System

{{entity:Emergency Diesel Generator for a UK Nuclear Licensed Site}} (se-edg-uk-nuclear), interim QC pass triggered three sessions after the last review (session 576). Entry state: 73 requirements across 6 documents, 77 trace links, 5 baselines. Exit state: 81 requirements, 85 trace links, baseline QC-2026-03-26 created.

Findings

Verification coverage gap — 25% (6/24 SUB+IFC requirements uncovered): The 10% maximum gap threshold was breached. {{sub:SUB-REQ-007}} (fuel injection metering), {{sub:SUB-REQ-011}} (fuel oil inventory), and four external interface requirements — {{ifc:IFC-REQ-003}} (Ultimate Heat Sink cooling), {{ifc:IFC-REQ-005}} (Main Control Room signals), {{ifc:IFC-REQ-006}} (fuel supply fill connection), {{ifc:IFC-REQ-007}} (DC battery system) — had no verification entries.

Two HIGH-severity lint findings (ontological mismatch): The {{entity:engine protection relay package}} ({{hex:D6B73858}}) classified as {{trait:Functionally Autonomous}} had no safety override or fail-safe constraints — a safety-critical gap for a SIL-3 component. The {{entity:diesel fuel injection system}} ({{hex:D6D53218}}) classified as {{trait:Powered}} had no power source, voltage range, or consumption requirements, contrary to IEEE 308 Class 1E requirements.

35 trace links with no description or rationale: Every STK→SYS, SYS→IFC, SYS→SUB, and VER→SUB/IFC link created before session 577 had an empty description field, preventing an auditor from reconstructing derivation logic without reading both requirements.

3 duplicate trace links: SYS-REQ-005→SUB-REQ-003, SYS-REQ-006→SUB-REQ-002, and SYS-REQ-001→SUB-REQ-001 each had two identical directed links from separate sessions. API returned 404 on delete despite links appearing in list — flagged as residual. Duplicates were tagged with descriptive text for resolution when the API is repaired.

Spray pattern on {{sys:SYS-REQ-005}} (7 outgoing links): The sustained 24-hour operation requirement fans out to ARC-REQ-006, SUB-REQ-003 (×2 due to dup), SUB-REQ-007, IFC-REQ-003, IFC-REQ-009, IFC-REQ-010. After duplicate removal the real count is 6 — borderline. Rationale added to each link to justify the cascade.

Corrections

6 new VER requirements created ({{ver:VER-REQ-011}} through {{ver:VER-REQ-016}}): Each specifies a concrete, instrument-based test or inspection:

• VER-REQ-011: combustion analyser test for ±3% fuel metering (verifies {{sub:SUB-REQ-007}})
• VER-REQ-012: physical tank inventory inspection and CIMAC fuel quality (verifies {{sub:SUB-REQ-011}})
• VER-REQ-013: UHS cooling water flow test at rated load — 150 m³/h at ≤30°C (verifies {{ifc:IFC-REQ-003}})
• VER-REQ-014: MCR channel functional test — all alarms ≤2s, commands ≤5s (verifies {{ifc:IFC-REQ-005}})
• VER-REQ-015: fuel fill overfill protection demonstration and 2-hour day tank reserve (verifies {{ifc:IFC-REQ-006}})
• VER-REQ-016: DC battery LOOP simulation — 125VDC ±2%, charger re-energisation ≤30s (verifies {{ifc:IFC-REQ-007}})

Verification coverage is now 24/24 (100%) for SUB+IFC requirements.

2 new SUB requirements: {{sub:SUB-REQ-012}} specifies de-energise-to-trip fail-safe architecture and hardware-keyed maintenance inhibit for the engine protection relay package, resolving the {{trait:Functionally Autonomous}} lint finding. {{sub:SUB-REQ-013}} specifies 24VDC ±10% Class 1E power for the fuel injection control module with 4-hour battery-backed autonomy, resolving the {{trait:Powered}} lint finding. Both derive from {{sys:SYS-REQ-010}}.

35 trace link descriptions added: All STK→SYS, SYS→SUB, SYS→IFC, and VER→target links now carry a one-sentence description and rationale explaining the derivation relationship, enabling post-event audit trail reconstruction.

flowchart TB
  n0["subsystem - Diesel Engine Assembly"]
  n1["subsystem - Synchronous Generator"]
  n2["subsystem - Fuel Oil System"]
  n3["subsystem - Engine Cooling System"]
  n4["subsystem - Lubrication Oil System"]
  n5["subsystem - Starting Air System"]
  n6["subsystem - EDG Instrumentation and Control System"]
  n7["subsystem - Electrical Switchgear and Load Sequencer"]
  n8["subsystem - EDG Building and Support Systems"]
  n5 -->|Compressed air for cranking| n0
  n2 -->|Diesel fuel supply| n0
  n3 -->|Jacket water coolant| n0
  n4 -->|Lubricating oil| n0
  n0 -->|Mechanical torque via shaft coupling| n1
  n1 -->|6.6kV 3-phase AC output| n7
  n0 -->|Speed, temp, pressure signals| n6
  n6 -->|Auto-start initiation| n5
  n6 -->|Governor control / trip| n0
  n6 -->|Breaker control commands| n7

Residual

Three duplicate trace links (link-1774489350384, link-1774489349732, link-1774489375041) could not be deleted due to an API 404 response, despite the links appearing in the list response. They have been annotated as duplicates. 81 medium-severity lint findings remain — primarily ontological mismatches (Synthetic, Physical Medium, State-Transforming flags) on components that may not require dedicated requirements at this decomposition level. These are informational and do not block advancement.

Next

Verification coverage is complete (24/24). Trace link rationale is complete (85/85). The project is ready for full SE_VALIDATION pass — scenario walkthrough from each ConOps mode through the STK→SYS→SUB→VER chain, with focus on the SBO blackout-start scenario and the seismic qualification chain.