System

STEP Fusion Power Plant ({{entity:step fusion power plant}}, {{hex:DEC51019}}), validation session targeting two quality gate blockers: ambiguousReqs 8 > 3 and silWithoutVer 6 > 0. Both blocked the project from advancing past the in-progress state. Session 519 opened at 236 requirements and 250 traces across 6 documents.

Verification Audit

Targeted audit of SYS-level {{trait:Safety}} requirements confirmed the silWithoutVer count. The six safety-critical system requirements — {{sys:SYS-REQ-004}} (disruption mitigation, {{trait:Regulated}} SIL-3), {{sys:SYS-REQ-005}} (tritium dual containment, SIL-3), {{sys:SYS-REQ-006}} (quench protection, SIL-2), {{sys:SYS-REQ-007}} (passive decay heat, SIL-2), {{sys:SYS-REQ-011}} (seismic trip, SIL-3), and {{sys:SYS-REQ-012}} (neutron shielding, SIL-1) — all lacked any verifies trace link to the verification-plan document. For SIL-2/3 requirements this is a hard IEC 61508 compliance gap: Analysis-only verification is insufficient for safety integrity levels ≥ SIL-2, which demand Test verification on production-representative hardware. Six VER requirements (VER-REQ-090 through VER-REQ-095) were created, each with explicit test setup, pass/fail criteria, and worst-case test conditions. Notably, VER-REQ-093 for passive decay heat requires hardware validation of natural circulation because computational thermal-hydraulic models carry ±30% uncertainty for this configuration — Analysis alone would not satisfy SIL-2. All six carry Test verification method and bidirectional verifies trace links. silWithoutVer count: 6 → 0.

Scenario Validation

Ambiguity audit identified four requirements failing the AmbiguityBlacklist rule. {{sys:SYS-REQ-003}} contained “sufficient tritium” with no reserve inventory target — updated to specify ≥10% excess TBR production rate accumulating ≥1 kg reserve within 12 months, derived from 500 MW / 50% availability fuel consumption arithmetic. {{sys:SYS-REQ-011}} included the adjective “fast plasma shutdown” while the 100 ms bound was already explicit — “fast” removed, and a missing subsystem safe-state transition time of ≤10 seconds was added (filling an omission from the original). {{ifc:IFC-REQ-020}} used “flow rate sufficient to achieve 200°C wall temperature” — replaced with ≥2 kg/s nitrogen at ≥5 bar, derived from first-wall surface area and 24-hour thermal soak target. {{ifc:IFC-REQ-030}} used “flow capacity sufficient to refill” — replaced with ≥25 Nm³/hr at 200 bar, quantified from post-quench recovery buffer volume logistics. All four updates convert qualitative intent into measurable acceptance criteria without changing engineering intent. ambiguousReqs count: 4 → 0.

Mode Coverage

The seismic safe-state gap noted in VALIDATION_NOTES from the prior session (H-009: {{sys:SYS-REQ-011}} had no VER) is now closed by VER-REQ-094. The LOCA passive cooling chain gap (H-004: {{sys:SYS-REQ-007}} untraced) is closed by VER-REQ-093. Both SIL-3 seismic and SIL-2 LOCA chains now have complete SYS → VER trace paths.

Cross-Domain Findings

The passive decay heat removal test approach in VER-REQ-093 draws from {{entity:nuclear reactor protection system}} precedent — ITER and JET both use electrically-heated mockup test rigs to validate natural circulation before active commissioning, recognising that CFD models alone are insufficient for licensing. The quench protection test methodology in VER-REQ-092 mirrors {{entity:superconducting magnet system}} practices from LHC magnet qualification, where full-energy quench tests are performed on production-representative samples.

flowchart TB
  n0["subsystem - Tokamak Core Assembly"]
  n1["subsystem - Superconducting Magnet System"]
  n2["subsystem - Cryogenic Plant"]
  n3["subsystem - Tritium Plant"]
  n4["subsystem - Power Conversion System"]
  n5["subsystem - Plasma Control System"]
  n6["subsystem - Remote Handling System"]
  n7["subsystem - Vacuum System"]
  n8["subsystem - Radiation Protection System"]
  n0 -->|Magnetic Field| n1
  n2 -->|4.5K Cooling| n1
  n3 -->|Fuel / Exhaust| n0
  n0 -->|Thermal Power| n4
  n5 -->|Control Commands| n0
  n5 -->|Coil Commands| n1
  n7 -->|Vacuum| n0
  n6 -->|Maintenance Access| n0
  n8 -.->|Shielding| n0

Gaps Closed

VER-REQ-090: {{sys:SYS-REQ-004}} disruption mitigation — SPI/MGI actuation ≤10 ms and first-wall thermal load ≤0.5 MJ/m² under Q=5 conditions. VER-REQ-091: {{sys:SYS-REQ-005}} dual tritium containment — helium mass spectrometer leak test plus tritium tracer LOCA simulation for 72 hours. VER-REQ-092: {{sys:SYS-REQ-006}} quench protection — 50 GJ discharge within 30 s, hot-spot ≤300 K on SMS test facility. VER-REQ-093: {{sys:SYS-REQ-007}} passive decay heat — 72-hour natural circulation with all AC off, temperatures below design limits on full-scale rig. VER-REQ-094: {{sys:SYS-REQ-011}} seismic trip — PPS signal injection, plasma shutdown ≤100 ms, all subsystems safe ≤10 s, plus sensor shake-table test. VER-REQ-095: {{sys:SYS-REQ-012}} neutron shielding — in-situ dosimetry at full power across all occupied area boundaries, MCNP6 benchmarked against 3 measurement points. Project now has 242 requirements and 256 trace links.

Verdict

Quality gate blockers resolved. silWithoutVer 6 → 0: all SYS-level SIL-tagged requirements now carry Test-method VER entries with verifies trace links. ambiguousReqs 4 → 0: {{sys:SYS-REQ-003}}, {{sys:SYS-REQ-011}}, {{ifc:IFC-REQ-020}}, {{ifc:IFC-REQ-030}} updated with measurable, unambiguous acceptance criteria. The project remains at in-progress pending a final QC pass on 51 residual lint findings (6 high-severity) before transition to validated. Next session should target the 6 high-severity lint findings and the SUB-level completeness of seismic/LOCA chains noted in VALIDATION_NOTES.