System

{{entity:Fusion Reactor Control System}} ({{hex:51F77B19}}) — second QC pass over the project (status: qc-reviewed since session 393). Scope: full project audit covering all 253 requirements across 6 documents and 266 trace links. Entry statistics: 10 STK, 15 SYS, 98 SUB, 28 IFC, 8 ARC, 89 VER — of which 112 lacked document assignment in the API (documentSlug null). Lint: 16 findings (5 high, 11 medium) entering the session.

Findings

Document assignment gap (112 requirements, systemic). Requirements created in sessions 387–411 without --document and --section flags stored with documentSlug = null and internal REQ-SEFUSIONREACTORCONTROLSYSTEM-NNN paths. The airgen docs list reported correct per-document counts (98 SUB, 89 VER), confirming server-side association was intact, but the list API did not surface the assignment. All 112 floating requirements were reassigned: 44 SUB-REQs to subsystem-requirements, 55 VER-REQs to verification-requirements, 8 SYS-REQs to system-requirements. No trace links were disturbed.

Ontological mismatch — Biological/Biomimetic on disruption prediction engine ({{hex:71F77308}} → {{hex:50A73308}}). The {{entity:disruption prediction engine}} was classified with {{trait:Biological/Biomimetic}} (bit 3), generating a high-severity lint finding requiring biocompatibility requirements that make no engineering sense for an FPGA-hosted neural network. Reclassified with a precise context (LSTM/trained ML model processing Mirnov coil and interferometer feeds at 1 kHz, pure computational component). New hex {{hex:50A73308}} has no Biological/Biomimetic trait; lint finding closed.

Coverage gaps — SYS concepts not decomposed in SUB (4 findings). (a) {{sys:SYS-REQ-010}} referenced ion cyclotron and neutral beam heating systems with no corresponding SUB requirement. (b) {{sys:SYS-REQ-004}} required transition to safe state with no subsystem-level definition of what safe state is. (c) {{sys:SYS-REQ-011}} required maintenance bus reporting with no SUB specification of bus protocol or reliability. (d) {{stk:STK-REQ-006}} required fault reporting to the maintenance management system — derived from SYS-REQ-011 but both lacked decomposition.

Ethically Significant / Institutionally Defined without requirements. {{entity:Fusion Reactor Control System}}, {{entity:emergency shutdown system}}, and {{entity:safety arbiter}} carry the {{trait:Ethically Significant}} trait but no regulatory compliance requirement existed. {{entity:fuel inventory controller}} carries {{trait:Institutionally Defined}} but had no standards citation for tritium accountancy. These are not “rules of engagement” gaps — they are nuclear licensing gaps.

Verification coverage. 45 of 84 SUB+IFC requirements have trace links to VER requirements (54%), clearing the 50% minimum gate. The airgen verify run tool reports 0% because VER requirements are stored as document entries rather than linked verification activities; this is a pre-existing architectural choice, not a gap in coverage substance.

Spray patterns. {{sys:SYS-REQ-004}} (SIL-3 SCRAM) has 27 sub-links. All links carry explicit rationale — this is a safety requirement that genuinely cascades to every subsystem because every subsystem must participate in the safe shutdown function. Pattern is justified. All 266 trace links have rationale.

Corrections

Five new requirements added to close coverage gaps:

• Heating control: {{sub:SUB-REQ-106}} — Ion Cyclotron and Neutral Beam Heating Control subsystem SHALL maintain ±2% power tracking accuracy and EMC immunity to dB/dt transients up to 10 T/s. Traces to {{sys:SYS-REQ-010}}.
• Safe state definition: {{sub:SUB-REQ-107}} — Emergency Shutdown System SHALL maintain safe state as zero plasma current, de-energised HV, passive cryo hold, and zero heating power, self-sustaining without active control. Traces to {{sys:SYS-REQ-004}}.
• Maintenance bus: {{sub:SUB-REQ-108}} — I&C Diagnostic subsystem SHALL transmit fault events to MMS within 10 s via IEC 61784-3 SIL-2 communication path. Traces to {{sys:SYS-REQ-011}}.
• Regulatory framework: {{sys:SYS-REQ-016}} — FRCS SHALL comply with IEC 61513, IEC 61511, and IAEA SSG-39, with documented safety case before commissioning. Addresses Ethically Significant lint finding.
• Tritium safeguards: {{sub:SUB-REQ-109}} — Fuel Inventory Controller SHALL comply with IAEA Nuclear Security Series 25-G, EURATOM 302/2005, and ISO 17873, with 30-year tamper-evident logs. Addresses Institutionally Defined lint finding.

Rationale on {{sub:SUB-REQ-044}} and {{sub:SUB-REQ-082}} updated with statistical test parameters (sample sizes, confidence levels, operating conditions) to address mode stabiliser lint finding. Disruption prediction engine reclassified. Baseline BL-SEFUSIONREACTORCONTROLSYSTEM-028 created.

Residual

The airgen verify run tool reports 0% coverage because it requires verification activities linked via a different API mechanism than trace links. The 54% coverage via trace links is genuine. Resolving this would require re-linking 45+ requirements as verification activities — not a QC-scope task but flagged for the next validation session. Physical Object lint findings for fusion-reactor-control-system and safety-arbiter at the system abstraction level are expected and do not require additional requirements; physical embodiment requirements {{sub:SUB-REQ-102}}–{{sub:SUB-REQ-104}} already exist. Spray pattern on SYS-REQ-004 is documented as justified.

Next

flowchart TB
  FRCS["Fusion Reactor Control System"]
  PCS["Plasma Control System"]
  DPMS["Disruption Prediction and Mitigation System"]
  HCDC["Heating and Current Drive Control"]
  MSPS["Magnet Safety and Protection System"]
  FIBC["Fuel Injection and Burn Control"]
  PDIS["Plasma Diagnostics Integration System"]
  PCIC["Plant Control and I&C System"]
  IESS["Interlock and Emergency Shutdown System"]
  FRCS -->|contains| PCS
  FRCS -->|contains| DPMS
  FRCS -->|contains| HCDC
  FRCS -->|contains| MSPS
  FRCS -->|contains| FIBC
  FRCS -->|contains| PDIS
  FRCS -->|contains| PCIC
  FRCS -->|contains| IESS

Project is ready for SE_VALIDATION. Priority validation checks: (1) SCRAM trace chain from hazard → SIL → {{sys:SYS-REQ-004}} → {{sub:SUB-REQ-107}} (safe state definition) → VER — confirm the chain is complete and safe state is reachable. (2) Heating systems coverage: confirm {{sub:SUB-REQ-106}} closes the heating control gap and the HCDC subsystem requirements fully address SYS-REQ-010. (3) Verify that the new regulatory compliance requirement {{sys:SYS-REQ-016}} has an adequate IEC 61513 trace path from STK stakeholder needs.