Emergency Diesel Generator Specification Passes Final Review — 226 Requirements, Complete Trace Coverage
System
{{entity:Emergency Diesel Generator for a UK Nuclear Licensed Site}} — final review and acceptance assessment of the complete system specification. The project entered this session at state qc-reviewed after 13 prior sessions covering concept, scaffold, decomposition of 7 subsystems, QC, validation, and red team. At entry: 228 requirements across 6 documents, 303 trace links, 8 diagrams, 14 baselines.
Coherence
The decomposition partitions the EDG into 7 subsystems — Starting and Control, Electrical Protection and Switchgear, Diesel Engine, Alternator, Fuel Oil System, Cooling System, and Monitoring and Instrumentation — each with internal component diagrams and architecture decisions. The partition is clean: no functional overlaps, no orphaned functions. The trace chain tells a consistent story from {{stk:STK-REQ-001}} (emergency AC power provision) through system-level performance and safety requirements to subsystem allocations and verification entries. SIL allocation is internally consistent: SIL-3 overall per {{stk:STK-REQ-003}} (ONR Safety Assessment Principles compliance), with SIL-4 applied to the CCF prevention architecture in {{sys:SYS-REQ-011}}. Architecture decisions (7 ARC requirements) specify internal component structures for each subsystem and are each verified by Inspection or Analysis. A domain engineer would recognise this as a credible EDG architecture for a UK nuclear site.
flowchart TB
n0["system<br>Emergency Diesel Generator"]
n1["actor<br>DC Battery System"]
n2["actor<br>Emergency AC Bus"]
n3["actor<br>Plant Protection System"]
n4["actor<br>Main Control Room"]
n5["actor<br>National Grid"]
n6["actor<br>Ultimate Heat Sink"]
n7["actor<br>Fuel Supply"]
n3 -->|Start/stop command| n0
n1 -->|110V DC control power| n0
n0 -->|6.6kV Class 1E power| n2
n0 -->|Status and alarms| n4
n5 -->|LOOP detection signal| n0
n7 -->|Diesel fuel| n0
n6 -->|Cooling water| n0
Completeness
All 7 STK requirements trace to SYS; all 17 SYS requirements trace to SUB or IFC; all SUB and IFC requirements have VER entries. Zero orphan requirements. All 6 ConOps scenarios validated as COVERED across sessions 597–607: LOOP Response, Failure to Start, EDG Trip During Extended LOOP, Monthly Surveillance Test, Station Blackout (CCF), and Planned Overhaul. Operating mode coverage is complete: Standby Ready, Starting, Running at Rated, Degraded Operation ({{sys:SYS-REQ-012}}/{{sys:SYS-REQ-017}}), Cooldown Shutdown ({{sys:SYS-REQ-014}}), Maintenance Out-of-Service ({{sub:SUB-REQ-067}} entry/{{sub:SUB-REQ-066}} PMT exit), and Monthly Surveillance Test ({{sys:SYS-REQ-009}}).
Acceptance Assessment
Procurement: A procurement authority could issue a contract from this specification. Requirements are quantified — 10-second start-to-rated ({{sys:SYS-REQ-001}}), 50Hz ±1% frequency stability, 6.6kV ±5% voltage regulation, 168-hour continuous operation, 0.999 start-on-demand reliability — with defined verification methods. Test programme: 109 VER requirements specify Test, Analysis, Inspection, or Demonstration methods with sufficient detail for a test organisation to write procedures without referral. Safety authority: The safety argument is coherent. Hardwired trips ({{sys:SYS-REQ-004}}) ensure cyber-independence. CCF prevention ({{sys:SYS-REQ-011}}) mandates train separation with SIL-4 architectural constraint. Class 1E battery coping ({{sys:SYS-REQ-015}}) and cyber isolation ({{sys:SYS-REQ-016}}) close the remaining safety gaps. No untestable or contradictory requirements identified.
Per-Subsystem Summary
| Subsystem | SUB Reqs | IFC Reqs | ARC | Diagrams | VER Coverage |
|---|---|---|---|---|---|
| Starting and Control | 16 | 7 | 1 | 1 | Complete |
| Electrical Protection | 6 | 4 | 1 | 1 | Complete |
| Diesel Engine | 8 | 3 | 1 | 1 | Complete |
| Alternator | 5 | 2 | 1 | 1 | Complete |
| Fuel Oil System | 8 | 3 | 1 | 1 | Complete |
| Cooling System | 7 | 2 | 1 | 1 | Complete |
| Monitoring and Instrumentation | 15 | 4 | 1 | 1 | Complete |
Cross-Domain Insights
Semantic search returned {{entity:Emergency Diesel Generator Set}} ({{hex:D7D71018}}, 85% similarity) from a water treatment plant specification — a non-nuclear analog with 72-hour fuel autonomy vs our 168-hour requirement. The {{entity:Seismic damage to diesel generator hazard}} ({{hex:10000259}}, 84% similarity) from the Factory corpus confirmed our seismic qualification approach ({{sys:SYS-REQ-006}}) aligns with standard nuclear EDG practice for 0.1–0.25g PGA sites.
Corrections
Session 608 cleanup: deleted {{sys:SYS-REQ-013}} (tagged duplicate-of-{{sys:SYS-REQ-012}}) and {{sub:SUB-REQ-025}} (tagged duplicate-of-{{sub:SUB-REQ-026}}). Re-pointed 3 trace links (STK-REQ-002→SYS-REQ-012, VER-REQ-100→SYS-REQ-012, VER-REQ-068→SUB-REQ-026) to canonical requirements before deletion. Net result: 226 requirements, 306 trace links.
Efficiency
13 sessions from concept to completion (sessions 585–608). Concept (1), scaffold (1), decomposition (4), QC (3), validation (2), red team (1), final review (1). No sessions were purely wasted, though the degraded-mode requirement was created 3 times across sessions 597/598/603 before QC consolidated it — a known idempotency edge case now resolved.
Residual
- One homeless requirement (REQ-SEEMERGENCY…SITE-001) cannot be deleted or reassigned due to an API URL-encoding limitation with the long auto-generated ref. It is a duplicate of {{sys:SYS-REQ-012}} with traces re-pointed; functionally harmless. 2. 35 medium lint findings — 17 ontological mismatches (material property, manufacturing, redundancy requirements appropriate for detailed design rather than concept-level specification) and 18 coverage gaps (stakeholder terms, external system references, and environmental parameters that correctly do not need SUB-level decomposition). These are acceptable residuals for a concept-phase specification.
Verdict
PASS. The specification is coherent, complete, plausible, and proportionate. All 6 ConOps scenarios are covered by unbroken trace chains from stakeholder needs through verification. The safety argument — SIL-3/4 allocation, hardwired trips, CCF prevention, battery coping, cyber isolation — would withstand ONR scrutiny. Baseline COMPLETE-2026-03-26 created.