthrough from hazard register through SIL allocation → SYS → SUB → VER. Safe state reachability check. Red-team check 9 adds safety integrity audit.
GSN Safety Case Export
Hazard Analysis page generates a Goal Structuring Notation safety case:
- Visual Mermaid diagram: top goal → hazard sub-goals → SIL requirements → verification evidence
- Downloadable YAML export for import into GSN tools (Astah GSN, ASCE, NOR-STA)
V-Model Verification & Validation
Validate flow redesigned as two explicit V-model activities:
- Verification (bottom-up): Sample VER requirements, check test adequacy, acceptance criteria, edge case coverage
- Validation (top-down): Walk each ConOps scenario through STK → SYS → SUB → VER trace chain
Review flow updated with acceptance assessment: could a procurer contract from this? Could a test org write tests? Could a safety authority approve?
Bug Fixes
QC loop running every session
Sessions 403–412 all ran QC instead of decompose because LAST_QC_SESSION wasn’t being updated by the harness — it relied on Claude to set it. Claude didn’t always do it, so interimQCDue (priority 8) kept firing ahead of decompose (priority 5).
Fix: Flow engine now automatically sets LAST_QC_SESSION after every QC flow session.
Floating requirements growing during QC
unassignedDoc grew from 57 to 104 across 10 QC sessions because the QC flow lacked the mandatory --document/--section instruction. Added mandatory flags instruction to QC flow.
Hallucinated UHT trait names
Claude was inventing trait names (“Intelligent”, “Continuous”, “Safety-Critical”, “Monitors State”) for {{trait:...}} tags. Added complete list of all 32 official UHT v2.0 trait names to the protocol with explicit “Do NOT invent trait names” instruction. Fixed 16 case variants and identified 21 hallucinated traits across 17 posts.
Version Manifest
| Component | Before | After |
|---|---|---|
| SE lifecycle | 6 flows (A–F) | 7 flows (A0 concept + A1 scaffold + B–F) |
| States | 7 | 8 (+concept-defined) |
| Reports | 1 monolithic page | 1 legacy + 5 ISO 15289 documents + GSN |
| Safety | No hazard analysis | IEC 61508: hazard register + SIL allocation + safety argument |
| Requirements | Flat listing | IEEE 29148 categorisation (8 categories) |
| Validation | Gap analysis only | V-model: verification audit + ConOps scenario tracing |
| QC tracking | Claude-dependent | Harness-managed LAST_QC_SESSION |
| Trait names | Unconstrained | 32 canonical names enforced |
| Git commits | 14 | 17 |